last executing test programs:

8.391595089s ago: executing program 0 (id=164):
socket(0x10, 0x803, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'team_slave_0\x00', 0x7811})
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10)
syz_open_dev$tty1(0xc, 0x4, 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_buf(r4, 0x0, 0x10, &(0x7f00000006c0)="170000000200020000ffbe8c5ee17688a2003c000303000afdff0230040000d90200bb6a880000d6c9db0000db00000200df01800a0000ebfc0607bdff59100ac45761547a681f009cee4a5acba400001fb700674f00c88ebbf9315033bf79ac2dfc061f15003901dee2ffffffffe9000000000000000062068f5ee50ce5af9b1c568302ffff02ff0331dd3bab0840024f0298e9e90539062a80e605007f71174ab498a30b3e5a1b47b63a6323ded2aa084cd36276a3afff0100000001", 0xbd)

5.330092284s ago: executing program 0 (id=167):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000e00)={0xf8, r1, 0x5, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x33, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @val={0x3, 0x1}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @val={0x76, 0x6, {0x3, 0xe8, 0x24, 0x401}}}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @beacon=[@NL80211_ATTR_BEACON_TAIL={0x85, 0xf, [@fast_bss_trans={0x37, 0x54, {0xf1, 0x1, "74de46ee58670530cc07db14d6f2a74a", "7e6cce6d01e407fe7ac54aaf591b1603f42711dca75d6ecfa0d0cc2975b9888a", "773dcadaf5a7ed8f8a781dc251b44d0bccdef5bf214ed247de1b931b3e843a6e", [{0x3}]}}, @supported_rates={0x1, 0x2, [{0x12}, {0x18, 0x1}]}, @mesh_id={0x72, 0x6}, @random={0x3, 0x7, "9c5142df8e3044"}, @peer_mgmt={0x75, 0x14, {0x0, 0x4000, @void, @void, @val="7fd409c015fc9ba9bdabd6ae32346574"}}]}, @NL80211_ATTR_IE_ASSOC_RESP={0x4}, @NL80211_ATTR_IE_PROBE_RESP={0x4}]]}, 0xf8}, 0x1, 0x0, 0x0, 0x2400c004}, 0x20000014)

4.660051818s ago: executing program 0 (id=170):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000240)={0x2, 0x4e20, @multicast1}, 0x10)
connect$inet(r0, &(0x7f00000003c0)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x23}}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001a00)=ANY=[@ANYBLOB="18000000030000000000000026d0000095002b000000000093adff012255f674412d02000000880b5f04596a5e99fce658be2f200c699223886d8be4b50000005ab527ee3697f98125f30e6326996a3cfee33025a30b45bdcf2c69d105e5e55a1d273683623f1a5dc6e3c7e20eb7a98ecf3bd2cf898e924abe26ac296f660e69ba982fd76e00dcff7f0000ca6b78ad833488cfe4109eaf009eddcf21f5c63cde2f00150200000001000000520a0000151d010000000100bf00000000cc587424363da52001a3cdf2000000db74596fd72c002a60c1bc7dc8c38b7d2e13c50424b9dd1145d03ff45f70685c6bd9ff41c69b7de406e89dcbb7677e65a88a8407a9e7f9c0e91028b0856eb1ed9474480737a55ebb0bd701f7fb21135c6172eba7eb8a341f07e5a2d1e88b3cfc22df01e4bac9d97328fa2a82b5e8741e02056d93a433f50479387467824262852c7939db5672d07cdbe8e14abf56497e5d56dbe37551b870b2851c3f0a1a9ebfcba105a6ccdd01b0f04edb256c0200000073f6db43661bd7f0e2536ffbfe5ca31b4083145531458b7d1e341c6b351ebc5223f54d6bec93f4ef088e5d1be2515226988d664709ff03f1aa3dc7f1580ace9bf2afd28d0700000000000000d6eb372713255012e028cb2654d493a0b43bf21375709f348f5eda2967199cc936859a538100070000000000dc10e13ef227f627a40000ad1fa253d33fa74f172d3407ae4e1e347c0c6ef9dd2b6bb700000000000000000c586272c3f4d79bc36315745cb149f3cb385e6add14652003c7cdd3324f07d134d3a6c718bbd1aafe1140cff0be4c6f8df084c5e9734ae30aa9af030025f01ab03a9b1074407136bc506031f0916a39d3057d55183612b39e73ae8e6dc30356886a831836469e2051d937eb85f3f2d5ae2c1dca476b97419a3b76ed62409d004d7fbe362145d19605d760df4c5124ca325d374b371867a79b35c6617fc3327191fbf514573f0e30d1d60be2168fffc2f3dccd599a2cb77f124e22f87673675805494db821f39b50d938d5fd8c6b2a3a324c257bc9110971b749ccd74089ed6b86f81ca3ba47d8f71d290ed1b1a11f7a67125170c88c3b6a50692cc0064fc6bbd312536ac15016c85c6332226401b110da9c786eeca22debc99335587b54c13c3107008fa069af8223b38ced735c2d906551004d8dc10d88738488da01ffa4add56474573c964a270000f2f16625c0c10200000000c7a5ca60fdad159f2e44171f39638410020000004825d081f2d987f05c534187738655d7dc958f2046fa0c1619a6554b82d9c162eb61ca74f1ffdaccf0ea5f06e0fca8b27ff3983ab74fd3d560700a1fab44e77e312b3b129e000302d613916c9bcf9f0000fac73a5b6bfb27f88dba816020be760f7b45e001efada8000000000000fdaf4660402f7b3b79a433e08074ea2462974a00040000eb01352638f56dae0249d15ba8767259658878b7492cfbacde9b57cf4de00788adce638190f3570e0b4c80ef682df22201270955afb6008846557ee3bc09fda6dbb6550d597300eb82a184c96ffde5a30e5433e866665b98ca2002c804c22ff2634b7bfbf5c0d586cda5b45fd00dede1e88a4d41dee7cc76d7a23d06acb1d2d4c58faea84158bb440df2a694f4cdcaa4f65c22efffffffffffdd00000000d503d79986958115ae07b70f991430b7fb475d77b869ee02000000000000000000001ffff0ef89b2a68d2b05c995445d8a7700bcdfbec74fb2dd163e863315e84498dfb52bb93f6c9084659ce777ddac563c8596c2b1d8180289a61faa95a82bf1cfb7f2fd7252e9322abe282c33445d443a67467893b9bf0d1c8130ae6b226900000635376413c29f7c6f7b7e29b9a0c64e68328661f0c06e21f7d7dc22174ea4447a6f60edef3a4168d40200fbc71104512efe8e5d7d934aa289b4bd2b870000000000000000000007000000002000000000009b777883a02f0593dfc4cb4114b9f9cf4ad155110cc6ace2b322ac31bfa27847c799c8009a1ea5b98e525e6383ad7fd9795170e7b11e247603c2ff49a11459c7f606d729d3979676bffb3049166bb84a0f061991bd57c2566c10c282352aba05b6164ef876915a3f2491e4793e590dcc71de10da96366c1e992c0068c940dd4422c9882d3aa0f8a797b8fea6efcfb5276b7679f15559edaa977504cc0b2f777acb907ebf5fc14add71d0bca37405ded69b77ab4a3d7487fd04000000de17e1e13b93669b79556abb722d9c085b189b5fd1f30e8dc813f608830b110001732135e8e7262f290000923bfb6b41ff3792cee2fc37eee739c3e36a4bc80112968ec0d8902eced1fe552018014a463abbbf7ccd6a92a5734e3ebfca9b6e88e031f31de2183652e77c164c646a1cfd3710aa4205d8d4d4f974133ccb1e49feb42664eccd809c0ba8917eda87489e8946d5c8156197bcb66fd5606c63e3389ee9e8552381646365066ef9a36a449c96485c22ad1aa423b7b89efbc6cd54000bb0ea5f4f1e8773144fb6ac9a44d43593d77e66aa7ed7f3d4e7b211590c738888d02b2dbb0b2ba73ec72e1d8d7360a128499dd19e1e7b9b0671f4f58515b45ecb9964f3c4ddb8234391d514f8d996d8d6dd7f8fadfee2d7a0035638ce27c2936cb04b30a0eb0cde0000000000000040000000ec3c12ecee8fc3a40000000000000000e215b00ce2570b930723cbadb4033d1b8aaa2cfb3fb89e4a6e89737fd6232218a9e0c099d1eb59d60b3cca089785642f327139bc4394fb6d547a9b3c22599e780c1da7433fb47615d372e3fffe9703e37d5c87d513165278650738efcc04d27b766cf7f60066edd292f6c8a2174f391ed164bb1816819ceb3e378e776d422bc946cd9501accebeac3a5b31d8abc68ae537cd44a04e6bc21c35a7beab2610c51e593676bf635a20f597f4631b91454d182f826071f5210bd6d93173589929b23801e63c2266fde13b5a04b8d48be057c752bc415a756ea9b4d34156c4f73dd5e5924ef101a5fcdaf37c7ba2c4a9de9b000000000000000000000000000000a73b862e4b63c245616b522345587d0ee65a6902bdd0abd941e8aba37510b222ae544f395edd1b92ad53fc68f08ea00edc5e10d768836169dd296d56b306e8b75778c37571792a6c3d8b02ef378ebd59422cdd008bef6f80a80a68641ea5ed4f1126bb676098c10bf663eb3fb8c839364d28fd046dc64b35f9c3397ce6f4ad357b0000000000090000000088c7a8e2638f650a6f04a6f33a090f59414d6ebcbc687e66d600000000bd0a58ea6d36fc2cf9b9a71c137a2a22adb1006f371d4faf47285fd66fe0389afb96854bb360edcdf11b4ff6dd578bba93e949d240cde9b5836cb46032484dc19c93db7b6e5afa10547c78e76a3111557346e52566df196fd630561bb908fff4d2e19562aabd43742a26a43799f8636fa04ceb40c9e4ca1cfbbc7b949cd245a3ee118fd0d4f639444539af8766028d4ac4d4c548e290199e0dacbb4f6796b39bf32934d941ba2f88e3ebd0cf8e24f99eca86e4ca9b2cd2b54044a7fc4631572a6378a32df288785f146275c1f548e2a0c1016744e05f9de5044373d7650125027547eefe7b2d8c8871bb65395fae99d8456883705bfdfb00001854b2e5efa8aaf25827d659f592b1575281ec125de7fb91cd81d91dcb19f5cdf1e1e2b4a8a1389753a09110538689e38e07fb2dc72bd4fd11d7bc16aac5d85c6101bb722895248e463a5fb45ce0e564e90cb19d5993b471687ae4165e29cf2f58082115f5f8569896eedfd798733223e6d6584997510c374912ab798bd4af4654c01bb2c411bc36468ddd62b4eba5cfc8953526e0e5b1359797956152d0098ce47c62c3fe5a23219389622b7f65bf03527d25c3941b9cf1ffeedf6d99082bb57ea871c12213cc40900f83033bc18c529171fae324c315bc6ce358831d0230412212acfd5fc8d5cb0d028cf568e8bb40e27befe2ff01f7c6674a4d86d900633ea36641e0a781ea0ea7f2d928b8b22e2f97dd13348927375baea6863bef4acf4299096ada5cdd2a0eaafaa760a79d102d1e0c0000000000000000007926653b8d79ce16a432f124786a0bc3c5b7d196822492ae1ccf91aeac16406ad6f9cd3d96d57fceba8360ae49f73351814c9c2972f11064aaf3739d9100f9c0e4d0cb17d50c82e305ba7d62cf1cc6da26e34982a8c74dd8122cf5b5e7c34fd2712a0cef05e4d8ec7dd363219676bd9b19943185b132eb35a695e208dfa5cecdb1d6425c8879063c0f11bd64291a4209ee6dc1d9e901"], &(0x7f00002bf000)='GPL\x00', 0x4, 0xb7, &(0x7f0000000040)=""/183, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94)
r2 = socket$kcm(0x29, 0x5, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000180)={r0, r1})
ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, &(0x7f0000001380)={<r3=>0xffffffffffffffff})
sendmsg$nl_route_sched(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000980)=@newtclass={0x24, 0x28, 0x4, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xb, 0xa}, {0x5, 0xa}, {0xe, 0xffe0}}}, 0xfdef}, 0x1, 0x0, 0x0, 0x40d1}, 0x40d8)
recvfrom$inet(r3, 0x0, 0x0, 0x40000002, 0x0, 0x0)

4.149412243s ago: executing program 1 (id=173):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x6, @private=0xa010100, 0x4e21, 0x2, 'sed\x00', 0x2, 0x0, 0x68}, 0x2c)

4.079469148s ago: executing program 1 (id=174):
unshare(0x66000080)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup(r1)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
write$tun(r0, &(0x7f0000000100)={@val={0xa, 0x8100}, @void, @eth={@broadcast, @empty, @void, {@ipv6={0x86dd, @generic={0x9, 0x6, '\"\x00', 0x0, 0x2c, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, @mcast2}}}}}, 0x3a)

3.616903089s ago: executing program 1 (id=175):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
unshare(0x2040400)
sendmmsg$inet6(r0, 0x0, 0x0, 0x4)

3.471488628s ago: executing program 1 (id=176):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000000440)={'filter\x00', 0x104, 0x4, 0x408, 0x0, 0x0, 0x108, 0x320, 0x320, 0x218, 0x4, 0x0, {[{{@arp={@remote, @local, 0xffffff00, 0x0, 0x0, 0x0, {@mac=@link_local={0x2, 0x80, 0xc2, 0x7}, {[0xff, 0x0, 0x0, 0x0, 0x0, 0xff]}}, {@empty, {[0xff, 0xff]}}, 0x0, 0x0, 0x0, 0x0, 0xfff8, 0x0, 'bridge0\x00', 'erspan0\x00'}, 0xc0, 0x108}, @unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x6, 'syz0\x00'}}}, {{@arp={@dev={0xac, 0x14, 0x14, 0x19}, @multicast2, 0x0, 0xff, 0x5, 0x2, {@mac=@multicast, {[0x0, 0x0, 0x0, 0xff]}}, {@empty, {[0x0, 0xff, 0xff, 0xff, 0xff, 0xff]}}, 0x2, 0x4, 0x2, 0x2, 0x5, 0x7, 'ip6tnl0\x00', 'veth0_to_team\x00', {0xff}}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @remote, @broadcast, 0x8}}}, {{@uncond, 0xc0, 0x108}, @unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x1, 'syz1\x00'}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x458)

3.348511376s ago: executing program 1 (id=177):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='rxrpc_recvmsg\x00', r1}, 0x18)
r2 = socket$kcm(0x21, 0x2, 0x2)
recvmsg$kcm(r2, &(0x7f0000001a80)={0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)

3.169191568s ago: executing program 1 (id=178):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x0, 0x0, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x2d)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f00000005c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x4e0, 0x0, 0x18c, 0x203, 0x320, 0x19030000, 0x410, 0x2e0, 0x2e0, 0x410, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x2d8, 0x320, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{0x0, 0x0, 0x8}, {}, {0x20}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x8}, {}, {0x0, 0x0, 0x0, 0xe}, {0x0, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x3}, {0x2, 0x0, 0x4}, {}, {0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x8}, {}, {0x16}, {0x0, 0xff}, {}, {0x7}, {0x0, 0x0, 0x0, 0x4}, {0x0, 0x4, 0x0, 0x101}, {}, {0x0, 0x0, 0x5}, {}, {0x0, 0x0, 0x0, 0x9}, {0xfffc, 0x0, 0x0, 0x6}, {}, {0xfffe}, {}, {}, {}, {0xfffe, 0xfb}, {}, {0x7a04}, {}, {}, {0x20, 0x6}, {}, {}, {}, {0x0, 0x0, 0x0, 0x800}, {}, {0xb8c, 0x0, 0x0, 0xf00}, {0x0, 0x1, 0x0, 0x3}, {0x3}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {0x0, 0xfd}, {}, {}, {0x0, 0x0, 0x0, 0xfffffffd}, {}, {0x0, 0xb}, {0x4, 0x2}]}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x2, 'syz0\x00', {0x8001}}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0xb, 'syz0\x00', {0x6c8}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x540)

651.570797ms ago: executing program 0 (id=179):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a64000000060a010400000000000000000200000038000480340001800900010068617368000000002400028008000340000000a1080001400000000d080002400000000d08000440000000000900010073797a30000000000900020073797a32"], 0x8c}}, 0x4010840)

172.761359ms ago: executing program 0 (id=180):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x300, 0x1, &(0x7f0000000340)=[0x0], &(0x7f0000000040)=[0x1], 0x0, 0x0, 0x0, 0x7f})

0s ago: executing program 0 (id=181):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=@base={0x6, 0x4, 0x8, 0x8}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r1, 0x2000300, 0xe, 0x0, &(0x7f0000000000)="63eced8e46dc3f0adf3389f7b986", 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:64565' (ED25519) to the list of known hosts.
syzkaller login: [   80.113672][ T3313] cgroup: Unknown subsys name 'net'
[   80.294493][ T3313] cgroup: Unknown subsys name 'cpuset'
[   80.322304][ T3313] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   80.814980][ T3313] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   88.351042][ T3318] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   88.415628][ T3318] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   88.432081][ T3319] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   88.488533][ T3319] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   89.702384][ T3318] hsr_slave_0: entered promiscuous mode
[   89.707884][ T3318] hsr_slave_1: entered promiscuous mode
[   89.737687][ T3319] hsr_slave_0: entered promiscuous mode
[   89.746111][ T3319] hsr_slave_1: entered promiscuous mode
[   89.750976][ T3319] debugfs: 'hsr0' already exists in 'hsr'
[   89.751452][ T3319] Cannot create hsr debugfs directory
[   90.765780][ T3319] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   90.826493][ T3319] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   90.875102][ T3319] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   90.903477][ T3319] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   91.105462][ T3318] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   91.157653][ T3318] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   91.188337][ T3318] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   91.217173][ T3318] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   91.995885][ T3319] 8021q: adding VLAN 0 to HW filter on device bond0
[   92.325728][ T3318] 8021q: adding VLAN 0 to HW filter on device bond0
[   95.108340][ T3319] veth0_vlan: entered promiscuous mode
[   95.183255][ T3318] veth0_vlan: entered promiscuous mode
[   95.189370][ T3319] veth1_vlan: entered promiscuous mode
[   95.233447][ T3318] veth1_vlan: entered promiscuous mode
[   95.455192][ T3318] veth0_macvtap: entered promiscuous mode
[   95.472391][ T3319] veth0_macvtap: entered promiscuous mode
[   95.507812][ T3318] veth1_macvtap: entered promiscuous mode
[   95.528204][ T3319] veth1_macvtap: entered promiscuous mode
[   95.841363][ T2342] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   95.842228][ T2342] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.842413][ T2342] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   95.842554][ T2342] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   95.867458][ T2342] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   95.905949][   T39] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.931279][ T1305] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   95.931896][ T1305] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   96.494487][ T3319] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   96.494501][ T3318] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   97.234392][ T3470] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   97.238125][ T3470] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  102.910231][   T24] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  103.090819][   T24] usb 1-1: config 0 has an invalid descriptor of length 165, skipping remainder of the config
[  103.091913][   T24] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  103.092829][   T24] usb 1-1: New USB device found, idVendor=046d, idProduct=c71f, bcdDevice= 0.00
[  103.093006][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  103.114073][   T24] usb 1-1: config 0 descriptor??
[  103.147504][   T24] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  108.158019][   T40] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  108.177305][   T40] hid-generic 0000:0000:0000.0001: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  108.577063][ T3513] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  108.583966][ T3513] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  108.865307][ T3509] fido_id[3509]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  112.068555][  T784] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  112.086671][  T784] hid-generic 0000:0000:0000.0002: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  112.340076][ T3521] fido_id[3521]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  116.083692][    T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  116.097764][    T9] hid-generic 0000:0000:0000.0003: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  116.307471][ T3536] fido_id[3536]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  117.155527][  T784] usb 1-1: USB disconnect, device number 2
[  120.307127][ T3554] ALSA: mixer_oss: invalid OSS volume ''
[  120.440057][  T784] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  120.461556][  T784] hid-generic 0000:0000:0000.0004: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  120.961058][ T3559] fido_id[3559]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  124.067248][ T3539] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  124.090722][ T3539] hid-generic 0000:0000:0000.0005: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  124.368830][ T3576] trusted_key: encrypted_key: keyword 'upc' not recognized
[  124.492697][ T3573] fido_id[3573]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  125.077651][   T10] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  125.092611][   T10] hid-generic 0000:0000:0000.0006: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  125.261095][ T3586] fido_id[3586]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  127.562399][ T3539] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  127.574782][ T3539] hid-generic 0000:0000:0000.0007: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  127.587008][ T3597] hid-generic 0000:0000:0000.0007: pid 3597 passed too short report
[  127.867007][ T3598] fido_id[3598]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  129.086092][ T3406] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  129.095112][ T3406] hid-generic 0000:0000:0000.0008: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  129.526560][ T3611] fido_id[3611]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  129.828849][ T3406] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  129.856641][ T3406] hid-generic 0000:0000:0000.0009: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  130.035973][ T3621] fido_id[3621]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  130.675508][   T10] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  130.691466][   T10] hid-generic 0000:0000:0000.000A: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  130.972845][ T3638] fido_id[3638]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  134.067556][ T3421] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  134.090549][ T3421] hid-generic 0000:0000:0000.000B: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  134.603555][ T3650] fido_id[3650]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  134.970433][ T3406] usb 1-1: new full-speed USB device number 3 using dummy_hcd
[  135.144456][ T3406] usb 1-1: config index 0 descriptor too short (expected 156, got 27)
[  135.144790][ T3406] usb 1-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  135.146608][ T3406] usb 1-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10
[  135.146798][ T3406] usb 1-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64
[  135.146963][ T3406] usb 1-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  135.147050][ T3406] usb 1-1: config 0 interface 0 has no altsetting 0
[  135.172154][ T3406] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  135.172629][ T3406] usb 1-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  135.177718][ T3406] usb 1-1: Product: syz
[  135.177862][ T3406] usb 1-1: Manufacturer: syz
[  135.178046][ T3406] usb 1-1: SerialNumber: syz
[  135.193468][ T3406] usb 1-1: config 0 descriptor??
[  135.207878][ T3654] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  135.234938][ T3406] ldusb 1-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  135.246619][ T3406] ldusb 1-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  135.448191][    T9] usb 1-1: USB disconnect, device number 3
[  135.477530][    T9] ldusb 1-1:0.0: LD USB Device #0 now disconnected
[  137.403499][    T9] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[  137.410962][    T9] hid-generic 0000:0000:0000.000C: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  137.442799][ T3666] hid-generic 0000:0000:0000.000C: pid 3666 passed too short report
[  137.971269][ T3667] fido_id[3667]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  139.368032][  T784] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[  139.378173][  T784] hid-generic 0000:0000:0000.000D: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  139.599529][    C1] hrtimer: interrupt took 686470 ns
[  139.774627][ T3678] fido_id[3678]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  140.271989][ T3539] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0
[  140.290161][ T3539] hid-generic 0000:0000:0000.000E: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  140.451411][ T3689] fido_id[3689]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  141.066240][    T9] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[  141.093038][    T9] hid-generic 0000:0000:0000.000F: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  141.363997][ T3705] fido_id[3705]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  144.673593][ T3729] syz.1.94 uses obsolete (PF_INET,SOCK_PACKET)
[  145.900144][ T3539] usb 1-1: new full-speed USB device number 4 using dummy_hcd
[  146.069551][ T3539] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  146.072526][ T3539] usb 1-1: config 0 interface 0 has no altsetting 0
[  146.103360][ T3539] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  146.103625][ T3539] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  146.106826][ T3539] usb 1-1: Product: syz
[  146.107289][ T3539] usb 1-1: Manufacturer: syz
[  146.107384][ T3539] usb 1-1: SerialNumber: syz
[  146.120686][ T3539] usb 1-1: config 0 descriptor??
[  146.154156][ T3539] usb 1-1: selecting invalid altsetting 0
[  149.722934][ T3741] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  149.724257][ T3741] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  159.275714][ T3769] could not allocate digest TFM handle sha3-512-generic
[  159.637720][ T3777] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  159.644623][ T3777] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  159.890787][   T40] usb 1-1: USB disconnect, device number 4
[  166.462096][ T3823] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  166.725725][ T3827] loop9: detected capacity change from 0 to 7
[  166.735621][ T3827] Buffer I/O error on dev loop9, logical block 0, async page read
[  166.737570][ T3827] Buffer I/O error on dev loop9, logical block 0, async page read
[  166.737895][ T3827]  loop9: unable to read partition table
[  166.738642][ T3827] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  166.738642][ T3827] 
) failed (rc=-5)
[  166.804131][ T3516] Buffer I/O error on dev loop9, logical block 0, async page read
[  166.810319][ T3516] Buffer I/O error on dev loop9, logical block 0, async page read
[  166.814517][ T3516] Buffer I/O error on dev loop9, logical block 0, async page read
[  166.817345][ T3516] Buffer I/O error on dev loop9, logical block 0, async page read
[  166.832083][ T3516] Buffer I/O error on dev loop9, logical block 0, async page read
[  168.604291][ T3845] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  168.608103][ T3845] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  171.485527][ T3851] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  171.490955][ T3851] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  179.772353][ T3882] 8021q: adding VLAN 0 to HW filter on device bond1
[  179.854171][ T3882] 8021q: adding VLAN 0 to HW filter on device bond1
[  179.858432][ T3882] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[  179.867072][ T3882] bond1: (slave vxcan3): Error -95 calling set_mac_address
[  179.998114][ T3882] macvlan2: entered promiscuous mode
[  179.998759][ T3882] macvlan2: entered allmulticast mode
[  180.003893][ T3882] bond1: (slave macvlan2): Error -98 calling set_mac_address
[  181.394075][ T3895] binder: 3894:3895 tried to acquire reference to desc 0, got 1 instead
[  181.405414][ T3895] binder: 3894:3895 got transaction with too large buffer
[  181.412598][ T3895] binder: 3894:3895 transaction async to 3894:0 failed 5/29201/-22, code 0 size 96-24 line 3663
[  181.416655][   T40] binder: undelivered TRANSACTION_ERROR: 29201
[  181.969952][   T40] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  182.155407][   T40] usb 1-1: config 220 has an invalid interface number: 76 but max is 2
[  182.155770][   T40] usb 1-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  182.156108][   T40] usb 1-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  182.156279][   T40] usb 1-1: config 220 has no interface number 2
[  182.156693][   T40] usb 1-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  182.156789][   T40] usb 1-1: config 220 interface 0 has no altsetting 0
[  182.156886][   T40] usb 1-1: config 220 interface 76 has no altsetting 0
[  182.156953][   T40] usb 1-1: config 220 interface 1 has no altsetting 0
[  182.198175][   T40] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  182.198522][   T40] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  182.202212][   T40] usb 1-1: Product: syz
[  182.204004][   T40] usb 1-1: Manufacturer: syz
[  182.205165][   T40] usb 1-1: SerialNumber: syz
[  182.523282][   T40] usb 1-1: USB disconnect, device number 5
[  186.550299][ T3927] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  186.576093][ T3927] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  190.978379][ T3950] ==================================================================
[  190.982019][ T3950] BUG: KASAN: invalid-access in __memcpy+0xc/0x54
[  190.984190][ T3950] Write at addr fdff8000875316c0 by task syz.0.181/3950
[  190.984642][ T3950] Pointer tag: [fd], memory tag: [fe]
[  190.984760][ T3950] 
[  190.985527][ T3950] CPU: 1 UID: 0 PID: 3950 Comm: syz.0.181 Not tainted syzkaller #0 PREEMPT 
[  190.985855][ T3950] Hardware name: linux,dummy-virt (DT)
[  190.986135][ T3950] Call trace:
[  190.986450][ T3950]  show_stack+0x18/0x24 (C)
[  190.986754][ T3950]  dump_stack_lvl+0x78/0x90
[  190.986864][ T3950]  print_report+0x108/0x61c
[  190.986915][ T3950]  kasan_report+0x88/0xac
[  190.986958][ T3950]  __do_kernel_fault+0x170/0x1c8
[  190.987007][ T3950]  do_bad_area+0x68/0x78
[  190.987061][ T3950]  do_tag_check_fault+0x34/0x44
[  190.987140][ T3950]  do_mem_abort+0x44/0x94
[  190.987186][ T3950]  el1_abort+0x44/0x68
[  190.987232][ T3950]  el1h_64_sync_handler+0x50/0xac
[  190.987279][ T3950]  el1h_64_sync+0x6c/0x70
[  190.987446][ T3950]  __memcpy+0xc/0x54 (P)
[  190.987495][ T3950]  do_misc_fixups+0x174/0x1afc
[  190.987543][ T3950]  bpf_check+0x1384/0x293c
[  190.987591][ T3950]  bpf_prog_load+0x63c/0xd40
[  190.987635][ T3950]  __sys_bpf+0x2e0/0x1a88
[  190.987678][ T3950]  __arm64_sys_bpf+0x24/0x34
[  190.987721][ T3950]  invoke_syscall+0x48/0x110
[  190.987768][ T3950]  el0_svc_common.constprop.0+0x40/0xe0
[  190.987825][ T3950]  do_el0_svc+0x1c/0x28
[  190.987872][ T3950]  el0_svc+0x34/0x128
[  190.987917][ T3950]  el0t_64_sync_handler+0xa0/0xe4
[  190.987964][ T3950]  el0t_64_sync+0x1a4/0x1a8
[  190.988417][ T3950] 
[  190.988664][ T3950] The buggy address belongs to a 1-page vmalloc region starting at 0xfdff800087531000 allocated at bpf_check+0x8c/0x293c
[  190.990272][ T3950] The buggy address belongs to the physical page:
[  190.990662][ T3950] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4bc7d
[  190.991039][ T3950] flags: 0x1ffc80000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x2)
[  190.991951][ T3950] raw: 01ffc80000000000 0000000000000000 dead000000000122 0000000000000000
[  190.992008][ T3950] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[  190.992128][ T3950] page dumped because: kasan: bad access detected
[  190.992170][ T3950] 
[  190.992201][ T3950] Memory state around the buggy address:
[  190.992456][ T3950]  ffff800087531400: fd fd fd fd fd fd fd fd fe fe fe fe fe fe fe fe
[  190.992563][ T3950]  ffff800087531500: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[  190.992619][ T3950] >ffff800087531600: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[  190.992686][ T3950]                                                        ^
[  190.992947][ T3950]  ffff800087531700: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[  190.992978][ T3950]  ffff800087531800: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[  190.993052][ T3950] ==================================================================
[  190.994490][ T3950] Disabling lock debugging due to kernel taint
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  191.863368][ T2342] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  191.923801][ T2342] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  191.987093][ T2342] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  192.064362][ T2342] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  192.692243][ T2342] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  192.763218][ T2342] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  192.813822][ T2342] bond0 (unregistering): Released all slaves
[  192.903667][ T2342] hsr_slave_0: left promiscuous mode
[  192.907483][ T2342] hsr_slave_1: left promiscuous mode
[  192.925266][ T2342] veth1_macvtap: left promiscuous mode
[  192.925732][ T2342] veth0_macvtap: left promiscuous mode
[  192.926099][ T2342] veth1_vlan: left promiscuous mode
[  192.926403][ T2342] veth0_vlan: left promiscuous mode
[  194.117587][ T2342] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  194.194668][ T2342] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  194.251974][ T2342] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  194.326039][ T2342] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  194.797821][ T2342] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  194.834157][ T2342] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  194.873782][ T2342] bond0 (unregistering): Released all slaves
[  194.878654][ T2342] bond1 (unregistering): Released all slaves
[  194.945315][ T2342] hsr_slave_0: left promiscuous mode
[  194.946953][ T2342] hsr_slave_1: left promiscuous mode
[  194.952676][ T2342] veth1_macvtap: left promiscuous mode
[  194.952831][ T2342] veth0_macvtap: left promiscuous mode
[  194.953098][ T2342] veth1_vlan: left promiscuous mode
[  194.953345][ T2342] veth0_vlan: left promiscuous mode

VM DIAGNOSIS:
16:48:22  Registers:
info registers vcpu 0

CPU#0
 PC=ffff80008075ddb4 X00=ffff800082e00000 X01=0000000000020000
X02=0000000000000000 X03=0000000000000002 X04=0000000000000002
X05=ffff800082a03000 X06=0000000000000002 X07=ffff800082a03b18
X08=ffffffffffffffff X09=f4f0000006f61e00 X10=00000000c34bd1a5
X11=0000000000000000 X12=0000000000000023 X13=0000000000000000
X14=ffff800081bd4430 X15=ffff800081bd4430 X16=ffff800082de8000
X17=fff07ffffcef4000 X18=ffff80008733bb60 X19=f7f0000003048030
X20=fff000007f8f0c00 X21=ffff800081cfff18 X22=fff000007f8f0b80
X23=0000000000000001 X24=fff000007f8f0c00 X25=f5f0000006d7ca00
X26=f0f000000323b200 X27=ffff8000829dfa80 X28=fff000007f8f0b80
X29=ffff800082deb440 X30=ffff800080151ad4  SP=ffff800082deb440
PSTATE=404020c9 -Z-- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000000000000000 P01=0000000000000000 P02=0000000000000000
P03=0000000000000000 P04=0000000000000000 P05=0000000000000000
P06=0000000000000000 P07=0000000000000000 P08=0000000000000000
P09=0000000000000000 P10=0000000000000000 P11=0000000000000000
P12=0000000000000000 P13=0000000000000000 P14=0000000000000000
P15=0000000000000000 FFR=0000000000000000
Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffd608f600:3430333131323533
Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffff0000000000ff:0000000000000000
Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ff00000f00000000
Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffffffff0000ff
Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00000000fffff00f
Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00000000cccccc00
Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000073:0000aaab04236c90
Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000074:0000aaab04233f70
Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffd608f290:0000ffffd608f290
Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd8:0000ffffd608f260
Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
info registers vcpu 1

CPU#1
 PC=ffff80008075d9ec X00=ffff800082e21000 X01=f0f000000323b180
X02=fff07ffffcf0d000 X03=f0f000000323b180 X04=fcf000000300b100
X05=0000000000000001 X06=0000000000000001 X07=0000000000000000
X08=ffff8000831ebc18 X09=00000000000000c0 X10=0000000000000000
X11=ffff8000831ebe20 X12=ffff800082adf268 X13=ffff8000831ebb8d
X14=ffff8000831ebb98 X15=ffff8000831eba00 X16=ffff800082df0000
X17=fff07ffffcf0d000 X18=00000000ffffffff X19=f7f0000003048030
X20=0000000000000000 X21=0000000000000001 X22=0000000000000001
X23=ffff800082e20000 X24=ffff8000829e0f00 X25=f0f000000323b180
X26=0000000000000001 X27=0000000000000000 X28=f0f000000323b180
X29=ffff800082df3f50 X30=1dbf800080149b20  SP=ffff800082df3f50
PSTATE=804020c9 N--- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000000000000000 P01=0000000000000000 P02=0000000000000000
P03=0000000000000000 P04=0000000000000000 P05=0000000000000000
P06=0000000000000000 P07=0000000000000000 P08=0000000000000000
P09=0000000000000000 P10=0000000000000000 P11=0000000000000000
P12=0000000000000000 P13=0000000000000000 P14=0000000000000000
P15=0000000000000000 FFR=0000000000000000
Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0100000000000000:0100000000000000
Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000100000000:0000000000000000
Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000001:0000000000000000
Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00d000a800000000:0000000000000000
Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000002
Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000001:0000000000000002
Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6edc4d3a2914b135:d8e9c869e2695c88
Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:b20fae707afde253:388e9c6c4fa85ca0
Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffe3b730d0:0000ffffe3b730d0
Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000ffffe3b730a0
Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000