last executing test programs: 5.391392337s ago: executing program 0 (id=3): ioctl$TIOCSWINSZ(0xffffffffffffffff, 0x5414, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000017000000400006803c00040063636d2861657329"], 0x54}, 0x1, 0x0, 0x0, 0x4}, 0x4000004) 5.082081437s ago: executing program 0 (id=5): bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0x3, 0x0, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000004c0)={'veth1_virt_wifi\x00', 0x0}) r3 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000800)={r1, r2, 0x25, 0x4, @val=@tcx}, 0x1c) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000009c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20080, 0x80e1}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x6, 0x3, &(0x7f0000000480)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000680)={r3, r5, 0x4, r1}, 0x10) 5.081714658s ago: executing program 1 (id=6): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r0, &(0x7f0000000f40)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000980)="98", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000340)="bae4e6c90e2c5160899c4dafaadec1", 0xf}, {&(0x7f0000000380)="863df713b27092133340e45590eac45df1f0a54f338c8d702066c10522ae8700", 0x20}, {&(0x7f0000000900)="5e9a96da6c96c227926d725c264c8db1743e2a714194d97fd4a96b32f3a0cc57ff3d188ab8257403ab87aac73eb1db3cffb4c9b525154c4571673658898503", 0x3f}], 0x3}}], 0x2, 0x4004) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 4.790181667s ago: executing program 1 (id=7): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x6, &(0x7f0000006680)) open_tree(0xffffffffffffff9c, 0x0, 0x89901) shmdt(0x0) 4.689854154s ago: executing program 1 (id=8): r0 = socket(0x10, 0x803, 0x2) syz_genetlink_get_family_id$mptcp(0x0, r0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x80) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a320000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) syz_emit_ethernet(0x4a, &(0x7f00000005c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd6000000000140600fe8000000000000000000000000000bbfe8000000000000000000040000000aa00004e220a81ad58b2a8fb3df44334d7af620060071522871c64c116bd793a9c1f243817b149114f00000000000000078b672b2e3e40", @ANYRES32, @ANYRES64], 0x0) 4.419512621s ago: executing program 1 (id=9): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socket$kcm(0x10, 0x2, 0x10) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r4, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xffffffed, 0x6}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000001}, 0x810) sendmsg$nl_route_sched(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x7fffe, {0x0, 0x0, 0x0, r4, {}, {0xb, 0xb}, {0x2, 0xb}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x6, 0x809, 0x205, 0x1, 0xc}, 0xb, 0x1, 0x32, 0x5, 0x9, 0x2, 0x9, 0xd, 0x0, 0x1, {0xffff1c72, 0x23, 0x7, 0x8, 0xfffffffe, 0x7583}}}}]}, 0x78}}, 0x8000) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000680)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x7, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) r7 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r7, &(0x7f0000000900)="bada30fbc99b5400040000ea0756", 0x36, 0x8040, &(0x7f00000001c0)={0x11, 0x88a8, r6, 0x1, 0xd8, 0x6, @multicast}, 0x14) 3.586291645s ago: executing program 0 (id=10): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x400, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_TUPDATE={0x8, 0x4, 0x1}]}}]}, 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00"], 0x50}}, 0x20008844) 3.385658438s ago: executing program 0 (id=11): r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r0, 0x0, 0x0, 0x20000010, &(0x7f0000000540)={0x2, 0x400, @empty}, 0x10) ioctl$sock_inet_tcp_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000000)) 3.219599819s ago: executing program 1 (id=12): r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000340)={0x0, 0x304000, 0x800, 0x2000000, 0x1}, 0x1c) 3.022217242s ago: executing program 1 (id=13): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000faff0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3, 0x0, 0x5}, 0x18) syz_open_dev$evdev(&(0x7f0000000040), 0x2, 0x0) 689.947415ms ago: executing program 0 (id=14): bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000480)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000004c0)={'veth1_virt_wifi\x00', 0x0}) r3 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000800)={r1, r2, 0x25, 0x4, @val=@tcx}, 0x1c) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000009c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20080, 0x80e1}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x6, 0x3, &(0x7f0000000480)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000680)={r3, r5, 0x4, r1}, 0x10) 0s ago: executing program 0 (id=15): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071123d000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000006c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:60060' (ED25519) to the list of known hosts. syzkaller login: [ 84.904782][ T3317] cgroup: Unknown subsys name 'net' [ 85.111060][ T3317] cgroup: Unknown subsys name 'cpuset' [ 85.131384][ T3317] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 85.586727][ T3317] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 96.962569][ T3323] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.002372][ T3323] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.016641][ T3322] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.074412][ T3322] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 98.058052][ T3322] hsr_slave_0: entered promiscuous mode [ 98.064681][ T3322] hsr_slave_1: entered promiscuous mode [ 98.258498][ T3323] hsr_slave_0: entered promiscuous mode [ 98.264906][ T3323] hsr_slave_1: entered promiscuous mode [ 98.268459][ T3323] debugfs: 'hsr0' already exists in 'hsr' [ 98.270854][ T3323] Cannot create hsr debugfs directory [ 99.081239][ T3322] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 99.108952][ T3322] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 99.159765][ T3322] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 99.179059][ T3322] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 99.337178][ T3323] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 99.363561][ T3323] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 99.384952][ T3323] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 99.417600][ T3323] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 100.327150][ T3322] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.582940][ T3323] 8021q: adding VLAN 0 to HW filter on device bond0 [ 103.478983][ T3322] veth0_vlan: entered promiscuous mode [ 103.565368][ T3322] veth1_vlan: entered promiscuous mode [ 103.766243][ T3322] veth0_macvtap: entered promiscuous mode [ 103.797349][ T3322] veth1_macvtap: entered promiscuous mode [ 103.883253][ T3323] veth0_vlan: entered promiscuous mode [ 103.948587][ T3323] veth1_vlan: entered promiscuous mode [ 104.097150][ T1601] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.104684][ T1601] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.105186][ T1601] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.106877][ T1601] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.335456][ T3323] veth0_macvtap: entered promiscuous mode [ 104.414254][ T3323] veth1_macvtap: entered promiscuous mode [ 104.619100][ T1510] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.631866][ T1510] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.632249][ T1510] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.634194][ T1510] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.664577][ T3322] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 107.413968][ T1522] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.423909][ T1522] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.425799][ T1522] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.427531][ T1522] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.438072][ T3493] syzkaller0: entered promiscuous mode [ 107.438611][ T3493] syzkaller0: entered allmulticast mode [ 107.578449][ T3496] netlink: 8 bytes leftover after parsing attributes in process `syz.0.10'. [ 107.581892][ T3496] netlink: 12 bytes leftover after parsing attributes in process `syz.0.10'. [ 111.096006][ T3510] ================================================================== [ 111.100291][ T3510] BUG: KASAN: invalid-access in __memcpy+0xc/0x54 [ 111.102693][ T3510] Write at addr f7ff800084005180 by task syz.0.15/3510 [ 111.103255][ T3510] Pointer tag: [f7], memory tag: [fe] [ 111.103339][ T3510] [ 111.104181][ T3510] CPU: 1 UID: 0 PID: 3510 Comm: syz.0.15 Not tainted syzkaller #0 PREEMPT [ 111.104581][ T3510] Hardware name: linux,dummy-virt (DT) [ 111.104893][ T3510] Call trace: [ 111.105231][ T3510] show_stack+0x18/0x24 (C) [ 111.105590][ T3510] dump_stack_lvl+0x78/0x90 [ 111.105714][ T3510] print_report+0x108/0x61c [ 111.105778][ T3510] kasan_report+0x88/0xac [ 111.105830][ T3510] __do_kernel_fault+0x170/0x1c8 [ 111.105888][ T3510] do_bad_area+0x68/0x78 [ 111.105942][ T3510] do_tag_check_fault+0x34/0x44 [ 111.106046][ T3510] do_mem_abort+0x44/0x94 [ 111.106101][ T3510] el1_abort+0x44/0x68 [ 111.106157][ T3510] el1h_64_sync_handler+0x50/0xac [ 111.106213][ T3510] el1h_64_sync+0x6c/0x70 [ 111.106374][ T3510] __memcpy+0xc/0x54 (P) [ 111.106447][ T3510] convert_ctx_accesses+0x698/0xb2c [ 111.106509][ T3510] bpf_check+0x1374/0x293c [ 111.106565][ T3510] bpf_prog_load+0x63c/0xd40 [ 111.106617][ T3510] __sys_bpf+0x2e0/0x1a88 [ 111.106669][ T3510] __arm64_sys_bpf+0x24/0x34 [ 111.106726][ T3510] invoke_syscall+0x48/0x110 [ 111.106782][ T3510] el0_svc_common.constprop.0+0x40/0xe0 [ 111.106840][ T3510] do_el0_svc+0x1c/0x28 [ 111.106897][ T3510] el0_svc+0x34/0x128 [ 111.106950][ T3510] el0t_64_sync_handler+0xa0/0xe4 [ 111.107005][ T3510] el0t_64_sync+0x1a4/0x1a8 [ 111.107326][ T3510] [ 111.107821][ T3510] The buggy address belongs to a 1-page vmalloc region starting at 0xf7ff800084005000 allocated at bpf_check+0x8c/0x293c [ 111.110508][ T3510] The buggy address belongs to the physical page: [ 111.111064][ T3510] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4b526 [ 111.111626][ T3510] flags: 0x1ffe00000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x8) [ 111.112764][ T3510] raw: 01ffe00000000000 0000000000000000 dead000000000122 0000000000000000 [ 111.112835][ T3510] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 111.112970][ T3510] page dumped because: kasan: bad access detected [ 111.113021][ T3510] [ 111.113058][ T3510] Memory state around the buggy address: [ 111.113589][ T3510] Unable to handle kernel paging request at virtual address ffff800084004f00 [ 111.113775][ T3510] Mem abort info: [ 111.113815][ T3510] ESR = 0x0000000096000007 [ 111.113914][ T3510] EC = 0x25: DABT (current EL), IL = 32 bits [ 111.113977][ T3510] SET = 0, FnV = 0 [ 111.114031][ T3510] EA = 0, S1PTW = 0 [ 111.114093][ T3510] FSC = 0x07: level 3 translation fault [ 111.114160][ T3510] Data abort info: [ 111.114203][ T3510] ISV = 0, ISS = 0x00000007, ISS2 = 0x00000000 [ 111.114257][ T3510] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 111.114316][ T3510] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 111.114493][ T3510] swapper pgtable: 4k pages, 52-bit VAs, pgdp=0000000042a58000 [ 111.114580][ T3510] [ffff800084004f00] pgd=1000000042fcc003, p4d=1000000042fcd003, pud=1000000042fce003, pmd=1000000044e81403, pte=0000000000000000 [ 111.117145][ T3510] Internal error: Oops: 0000000096000007 [#1] SMP [ 111.139661][ T3510] Modules linked in: [ 111.140991][ T3510] CPU: 1 UID: 0 PID: 3510 Comm: syz.0.15 Not tainted syzkaller #0 PREEMPT [ 111.141796][ T3510] Hardware name: linux,dummy-virt (DT) [ 111.142445][ T3510] pstate: 624020c9 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 111.142981][ T3510] pc : kasan_metadata_fetch_row+0xc/0x28 [ 111.144234][ T3510] lr : print_report+0x29c/0x61c [ 111.144640][ T3510] sp : ffff800085f135e0 [ 111.144961][ T3510] x29: ffff800085f135e0 x28: f6f000000b485280 x27: f0ff800083ffd060 [ 111.145742][ T3510] x26: 0000000000000060 x25: ffff800082517dc0 x24: ffff800082517dc8 [ 111.146451][ T3510] x23: ffff800084005180 x22: ffff8000824e8698 x21: ffff800084005000 [ 111.147213][ T3510] x20: 00000000fffffffe x19: ffff800084004f00 x18: 0000000000000010 [ 111.147837][ T3510] x17: 0000000000000000 x16: 0000000000000000 x15: ffff800085f13460 [ 111.148442][ T3510] x14: ffff800085f1365c x13: ffff800085f13649 x12: ffff800082adf268 [ 111.149494][ T3510] x11: 0000000000000001 x10: 0000000000000001 x9 : 000000000002ffe8 [ 111.150524][ T3510] x8 : f6f000000b485280 x7 : 0000000000000010 x6 : ffff800081ce18c0 [ 111.151160][ T3510] x5 : 0000000000000030 x4 : 0000000000000002 x3 : ffff800084005000 [ 111.151729][ T3510] x2 : ffff800084004f00 x1 : ffff800084004f10 x0 : ffff800085f13638 [ 111.152535][ T3510] Call trace: [ 111.153495][ T3510] kasan_metadata_fetch_row+0xc/0x28 (P) [ 111.154133][ T3510] kasan_report+0x88/0xac [ 111.154503][ T3510] __do_kernel_fault+0x170/0x1c8 [ 111.154946][ T3510] do_bad_area+0x68/0x78 [ 111.155321][ T3510] do_tag_check_fault+0x34/0x44 [ 111.155698][ T3510] do_mem_abort+0x44/0x94 [ 111.156062][ T3510] el1_abort+0x44/0x68 [ 111.156398][ T3510] el1h_64_sync_handler+0x50/0xac [ 111.156789][ T3510] el1h_64_sync+0x6c/0x70 [ 111.157279][ T3510] __memcpy+0xc/0x54 (P) [ 111.157662][ T3510] convert_ctx_accesses+0x698/0xb2c [ 111.158133][ T3510] bpf_check+0x1374/0x293c [ 111.158492][ T3510] bpf_prog_load+0x63c/0xd40 [ 111.158865][ T3510] __sys_bpf+0x2e0/0x1a88 [ 111.159267][ T3510] __arm64_sys_bpf+0x24/0x34 [ 111.159610][ T3510] invoke_syscall+0x48/0x110 [ 111.160088][ T3510] el0_svc_common.constprop.0+0x40/0xe0 [ 111.160637][ T3510] do_el0_svc+0x1c/0x28 [ 111.161103][ T3510] el0_svc+0x34/0x128 [ 111.161422][ T3510] el0t_64_sync_handler+0xa0/0xe4 [ 111.161791][ T3510] el0t_64_sync+0x1a4/0x1a8 [ 111.162529][ T3510] Code: d65f03c0 91040023 aa0103e2 91004021 (d9600042) [ 111.163774][ T3510] ---[ end trace 0000000000000000 ]--- [ 111.164871][ T3510] Kernel panic - not syncing: Oops: Fatal exception [ 111.165600][ T3510] SMP: stopping secondary CPUs [ 111.166817][ T3510] Kernel Offset: disabled [ 111.167401][ T3510] CPU features: 0x000000,00068cc1,7ef8cf80,957fff3f [ 111.168616][ T3510] Memory Limit: none [ 111.170449][ T3510] Rebooting in 86400 seconds.. VM DIAGNOSIS: 20:57:06 Registers: info registers vcpu 0 CPU#0 PC=ffff800080754584 X00=f5f0000009083800 X01=0000000000000038 X02=0000000000000000 X03=0000000000000000 X04=f4f00000084d2568 X05=0000000000000030 X06=00000000fffffffe X07=00000000fffffffa X08=f4f00000084d2598 X09=000000000000001a X10=ffff800082debd78 X11=000000000000005a X12=0000000000000001 X13=0000000000000358 X14=0000000000000243 X15=00000000203f1680 X16=ffff800082de8000 X17=fff07ffffcef4000 X18=0000000000000014 X19=0000000000000000 X20=f5f0000009083800 X21=f5f0000009083828 X22=f5f0000009083828 X23=0000000000000040 X24=ffff800082debd88 X25=f1f0000005394000 X26=f1f0000003baaa80 X27=f2f0000003bbcf40 X28=f5f0000006097200 X29=ffff800082debc60 X30=ffff800080d36e00 SP=ffff800082debcd0 PSTATE=20402009 --C- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00000000000000d1:0000000000000000 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffffffffffff00:ffffffffffffffff Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:fffffffeffffffff Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0030706f6f6c2f6b:636f6c622f6c6175 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:3303330333033303:3303330333033303 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:c000003000003003:c000003000003003 Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000073:0000aaab04c22c90 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000074:0000aaab04c1ff70 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffd57a29f0:0000ffffd57a29f0 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000ffffd57a29c0 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 info registers vcpu 1 CPU#1 PC=ffff80008092e420 X00=0000000000000002 X01=0000000000000018 X02=ffff800082e15018 X03=ffff800082badf28 X04=fdf0000003b79080 X05=0000000000000034 X06=0000000000000029 X07=0000000000000000 X08=7f7f7f7f7f7f7f7f X09=ffff800082badf58 X10=0000000000000001 X11=ffff800085f13100 X12=ffff800082adf268 X13=ffff800085f12edd X14=ffff800085f12ee8 X15=ffff800085f12d50 X16=0000000000000000 X17=0000000000000000 X18=00000000ffffffff X19=f3f000000324800a X20=ffff80008092e5c4 X21=fdf0000003b79080 X22=f3f000000324803c X23=0000000000000000 X24=0000000000000000 X25=00000000000000c0 X26=ffffffffffffffff X27=ffff800082751000 X28=ffffffffffffffff X29=ffff800085f13000 X30=ffff80008092e5ec SP=ffff800085f13000 PSTATE=804020c9 N--- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00524f5252450040:0000000000000000 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00524f5252450040:0000000000000000 Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6edc4d3a2914b135:d8e9c869e2695c88 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:b20fae707afde253:388e9c6c4fa85ca0 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffcab23440:0000ffffcab23440 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000ffffcab23410 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000