last executing test programs:

8.556352407s ago: executing program 0 (id=44):
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
pipe2$9p(0x0, 0x80000)
socket$inet6(0xa, 0x3, 0x87)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000700000000000000000000850000002300000095"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x8f, &(0x7f00000002c0)=""/143}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
syz_emit_ethernet(0x4e, &(0x7f0000000000)=ANY=[@ANYBLOB="0180c2000001aaaaaaaaaa1586dd6003136c00188700fc0200000000000000000000000000fdff0200000000000000000000000000013b"], 0x0)

8.09008018s ago: executing program 0 (id=45):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x3, '\x00', 0x0, 0x0}, 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x16, 0x1c, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000008000000850000008200000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7020000000000008500000008000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f00000007c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r2, 0xfca804a0, 0xe, 0x0, &(0x7f0000000040)="b80a000500000000e656ac90d0c9", 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

7.520667813s ago: executing program 0 (id=46):
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x43400, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000040000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r2)

5.782606044s ago: executing program 1 (id=47):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
r1 = eventfd2(0xd, 0x1)
ioctl$VHOST_SET_VRING_CALL(r0, 0x4008af21, &(0x7f0000000080)={0x0, r1})
ioctl$VHOST_SET_VRING_CALL(r0, 0x4008af21, &(0x7f0000000180)={0x0, r1})

5.142250933s ago: executing program 1 (id=48):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001400)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000111e6ca5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
r2 = syz_usb_connect$uac1(0x2, 0xa5, &(0x7f0000000480)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029300030100000009040000000101"], 0x0)
syz_usb_control_io(r2, &(0x7f00000009c0)={0x2c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0003020800000203"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r2, &(0x7f00000003c0)={0x2c, 0x0, &(0x7f0000000080)={0x0, 0x3, 0x4, @string={0x4, 0x3, "cc43"}}, 0x0, 0x0, 0x0}, 0x0)

4.682291426s ago: executing program 0 (id=49):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000480)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cf84ded40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c86e00f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec231fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895012f1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c3405000000000000003871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d37261774cc5a3bf6b466cb72812da518ff602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d50a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a31b16ac5fb73fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953f88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a5fe1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9d66ebbc8bab4ea81232fbef665f6212f875b2a00000000000000aceb111b66a500ca52fd8f848088c67ee65dfdcc4c580e9bc18c1699dca07d019bf1bf9dd3da480d6c155d7e60674ce88ab5ae07a9d16e22792d99986b531ab4e592ab5925da779e700cf20309a2137877690dc5c07956fc82d7b3bb46d3138041af18508938c9be4e5d0a98073463a5cff6c146d020743da474cb81677a6f389f0e00c33b70b7f8bab95435c27167f365a29fb09cbf35bf192f6a65616fa2ad9a6c7ca3a3ecd96aaecd993e8badb40e7eb8a22b0015e70c885cd519e28448168c6d914265998bff74ea1b0e651a6cae9419096248a0e41573827ad60fafce6e6540734c1f23f75337d836c31497e8112969a039d65aa297e2b046b5f4d11116a89f9f65693d4dc3e70fbfe0b2044fdb3f87e887d1daae8e38a0c19f668f776e19a02bb2449ee4384f6536879c85d7e41bc0276ee2b125d41ff358323311703ec01d64a573bdeb75bdcc87d01de38365ab9222713d2d1640a742d62fefb5403b2ed9969c32a0841e8c36b0107bb888eb14ac62e6d4bdfaeb9ee7436b97bf3825a19d6c8997ce285edf1d277ed703f560460417bfe702af833e83c5b987befb6d1fcf765ab7ea537d9dafb622a1ba8686cb9b1c63b84470364942e90d1cf856cead864f5e38c83b9ed86cc5725a20299ce512b165"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0xffffffffffffff22}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
open(&(0x7f0000000200)='./file0\x00', 0x40, 0x20)
r1 = open(&(0x7f0000000200)='./file0\x00', 0x800, 0x100)
fcntl$setlease(r1, 0x400, 0x0)
fcntl$setlease(r1, 0x400, 0x0)

4.397931132s ago: executing program 1 (id=50):
prlimit64(0x0, 0xe, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f00000002c0)='rpm_return_int\x00', r1}, 0x10)
syz_open_dev$usbfs(&(0x7f0000000040), 0xf, 0xc340)

4.228368078s ago: executing program 0 (id=51):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="300000001000010025bd7000f9dbdf2500000000", @ANYRES32=0x0, @ANYBLOB="1588c1000300000008001b00"], 0x30}, 0x1, 0x0, 0x0, 0x40801}, 0x4000000)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0xd4, r2, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}, @WGDEVICE_A_PEERS={0xac, 0x8, 0x0, 0x1, [{0x28, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @a_g}]}, {0x50, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e21, 0x6, @private0, 0x157}}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x4}, @WGPEER_A_PUBLIC_KEY={0x24}]}, {0x30, 0x0, 0x0, 0x1, [@WGPEER_A_FLAGS={0x8, 0x3, 0x5}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}]}]}]}, 0xd4}, 0x1, 0x0, 0x0, 0x404c844}, 0x40000)

2.938911337s ago: executing program 0 (id=52):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000001c00)=ANY=[@ANYBLOB], 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x50, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='itimer_state\x00', r0}, 0x10)
setitimer(0x1, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x4000366, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000711222000000000095000000000000008836a3ad656d80"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r5)
waitid(0x1000000000000000, 0x0, 0x0, 0x4, 0x0)

909.110806ms ago: executing program 1 (id=53):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000fdffffee0000000000000000850000002c00000095"], &(0x7f0000000040)='GPL\x00', 0x5, 0xbf, &(0x7f00000020c0)=""/191}, 0x80)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000280)={r1, r2}, 0x14)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
syz_emit_ethernet(0x5e, &(0x7f0000002e40)=ANY=[], 0x0)

580.824026ms ago: executing program 1 (id=54):
r0 = socket$netlink(0x10, 0x3, 0x6)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r2}, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000100)=0x1800, 0x4)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200130002000000da16c167d803f1f805000600200000000a00060000000000ff0000000000000000001ffeff0001000003f1dc7f7c6e7c02000100000000000040000280ffffff05000500000000000a"], 0x80}}, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000100)={0x0, 0xffffffffffffff53, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="fc0000001900010000000000fcdbdf2500000000000000000000000000000000fe8000000000000000000000000000bb000000000000000002"], 0xfc}, 0x1, 0x0, 0x0, 0x20004051}, 0xc080)

0s ago: executing program 1 (id=55):
r0 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000040)=0x6)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00'}, 0x18)
r2 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00'})
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f00000004c0)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000f0000000000000c00000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000014000200b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r7}, 0x10)
ppoll(0x0, 0x0, &(0x7f0000000080)={0x0, 0x989680}, &(0x7f0000000100)={[0x8]}, 0x8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syncfs(0xffffffffffffffff)
write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="200000001800010000000080000000000a0000000100000000000000"], 0x20}, 0x1, 0x0, 0x0, 0x84}, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:38729' (ED25519) to the list of known hosts.
syzkaller login: [  244.297522][ T3316] cgroup: Unknown subsys name 'net'
[  244.785296][ T3316] cgroup: Unknown subsys name 'cpuset'
[  244.919340][ T3316] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[  246.158905][ T3316] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  285.695326][ T3321] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  285.939632][ T3321] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  286.116765][ T3322] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  286.194477][ T3322] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  289.482145][ T3321] hsr_slave_0: entered promiscuous mode
[  289.497412][ T3321] hsr_slave_1: entered promiscuous mode
[  290.275560][ T3322] hsr_slave_0: entered promiscuous mode
[  290.329656][ T3322] hsr_slave_1: entered promiscuous mode
[  290.335095][ T3322] debugfs: 'hsr0' already exists in 'hsr'
[  290.335927][ T3322] Cannot create hsr debugfs directory
[  292.673689][ T3321] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  292.782033][ T3321] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  292.822284][ T3321] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  292.980426][ T3321] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  293.639530][ T3322] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  293.722055][ T3322] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  293.787222][ T3322] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  293.929089][ T3322] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  296.795816][ T3321] 8021q: adding VLAN 0 to HW filter on device bond0
[  297.180498][ T3322] 8021q: adding VLAN 0 to HW filter on device bond0
[  306.206884][ T3321] veth0_vlan: entered promiscuous mode
[  306.404154][ T3321] veth1_vlan: entered promiscuous mode
[  306.781938][ T3322] veth0_vlan: entered promiscuous mode
[  307.094597][ T3322] veth1_vlan: entered promiscuous mode
[  307.154287][ T3321] veth0_macvtap: entered promiscuous mode
[  307.279241][ T3321] veth1_macvtap: entered promiscuous mode
[  308.013475][ T3322] veth0_macvtap: entered promiscuous mode
[  308.275461][  T989] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  308.281408][  T989] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  308.296033][  T989] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  308.432776][  T989] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  308.443741][ T3322] veth1_macvtap: entered promiscuous mode
[  309.086158][   T55] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  309.087073][   T55] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  309.095456][   T55] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  309.100216][   T55] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  309.425561][ T3321] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  317.873696][ T3492] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  317.911332][ T3492] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  341.174260][ T3505] netlink: 4 bytes leftover after parsing attributes in process `syz.1.12'.
[  351.853121][ T3523] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  353.442779][   T31] audit: type=1326 audit(352.430:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3530 comm="syz.1.21" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbdb5b9e8 code=0x7ffc0000
[  353.470543][   T31] audit: type=1326 audit(352.460:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3530 comm="syz.1.21" exe="/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffffbdb5b9e8 code=0x7ffc0000
[  353.510402][   T31] audit: type=1326 audit(352.500:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3530 comm="syz.1.21" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbdb5b9e8 code=0x7ffc0000
[  353.526599][   T31] audit: type=1326 audit(352.510:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3530 comm="syz.1.21" exe="/syz-executor" sig=0 arch=c00000b7 syscall=222 compat=0 ip=0xffffbdb5b9e8 code=0x7ffc0000
[  353.535701][   T31] audit: type=1326 audit(352.520:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3530 comm="syz.1.21" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbdb5b9e8 code=0x7ffc0000
[  353.545611][   T31] audit: type=1326 audit(352.530:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3530 comm="syz.1.21" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbdb5b9e8 code=0x7ffc0000
[  353.584794][   T31] audit: type=1326 audit(352.560:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3530 comm="syz.1.21" exe="/syz-executor" sig=0 arch=c00000b7 syscall=151 compat=0 ip=0xffffbdb5b9e8 code=0x7ffc0000
[  353.585631][   T31] audit: type=1326 audit(352.560:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3530 comm="syz.1.21" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbdb5b9e8 code=0x7ffc0000
[  353.600011][   T31] audit: type=1326 audit(352.580:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3530 comm="syz.1.21" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbdb5b9e8 code=0x7ffc0000
[  353.769998][ T3409] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  354.084593][ T3409] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  354.093234][ T3409] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  354.104446][ T3409] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  354.112188][ T3409] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  354.119030][ T3409] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  354.154624][ T3409] usb 1-1: config 0 descriptor??
[  354.694500][ T3409] hid (null): report_id 0 is invalid
[  354.733126][ T3409] hid-generic 0003:047F:FFFF.0001: unknown main item tag 0x0
[  354.733987][ T3409] hid-generic 0003:047F:FFFF.0001: unknown main item tag 0x0
[  354.734703][ T3409] hid-generic 0003:047F:FFFF.0001: unknown main item tag 0x0
[  354.735065][ T3409] hid-generic 0003:047F:FFFF.0001: unknown main item tag 0x0
[  354.735412][ T3409] hid-generic 0003:047F:FFFF.0001: unknown main item tag 0x0
[  354.735742][ T3409] hid-generic 0003:047F:FFFF.0001: unknown main item tag 0x0
[  354.736034][ T3409] hid-generic 0003:047F:FFFF.0001: unknown main item tag 0x0
[  354.736311][ T3409] hid-generic 0003:047F:FFFF.0001: unknown main item tag 0x4
[  354.736608][ T3409] hid-generic 0003:047F:FFFF.0001: unknown main item tag 0x0
[  354.736894][ T3409] hid-generic 0003:047F:FFFF.0001: unknown main item tag 0x0
[  354.737180][ T3409] hid-generic 0003:047F:FFFF.0001: report_id 0 is invalid
[  354.737539][ T3409] hid-generic 0003:047F:FFFF.0001: item 0 1 1 8 parsing failed
[  354.787026][ T3409] hid-generic 0003:047F:FFFF.0001: probe with driver hid-generic failed with error -22
[  354.901804][ T3410] usb 1-1: USB disconnect, device number 2
[  355.583104][ T3410] usb 1-1: new full-speed USB device number 3 using dummy_hcd
[  355.951602][ T3410] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  355.954770][ T3410] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  356.044572][ T3410] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  356.045270][ T3410] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  356.054990][ T3410] usb 1-1: Product: syz
[  356.055485][ T3410] usb 1-1: Manufacturer: syz
[  356.055863][ T3410] usb 1-1: SerialNumber: syz
[  356.453428][ T3541] netlink: 8 bytes leftover after parsing attributes in process `syz.1.25'.
[  356.831399][ T3410] usb 1-1: cannot find UAC_HEADER
[  357.187449][ T3410] snd-usb-audio 1-1:1.0: probe with driver snd-usb-audio failed with error -22
[  357.253409][ T3410] usb 1-1: USB disconnect, device number 3
[  357.650564][ T3544] netlink: 12 bytes leftover after parsing attributes in process `syz.0.26'.
[  359.676161][ T3498] udevd[3498]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  361.309670][ T3559] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  361.312502][ T3559] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  361.444239][ T3560] capability: warning: `syz.0.30' uses 32-bit capabilities (legacy support in use)
[  361.970199][ T3564] input: syz0 as /devices/virtual/input/input2
[  362.462362][   T31] audit: type=1326 audit(361.450:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3566 comm="syz.1.34" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbdb5b9e8 code=0x7ffc0000
[  362.489948][   T31] audit: type=1326 audit(361.470:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3566 comm="syz.1.34" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbdb5b9e8 code=0x7ffc0000
[  362.501779][   T31] audit: type=1326 audit(361.490:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3566 comm="syz.1.34" exe="/syz-executor" sig=0 arch=c00000b7 syscall=150 compat=0 ip=0xffffbdb5b9e8 code=0x7ffc0000
[  362.514902][   T31] audit: type=1326 audit(361.490:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3566 comm="syz.1.34" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbdb5b9e8 code=0x7ffc0000
[  363.539985][ T3570] netlink: 8 bytes leftover after parsing attributes in process `syz.1.35'.
[  363.999702][   T31] audit: type=1326 audit(362.980:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3573 comm="syz.0.37" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff97f5b9e8 code=0x7ffc0000
[  364.013750][   T31] audit: type=1326 audit(363.000:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3573 comm="syz.0.37" exe="/syz-executor" sig=0 arch=c00000b7 syscall=430 compat=0 ip=0xffff97f5b9e8 code=0x7ffc0000
[  364.047234][   T31] audit: type=1326 audit(363.020:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3573 comm="syz.0.37" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff97f5b9e8 code=0x7ffc0000
[  364.055146][   T31] audit: type=1326 audit(363.030:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3573 comm="syz.0.37" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff97f5b9e8 code=0x7ffc0000
[  364.065544][   T31] audit: type=1326 audit(363.040:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3573 comm="syz.0.37" exe="/syz-executor" sig=0 arch=c00000b7 syscall=431 compat=0 ip=0xffff97f5b9e8 code=0x7ffc0000
[  364.075460][   T31] audit: type=1326 audit(363.060:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3573 comm="syz.0.37" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff97f5b9e8 code=0x7ffc0000
[  365.874371][ T3584] netlink: 'syz.1.41': attribute type 12 has an invalid length.
[  367.140326][ T3594] netlink: 8 bytes leftover after parsing attributes in process `syz.1.43'.
[  370.133163][ T3604] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  370.135748][ T3604] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  370.663499][ T3610] netlink: 8 bytes leftover after parsing attributes in process `syz.0.51'.
[  371.916230][ T3614] syz.0.52 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  373.864033][ T3618] Illegal XDP return value 4294967274 on prog  (id 5) dev syz_tun, expect packet loss!
[  374.440702][ T3620] netlink: 68 bytes leftover after parsing attributes in process `syz.1.54'.
[  374.660209][ T3621] ==================================================================
[  374.664193][ T3621] BUG: KASAN: invalid-access in __memcpy+0xc/0x54
[  374.666664][ T3621] Write at addr f9ff800089825210 by task syz.0.52/3621
[  374.667283][ T3621] Pointer tag: [f9], memory tag: [fe]
[  374.667448][ T3621] 
[  374.668371][ T3621] CPU: 1 UID: 0 PID: 3621 Comm: syz.0.52 Not tainted syzkaller #0 PREEMPT 
[  374.668966][ T3621] Hardware name: linux,dummy-virt (DT)
[  374.669404][ T3621] Call trace:
[  374.669822][ T3621]  show_stack+0x18/0x24 (C)
[  374.670351][ T3621]  dump_stack_lvl+0x78/0x90
[  374.670623][ T3621]  print_report+0x108/0x61c
[  374.670883][ T3621]  kasan_report+0x88/0xac
[  374.671105][ T3621]  __do_kernel_fault+0x170/0x1c8
[  374.671319][ T3621]  do_bad_area+0x68/0x78
[  374.671529][ T3621]  do_tag_check_fault+0x34/0x44
[  374.671803][ T3621]  do_mem_abort+0x44/0x94
[  374.672017][ T3621]  el1_abort+0x44/0x68
[  374.672244][ T3621]  el1h_64_sync_handler+0x50/0xac
[  374.672485][ T3621]  el1h_64_sync+0x6c/0x70
[  374.672855][ T3621]  __memcpy+0xc/0x54 (P)
SYZFAIL: failed to recv rpc
[  374.673105][ T3621]  convert_ctx_accesses+0x694/0xb28
[  374.673381][ T3621]  bpf_check+0x1338/0x2a24
[  374.673621][ T3621]  bpf_prog_load+0x63c/0xcd4
[  374.673873][ T3621]  __sys_bpf+0x2e0/0x1a88
[  374.674111][ T3621]  __arm64_sys_bpf+0x24/0x34
[  374.674350][ T3621]  invoke_syscall+0x48/0x110
[  374.674587][ T3621]  el0_svc_common.constprop.0+0x40/0xe0
[  374.674835][ T3621]  do_el0_svc+0x1c/0x28
[  374.675073][ T3621]  el0_svc+0x34/0x10c
[  374.675286][ T3621]  el0t_64_sync_handler+0xa0/0xe4
[  374.675525][ T3621]  el0t_64_sync+0x1a4/0x1a8
[  374.675966][ T3621] 
[  374.676339][ T3621] The buggy address belongs to a 1-page vmalloc region starting at 0xf9ff800089825000 allocated at bpf_check+0x8c/0x2a24
[  374.678114][ T3621] The buggy address belongs to the physical page:
[  374.678535][ T3621] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4482f
[  374.679036][ T3621] flags: 0x1ffd80000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x6)
[  374.680249][ T3621] raw: 01ffd80000000000 0000000000000000 dead000000000122 0000000000000000
[  374.680461][ T3621] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[  374.680691][ T3621] page dumped because: kasan: bad access detected
[  374.680824][ T3621] 
[  374.680919][ T3621] Memory state around the buggy address:
[  374.681284][ T3621]  ffff800089825000: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
[  374.681541][ T3621]  ffff800089825100: f9 f9 f9 f9 f9 f9 fe fe fe fe fe fe fe fe fe fe
[  374.681720][ T3621] >ffff800089825200: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[  374.681888][ T3621]                       ^
[  374.682246][ T3621]  ffff800089825300: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[  374.682390][ T3621]  ffff800089825400: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[  374.682568][ T3621] ==================================================================
[  374.689307][ T3621] Disabling lock debugging due to kernel taint
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  376.866426][  T733] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  377.078739][  T733] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  377.280745][  T733] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  377.444664][  T733] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  379.353118][  T733] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  379.446063][  T733] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  379.507503][  T733] bond0 (unregistering): Released all slaves
[  379.763148][  T733] hsr_slave_0: left promiscuous mode
[  379.786826][  T733] hsr_slave_1: left promiscuous mode
[  379.879497][  T733] veth1_macvtap: left promiscuous mode
[  379.880361][  T733] veth0_macvtap: left promiscuous mode
[  379.881686][  T733] veth1_vlan: left promiscuous mode
[  379.882172][  T733] veth0_vlan: left promiscuous mode

VM DIAGNOSIS:
06:59:34  Registers:
info registers vcpu 0

CPU#0
 PC=ffff800081b6352c X00=ffff800081b63528 X01=f2f0000005c712c0
X02=0000000000000001 X03=0000000000000000 X04=0000000000000006
X05=fff000000b28f600 X06=fff000007f8d7d40 X07=f2f0000005c712c0
X08=0000000000000088 X09=00000000000000af X10=fff000000a590000
X11=0000ffffbdd78fff X12=0000000000000007 X13=ffff800089413bb0
X14=0000ffffbdd70000 X15=0000000000000001 X16=0000000000000000
X17=0000000000000000 X18=ffff800089413bb0 X19=0000000000000000
X20=ffff800082a92088 X21=ffff800082a92080 X22=f2f0000005c712c0
X23=0000000000000004 X24=ffff800082a92088 X25=0000000000000028
X26=f2f0000005c712c0 X27=fffffffffff7dfff X28=f2f0000005c712c0
X29=ffff8000894138b0 X30=ffff800080182cd0  SP=ffff8000894138b0
PSTATE=004020c9 ---- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000000000000000 P01=0000000000000000 P02=0000000000000000
P03=0000000000000000 P04=0000000000000000 P05=0000000000000000
P06=0000000000000000 P07=0000000000000000 P08=0000000000000000
P09=0000000000000000 P10=0000000000000000 P11=0000000000000000
P12=0000000000000000 P13=0000000000000000 P14=0000000000000000
P15=0000000000000000 FFR=0000000000000000
Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000007002000000:0000007002000000
Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000070
Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000028:0000000000000000
Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6edc4d3a2914b135:d8e9c869e2695c88
Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:b20fae707afde253:388e9c6c4fa85ca0
Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffd14a6670:0000ffffd14a6670
Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000ffffd14a6640
Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
info registers vcpu 1

CPU#1
 PC=ffff80008091cf74 X00=ffff800082d95000 X01=0000000000000002
X02=0000000000000000 X03=ffff800082b2e648 X04=f6f00000032e4880
X05=000000000000000a X06=0000000000000034 X07=0000000000000000
X08=7f7f7f7f7f7f7f7f X09=ffff800082b2e678 X10=0000000000000001
X11=ffff80008317be20 X12=ffff800082a5fa00 X13=ffff80008317bb8d
X14=ffff80008317bb98 X15=ffff80008317ba00 X16=0000000000000000
X17=0000000000000000 X18=00000000ffffffff X19=f0f00000032d2047
X20=ffff80008091cf2c X21=f6f00000032e4880 X22=f0f00000032d2047
X23=ffff80008091cf2c X24=0000000000000047 X25=0000000000000001
X26=f1f00000043f0000 X27=0000000000000000 X28=0000000000000000
X29=ffff80008317bca0 X30=ffff80008091cf54  SP=ffff80008317bca0
PSTATE=814020c9 N--- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000000000000000 P01=0000000000000000 P02=0000000000000000
P03=0000000000000000 P04=0000000000000000 P05=0000000000000000
P06=0000000000000000 P07=0000000000000000 P08=0000000000000000
P09=0000000000000000 P10=0000000000000000 P11=0000000000000000
P12=0000000000000000 P13=0000000000000000 P14=0000000000000000
P15=0000000000000000 FFR=0000000000000000
Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:93214ac7eed4e0a7:6d665508954dd94a
Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:8000000000000000:000000000000003c
Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:d62951ced44a8320:c973a89e3708dfbf
Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:9ecb4c0a1a5965bd:682d43fcdb7c3a45
Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:9bf2d4c18ddb56ea:cf4b6d81613843b3
Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:7b45c8ffa3996838:0df97de948ca08f7
Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:070ad2286576640e:49d5d6b1c298a3ca
Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6f522ff930b48400:b5105512b0d44b2e
Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:21b9859a703dee1e:e53de1fdd96aa74e
Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:551644b29152668c:4ec7cdc94e47dbc3
Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:df2e33ce4af4d217:d38e77bac73d2744
Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:397e111cc430660a:09f51f4165a81c37
Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:7f128a05ad763592:117638ca02b0aa37
Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:11fe0cd9b9513745:16399c68f3ab6676
Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:006e75742f74656e:2f7665642f01ffff
Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:4090800800018004:01c71000080448b2
Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffffffffffffff:df080b8003000400
Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:000030646e6f6201
Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:040806060125e602:808004000ba00300
Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0480030b80040880:a2d3b40800010000
Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:667663696e01ffff:ffffffffffffdf08
Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:040004a003000000:0000000000000030