last executing test programs: 2.956097484s ago: executing program 0 (id=126): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/capi20', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/capi20', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/capi20', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/capi20', 0x800, 0x0) 2.944283153s ago: executing program 0 (id=130): shmat(0x0, 0x0, 0x0) 2.89354082s ago: executing program 0 (id=133): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/sync/info', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/sync/info', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/sync/info', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/sync/info', 0x800, 0x0) 2.893352379s ago: executing program 0 (id=135): sysfs$1(0x1, &(0x7f0000000000)) 2.83630663s ago: executing program 0 (id=137): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video2', 0x2, 0x0) 2.835731874s ago: executing program 0 (id=141): pause() 1.114782142s ago: executing program 2 (id=268): fstatfs(0xffffffffffffffff, &(0x7f0000000000)) 1.113195136s ago: executing program 2 (id=271): socket$phonet_pipe(0x23, 0x5, 0x2) 1.054436583s ago: executing program 2 (id=273): socket$nl_crypto(0x10, 0x3, 0x15) 1.054366769s ago: executing program 2 (id=274): rseq(&(0x7f0000000000), 0x0, 0x0, 0x0) 1.054083286s ago: executing program 2 (id=275): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer', 0x800, 0x0) 976.680736ms ago: executing program 2 (id=276): msgrcv(0x0, &(0x7f0000000000), 0x0, 0x0, 0x0) 276.654817ms ago: executing program 1 (id=303): faccessat2(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) 276.412473ms ago: executing program 1 (id=304): socket$qrtr(0x2a, 0x2, 0x0) 276.177703ms ago: executing program 1 (id=305): socket$can_raw(0x1d, 0x3, 0x1) 209.09089ms ago: executing program 1 (id=306): getdents64(0xffffffffffffffff, &(0x7f0000000000), 0x0) 208.779408ms ago: executing program 1 (id=307): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vsock', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vsock', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock', 0x800, 0x0) 0s ago: executing program 1 (id=308): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:35281' (ED25519) to the list of known hosts. syzkaller login: [ 56.576784][ T5747] cgroup: Unknown subsys name 'net' [ 56.664048][ T5747] cgroup: Unknown subsys name 'cpuset' [ 56.668859][ T5747] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 58.678400][ T5747] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 65.691842][ T5987] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 65.810285][ T5998] mmap: syz.1.163 (5998) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 68.247173][ T6149] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 68.251232][ T6149] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 68.259104][ T6149] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 68.264305][ T6149] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 68.267747][ T6149] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 68.379982][ T6148] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 68.553469][ T6155] Oops: general protection fault, probably for non-canonical address 0xdffffc00177780ff: 0000 [#1] SMP KASAN PTI [ 68.559410][ T6155] KASAN: probably user-memory-access in range [0x00000000bbbc07f8-0x00000000bbbc07ff] [ 68.564843][ T6155] CPU: 1 UID: 0 PID: 6155 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 68.569108][ T6155] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 [ 68.573966][ T6155] RIP: 0010:percpu_ref_get_many+0x8d/0x140 [ 68.576915][ T6155] Code: 01 48 c7 c7 80 70 78 8b be 65 03 00 00 48 c7 c2 c0 70 78 8b e8 64 2b 6f ff 49 bc 00 00 00 00 00 fc ff df 4c 89 f8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ff e8 c4 50 f7 ff 49 8b 07 a8 03 75 62 [ 68.585645][ T6155] RSP: 0018:ffffc90004df7500 EFLAGS: 00010206 [ 68.588866][ T6155] RAX: 00000000177780ff RBX: ffffffff822de139 RCX: 14bab840e71f4400 [ 68.592213][ T6155] RDX: 0000000000000000 RSI: ffffffff8bc074c0 RDI: ffffffff8bc07480 [ 68.595454][ T6155] RBP: 0000000000000088 R08: 0000000000000000 R09: ffffffff822de139 [ 68.599449][ T6155] R10: dffffc0000000000 R11: fffffbfff1f3c1ef R12: dffffc0000000000 [ 68.603168][ T6155] R13: ffff88823c63b5c0 R14: 0000000000000001 R15: 00000000bbbc07f8 [ 68.606637][ T6155] FS: 0000555570ae6500(0000) GS:ffff8882a9d12000(0000) knlGS:0000000000000000 [ 68.610548][ T6155] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 68.613677][ T6155] CR2: 0000555562d8c5c8 CR3: 0000000113444000 CR4: 00000000000006f0 [ 68.617102][ T6155] Call Trace: [ 68.618549][ T6155] [ 68.619693][ T6155] refill_obj_stock+0x254/0x850 [ 68.622104][ T6155] ? refill_obj_stock+0x116/0x850 [ 68.624936][ T6155] __memcg_slab_free_hook+0x123/0x3b0 [ 68.627937][ T6155] ? kobject_uevent_env+0x361/0x8c0 [ 68.630347][ T6155] kfree+0x3f7/0x6d0 [ 68.632110][ T6155] ? kobject_uevent_net_broadcast+0x4db/0x560 [ 68.634333][ T6155] kobject_uevent_env+0x361/0x8c0 [ 68.636521][ T6155] netdev_queue_update_kobjects+0x346/0x6c0 [ 68.639130][ T6155] netdev_register_kobject+0x258/0x310 [ 68.641597][ T6155] register_netdevice+0x126c/0x1ae0 [ 68.644126][ T6155] ? __pfx_register_netdevice+0x10/0x10 [ 68.646578][ T6155] ? alloc_netdev_mqs+0xc89/0x11b0 [ 68.648862][ T6155] ? alloc_netdev_mqs+0xbf8/0x11b0 [ 68.651121][ T6155] ? alloc_netdev_mqs+0xe2a/0x11b0 [ 68.653204][ T6155] ? __ip_tunnel_create+0x3ba/0x560 [ 68.655438][ T6155] __ip_tunnel_create+0x3e7/0x560 [ 68.657611][ T6155] ? __pfx___ip_tunnel_create+0x10/0x10 [ 68.660197][ T6155] ? net_generic+0x1e/0x240 [ 68.662324][ T6155] ip_tunnel_init_net+0x2ba/0x800 [ 68.664569][ T6155] ? __pfx_ip_tunnel_init_net+0x10/0x10 [ 68.667160][ T6155] ops_init+0x35c/0x5c0 [ 68.668952][ T6155] setup_net+0xfe/0x320 [ 68.670857][ T6155] ? __pfx_setup_net+0x10/0x10 [ 68.673216][ T6155] ? copy_net_ns+0x337/0x4e0 [ 68.675677][ T6155] ? down_read_killable+0x1d1/0x350 [ 68.677932][ T6155] ? preinit_net+0x47d/0x740 [ 68.679705][ T6155] copy_net_ns+0x34e/0x4e0 [ 68.681440][ T6155] create_new_namespaces+0x3f3/0x720 [ 68.683685][ T6155] ? security_capable+0x7e/0x2e0 [ 68.686247][ T6155] unshare_nsproxy_namespaces+0x11c/0x170 [ 68.689279][ T6155] ksys_unshare+0x4c8/0x8c0 [ 68.691388][ T6155] ? __pfx_ksys_unshare+0x10/0x10 [ 68.693399][ T6155] __x64_sys_unshare+0x38/0x50 [ 68.695582][ T6155] do_syscall_64+0xfa/0xfa0 [ 68.697245][ T6155] ? lockdep_hardirqs_on+0x9c/0x150 [ 68.699105][ T6155] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.701333][ T6155] ? exc_page_fault+0xab/0x100 [ 68.703494][ T6155] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.705988][ T6155] RIP: 0033:0x7f85c81906c7 [ 68.708324][ T6155] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 10 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 68.716448][ T6155] RSP: 002b:00007ffe57c0ca58 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 68.719669][ T6155] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f85c81906c7 [ 68.723670][ T6155] RDX: 00007f85c818eec9 RSI: 00007ffe57c0ca20 RDI: 0000000040000000 [ 68.726913][ T6155] RBP: 00007ffe57c0cac0 R08: 00007f85c83a69d0 R09: 00007f85c83a69d0 [ 68.730253][ T6155] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe57c0cac0 [ 68.733586][ T6155] R13: 00007ffe57c0cac8 R14: 0000000000000009 R15: 0000000000000000 [ 68.737118][ T6155] [ 68.738692][ T6155] Modules linked in: [ 68.740899][ C1] vkms_vblank_simulate: vblank timer overrun [ 68.743884][ T6155] ---[ end trace 0000000000000000 ]--- [ 68.746322][ T6155] RIP: 0010:percpu_ref_get_many+0x8d/0x140 [ 68.748759][ T6155] Code: 01 48 c7 c7 80 70 78 8b be 65 03 00 00 48 c7 c2 c0 70 78 8b e8 64 2b 6f ff 49 bc 00 00 00 00 00 fc ff df 4c 89 f8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ff e8 c4 50 f7 ff 49 8b 07 a8 03 75 62 [ 68.757861][ T6155] RSP: 0018:ffffc90004df7500 EFLAGS: 00010206 [ 68.759944][ T6155] RAX: 00000000177780ff RBX: ffffffff822de139 RCX: 14bab840e71f4400 [ 68.763388][ T6155] RDX: 0000000000000000 RSI: ffffffff8bc074c0 RDI: ffffffff8bc07480 [ 68.767006][ T6155] RBP: 0000000000000088 R08: 0000000000000000 R09: ffffffff822de139 [ 68.770632][ T6155] R10: dffffc0000000000 R11: fffffbfff1f3c1ef R12: dffffc0000000000 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 68.774108][ T6155] R13: ffff88823c63b5c0 R14: 0000000000000001 R15: 00000000bbbc07f8 [ 68.778254][ T6155] FS: 0000555570ae6500(0000) GS:ffff8882a9d12000(0000) knlGS:0000000000000000 [ 68.782348][ T6155] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 68.785079][ T6155] CR2: 0000555562d8c5c8 CR3: 0000000113444000 CR4: 00000000000006f0 [ 68.788651][ T6155] Kernel panic - not syncing: Fatal exception [ 68.792111][ T6155] Kernel Offset: disabled [ 68.793991][ T6155] Rebooting in 86400 seconds.. VM DIAGNOSIS: 12:26:18 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000000 RBX=1ffff110478c7ffd RCX=ffff8881017e8000 RDX=0000000000000000 RSI=0000000000000001 RDI=0000000000000000 RBP=ffffc900017e77c0 RSP=ffffc900017e7640 R8 =ffffffff8f9e0f77 R9 =1ffffffff1f3c1ee R10=dffffc0000000000 R11=fffffbfff1f3c1ef R12=ffff88823c63ffe8 R13=dffffc0000000000 R14=ffff88812103b240 R15=0000000000000001 RIP=ffffffff81b424c8 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88818e712000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f85c81589c0 CR3=000000000df38000 CR4=000006f0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ffffffffffffff00 ffffffffffff0000 XMM01=ffffffffffffffff ffff000000000000 XMM02=ffffffffffffff00 ffffffffffff0000 XMM03=ffffffffffffffff ffff00ff00000000 XMM04=ffffffffffffff00 0000000000000000 XMM05=0000000000000000 0000000000007374 XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000 XMM08=ffffffffffffffff ffffffffffff0000 XMM09=0000000000000021 0000000000007374 XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000 XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000 XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000030 RBX=0000000000000030 RCX=0000000000000000 RDX=00000000000003f8 RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc90004df6d30 R8 =ffff888108a68237 R9 =1ffff1102114d046 R10=dffffc0000000000 R11=ffffffff851b2b90 R12=dffffc0000000000 R13=ffffffff99a0292e R14=ffffffff99d15fe0 R15=0000000000000000 RIP=ffffffff851b2c0c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000555570ae6500 ffffffff 00c00000 GS =0000 ffff8882a9d12000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000555562d8c5c8 CR3=0000000113444000 CR4=000006f0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525 XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000 XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 0000000000000000 XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000 XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 0000000000000000 XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000 XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000 XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000