last executing test programs: 5.224055496s ago: executing program 0 (id=112): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1e000000000000000100000007"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r1, 0x2000300, 0xe, 0x0, &(0x7f0000000000)="63eced8e46dc3f0adf3389f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 4.990570901s ago: executing program 0 (id=114): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, &(0x7f0000002240)="2d12376647d788ad2cdbd0e68c140c7f72d35ae5869c470a1f53ea73c32220190e02cb0b770bb154d1d5d1b343cb1feadca1752e4397955e1a151721f1b28b9e32b7966f9ddd7ad3822c5ff3dc03786c1c86c2a6f7c271710c573396ca95e95a524201b0bf0539042ae14072693f9734306f7a21f92421e8e0ea335d07d1f2839c4c195930cd35c65dfc527de84f2cab4f0c78474734d7c5cba0c70ee0fd10ad5ed3f4b70308c29000e8cd98d57c90c7d9298ee4a2c41b141614627880ace9cfde45a0ae5f6f5cf3eb31254454e92eacdab64eb048b144e4fcc16afe59e7d7dad7696df64aa223d14d69bbe8ee2f76e1d4a32477a7cf108fea86a7e085c1575f683857cff342574109f74cf05e3f63f328f46735ba0578d84b4978ce545621b1666ca7da451d40e961a037822eebcbba9bf9e92af7281442efcaa8e0d3ecd6111d8fc1c742d0e7efe8e51a1c5e6ea04fec02a986cba677d9dc642d110df6f55c786c73f7ce4ebf9415bdb2680d0ff4597006d96e3c164114a4effae84380e492822c002b2e96f160a0784fd0ebe448eddaa801921576287f61a15be332a94eea951c0826874d105173a6b3f2a6e420ed5ef00b1f699b74c524a1859cb7d6dfb7257b6f0b92e17ce21237da0ec892735601b29693dce455876447f76df303a8cb34bd9c9241da9904c1c17d416753c71aeed9cc07d26b4a438df4e302cf120cda73c04d5a1b7295f1cb7ff88084211adde5fdf991f97cb522b56c561ad1119a4675fbf566b77660dfd457467652d23c739cc9ba93bbd5b464c46e46187ce71d7aab533e670c861b227454d7c21f9f16000eee0c1772a152c26acd2744c5553ace622369f15d5354a3b5ac4bb9261a766830d351fa931558dee7ff30768b2e29025c3b115179ed6a12ea76a23db3626bc033f85a43c3c3f50b75b89a418277837ba571189e708f4aaaacc19537e7aa156b7058c200e8f9be1da8a63c7e878f3e733060a1cb24a2a09ea76413efdc4e0b1027a09c6830b4ca5ccd4695e2e0bb1610a21b0cc66012aab283b6c5dfbd20aef8d7ad04e4c618a065a588d05e3f780126eee290cf0f94fb4a2c5a8cb97f60d9e50301a4f01f3787ab052ef8782d6ef0f92385ab59015670a054dab1ab0400be74fdc4ac3d18fb5b5da13e55a05e29ad14dd0abf0435dea601ce80573548f3c8f21ecfcbe5361d1505a91c355d8477fe7e3866be005acae25cbab7bd8684294963c3c95924f7d62ca0ed2d7aa01048cbdcd4d7ae9717d4feb97e1e825f6156e9c5fc456509798d2f5adc9356752a8974894ff5bf9d14aab3ddf18fd4f9af23c66f7e4ef7e345e769260fd9d2a22ddd078dd7e44f904ea78dd3db5b0f4a8d7ce9ae7909cedde165b7458da24d576fc0e18d3c27cccaff21146ad51c1681c629a8f0b8a4ae213c88910c54de9af7890b0a4414e0d38c31d76a130b587b764260655f17f901f96b835a1fecb1f7438f5e18ff60720d37d19b1a9ae3e03dc10aa1c4f2abb918883d56ddd4e74b48a4aeadccf2329956ed18b2001d1e1e80bdf325449beda911916f802234f5b182264754cd3bb26b2ae658cc0ee185a19cba7f9e54e47c32f8b87d0fed97c911d28f971e70be5fb830109a57b600f734a4cc734cbb67a58e6a696ccb39c328c537fe467fd194183aad728f95b0a4afb4557615408a83785c0d313e666d1dab18d49a4feaf12993e73f5537998a1ed25b93f9bca346376129dee3a5a78675d30bd19a78b77f45ea8b5b48cb4c78a1bc30df00badb811585966b8f8ef42d89236f5e99f849a44d62d1431eb187333dcde91582a29e777b9cd6e1bc86eff512ba48d6030681d395bfb8c5259b0c22028400a1d3929a6e3fa0fcda3deb9cf8e7e079c21d7c20b1670eb880789ae809608bac2b05c45da5a3a0377d1d06b917a5a6ee7dbf35f54c327d7d7921266bcb4e8e816b02872139d03d575c491ee077140f7d1aca286f977869288bf90eedaf41727abcd79056936d830bf6480bf6b4573e4dd402f6206099716593a04813cd07437ffa80f10f72ef64e320e48fa59b5ac0e412d9ed14bfc2e9365c67fc21c327d5699f58c3984db4f3ec0c362b633a784c4dfba44187801a0f0fc0f6b7a4610594556b33f1617c7b8b4f95d5d6fba7553512a6098a2e64d10a45347f3a41d11e19f7690ebcbfb9239c59b489061aad4317a08c435fa92c4f5feb662f6413c3d06dca92647fef304d9f8e96a78b5251b0a4d15710937428ab676cc7da5f0006cd04f7fa884625116a0cbddabc012cf55e3f26a4b411cfa1ba8473c3aef570cd23fe2165bf1f9b54632c7e76e5a5818bb70086c5fa609f2199424b8f2de5387a5bf44d3f246bec62433182b0c950ecc2968dba1e6a845c48c506daf90ffb0c13d376be0ac8283abb4e4283f703206a47c2b9c6a642d4bf4a245b8ec978b09d8620fc5d9f917842f83bf5e2efd976e9b98c38a8f836773357ad6d23fca68ee26431acf0196ef0fcef25a979782dc2f1688acacc53b1b2c2f694b638c1256a869f56098b89bb4a14b2dc2d187773e6a75f7d37ed91b8f8aee84c0bdbaeec229139809eaa9948e7a5e18d783ece0cd7ea8996dc3e650b1cff351ad9fbd661f303f40de084d111ec1489ae42d2fc55ce8d892a3d6290f2d2eb72733b4fdc8c433569c34854a84653884b3d90652f499eeb83886bd4246b41f231141cf1a412f1c7840fb8a1595895cfdec1961d887ac9dd1f5ad4b66bbb451d5471fcb1fb4bb25a4c4d43b9c0e3c72a00e8fc83f700c812b1b9c2f37e40bd746c39cbbca41e6fecb8d64424c82e640d8f887cb7d8e75828b2969e1628c7000fba626381dcfdc7262b2b06f47f898d0aa0dab8636c089d4339a37e80f20f8f5196608a3d1ac1418ff9ac0ac54c45c124b15a77d61d50ca05e1603b1b6476cf09d79b138a7f7394a9cf35e6d64654504663db381712da505d0985cd9a4edbd067c0f09c393486b138f01deb4771566d987ac16a6ed0ac5c9b592a20878e5b4050e594f376523697a0aba321a6704db28b0f0fcdf0d8e2a6f1788064d49807f080d7aa29f795935d61bcf152fe39a45a713fd0a3b2982f65437828e110b2edcdbd7b462d5ef8e87ad0aa2352cf3fb1e05787602ed66efd77a7b88c73e76dd1b368e5845cc032ed719635b0db27b39ddc12d899b742a1499ffaa4b95c0a1f29cd85a7d2d30be5bd1fd384a6e4dd3b93b46352ece5144a2ce989bcb8e6255e04e6d5d0a6b4b2736715b116b06189491b4a4a9fd9e482413b2b8851b273b10820040b490de9414fcdee5126ddbedaaddcb8c844cc7e0264f65c4d3607dddf0dbd88a7f3d1ff35bea1bcb48eb576e7083fd8bf8d6a6a1567f77819c3bbe93ff92418632d30fa2b933b33fcf163b5a942d870f22d13ad6be938ddf61de391b35e68fc9ad71aeb7cddfb73e071162bfd1c7facd10e50e9f8046c7ee6f89830b70955a3908c18cc79138c335a5159adb3229e02576cbd1829b4c67504fbe785e3c2129d53cbc3b00a62b232e16a01e01b2dc159fea676ea8c0ad0d8f41ea1840092f4900d26f48b5c549211240a5c5ab663b4f9ac463df05c86af9a3f2e595d4f9981b108d44e9ee060fc8736d7ff71a609252fe6becd2aacb23b7ac66ad8a3dfca068fb7846b9588a0b027e45f96d73cdf6c2d9494c6c5c129a8f5a1e8c4f4e6a1adec722ba74e5a002b1c87793cfc5c689ac82881ac346c3e5be4f6570d3669f797916e2018a784d6a88671c6cd803585ba49cabea506177c5e41145d2c7f192012e1478e409d2dde7de2ac2b03b9d808afaf5f761032fd562d587c653eb07ad8ede76dc1aa8a1e7fb5a56f04e3dfa10e77ee1e51f6879c2670278c8471e03b0f62eee8ec60336b604b6721a81d8ef630749dac6298b488ec09a4aa61ced579231d4231a9cf6d7f20683194e6709fbea4ed66cfdec9a7238bbad6894ceb6c0ca3307274f2749be8450180456280289d0179d8396902250cddd7a440c24ae7df78bc8e146b1b8e5c9924d2b07646ff577da61968503bad37d240aacc9dbba0f665acf1d56667d1aa7e497b7947cca22f7a55113f5e10bc9987e9b5d9405f625a604f7099cf365ea8d3530dfba6b9977f8441e23147049ae8bf0231d824397e885589c693d8a7e756e46baf67f21b062cf6d8db25140c4301233bcb18b408e3c7959056a3307546f09f13e2e732dc26b9bab0ac74d72bc0f115f7cf682aed23d9c627da1c4e4b221bd85a6c19f0391b23137f551cfb99cb1da33d42840439d0ec5f2d0e75c74d15918460e915c18dccf2f9d0ee508292c871ec9f4f2a2d1628a914487df2e8aa43bbb0bf1427e2f99e8eaaa588df310b9e50aeba057b2ce863eaaf9ecca3fc190d88bf10", 0xfffffffffffffee9, 0x4004085, 0x0, 0x49) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e21, @remote}, 0x10) 4.532519581s ago: executing program 1 (id=118): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0x1, 0xbf22}, 0x48) 4.460170776s ago: executing program 1 (id=119): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000940)=@base={0x1e, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$packet(0x11, 0x3, 0x300) bpf$ENABLE_STATS(0x20, 0x0, 0x0) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x7}, 0x4) setsockopt$packet_int(r1, 0x107, 0x16, &(0x7f0000000000)=0x4, 0x4) syz_emit_ethernet(0x66, &(0x7f00000004c0)={@local, @local, @void, {@ipv6={0x86dd, @icmpv6={0x8, 0x6, "ecad80", 0x30, 0x3a, 0xff, @private1, @local, {[], @param_prob={0x4, 0x2, 0x0, 0x2, {0x7, 0x6, "a9ccf8", 0x5dc, 0x87, 0xff, @remote, @mcast2}}}}}}}, 0x0) 4.24208272s ago: executing program 1 (id=120): mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r0 = socket$packet(0x11, 0x2, 0x300) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x50) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r1, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xa000000}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000180)=r2, 0x4) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x43}, 0x94) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x42}, 0xe0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0xb68, 0xf5ffffff, &(0x7f0000000000)='%', 0x0, 0xd01, 0xbe02, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 3.692897117s ago: executing program 1 (id=121): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x24, 0x2, 0x3, 0x5, 0x0, 0x0, {0x0, 0x0, 0x1}, [@NFQA_CFG_MASK={0x8, 0x4, 0x1, 0x0, 0xc}, @NFQA_CFG_FLAGS={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x4000008) 3.607602952s ago: executing program 1 (id=122): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_open_procfs$namespace(r1, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newsa={0x138, 0x1a, 0x1, 0xfffffffe, 0x101, {{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x4001, 0x71c, 0x4e23, 0x5, 0xa, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@multicast1, {0x0, 0x192, 0x9ba3, 0xffff, 0x8251c, 0x5, 0x81}, {0xffffffffffffffff, 0x0, 0x40000000000001d, 0xfffffffffffffffe}, {0xfffffffa, 0x3fc, 0xff}, 0x80, 0x3500, 0x2, 0x1, 0x4, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x4000}, 0x844) ioctl$BTRFS_IOC_SEND(0xffffffffffffffff, 0x40489426, 0x0) socket$inet(0x2, 0x80000, 0x0) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r5, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port1\x00', 0x72, 0x71cf8, 0x0, 0x8000008, 0x4, 0x2, 0x1, 0x0, 0x7cce8c743ee810df}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r5, 0x40505330, &(0x7f0000000380)={0x800080, 0x3, 0x5, 0x9, 0x0, 0x4000055a}) 1.129006156s ago: executing program 0 (id=123): unshare(0x22020400) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) 442.05954ms ago: executing program 0 (id=124): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000540)) 304.31014ms ago: executing program 1 (id=125): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa802, 0x0) close(r1) socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast}) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0xb, 0xd}, {0xf}, {0x8, 0xfff1}}}, 0x24}}, 0x40004) recvmmsg(r4, &(0x7f0000005140)=[{{0x0, 0x0, &(0x7f0000001a80)=[{&(0x7f0000000640)=""/216, 0xd8}, {&(0x7f0000003080)=""/4087, 0xff7}], 0x2}, 0x3}], 0x1, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 252.679223ms ago: executing program 0 (id=126): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0x8) 0s ago: executing program 0 (id=127): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) close(r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r4, r3, 0x26}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r4}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20) recvmsg$unix(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000006c0)=""/179, 0x33fe0}], 0x1}, 0x12) sendmsg$inet(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x33fe0}], 0x1}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:18701' (ED25519) to the list of known hosts. syzkaller login: [ 74.032787][ T3308] cgroup: Unknown subsys name 'net' [ 74.228982][ T3308] cgroup: Unknown subsys name 'cpuset' [ 74.248461][ T3308] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 74.695273][ T3308] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 82.824307][ T3315] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.841006][ T3316] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.858041][ T3315] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.873445][ T3316] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.895048][ T3315] hsr_slave_0: entered promiscuous mode [ 83.901449][ T3315] hsr_slave_1: entered promiscuous mode [ 84.077664][ T3316] hsr_slave_0: entered promiscuous mode [ 84.085108][ T3316] hsr_slave_1: entered promiscuous mode [ 84.088051][ T3316] debugfs: 'hsr0' already exists in 'hsr' [ 84.091487][ T3316] Cannot create hsr debugfs directory [ 85.005571][ T3315] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 85.040125][ T3315] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 85.091498][ T3315] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 85.114710][ T3315] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 85.310049][ T3316] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 85.337420][ T3316] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 85.351313][ T3316] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 85.381103][ T3316] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 86.211965][ T3315] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.376707][ T3316] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.576357][ T3316] veth0_vlan: entered promiscuous mode [ 89.602799][ T3315] veth0_vlan: entered promiscuous mode [ 89.616808][ T3316] veth1_vlan: entered promiscuous mode [ 89.659235][ T3315] veth1_vlan: entered promiscuous mode [ 89.758087][ T3316] veth0_macvtap: entered promiscuous mode [ 89.794819][ T3316] veth1_macvtap: entered promiscuous mode [ 89.854597][ T3315] veth0_macvtap: entered promiscuous mode [ 89.878182][ T3315] veth1_macvtap: entered promiscuous mode [ 89.997202][ T1743] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.011534][ T1743] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.011881][ T1743] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.014705][ T1743] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.133765][ T1769] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.134468][ T1769] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.134628][ T1769] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.134772][ T1769] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.490468][ T3315] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 91.986833][ T3480] netlink: 'syz.1.8': attribute type 29 has an invalid length. [ 94.553605][ T3462] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 94.800068][ T3462] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 94.812911][ T3462] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 94.816392][ T3462] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 94.817795][ T3462] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 94.840205][ T3462] usb 1-1: config 0 descriptor?? [ 98.827441][ T3518] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 98.834953][ T3518] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 102.960678][ T3527] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 102.981332][ T3527] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 103.406541][ T3531] netlink: 28 bytes leftover after parsing attributes in process `syz.1.24'. [ 103.408270][ T3531] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 103.408347][ T3531] IPv6: NLM_F_CREATE should be set when creating new route [ 103.408571][ T3531] IPv6: NLM_F_CREATE should be set when creating new route [ 105.006889][ T3549] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 105.009604][ T3549] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 107.770557][ T3556] netlink: 4 bytes leftover after parsing attributes in process `syz.1.32'. [ 109.275156][ T3461] usb 1-1: USB disconnect, device number 2 [ 109.704468][ T3461] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 109.853646][ T3461] usb 1-1: Using ep0 maxpacket: 8 [ 109.878113][ T3461] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 109.878549][ T3461] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 109.879264][ T3461] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 109.879420][ T3461] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 109.879801][ T3461] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 109.879881][ T3461] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 110.119469][ T3461] usb 1-1: usb_control_msg returned -32 [ 110.119831][ T3461] usbtmc 1-1:16.0: can't read capabilities [ 110.168341][ T3461] usb 1-1: USB disconnect, device number 3 [ 111.415520][ T3578] netlink: 4 bytes leftover after parsing attributes in process `syz.0.37'. [ 111.662738][ C1] vcan0: j1939_tp_rxtimer: 0x00000000a5ae0cae: rx timeout, send abort [ 111.666062][ C1] vcan0: j1939_xtp_rx_abort_one: 0x00000000a5ae0cae: 0x20000: (3) A timeout occurred and this is the connection abort to close the session. [ 115.764879][ T3595] netlink: 4 bytes leftover after parsing attributes in process `syz.1.48'. [ 116.662814][ T9] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 116.853386][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 116.866628][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 116.867072][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 116.867298][ T9] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 116.867467][ T9] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 116.867547][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 116.899525][ T9] usb 1-1: config 0 descriptor?? [ 117.373595][ T9] hid (null): usage index exceeded [ 117.378898][ T9] hid-generic 0003:045E:07DA.0001: unknown main item tag 0x0 [ 117.379185][ T9] hid-generic 0003:045E:07DA.0001: ignoring exceeding usage max [ 117.386075][ T9] hid-generic 0003:045E:07DA.0001: ignoring exceeding usage max [ 117.386264][ T9] hid-generic 0003:045E:07DA.0001: usage index exceeded [ 117.386369][ T9] hid-generic 0003:045E:07DA.0001: item 0 1 2 2 parsing failed [ 117.387488][ T9] hid-generic 0003:045E:07DA.0001: probe with driver hid-generic failed with error -22 [ 117.471177][ T3615] netlink: 4 bytes leftover after parsing attributes in process `syz.1.54'. [ 117.576930][ T3564] usb 1-1: USB disconnect, device number 4 [ 118.075863][ T3627] netlink: 4 bytes leftover after parsing attributes in process `syz.1.59'. [ 120.410255][ C1] vcan0: j1939_tp_rxtimer: 0x00000000e74ea31e: rx timeout, send abort [ 120.411809][ C1] vcan0: j1939_xtp_rx_abort_one: 0x00000000e74ea31e: 0x20000: (3) A timeout occurred and this is the connection abort to close the session. [ 120.505899][ T3644] netlink: 4 bytes leftover after parsing attributes in process `syz.0.65'. [ 121.161395][ T3649] netlink: 37 bytes leftover after parsing attributes in process `syz.0.66'. [ 123.099703][ T3662] netlink: 4 bytes leftover after parsing attributes in process `syz.0.71'. [ 123.289198][ C1] vcan0: j1939_tp_rxtimer: 0x00000000b7b29988: rx timeout, send abort [ 123.290459][ C1] vcan0: j1939_xtp_rx_abort_one: 0x00000000b7b29988: 0x20000: (3) A timeout occurred and this is the connection abort to close the session. [ 125.223222][ T9] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 125.417711][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 125.418089][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 125.420134][ T9] usb 1-1: New USB device found, idVendor=06cb, idProduct=2968, bcdDevice= 0.00 [ 125.420230][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 125.460679][ T9] usb 1-1: config 0 descriptor?? [ 125.910826][ T9] hid-generic 0003:06CB:2968.0002: unknown main item tag 0x1 [ 125.911292][ T9] hid-generic 0003:06CB:2968.0002: unbalanced delimiter at end of report description [ 125.913900][ T9] hid-generic 0003:06CB:2968.0002: probe with driver hid-generic failed with error -22 [ 126.049516][ T30] audit: type=1326 audit(125.880:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3684 comm="syz.1.80" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb195c3e8 code=0x7ffc0000 [ 126.067931][ T30] audit: type=1326 audit(125.900:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3684 comm="syz.1.80" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb195c3e8 code=0x7ffc0000 [ 126.070330][ T30] audit: type=1326 audit(125.900:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3684 comm="syz.1.80" exe="/syz-executor" sig=0 arch=c00000b7 syscall=190 compat=0 ip=0xffffb195c3e8 code=0x7ffc0000 [ 126.074866][ T30] audit: type=1326 audit(125.900:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3684 comm="syz.1.80" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb195c3e8 code=0x7ffc0000 [ 126.081293][ T30] audit: type=1326 audit(125.900:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3684 comm="syz.1.80" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb195c3e8 code=0x7ffc0000 [ 126.114235][ T3564] usb 1-1: USB disconnect, device number 5 [ 127.581851][ C0] vcan0: j1939_tp_rxtimer: 0x000000003b05e836: rx timeout, send abort [ 127.583780][ C0] vcan0: j1939_xtp_rx_abort_one: 0x000000003b05e836: 0x20000: (3) A timeout occurred and this is the connection abort to close the session. [ 134.527130][ C1] vcan0: j1939_tp_rxtimer: 0x00000000a3b13097: rx timeout, send abort [ 134.529839][ C1] vcan0: j1939_xtp_rx_abort_one: 0x00000000a3b13097: 0x20000: (3) A timeout occurred and this is the connection abort to close the session. [ 135.952792][ T3461] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 136.112511][ T3461] usb 1-1: Using ep0 maxpacket: 16 [ 136.180586][ T3461] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00 [ 136.180906][ T3461] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 136.181252][ T3461] usb 1-1: Product: syz [ 136.181343][ T3461] usb 1-1: Manufacturer: syz [ 136.181411][ T3461] usb 1-1: SerialNumber: syz [ 136.206180][ T3461] usb 1-1: config 0 descriptor?? [ 136.227774][ T3461] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected [ 136.974440][ T3461] usb 1-1: Detected FT232H [ 136.986364][ T3461] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 137.448767][ T3461] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 137.632943][ T3726] usb 1-1: USB disconnect, device number 6 [ 137.733690][ T3726] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 137.736660][ T3726] ftdi_sio 1-1:0.0: device disconnected [ 137.768150][ T3733] netlink: 'syz.1.94': attribute type 1 has an invalid length. [ 142.362965][ T9] usb 1-1: new full-speed USB device number 7 using dummy_hcd [ 142.567970][ T9] usb 1-1: unable to get BOS descriptor or descriptor too short [ 142.577693][ T9] usb 1-1: not running at top speed; connect to a high speed hub [ 142.597275][ T9] usb 1-1: config 1 has an invalid interface number: 138 but max is 0 [ 142.598842][ T9] usb 1-1: config 1 has no interface number 0 [ 142.613695][ T9] usb 1-1: config 1 interface 138 has no altsetting 0 [ 142.637021][ T9] usb 1-1: New USB device found, idVendor=0cb8, idProduct=c90b, bcdDevice= d.ae [ 142.641603][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 142.644084][ T9] usb 1-1: Product: syz [ 142.645489][ T9] usb 1-1: Manufacturer: syz [ 142.645713][ T9] usb 1-1: SerialNumber: syz [ 142.910243][ T9] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 143.058407][ T9] usb 1-1: USB disconnect, device number 7 [ 143.281425][ T3528] udevd[3528]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.138/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 144.413406][ T9] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 144.592992][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 144.641475][ T9] usb 1-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 144.643848][ T9] usb 1-1: config 0 interface 0 has no altsetting 0 [ 144.645187][ T9] usb 1-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 144.646783][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 144.663395][ T9] usb 1-1: config 0 descriptor?? [ 145.723103][ T9] usbhid 1-1:0.0: can't add hid device: -71 [ 145.724820][ T9] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 145.733701][ T9] usb 1-1: USB disconnect, device number 8 [ 146.538818][ T3778] usb usb1: usbfs: process 3778 (syz.1.111) did not claim interface 0 before use [ 147.020735][ T3788] mmap: syz.1.116 (3788) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 151.913419][ T3820] ================================================================== [ 151.917169][ T3820] BUG: KASAN: invalid-access in __memcpy+0xc/0x54 [ 151.919522][ T3820] Write at addr fdff8000868ff1df by task syz.0.127/3820 [ 151.920028][ T3820] Pointer tag: [fd], memory tag: [fe] [ 151.920108][ T3820] [ 151.920905][ T3820] CPU: 1 UID: 0 PID: 3820 Comm: syz.0.127 Not tainted syzkaller #0 PREEMPT [ 151.921409][ T3820] Hardware name: linux,dummy-virt (DT) [ 151.921712][ T3820] Call trace: [ 151.922076][ T3820] show_stack+0x18/0x24 (C) [ 151.922486][ T3820] dump_stack_lvl+0x78/0x90 [ 151.922603][ T3820] print_report+0x108/0x61c [ 151.922661][ T3820] kasan_report+0x88/0xac [ 151.922709][ T3820] __do_kernel_fault+0x170/0x1c8 [ 151.922764][ T3820] do_bad_area+0x68/0x78 [ 151.922816][ T3820] do_tag_check_fault+0x34/0x44 [ 151.922905][ T3820] do_mem_abort+0x44/0x94 [ 151.922964][ T3820] el1_abort+0x44/0x68 [ 151.923016][ T3820] el1h_64_sync_handler+0x50/0xac [ 151.923065][ T3820] el1h_64_sync+0x6c/0x70 [ 151.923226][ T3820] __memcpy+0xc/0x54 (P) [ 151.923284][ T3820] convert_ctx_accesses+0x698/0xb2c [ 151.923340][ T3820] bpf_check+0x1374/0x293c [ 151.923391][ T3820] bpf_prog_load+0x63c/0xd40 [ 151.923437][ T3820] __sys_bpf+0x2e0/0x1a88 [ 151.923481][ T3820] __arm64_sys_bpf+0x24/0x34 [ 151.923525][ T3820] invoke_syscall+0x48/0x110 [ 151.923570][ T3820] el0_svc_common.constprop.0+0x40/0xe0 [ 151.923616][ T3820] do_el0_svc+0x1c/0x28 [ 151.923662][ T3820] el0_svc+0x34/0x128 [ 151.923706][ T3820] el0t_64_sync_handler+0xa0/0xe4 [ 151.923750][ T3820] el0t_64_sync+0x1a4/0x1a8 [ 151.924079][ T3820] [ 151.924651][ T3820] The buggy address belongs to a vmalloc virtual mapping [ 151.925994][ T3820] The buggy address belongs to the physical page: [ 151.926368][ T3820] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x473d6 [ 151.926754][ T3820] flags: 0x1ffc80000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x2) [ 151.927731][ T3820] raw: 01ffc80000000000 0000000000000000 dead000000000122 0000000000000000 [ 151.927798][ T3820] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 151.927927][ T3820] page dumped because: kasan: bad access detected [ 151.927981][ T3820] [ 151.928015][ T3820] Memory state around the buggy address: [ 151.928505][ T3820] Unable to handle kernel paging request at virtual address ffff8000868fef00 [ 151.928689][ T3820] Mem abort info: [ 151.928729][ T3820] ESR = 0x0000000096000007 [ 151.928801][ T3820] EC = 0x25: DABT (current EL), IL = 32 bits [ 151.928862][ T3820] SET = 0, FnV = 0 [ 151.928911][ T3820] EA = 0, S1PTW = 0 [ 151.928968][ T3820] FSC = 0x07: level 3 translation fault [ 151.929031][ T3820] Data abort info: [ 151.929075][ T3820] ISV = 0, ISS = 0x00000007, ISS2 = 0x00000000 [ 151.929125][ T3820] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 151.929184][ T3820] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 151.929389][ T3820] swapper pgtable: 4k pages, 52-bit VAs, pgdp=0000000042a58000 [ 151.929475][ T3820] [ffff8000868fef00] pgd=1000000042fcc003, p4d=1000000042fcd003, pud=1000000042fce003, pmd=10000000468d9403, pte=0000000000000000 [ 151.931137][ T3820] Internal error: Oops: 0000000096000007 [#1] SMP [ 151.953628][ T3820] Modules linked in: [ 151.954634][ T3820] CPU: 1 UID: 0 PID: 3820 Comm: syz.0.127 Not tainted syzkaller #0 PREEMPT [ 151.955262][ T3820] Hardware name: linux,dummy-virt (DT) [ 151.955841][ T3820] pstate: 624020c9 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 151.956346][ T3820] pc : kasan_metadata_fetch_row+0xc/0x28 [ 151.957467][ T3820] lr : print_report+0x29c/0x61c [ 151.957876][ T3820] sp : ffff8000867bb5e0 [ 151.958172][ T3820] x29: ffff8000867bb5e0 x28: fcf000000a94d280 x27: f2ff8000868fd060 [ 151.958861][ T3820] x26: 0000000000000060 x25: ffff800082517f10 x24: ffff800082517f18 [ 151.959408][ T3820] x23: ffff8000868ff1df x22: ffff8000824e87f0 x21: ffff8000868ff000 [ 151.959956][ T3820] x20: 00000000fffffffe x19: ffff8000868fef00 x18: 0000000000000010 [ 151.960491][ T3820] x17: 0000000000000000 x16: 0000000000006400 x15: ffff8000867bb460 [ 151.961172][ T3820] x14: ffff8000867bb65c x13: ffff8000867bb649 x12: ffff800082adf268 [ 151.961715][ T3820] x11: 0000000000000001 x10: 0000000000000001 x9 : 000000000002ffe8 [ 151.962543][ T3820] x8 : fcf000000a94d280 x7 : 0000000000000010 x6 : ffff800081ce18c0 [ 151.963089][ T3820] x5 : 0000000000000030 x4 : 0000000000000002 x3 : ffff8000868ff000 [ 151.963632][ T3820] x2 : ffff8000868fef00 x1 : ffff8000868fef10 x0 : ffff8000867bb638 [ 151.964401][ T3820] Call trace: [ 151.965020][ T3820] kasan_metadata_fetch_row+0xc/0x28 (P) [ 151.965607][ T3820] kasan_report+0x88/0xac [ 151.965966][ T3820] __do_kernel_fault+0x170/0x1c8 [ 151.966344][ T3820] do_bad_area+0x68/0x78 [ 151.966663][ T3820] do_tag_check_fault+0x34/0x44 [ 151.967003][ T3820] do_mem_abort+0x44/0x94 [ 151.967331][ T3820] el1_abort+0x44/0x68 [ 151.967636][ T3820] el1h_64_sync_handler+0x50/0xac [ 151.968002][ T3820] el1h_64_sync+0x6c/0x70 [ 151.968476][ T3820] __memcpy+0xc/0x54 (P) [ 151.968871][ T3820] convert_ctx_accesses+0x698/0xb2c [ 151.969289][ T3820] bpf_check+0x1374/0x293c [ 151.969606][ T3820] bpf_prog_load+0x63c/0xd40 [ 151.969976][ T3820] __sys_bpf+0x2e0/0x1a88 [ 151.970293][ T3820] __arm64_sys_bpf+0x24/0x34 [ 151.970600][ T3820] invoke_syscall+0x48/0x110 [ 151.970968][ T3820] el0_svc_common.constprop.0+0x40/0xe0 [ 151.971330][ T3820] do_el0_svc+0x1c/0x28 [ 151.971643][ T3820] el0_svc+0x34/0x128 [ 151.971940][ T3820] el0t_64_sync_handler+0xa0/0xe4 [ 151.972526][ T3820] el0t_64_sync+0x1a4/0x1a8 [ 151.973303][ T3820] Code: d65f03c0 91040023 aa0103e2 91004021 (d9600042) [ 151.974363][ T3820] ---[ end trace 0000000000000000 ]--- [ 151.975330][ T3820] Kernel panic - not syncing: Oops: Fatal exception [ 151.976012][ T3820] SMP: stopping secondary CPUs [ 151.977119][ T3820] Kernel Offset: disabled [ 151.977429][ T3820] CPU features: 0x000000,00068cc1,7ef8cf80,957fff3f [ 151.978069][ T3820] Memory Limit: none [ 151.979063][ T3820] Rebooting in 86400 seconds.. VM DIAGNOSIS: 10:55:33 Registers: info registers vcpu 0 CPU#0 PC=ffff800081b8787c X00=ffff800081b87878 X01=ffff800081463e88 X02=0000000000000000 X03=f5f000000a915400 X04=f4f00000073b2028 X05=0000000000000000 X06=00000000008d5d36 X07=0000000000000000 X08=0000000000000038 X09=0000000000000000 X10=0000000000000001 X11=ffff800082dae840 X12=000000000000f891 X13=0000000000000030 X14=0000000000000000 X15=0000000000000000 X16=ffff800082de8000 X17=fff07ffffcef4000 X18=0000ffffb1444fff X19=ffff800082d18cc0 X20=00000023284d2600 X21=00000000000074fe X22=f5f000000a915462 X23=f5f000000a915462 X24=0000000000000000 X25=f5f000000a91544e X26=ffff800082dae840 X27=f5f0000009420000 X28=f4f00000073b2000 X29=ffff800082deb7c0 X30=ffff800081463ea0 SP=ffff800082deb7c0 PSTATE=60402009 -ZC- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:637062696c2f3436:62696c2f7273752f Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00302e6f732e382d:326572637062696c Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff0000000000 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:3333333333333333:3333333333333333 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000c000000000c0 Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 info registers vcpu 1 CPU#1 PC=ffff8000809303c8 X00=0000000000000002 X01=0000000000000030 X02=ffff800082e15030 X03=ffff800082badf28 X04=0000000000000001 X05=0a0a0a0a0a0a0a0a X06=0000000000000063 X07=0000000000000000 X08=7f7f7f7f7f7f7f7f X09=ffff800082badf58 X10=0000000000000001 X11=ffff8000867bb100 X12=ffff800082adf268 X13=ffff8000867baedd X14=ffff8000867baee8 X15=ffff8000867bad50 X16=0000000000006400 X17=0000000000000000 X18=00000000ffffffff X19=f3f00000030e5880 X20=ffff8000867bb100 X21=0000000000000000 X22=0000000000000000 X23=0000000000000000 X24=0000000000000000 X25=00000000000000c0 X26=ffffffffffffffff X27=ffff800082751000 X28=ffffffffffffffff X29=ffff8000867bb040 X30=ffff8000809309ac SP=ffff8000867bb040 PSTATE=804020c9 N--- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:000000a003000000:000000a003000000 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00000000000000a0 Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000028:00000000000000a0 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6edc4d3a2914b135:d8e9c869e2695c88 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:b20fae707afde253:388e9c6c4fa85ca0 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000fffff949a5d0:0000fffff949a5d0 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000fffff949a5a0 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000