last executing test programs:

4.310442243s ago: executing program 1 (id=735):
r0 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r1, 0x2}, 0x18)
sendmsg$IPVS_CMD_SET_SERVICE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000127bd7000fbdbdf2502000000"], 0x14}, 0x1, 0x0, 0x0, 0x4004}, 0x20004010)
sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x404c111}, 0x12)
sendmsg$RDMA_NLDEV_CMD_RES_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x1409, 0x8, 0x70bd29, 0x25dfdbff}, 0x10}, 0x1, 0x0, 0x0, 0x48010}, 0x20000081)
r2 = syz_open_dev$vcsu(&(0x7f0000000180), 0x99d, 0x8002)
close_range(r2, 0xffffffffffffffff, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_START_P2P_DEVICE(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, r3, 0x300, 0x70bd29, 0x25dfdbfe, {{}, {@void, @void}}}, 0x14}, 0x1, 0x0, 0x0, 0x4c806}, 0x4)
sendmsg$NL80211_CMD_GET_KEY(r0, &(0x7f00000003c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)={0x90, r3, 0x2, 0x70bd26, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x4, 0xd}}}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "d3c3a9fab0"}, @NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "de0d96b654b7bda61562960d5e"}, @NL80211_ATTR_KEY_SEQ={0xc, 0xa, "43da61eaabbcc303"}, @NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x2}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0x18, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "5c1dc3c812"}, @NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac05}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "ce96cdbb68"}]}, 0x90}, 0x1, 0x0, 0x0, 0x40814}, 0x20040000)
ioctl$sock_inet_SIOCGIFNETMASK(0xffffffffffffffff, 0x891b, &(0x7f0000000400)={'veth0_to_bridge\x00', {0x2, 0x0, @dev}})

2.948799016s ago: executing program 0 (id=738):
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vxcan1\x00', <r0=>0x0})
ioctl$sock_SIOCSIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000500))
sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x1c, 0x0, 0x4, 0x70bd2a, 0x25dfdbff, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x9}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x4)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETRULE(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="14000000070a05"], 0x14}}, 0x0)
r2 = dup(r1)
recvmsg$unix(r2, &(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001540)=[@rights={{0x14, 0x1, 0x1, [<r3=>0xffffffffffffffff]}}], 0x18}, 0x0)
r4 = syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_POOL_SET(r3, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000480)={0x14, r4, 0x100, 0x70bd27, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0xc000000}, 0x80)
sendmsg$DEVLINK_CMD_SB_GET(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000400)={&(0x7f00000002c0)={0x124, r4, 0x10, 0x70bd2b, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x80000001}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x9}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x3}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x6}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x6c01b4a1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x2c62}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x80}}]}, 0x124}, 0x1, 0x0, 0x0, 0x20}, 0x4000)
bind$can_j1939(0xffffffffffffffff, &(0x7f0000000200)={0x1d, r0, 0x1, {0x0, 0x1}, 0xfe}, 0x18)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000140)=0x19)
ioctl$KDSETKEYCODE(r7, 0x40085500, 0x0)
r8 = ioctl$TIOCGPTPEER(r6, 0x5450, 0x0)
ioctl$AUTOFS_IOC_EXPIRE(r8, 0x5450, 0x0)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x24, r5, 0x300, 0x70bd25, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_KEY_SEQ={0x6, 0xa, '+3'}]}, 0x24}, 0x1, 0x0, 0x0, 0xbddb254301c15e62}, 0x40000)

2.698414157s ago: executing program 0 (id=739):
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/firmware/fdt', 0x0, 0x0)
r1 = socket$inet_icmp(0x2, 0x2, 0x1)
getsockopt$IPT_SO_GET_REVISION_MATCH(r1, 0x0, 0x42, &(0x7f00000022c0)={'ah\x00'}, &(0x7f0000002300)=0x1e)
ioctl$BTRFS_IOC_TREE_SEARCH(r0, 0x5450, 0x0)

2.697787528s ago: executing program 0 (id=740):
timer_create(0x3, &(0x7f0000000000)={0x0, 0x14, 0x1, @tid=0xffffffffffffffff}, &(0x7f0000000040)=<r0=>0x0)
clock_gettime(0x0, &(0x7f0000000080)={<r1=>0x0, <r2=>0x0})
clock_gettime(0x0, &(0x7f00000000c0)) (async)
clock_gettime(0x0, &(0x7f00000000c0)={<r3=>0x0, <r4=>0x0})
timer_settime(r0, 0x1, &(0x7f0000000100)={{r1, r2+10000000}, {r3, r4+60000000}}, &(0x7f0000000140))
pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xa041, 0x0) (async)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xa041, 0x0)
close_range(r6, 0xffffffffffffffff, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_CHANNEL(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, 0x0, 0x10, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20000880}, 0x14)
ioctl$TUNSETPERSIST(r5, 0x5450, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = fcntl$dupfd(r7, 0x0, r5)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r8, &(0x7f0000003200)={0x0, 0x0, &(0x7f00000031c0)={&(0x7f0000003180)={0x1c}, 0x1c}}, 0x40) (async)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r8, &(0x7f0000003200)={0x0, 0x0, &(0x7f00000031c0)={&(0x7f0000003180)={0x1c}, 0x1c}}, 0x40)

2.51957398s ago: executing program 0 (id=741):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x80800)
setsockopt$sock_int(r1, 0x1, 0x20, &(0x7f0000000940)=0x1000008, 0x4)
sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0xc00d080)
r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000001600), 0x0, 0x0)
r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
dup3(r3, r2, 0x0)
sendmsg$IPCTNL_MSG_CT_GET_DYING(r2, &(0x7f0000000140)={0x0, 0xfffffffffffffea2, &(0x7f0000000100)={&(0x7f0000000080)={0x14}, 0x14}}, 0x0)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
sendmsg$TIPC_NL_KEY_FLUSH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)={0x14, 0x0, 0x2, 0x70bd25, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x890}, 0x2000c0c1)

2.229423516s ago: executing program 0 (id=742):
r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x88001, 0x0)
r1 = openat$smack_task_current(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r0, 0xc0184800, &(0x7f0000000080)={0x4, <r2=>r1, 0x2})
ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x3) (async, rerun: 64)
ioctl$FS_IOC_GETFLAGS(r0, 0x80086601, &(0x7f00000000c0)) (async, rerun: 64)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f0000000100)="1e9cc8fa2c6bdf28fe376dffbfca00eb", 0x10) (async, rerun: 64)
getsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000140)={{{@in6=@empty, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in6=@private1}, 0x0, @in6=@initdev}}, &(0x7f0000000240)=0xe8) (rerun: 64)
quotactl_fd$Q_QUOTAON(r0, 0xffffffff80000201, r3, &(0x7f0000000280)='./file0\x00') (async)
setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f00000002c0)=0x2, 0x4) (async)
r4 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32)
r5 = syz_genetlink_get_family_id$gtp(&(0x7f0000000340), r0) (rerun: 32)
sendmsg$GTP_CMD_DELPDP(r4, &(0x7f0000000440)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x6c, r5, 0x800, 0x70bd2c, 0x25dfdbfb, {}, [@GTPA_TID={0xc, 0x3, 0x4}, @GTPA_TID={0xc}, @GTPA_FAMILY={0x5, 0xd, 0x1}, @GTPA_FAMILY={0x5, 0xd, 0x2b}, @GTPA_MS_ADDR6={0x14, 0xc, @dev={0xfe, 0x80, '\x00', 0x11}}, @GTPA_FAMILY={0x5, 0xd, 0x6}, @GTPA_MS_ADDRESS={0x8, 0x5, @broadcast}, @GTPA_TID={0xc}]}, 0x6c}, 0x1, 0x0, 0x0, 0x8010}, 0xc0) (async)
ioctl$sock_ipv6_tunnel_SIOCDELPRL(r0, 0x89f6, &(0x7f0000000540)={'sit0\x00', &(0x7f0000000480)={@private=0xa010100, 0x1, 0x0, 0x90, 0x0, [{@remote}, {@private}, {@initdev}, {@loopback}, {@empty}, {@empty}, {@loopback}, {@loopback}, {@empty}]}}) (async)
write$smack_current(r1, &(0x7f0000000580)={'/dev/vsock\x00'}, 0xc) (async)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000600), r2)
sendmsg$IPVS_CMD_SET_SERVICE(r6, &(0x7f0000000840)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000800)={&(0x7f0000000640)={0x198, r7, 0x1, 0x70bd2a, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xb9}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8}, @IPVS_CMD_ATTR_DAEMON={0x44, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth1_to_team\x00'}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0xfc}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @remote}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x1}]}, @IPVS_CMD_ATTR_DEST={0x50, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x4}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@local}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x5}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x6}, @IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x2}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e20}]}, @IPVS_CMD_ATTR_DAEMON={0x84, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @private0={0xfc, 0x0, '\x00', 0x1}}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast1}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'batadv_slave_1\x00'}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e23}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x1}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'netpci0\x00'}]}, @IPVS_CMD_ATTR_DAEMON={0x18, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'batadv_slave_0\x00'}]}, @IPVS_CMD_ATTR_DAEMON={0x44, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @broadcast}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x9}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @private2={0xfc, 0x2, '\x00', 0x1}}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast1}]}]}, 0x198}, 0x1, 0x0, 0x0, 0x4080}, 0x4000000) (async, rerun: 32)
r8 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000880)={0xffffffffffffffff, 0x401, 0x8}, 0xc) (async, rerun: 32)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r0, 0xc0c89425, &(0x7f00000008c0)={"6c9db7aa7dcde2a69f739abfa7c6878e", 0x0, <r9=>0x0, {0xffff, 0xffff}, {0x927f, 0x40}, 0x8, [0xffffffffffffffc0, 0x7, 0x8, 0x7, 0x4, 0x1000, 0x6, 0x0, 0x0, 0x9, 0xd, 0x8, 0x1000, 0x2, 0x2, 0x49]})
ioctl$BTRFS_IOC_RM_DEV_V2(r8, 0x5000943a, &(0x7f00000009c0)={{r4}, r9, 0x14, @unused=[0x5, 0x2, 0x2, 0x4], @subvolid=0x999}) (async, rerun: 64)
ioctl$EXT4_IOC_GET_ES_CACHE(r1, 0xc020662a, &(0x7f00000019c0)={0x400, 0x401, 0x6, 0x80000000, 0x6, 0x0, [{0x6, 0x865, 0x8001, '\x00', 0x2a82}, {0x0, 0xb, 0x4, '\x00', 0x4009}, {0xe1, 0x7, 0x100000000, '\x00', 0x9}, {0x100000000, 0x2, 0x62, '\x00', 0x3000}, {0x9, 0x3, 0x0, '\x00', 0x900}, {0x7, 0x4, 0xffffffff80000001, '\x00', 0x4}]}) (async, rerun: 64)
sendmsg$RDMA_NLDEV_CMD_SYS_SET(r2, &(0x7f0000001c00)={&(0x7f0000001b40)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000001bc0)={&(0x7f0000001b80)={0x24, 0x1407, 0x208, 0x2, 0x25dfdbfc, "", [@RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r0}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz2\x00'}]}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x800)
ioctl$NBD_SET_SIZE(r2, 0xab02, 0x8)
ioctl$EVIOCSABS20(r8, 0x401845e0, &(0x7f0000001c40)={0xa1, 0x9483598c, 0x5, 0x1, 0x100, 0x4}) (async)
r10 = syz_genetlink_get_family_id$SEG6(&(0x7f0000001cc0), r6)
sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000001d80)={&(0x7f0000001c80)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)={0x24, r10, 0x2, 0x70bd26, 0x25dfdbfe, {}, [@SEG6_ATTR_DSTLEN={0x8, 0x2, 0x800}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000844}, 0x8041) (async)
getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, &(0x7f0000001dc0)=""/112, &(0x7f0000001e40)=0x70)
r11 = syz_genetlink_get_family_id$devlink(&(0x7f0000001ec0), r4)
sendmsg$DEVLINK_CMD_RATE_DEL(r0, &(0x7f0000002000)={&(0x7f0000001e80)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000001fc0)={&(0x7f0000001f00)={0x98, r11, 0x200, 0x70bd2b, 0x25dfdbff, {}, [@DEVLINK_ATTR_RATE_NODE_NAME={0xe}, @DEVLINK_ATTR_PORT_INDEX={0x8}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @handle=@pci={{0x8}, {0x11}}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x98}, 0x1, 0x0, 0x0, 0x4180}, 0x44000) (async)
socket(0xa, 0x1, 0xc7e)

2.019955083s ago: executing program 0 (id=743):
r0 = socket(0x1d, 0x2, 0x6)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB="210000000000000000000000000010000004"], 0x48)
mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x2000002, 0x13, r1, 0x0)
ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x5451, 0x0)
r2 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000040)={'vcan0\x00', <r3=>0x0})
r4 = timerfd_create(0x0, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r4, 0x5450, 0x0)
bind$can_j1939(r2, &(0x7f0000000080)={0x1d, r3, 0x2}, 0x18)
setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000280)={r3, 0x1, 0x6, @multicast}, 0x10)
mmap(&(0x7f0000ff8000/0x5000)=nil, 0x5000, 0xb635773f06ebbeee, 0x20010, r1, 0x0)
pipe2$9p(&(0x7f0000000040)={<r5=>0xffffffffffffffff}, 0x0)
r6 = openat$binder_debug(0xffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
dup3(r6, r5, 0x80000)
r7 = openat$incfs(0xffffffffffffffff, &(0x7f0000000400)='.pending_reads\x00', 0x64700, 0x22)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x6, 0x1d, &(0x7f00000002c0)=@raw=[@map_fd={0x18, 0x3, 0x1, 0x0, r1}, @printk={@lli, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1}}, @tail_call={{0x18, 0x2, 0x1, 0x0, r1}}, @jmp={0x5, 0x1, 0x1, 0x5, 0x2, 0x18, 0xffffffffffffffff}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x86df}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r6}}], &(0x7f00000003c0)='syzkaller\x00', 0x8a, 0x46, &(0x7f0000000480)=""/70, 0x41000, 0x11, '\x00', r3, 0x25, r7, 0x8, &(0x7f0000000540)={0x8, 0x2}, 0x8, 0x10, &(0x7f0000000580)={0x4, 0xa, 0x6, 0x80000000}, 0x10, 0x0, 0x0, 0x1, &(0x7f00000005c0)=[0xffffffffffffffff], &(0x7f0000000600)=[{0x5, 0x5, 0x9}], 0x10, 0x100}, 0x94)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan1\x00', <r8=>0x0})
ioctl$sock_SIOCSIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r0, 0x8983, &(0x7f0000000500))
bind$can_j1939(r0, &(0x7f0000000200)={0x1d, r8, 0x1, {0x0, 0x1}, 0xfe}, 0x18)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r2, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x30, 0x1405, 0x20, 0x70bd26, 0x25dfdbff, "", [{{0x8}, {0x8, 0x3, 0x3}}, {{0x8}, {0x8, 0x3, 0x4}}]}, 0xfffffffffffffd77}, 0x1, 0x0, 0x0, 0x4}, 0x4040014)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r0)
socketpair(0x1, 0x5, 0x0, &(0x7f0000000100)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff})
r12 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$LOOP_GET_STATUS64(r12, 0x2, &(0x7f0000000640))
sendmsg$TEAM_CMD_OPTIONS_SET(r11, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000440)={0x14, 0x0, 0x200, 0x70bd2a, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x4040)
dup3(r11, r10, 0x0)
sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r10, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x4008004}, 0x20008080)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NL80211_CMD_GET_KEY(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="000325bd7000fbdbdf250900000008000300", @ANYRES32=0x0, @ANYBLOB="06000a002b330000"], 0x24}, 0x1, 0x0, 0x0, 0xbddb254301c15e62}, 0x40000)

1.678703827s ago: executing program 1 (id=744):
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
write$UHID_GET_REPORT_REPLY(r0, 0x0, 0x0)
r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0)
close(r1)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040))
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$BTRFS_IOC_QGROUP_ASSIGN(r2, 0x40049409, 0x0)
write$UHID_SET_REPORT_REPLY(r1, 0x0, 0x0)

1.525253127s ago: executing program 1 (id=745):
r0 = openat$dlm_control(0xffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) (async)
r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
close(r2) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x7, 0x6, 0x201, 0x0, 0x0, {0x6, 0x0, 0x1}}, 0x14}, 0x1, 0x0, 0x0, 0x8c44}, 0x2000c000) (async)
ioctl$TIOCGISO7816(r1, 0x5452, &(0x7f0000000040))
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) (async)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) (async)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$GIO_SCRNMAP(r4, 0x5421, &(0x7f0000000040)=""/210)
r5 = memfd_create(&(0x7f0000000000)='U2r\xe5Jj}\xdc\x00\x00\x00\x00\x00\x80\x00', 0x0)
fsetxattr$trusted_overlay_opaque(r5, &(0x7f0000000040), 0x0, 0x0, 0x0) (async)
fsetxattr$trusted_overlay_opaque(r5, &(0x7f0000000100), &(0x7f0000000180), 0x0, 0x2)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) (async)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async)
sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(0xffffffffffffffff, 0x0, 0x0) (async)
r6 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x10002, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
fcntl$dupfd(r6, 0x406, r7)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
close_range(r0, 0xffffffffffffffff, 0x0)

1.289343096s ago: executing program 1 (id=746):
r0 = socket$alg(0x26, 0x5, 0x0)
r1 = memfd_secret(0x80000)
write$P9_RLOCK(r1, &(0x7f0000000580)={0x8, 0x35, 0x2, 0x3}, 0x8)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58)
r2 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000003c0)={'vcan0\x00', <r3=>0x0})
bind$can_j1939(r2, &(0x7f0000000040)={0x1d, r3, 0x3}, 0x18)
sendmsg$NL80211_CMD_TDLS_MGMT(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="14e32000", @ANYRES16=0x0, @ANYBLOB="020025bd7000ffdbdf2552000000"], 0x14}, 0x1, 0x0, 0x0, 0x44090}, 0x10)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB="14012000", @ANYRES16=0x0, @ANYBLOB="000425bd7000ffdbdf2504000000"], 0x14}, 0x1, 0x0, 0x0, 0x40014}, 0x4004000)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
close(r0)
r4 = accept4(r0, 0x0, 0x0, 0x80800)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_inet_SIOCSIFADDR(r5, 0x5452, &(0x7f0000000040)={'macvlan0\x00'})
setsockopt$sock_int(r4, 0x1, 0x20, &(0x7f0000000940)=0x1000008, 0x4)
r6 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r6, 0xc0189375, &(0x7f0000000540)={{0x1, 0x1, 0x18, <r7=>r6}, './file1\x00'})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300))
write$FUSE_STATX(r7, 0x0, 0x0)
syz_clone(0x20000000, 0x0, 0xfffffe4e, 0x0, &(0x7f0000000240), &(0x7f00000002c0)="321fa1458dc5324754fe80bdcd9c25d16accd0aed8c18c637951f6381459a28a9828bc0668dfcda9372d9a934109fc1ac043e79fc48122081b61b1a3bad3a0d80dfeb6644c5dcc82e211cf4bf35d88a8bf49827100de0100d58f00"/102)
sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0xc00d080)
r8 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000001400), 0x1, 0x0)
fstatfs(r8, &(0x7f0000003c40)=""/237)
close(r2)
sendmsg$AUDIT_SET_FEATURE(r4, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x20, 0x3fa, 0x400, 0x70bd28, 0x25dfdbfb, {0x1, 0x0, 0x1}, ["", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040001)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)}], 0x1, 0x40800)
sendmsg$TIPC_NL_KEY_FLUSH(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYRES16, @ANYRES8=r4, @ANYBLOB="020006007000fedbdf2518000000"], 0x14}, 0x1, 0x0, 0x0, 0x890}, 0x2000c0c1)

151.049851ms ago: executing program 1 (id=747):
r0 = socket$inet6_icmp(0xa, 0x2, 0x3a)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$EXT4_IOC_GETFSUUID(r1, 0x5450, 0x0)
getsockopt$inet_mtu(r0, 0x0, 0xa, 0x0, &(0x7f0000004c40))
r2 = socket$alg(0x26, 0x5, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
write(r3, &(0x7f00000026c0)='O', 0x1)
bind$alg(r2, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'md5\x00'}, 0x58)
r4 = accept(r2, 0x0, 0x0)
r5 = accept4$nfc_llcp(r4, 0x0, 0x0, 0x0)
getsockopt$sock_cred(r5, 0x1, 0x11, 0x0, &(0x7f0000000040))

0s ago: executing program 1 (id=748):
ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, &(0x7f00000000c0)={0x2, {0x2, 0x0, 0x3dd, 0x1, 0x5}})
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$VT_RESIZE(r0, 0x5451, 0x0)
r1 = dup3(r0, r0, 0x0)
r2 = mq_open(&(0x7f0000000040)='V@!\x00', 0x40, 0x80, &(0x7f0000000080)={0x800, 0x1, 0x2, 0x7})
ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f0000000000)={<r3=>r0})
ioctl$sock_SIOCGSKNS(r3, 0x894c, &(0x7f0000000180))
r4 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
close(r4)
fchmod(r0, 0x89)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$SEG6_CMD_DUMPHMAC(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x14}, 0x14}}, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000017c0)={<r5=>0xffffffffffffffff})
write$smackfs_cipsonum(r5, 0x0, 0x0)
fcntl$notify(r2, 0x10, 0x2)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:23531' (ED25519) to the list of known hosts.
syzkaller login: [   70.327201][ T3311] cgroup: Unknown subsys name 'net'
[   70.550306][ T3311] cgroup: Unknown subsys name 'cpuset'
[   70.572651][ T3311] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   70.983828][ T3311] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   80.342829][ T3319] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   80.359523][ T3319] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   80.523394][ T3320] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   80.530410][ T3320] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   81.366871][ T3319] hsr_slave_0: entered promiscuous mode
[   81.376673][ T3319] hsr_slave_1: entered promiscuous mode
[   81.544917][ T3320] hsr_slave_0: entered promiscuous mode
[   81.552620][ T3320] hsr_slave_1: entered promiscuous mode
[   81.557667][ T3320] debugfs: 'hsr0' already exists in 'hsr'
[   81.563066][ T3320] Cannot create hsr debugfs directory
[   82.442461][ T3319] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   82.494990][ T3319] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   82.542269][ T3319] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   82.557869][ T3319] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   82.738418][ T3320] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   82.773337][ T3320] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   82.796785][ T3320] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   82.825580][ T3320] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   83.371996][ T3319] 8021q: adding VLAN 0 to HW filter on device bond0
[   83.674037][ T3320] 8021q: adding VLAN 0 to HW filter on device bond0
[   86.316527][ T3319] veth0_vlan: entered promiscuous mode
[   86.383746][ T3319] veth1_vlan: entered promiscuous mode
[   86.440965][ T3320] veth0_vlan: entered promiscuous mode
[   86.520455][ T3320] veth1_vlan: entered promiscuous mode
[   86.533409][ T3319] veth0_macvtap: entered promiscuous mode
[   86.556814][ T3319] veth1_macvtap: entered promiscuous mode
[   86.714764][   T40] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   86.723897][   T40] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   86.726887][   T40] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   86.733328][   T40] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   86.744861][ T3320] veth0_macvtap: entered promiscuous mode
[   86.766104][ T3320] veth1_macvtap: entered promiscuous mode
[   86.968004][   T40] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   86.970033][   T40] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   86.970155][   T40] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   86.970243][   T40] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   87.126021][ T3319] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   93.705693][ T3516] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   95.747134][ T3537] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  115.971110][ T3644] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  115.983130][ T3644] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  118.081855][ T3656] capability: warning: `syz.0.62' uses deprecated v2 capabilities in a way that may be insecure
[  120.360914][ T3445] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  120.499632][ T3445] usb 1-1: device descriptor read/64, error -71
[  120.739377][ T3445] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  120.869540][ T3445] usb 1-1: device descriptor read/64, error -71
[  120.989912][ T3445] usb usb1-port1: attempt power cycle
[  121.330406][ T3445] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  121.353462][ T3445] usb 1-1: device descriptor read/8, error -71
[  121.589668][ T3445] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  121.612881][ T3445] usb 1-1: device descriptor read/8, error -71
[  121.721958][ T3445] usb usb1-port1: unable to enumerate USB device
[  122.377270][ T3668] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  122.380156][ T3668] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  124.652250][ T3678] Zero length message leads to an empty skb
[  132.035288][ T3714] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  132.039215][ T3714] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  133.735470][ T3733] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  133.741533][ T3733] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  136.637845][ T3752] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  136.642634][ T3752] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  139.758203][ T3766] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  139.766248][ T3766] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  142.219701][    T9] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  142.400206][    T9] usb 1-1: Using ep0 maxpacket: 32
[  142.417687][    T9] usb 1-1: config index 0 descriptor too short (expected 35577, got 27)
[  142.418227][    T9] usb 1-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  142.432315][    T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  142.432547][    T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 92
[  142.434440][    T9] usb 1-1: config 1 has no interface number 0
[  142.435308][    T9] usb 1-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  142.435380][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  142.475369][    T9] snd_usb_pod 1-1:1.1: Line 6 Pocket POD found
[  142.698280][    T9] snd_usb_pod 1-1:1.1: set_interface failed
[  142.702974][    T9] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now disconnected
[  142.709881][    T9] snd_usb_pod 1-1:1.1: probe with driver snd_usb_pod failed with error -71
[  142.740652][    T9] usb 1-1: USB disconnect, device number 6
[  149.369383][ T3680] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  149.519306][ T3680] usb 1-1: Using ep0 maxpacket: 32
[  149.533724][ T3680] usb 1-1: config index 0 descriptor too short (expected 35577, got 27)
[  149.533995][ T3680] usb 1-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  149.534519][ T3680] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  149.534673][ T3680] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 92
[  149.534792][ T3680] usb 1-1: config 1 has no interface number 0
[  149.535018][ T3680] usb 1-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  149.535091][ T3680] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  149.573352][ T3680] snd_usb_pod 1-1:1.1: Line 6 Pocket POD found
[  149.781186][ T3680] snd_usb_pod 1-1:1.1: set_interface failed
[  149.781717][ T3680] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now disconnected
[  149.782160][ T3680] snd_usb_pod 1-1:1.1: probe with driver snd_usb_pod failed with error -71
[  149.796898][ T3680] usb 1-1: USB disconnect, device number 7
[  151.940178][ T3820] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  151.941411][ T3820] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  155.640849][    T9] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  155.809105][    T9] usb 1-1: Using ep0 maxpacket: 32
[  155.845461][    T9] usb 1-1: config index 0 descriptor too short (expected 35577, got 27)
[  155.845719][    T9] usb 1-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  155.849315][    T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  155.849681][    T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 92
[  155.849799][    T9] usb 1-1: config 1 has no interface number 0
[  155.850229][    T9] usb 1-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 17
[  155.850466][    T9] usb 1-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  155.850588][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  155.905484][    T9] snd_usb_pod 1-1:1.1: Line 6 Pocket POD found
[  156.144961][    T9] snd_usb_pod 1-1:1.1: set_interface failed
[  156.145477][    T9] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now disconnected
[  156.145957][    T9] snd_usb_pod 1-1:1.1: probe with driver snd_usb_pod failed with error -71
[  156.157974][    T9] usb 1-1: USB disconnect, device number 8
[  156.855436][ T3844] syz.0.122 uses obsolete (PF_INET,SOCK_PACKET)
[  160.779523][ T3445] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  160.976113][ T3445] usb 1-1: config 1 interface 0 has no altsetting 0
[  161.009364][ T3445] usb 1-1: New USB device found, idVendor=056a, idProduct=003f, bcdDevice= 0.40
[  161.009747][ T3445] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  161.013837][ T3445] usb 1-1: Product: syz
[  161.014018][ T3445] usb 1-1: Manufacturer: syz
[  161.014096][ T3445] usb 1-1: SerialNumber: syz
[  161.355319][ T3858] Invalid ELF header type: 3 != 1
[  162.140254][ T3445] usbhid 1-1:1.0: can't add hid device: -71
[  162.141529][ T3445] usbhid 1-1:1.0: probe with driver usbhid failed with error -71
[  162.152840][ T3445] usb 1-1: USB disconnect, device number 9
[  162.597982][ T3855] FAULT_INJECTION: forcing a failure.
[  162.597982][ T3855] name failslab, interval 1, probability 0, space 0, times 1
[  162.599553][ T3855] CPU: 1 UID: 0 PID: 3855 Comm: syz.1.125 Not tainted syzkaller #0 PREEMPT 
[  162.599940][ T3855] Hardware name: linux,dummy-virt (DT)
[  162.600245][ T3855] Call trace:
[  162.600615][ T3855]  show_stack+0x18/0x24 (C)
[  162.601649][ T3855]  dump_stack_lvl+0x78/0x90
[  162.601774][ T3855]  dump_stack+0x18/0x24
[  162.601840][ T3855]  should_fail_ex+0x1dc/0x234
[  162.601909][ T3855]  should_failslab+0x54/0x80
[  162.601983][ T3855]  __kvmalloc_node_noprof+0x114/0x71c
[  162.602054][ T3855]  io_alloc_cache_init+0x38/0x78
[  162.602117][ T3855]  io_uring_setup+0x22c/0x8cc
[  162.602188][ T3855]  __arm64_sys_io_uring_setup+0x5c/0x170
[  162.602254][ T3855]  invoke_syscall+0x48/0x110
[  162.602326][ T3855]  el0_svc_common.constprop.0+0x40/0xe0
[  162.602397][ T3855]  do_el0_svc+0x1c/0x28
[  162.602524][ T3855]  el0_svc+0x34/0x128
[  162.602600][ T3855]  el0t_64_sync_handler+0xa0/0xe4
[  162.602663][ T3855]  el0t_64_sync+0x1a4/0x1a8
[  172.676792][ T3916] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  172.684697][ T3916] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  177.849385][ T3838] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  178.019247][ T3838] usb 1-1: Using ep0 maxpacket: 32
[  178.027919][ T3838] usb 1-1: config index 0 descriptor too short (expected 35577, got 27)
[  178.031354][ T3838] usb 1-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  178.039255][ T3838] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 92
[  178.040803][ T3838] usb 1-1: config 1 has no interface number 0
[  178.043531][ T3838] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  178.044969][ T3838] usb 1-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  178.045298][ T3838] usb 1-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  178.045377][ T3838] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  178.087158][ T3838] snd_usb_pod 1-1:1.1: Line 6 Pocket POD found
[  178.337279][ T3838] snd_usb_pod 1-1:1.1: set_interface failed
[  178.337779][ T3838] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now disconnected
[  178.338258][ T3838] snd_usb_pod 1-1:1.1: probe with driver snd_usb_pod failed with error -71
[  178.370054][ T3838] usb 1-1: USB disconnect, device number 10
[  182.148972][ T3955] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  182.150221][ T3955] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  183.689123][ T3961] FAULT_INJECTION: forcing a failure.
[  183.689123][ T3961] name failslab, interval 1, probability 0, space 0, times 0
[  183.689450][ T3961] CPU: 1 UID: 0 PID: 3961 Comm: syz.1.158 Not tainted syzkaller #0 PREEMPT 
[  183.689541][ T3961] Hardware name: linux,dummy-virt (DT)
[  183.689585][ T3961] Call trace:
[  183.689619][ T3961]  show_stack+0x18/0x24 (C)
[  183.689725][ T3961]  dump_stack_lvl+0x78/0x90
[  183.689798][ T3961]  dump_stack+0x18/0x24
[  183.689860][ T3961]  should_fail_ex+0x1dc/0x234
[  183.689928][ T3961]  should_failslab+0x54/0x80
[  183.690001][ T3961]  __kvmalloc_node_noprof+0x114/0x71c
[  183.690076][ T3961]  io_alloc_cache_init+0x38/0x78
[  183.690120][ T3961]  io_futex_cache_init+0x20/0x2c
[  183.690152][ T3961]  io_uring_setup+0x260/0x8cc
[  183.690187][ T3961]  __arm64_sys_io_uring_setup+0x5c/0x170
[  183.690222][ T3961]  invoke_syscall+0x48/0x110
[  183.690258][ T3961]  el0_svc_common.constprop.0+0x40/0xe0
[  183.690294][ T3961]  do_el0_svc+0x1c/0x28
[  183.690360][ T3961]  el0_svc+0x34/0x128
[  183.690423][ T3961]  el0t_64_sync_handler+0xa0/0xe4
[  183.690470][ T3961]  el0t_64_sync+0x1a4/0x1a8
[  184.109355][   T39] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  184.260013][   T39] usb 1-1: Using ep0 maxpacket: 32
[  184.272328][   T39] usb 1-1: config index 0 descriptor too short (expected 35577, got 27)
[  184.272620][   T39] usb 1-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  184.272738][   T39] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 92
[  184.272806][   T39] usb 1-1: config 1 has no interface number 0
[  184.272950][   T39] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  184.273019][   T39] usb 1-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  184.273147][   T39] usb 1-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  184.273240][   T39] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  184.324857][   T39] snd_usb_pod 1-1:1.1: Line 6 Pocket POD found
[  184.533672][   T39] snd_usb_pod 1-1:1.1: set_interface failed
[  184.534177][   T39] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now disconnected
[  184.536599][   T39] snd_usb_pod 1-1:1.1: probe with driver snd_usb_pod failed with error -71
[  184.560529][   T39] usb 1-1: USB disconnect, device number 11
[  186.529397][   T11] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  186.659767][   T11] usb 1-1: device descriptor read/64, error -71
[  186.898969][   T11] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  187.029289][   T11] usb 1-1: device descriptor read/64, error -71
[  187.152156][   T11] usb usb1-port1: attempt power cycle
[  187.519213][   T11] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  187.554459][   T11] usb 1-1: device descriptor read/8, error -71
[  187.789282][   T11] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  187.814005][   T11] usb 1-1: device descriptor read/8, error -71
[  187.931133][   T11] usb usb1-port1: unable to enumerate USB device
[  199.349703][   T39] usb 1-1: new low-speed USB device number 16 using dummy_hcd
[  199.539428][   T39] usb 1-1: Invalid ep0 maxpacket: 16
[  199.679292][   T39] usb 1-1: new low-speed USB device number 17 using dummy_hcd
[  199.839754][   T39] usb 1-1: Invalid ep0 maxpacket: 16
[  199.841689][   T39] usb usb1-port1: attempt power cycle
[  200.191442][   T39] usb 1-1: new low-speed USB device number 18 using dummy_hcd
[  200.214646][   T39] usb 1-1: Invalid ep0 maxpacket: 16
[  200.349247][   T39] usb 1-1: new low-speed USB device number 19 using dummy_hcd
[  200.372711][   T39] usb 1-1: Invalid ep0 maxpacket: 16
[  200.375242][   T39] usb usb1-port1: unable to enumerate USB device
[  203.993005][ T4060] dlm: non-version read from control device 8192
[  209.569260][   T24] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  209.719685][   T24] usb 1-1: device descriptor read/64, error -71
[  209.969389][   T24] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  210.119439][   T24] usb 1-1: device descriptor read/64, error -71
[  210.229734][   T24] usb usb1-port1: attempt power cycle
[  210.569265][   T24] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  210.591485][   T24] usb 1-1: device descriptor read/8, error -71
[  210.839187][   T24] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  210.862019][   T24] usb 1-1: device descriptor read/8, error -71
[  210.970174][   T24] usb usb1-port1: unable to enumerate USB device
[  214.429859][ T4102] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  214.431088][ T4102] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  218.804885][ T4116] input: syz0 as /devices/virtual/input/input3
[  223.070908][ T4127] input: syz0 as /devices/virtual/input/input4
[  227.376406][ T4149] netlink: 8 bytes leftover after parsing attributes in process `syz.1.215'.
[  227.380762][ T4149] netlink: 8 bytes leftover after parsing attributes in process `syz.1.215'.
[  230.151524][ T4161] fuse: Unknown parameter 'ˆ7'
[  230.196104][ T4161] input: syz0 as /devices/virtual/input/input5
[  243.112264][ T4225] FAULT_INJECTION: forcing a failure.
[  243.112264][ T4225] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  243.115949][ T4225] CPU: 0 UID: 0 PID: 4225 Comm: syz.0.237 Not tainted syzkaller #0 PREEMPT 
[  243.116090][ T4225] Hardware name: linux,dummy-virt (DT)
[  243.116134][ T4225] Call trace:
[  243.116170][ T4225]  show_stack+0x18/0x24 (C)
[  243.116283][ T4225]  dump_stack_lvl+0x78/0x90
[  243.116363][ T4225]  dump_stack+0x18/0x24
[  243.116434][ T4225]  should_fail_ex+0x1dc/0x234
[  243.116510][ T4225]  should_fail+0x14/0x24
[  243.116579][ T4225]  should_fail_usercopy+0x1c/0x28
[  243.116649][ T4225]  _inline_copy_from_user+0x24/0xb0
[  243.116760][ T4225]  copy_msghdr_from_user+0x54/0xcc
[  243.116838][ T4225]  ___sys_sendmsg+0x8c/0x100
[  243.116911][ T4225]  __sys_sendmsg+0x98/0xf8
[  243.116993][ T4225]  __arm64_sys_sendmsg+0x24/0x30
[  243.117066][ T4225]  invoke_syscall+0x48/0x110
[  243.117148][ T4225]  el0_svc_common.constprop.0+0x40/0xe0
[  243.117229][ T4225]  do_el0_svc+0x1c/0x28
[  243.117309][ T4225]  el0_svc+0x34/0x128
[  243.117382][ T4225]  el0t_64_sync_handler+0xa0/0xe4
[  243.117456][ T4225]  el0t_64_sync+0x1a4/0x1a8
[  254.387045][ T4313] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  254.388374][ T4313] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  270.713284][ T4515] fuse: Bad value for 'user_id'
[  270.713628][ T4515] fuse: Bad value for 'user_id'
[  272.422705][ T4511] FAULT_INJECTION: forcing a failure.
[  272.422705][ T4511] name failslab, interval 1, probability 0, space 0, times 0
[  272.423018][ T4511] CPU: 1 UID: 0 PID: 4511 Comm: syz.1.269 Not tainted syzkaller #0 PREEMPT 
[  272.423119][ T4511] Hardware name: linux,dummy-virt (DT)
[  272.423167][ T4511] Call trace:
[  272.423203][ T4511]  show_stack+0x18/0x24 (C)
[  272.423317][ T4511]  dump_stack_lvl+0x78/0x90
[  272.423394][ T4511]  dump_stack+0x18/0x24
[  272.423463][ T4511]  should_fail_ex+0x1dc/0x234
[  272.423540][ T4511]  should_failslab+0x54/0x80
[  272.423616][ T4511]  kmem_cache_alloc_node_noprof+0x5c/0x520
[  272.423746][ T4511]  copy_process+0x138/0x1528
[  272.423822][ T4511]  create_io_thread+0x6c/0x9c
[  272.423944][ T4511]  io_sq_offload_create+0x354/0x514
[  272.424067][ T4511]  io_uring_setup+0x56c/0x8cc
[  272.424497][ T4511]  __arm64_sys_io_uring_setup+0x5c/0x170
[  272.424722][ T4511]  invoke_syscall+0x48/0x110
[  272.424894][ T4511]  el0_svc_common.constprop.0+0x40/0xe0
[  272.425052][ T4511]  do_el0_svc+0x1c/0x28
[  272.425234][ T4511]  el0_svc+0x34/0x128
[  272.425309][ T4511]  el0t_64_sync_handler+0xa0/0xe4
[  272.425404][ T4511]  el0t_64_sync+0x1a4/0x1a8
[  281.037876][ T4555] FAULT_INJECTION: forcing a failure.
[  281.037876][ T4555] name failslab, interval 1, probability 0, space 0, times 0
[  281.038213][ T4555] CPU: 1 UID: 0 PID: 4555 Comm: syz.0.283 Not tainted syzkaller #0 PREEMPT 
[  281.038310][ T4555] Hardware name: linux,dummy-virt (DT)
[  281.038357][ T4555] Call trace:
[  281.038392][ T4555]  show_stack+0x18/0x24 (C)
[  281.038601][ T4555]  dump_stack_lvl+0x78/0x90
[  281.038682][ T4555]  dump_stack+0x18/0x24
[  281.038803][ T4555]  should_fail_ex+0x1dc/0x234
[  281.038882][ T4555]  should_failslab+0x54/0x80
[  281.038962][ T4555]  __kmalloc_cache_node_noprof+0x58/0x544
[  281.039042][ T4555]  __get_vm_area_node+0x90/0x1a8
[  281.039250][ T4555]  __vmalloc_node_range_noprof+0xe0/0x94c
[  281.039471][ T4555]  __vmalloc_node_noprof+0x90/0xa0
[  281.039793][ T4555]  copy_process+0x8ec/0x1528
[  281.039886][ T4555]  create_io_thread+0x6c/0x9c
[  281.040032][ T4555]  io_sq_offload_create+0x354/0x514
[  281.040207][ T4555]  io_uring_setup+0x56c/0x8cc
[  281.040339][ T4555]  __arm64_sys_io_uring_setup+0x5c/0x170
[  281.040417][ T4555]  invoke_syscall+0x48/0x110
[  281.040491][ T4555]  el0_svc_common.constprop.0+0x40/0xe0
[  281.040740][ T4555]  do_el0_svc+0x1c/0x28
[  281.040931][ T4555]  el0_svc+0x34/0x128
[  281.041043][ T4555]  el0t_64_sync_handler+0xa0/0xe4
[  281.041184][ T4555]  el0t_64_sync+0x1a4/0x1a8
[  281.042588][ T4555] syz.0.283: vmalloc error: size 16384, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0
[  281.044610][ T4555] CPU: 1 UID: 0 PID: 4555 Comm: syz.0.283 Not tainted syzkaller #0 PREEMPT 
[  281.044715][ T4555] Hardware name: linux,dummy-virt (DT)
[  281.044757][ T4555] Call trace:
[  281.044884][ T4555]  show_stack+0x18/0x24 (C)
[  281.044974][ T4555]  dump_stack_lvl+0x78/0x90
[  281.045044][ T4555]  dump_stack+0x18/0x24
[  281.045519][ T4555]  warn_alloc+0x124/0x1b0
[  281.045594][ T4555]  __vmalloc_node_range_noprof+0x5f0/0x94c
[  281.045657][ T4555]  __vmalloc_node_noprof+0x90/0xa0
[  281.045721][ T4555]  copy_process+0x8ec/0x1528
[  281.045787][ T4555]  create_io_thread+0x6c/0x9c
[  281.045854][ T4555]  io_sq_offload_create+0x354/0x514
[  281.045916][ T4555]  io_uring_setup+0x56c/0x8cc
[  281.046065][ T4555]  __arm64_sys_io_uring_setup+0x5c/0x170
[  281.046147][ T4555]  invoke_syscall+0x48/0x110
[  281.046219][ T4555]  el0_svc_common.constprop.0+0x40/0xe0
[  281.046464][ T4555]  do_el0_svc+0x1c/0x28
[  281.046652][ T4555]  el0_svc+0x34/0x128
[  281.046766][ T4555]  el0t_64_sync_handler+0xa0/0xe4
[  281.046913][ T4555]  el0t_64_sync+0x1a4/0x1a8
[  281.047109][ T4555] Mem-Info:
[  281.047561][ T4555] active_anon:13 inactive_anon:11976 isolated_anon:0
[  281.047561][ T4555]  active_file:1656 inactive_file:10322 isolated_file:0
[  281.047561][ T4555]  unevictable:9899 dirty:18 writeback:0
[  281.047561][ T4555]  slab_reclaimable:3320 slab_unreclaimable:8022
[  281.047561][ T4555]  mapped:3863 shmem:9359 pagetables:468
[  281.047561][ T4555]  sec_pagetables:0 bounce:0
[  281.047561][ T4555]  kernel_misc_reclaimable:0
[  281.047561][ T4555]  free:437494 free_pcp:6834 free_cma:8000
[  281.048010][ T4555] Node 0 active_anon:52kB inactive_anon:47904kB active_file:6624kB inactive_file:41288kB unevictable:39596kB isolated(anon):0kB isolated(file):0kB mapped:15452kB dirty:72kB writeback:0kB shmem:37436kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:3184kB pagetables:1872kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  281.048329][ T4555] Node 0 DMA free:1749976kB boost:0kB min:22528kB low:28160kB high:33792kB reserved_highatomic:0KB free_highatomic:0KB active_anon:52kB inactive_anon:47904kB active_file:6624kB inactive_file:41288kB unevictable:39596kB writepending:72kB zspages:0kB present:2097152kB managed:1987696kB mlocked:36536kB bounce:0kB free_pcp:27336kB local_pcp:9860kB free_cma:32000kB
[  281.050227][ T4555] lowmem_reserve[]: 0 0 0 0 0
[  281.050911][ T4555] Node 0 DMA: 40*4kB (UM) 21*8kB (UME) 17*16kB (UME) 8*32kB (UE) 8*64kB (UME) 9*128kB (UME) 6*256kB (UMC) 8*512kB (UME) 29*1024kB (UMEC) 12*2048kB (MEC) 412*4096kB (UMC) = 1749976kB
[  281.052514][ T4555] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  281.052625][ T4555] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=32768kB
[  281.052710][ T4555] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  281.052760][ T4555] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=64kB
[  281.052889][ T4555] 23022 total pagecache pages
[  281.052983][ T4555] 0 pages in swap cache
[  281.053132][ T4555] Free swap  = 124996kB
[  281.053183][ T4555] Total swap = 124996kB
[  281.053344][ T4555] 524288 pages RAM
[  281.053383][ T4555] 0 pages HighMem/MovableOnly
[  281.053419][ T4555] 27364 pages reserved
[  281.053459][ T4555] 8192 pages cma reserved
[  281.053497][ T4555] 0 pages hwpoisoned
[  283.317323][ T4568] input: syz0 as /devices/virtual/input/input6
[  289.303693][ T3680] hid-generic 0008:0004:07FF.0001: unknown main item tag 0x1
[  289.304606][ T3680] hid-generic 0008:0004:07FF.0001: unexpected long global item
[  289.306211][ T3680] hid-generic 0008:0004:07FF.0001: probe with driver hid-generic failed with error -22
[  295.026597][ T4608] input: syz0 as /devices/virtual/input/input7
[  301.479650][ T4632] input: syz0 as /devices/virtual/input/input8
[  307.146214][ T4644] input: syz0 as /devices/virtual/input/input9
[  315.308026][ T4674] input: syz0 as /devices/virtual/input/input10
[  325.063487][ T4713] input: syz0 as /devices/virtual/input/input11
[  325.813604][ T4719] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  325.821401][ T4719] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  332.434157][ T4732] FAULT_INJECTION: forcing a failure.
[  332.434157][ T4732] name failslab, interval 1, probability 0, space 0, times 0
[  332.436329][ T4732] CPU: 1 UID: 0 PID: 4732 Comm: syz.1.331 Not tainted syzkaller #0 PREEMPT 
[  332.436456][ T4732] Hardware name: linux,dummy-virt (DT)
[  332.436497][ T4732] Call trace:
[  332.436532][ T4732]  show_stack+0x18/0x24 (C)
[  332.436639][ T4732]  dump_stack_lvl+0x78/0x90
[  332.436719][ T4732]  dump_stack+0x18/0x24
[  332.436786][ T4732]  should_fail_ex+0x1dc/0x234
[  332.436857][ T4732]  should_failslab+0x54/0x80
[  332.436925][ T4732]  kmem_cache_alloc_noprof+0x54/0x51c
[  332.437005][ T4732]  alloc_pid+0x64/0x3fc
[  332.437073][ T4732]  copy_process+0xd94/0x1528
[  332.437137][ T4732]  create_io_thread+0x6c/0x9c
[  332.437200][ T4732]  io_sq_offload_create+0x354/0x514
[  332.437272][ T4732]  io_uring_setup+0x56c/0x8cc
[  332.437348][ T4732]  __arm64_sys_io_uring_setup+0x5c/0x170
[  332.437415][ T4732]  invoke_syscall+0x48/0x110
[  332.437490][ T4732]  el0_svc_common.constprop.0+0x40/0xe0
[  332.437566][ T4732]  do_el0_svc+0x1c/0x28
[  332.437645][ T4732]  el0_svc+0x34/0x128
[  332.437721][ T4732]  el0t_64_sync_handler+0xa0/0xe4
[  332.437783][ T4732]  el0t_64_sync+0x1a4/0x1a8
[  333.375068][ T4741] input: syz0 as /devices/virtual/input/input12
[  338.800806][ T4754] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  338.803614][ T4754] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  339.387783][ T4763] input: syz0 as /devices/virtual/input/input13
[  345.171359][ T4793] input: syz0 as /devices/virtual/input/input14
[  351.859419][ T3405] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  352.039412][ T3405] usb 1-1: Using ep0 maxpacket: 32
[  352.065836][ T3405] usb 1-1: config index 0 descriptor too short (expected 35577, got 27)
[  352.066259][ T3405] usb 1-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  352.066612][ T3405] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 92
[  352.066945][ T3405] usb 1-1: config 1 has no interface number 0
[  352.067139][ T3405] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  352.067379][ T3405] usb 1-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  352.071681][ T3405] usb 1-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  352.071787][ T3405] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  352.138235][ T3405] snd_usb_pod 1-1:1.1: Line 6 Pocket POD found
[  352.326873][ T3405] snd_usb_pod 1-1:1.1: set_interface failed
[  352.327430][ T3405] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now disconnected
[  352.327906][ T3405] snd_usb_pod 1-1:1.1: probe with driver snd_usb_pod failed with error -71
[  352.369089][ T3405] usb 1-1: USB disconnect, device number 24
[  355.601413][ T4834] FAULT_INJECTION: forcing a failure.
[  355.601413][ T4834] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  355.603476][ T4834] CPU: 1 UID: 0 PID: 4834 Comm: syz.0.367 Not tainted syzkaller #0 PREEMPT 
[  355.603617][ T4834] Hardware name: linux,dummy-virt (DT)
[  355.603665][ T4834] Call trace:
[  355.603708][ T4834]  show_stack+0x18/0x24 (C)
[  355.603818][ T4834]  dump_stack_lvl+0x78/0x90
[  355.603891][ T4834]  dump_stack+0x18/0x24
[  355.603962][ T4834]  should_fail_ex+0x1dc/0x234
[  355.604030][ T4834]  should_fail+0x14/0x24
[  355.604090][ T4834]  should_fail_usercopy+0x1c/0x28
[  355.604154][ T4834]  _inline_copy_from_user+0x24/0xb0
[  355.604224][ T4834]  copy_msghdr_from_user+0x54/0xcc
[  355.604291][ T4834]  ___sys_sendmsg+0x8c/0x100
[  355.604354][ T4834]  __sys_sendmsg+0x98/0xf8
[  355.604421][ T4834]  __arm64_sys_sendmsg+0x24/0x30
[  355.604486][ T4834]  invoke_syscall+0x48/0x110
[  355.604562][ T4834]  el0_svc_common.constprop.0+0x40/0xe0
[  355.604637][ T4834]  do_el0_svc+0x1c/0x28
[  355.604708][ T4834]  el0_svc+0x34/0x128
[  355.604779][ T4834]  el0t_64_sync_handler+0xa0/0xe4
[  355.604844][ T4834]  el0t_64_sync+0x1a4/0x1a8
[  357.789282][ T3680] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  357.939384][ T3680] usb 1-1: Using ep0 maxpacket: 32
[  357.954432][ T3680] usb 1-1: config index 0 descriptor too short (expected 35577, got 27)
[  357.954814][ T3680] usb 1-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  357.956045][ T3680] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 92
[  357.956136][ T3680] usb 1-1: config 1 has no interface number 0
[  357.956302][ T3680] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  357.956375][ T3680] usb 1-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  357.956520][ T3680] usb 1-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  357.956590][ T3680] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  358.005017][ T3680] snd_usb_pod 1-1:1.1: Line 6 Pocket POD found
[  358.215036][ T4850] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  358.217279][ T4850] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  358.233901][ T3680] snd_usb_pod 1-1:1.1: set_interface failed
[  358.234414][ T3680] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now disconnected
[  358.234917][ T3680] snd_usb_pod 1-1:1.1: probe with driver snd_usb_pod failed with error -71
[  358.255337][ T3680] usb 1-1: USB disconnect, device number 25
[  360.644077][ T4869] dlm: non-version read from control device 8224
[  363.615614][ T4889] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  363.616938][ T4889] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  365.809000][ T4891] FAULT_INJECTION: forcing a failure.
[  365.809000][ T4891] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  365.809241][ T4891] CPU: 1 UID: 0 PID: 4891 Comm: syz.1.385 Not tainted syzkaller #0 PREEMPT 
[  365.809342][ T4891] Hardware name: linux,dummy-virt (DT)
[  365.809383][ T4891] Call trace:
[  365.809417][ T4891]  show_stack+0x18/0x24 (C)
[  365.809529][ T4891]  dump_stack_lvl+0x78/0x90
[  365.809860][ T4891]  dump_stack+0x18/0x24
[  365.810122][ T4891]  should_fail_ex+0x1dc/0x234
[  365.810377][ T4891]  should_fail+0x14/0x24
[  365.810525][ T4891]  should_fail_usercopy+0x1c/0x28
[  365.810651][ T4891]  io_uring_setup+0x580/0x8cc
[  365.810854][ T4891]  __arm64_sys_io_uring_setup+0x5c/0x170
[  365.811275][ T4891]  invoke_syscall+0x48/0x110
[  365.811364][ T4891]  el0_svc_common.constprop.0+0x40/0xe0
[  365.811440][ T4891]  do_el0_svc+0x1c/0x28
[  365.811733][ T4891]  el0_svc+0x34/0x128
[  365.813052][ T4891]  el0t_64_sync_handler+0xa0/0xe4
[  365.813404][ T4891]  el0t_64_sync+0x1a4/0x1a8
[  378.117737][ T4985] input: syz0 as /devices/virtual/input/input16
[  387.732072][ T5039] [U] 	
[  396.859854][ T5108] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  396.861425][ T5108] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  400.295087][ T5130] input: syz0 as /devices/virtual/input/input17
[  422.318151][ T5241] serio: Serial port pts0
[  423.372623][ T5244] input: syz0 as /devices/virtual/input/input18
[  443.585567][   T30] audit: type=1107 audit(443.430:2): pid=5330 uid=0 auid=4294967295 ses=4294967295 subj=_ msg='c¯:-é��<À=Ü!Þt…£qŸ[¥Æ4tÍ €üˆµìžžžª¾¢%jºI
[  443.585567][   T30] ÞûF‡}b&ëž¡±–ŸÃdŸ$î½’[Ûl‡é}?YÂ<ÝÍhkéwØ‘µÆ9&iã	{鹨‹D§ÚeøbÜ¢¿Ïùª¾í‹X
h"WÕV·NŒŒ]Þüp¿£"‡n�똫6lÓ#Q²›
[  443.585567][   T30] åXR·;§n~?¶í'	WHõÊ” �áè'
[  490.325258][ T5541] input: syz0 as /devices/virtual/input/input20
[  499.572783][ T5567] input: syz0 as /devices/virtual/input/input21
[  507.592314][ T5592] input: syz0 as /devices/virtual/input/input22
[  512.905194][ T5620] input: syz0 as /devices/virtual/input/input23
[  517.290639][ T5643] fuse: Bad value for 'fd'
[  517.946892][ T5648] input: syz0 as /devices/virtual/input/input24
[  518.552942][ T5651] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  518.555731][ T5651] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  518.577689][ T5651] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  518.590641][ T5651] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  519.072799][ T5656] fuse: Bad value for 'fd'
[  522.026941][ T5670] fuse: Bad value for 'fd'
[  534.034711][ T5760] FAULT_INJECTION: forcing a failure.
[  534.034711][ T5760] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  534.035123][ T5760] CPU: 1 UID: 0 PID: 5760 Comm: syz.1.632 Not tainted syzkaller #0 PREEMPT 
[  534.035217][ T5760] Hardware name: linux,dummy-virt (DT)
[  534.035257][ T5760] Call trace:
[  534.035290][ T5760]  show_stack+0x18/0x24 (C)
[  534.035392][ T5760]  dump_stack_lvl+0x78/0x90
[  534.035465][ T5760]  dump_stack+0x18/0x24
[  534.035530][ T5760]  should_fail_ex+0x1dc/0x234
[  534.035601][ T5760]  should_fail+0x14/0x24
[  534.035664][ T5760]  should_fail_usercopy+0x1c/0x28
[  534.035739][ T5760]  _inline_copy_from_user+0x24/0xb0
[  534.035910][ T5760]  __sys_bpf+0xe0/0x1a88
[  534.035998][ T5760]  __arm64_sys_bpf+0x24/0x34
[  534.036250][ T5760]  invoke_syscall+0x48/0x110
[  534.036327][ T5760]  el0_svc_common.constprop.0+0x40/0xe0
[  534.036430][ T5760]  do_el0_svc+0x1c/0x28
[  534.036504][ T5760]  el0_svc+0x34/0x128
[  534.036575][ T5760]  el0t_64_sync_handler+0xa0/0xe4
[  534.036721][ T5760]  el0t_64_sync+0x1a4/0x1a8
[  536.626814][ T5779] fuse: Bad value for 'fd'
[  538.262926][ T5788] FAULT_INJECTION: forcing a failure.
[  538.262926][ T5788] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  538.269278][ T5788] CPU: 0 UID: 0 PID: 5788 Comm: syz.1.640 Not tainted syzkaller #0 PREEMPT 
[  538.269415][ T5788] Hardware name: linux,dummy-virt (DT)
[  538.269457][ T5788] Call trace:
[  538.269491][ T5788]  show_stack+0x18/0x24 (C)
[  538.269600][ T5788]  dump_stack_lvl+0x78/0x90
[  538.269687][ T5788]  dump_stack+0x18/0x24
[  538.269759][ T5788]  should_fail_ex+0x1dc/0x234
[  538.269825][ T5788]  should_fail+0x14/0x24
[  538.269886][ T5788]  should_fail_usercopy+0x1c/0x28
[  538.269956][ T5788]  _copy_from_iter+0x5c/0x65c
[  538.270026][ T5788]  isotp_sendmsg+0x1e0/0x7ec
[  538.270097][ T5788]  __sock_sendmsg+0x54/0x60
[  538.270170][ T5788]  ____sys_sendmsg+0x234/0x29c
[  538.270239][ T5788]  ___sys_sendmsg+0xac/0x100
[  538.270310][ T5788]  __sys_sendmsg+0x98/0xf8
[  538.270375][ T5788]  __arm64_sys_sendmsg+0x24/0x30
[  538.270440][ T5788]  invoke_syscall+0x48/0x110
[  538.270555][ T5788]  el0_svc_common.constprop.0+0x40/0xe0
[  538.270633][ T5788]  do_el0_svc+0x1c/0x28
[  538.270717][ T5788]  el0_svc+0x34/0x128
[  538.270791][ T5788]  el0t_64_sync_handler+0xa0/0xe4
[  538.270862][ T5788]  el0t_64_sync+0x1a4/0x1a8
[  539.940881][ T5794] fuse: Bad value for 'fd'
[  545.369646][ T5816] fuse: Bad value for 'fd'
[  552.332915][ T5855] FAULT_INJECTION: forcing a failure.
[  552.332915][ T5855] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  552.333248][ T5855] CPU: 0 UID: 0 PID: 5855 Comm: syz.1.662 Not tainted syzkaller #0 PREEMPT 
[  552.333353][ T5855] Hardware name: linux,dummy-virt (DT)
[  552.333394][ T5855] Call trace:
[  552.333427][ T5855]  show_stack+0x18/0x24 (C)
[  552.333531][ T5855]  dump_stack_lvl+0x78/0x90
[  552.333606][ T5855]  dump_stack+0x18/0x24
[  552.333736][ T5855]  should_fail_ex+0x1dc/0x234
[  552.333815][ T5855]  should_fail+0x14/0x24
[  552.333880][ T5855]  should_fail_usercopy+0x1c/0x28
[  552.334032][ T5855]  simple_read_from_buffer+0x5c/0x138
[  552.334165][ T5855]  proc_fail_nth_read+0xac/0x134
[  552.334694][ T5855]  vfs_read+0xc0/0x318
[  552.334867][ T5855]  ksys_read+0x6c/0x100
[  552.334998][ T5855]  __arm64_sys_read+0x1c/0x28
[  552.335071][ T5855]  invoke_syscall+0x48/0x110
[  552.335140][ T5855]  el0_svc_common.constprop.0+0x40/0xe0
[  552.335421][ T5855]  do_el0_svc+0x1c/0x28
[  552.335501][ T5855]  el0_svc+0x34/0x128
[  552.335569][ T5855]  el0t_64_sync_handler+0xa0/0xe4
[  552.335809][ T5855]  el0t_64_sync+0x1a4/0x1a8
[  553.525342][ T5874] fuse: Bad value for 'fd'
[  555.735507][ T5888] fuse: Bad value for 'fd'
[  557.223485][ T5900] fuse: Bad value for 'fd'
[  560.367836][ T5920] input: syz0 as /devices/virtual/input/input26
[  561.060750][ T5923] FAULT_INJECTION: forcing a failure.
[  561.060750][ T5923] name failslab, interval 1, probability 0, space 0, times 0
[  561.062647][ T5923] CPU: 1 UID: 0 PID: 5923 Comm: syz.1.687 Not tainted syzkaller #0 PREEMPT 
[  561.062784][ T5923] Hardware name: linux,dummy-virt (DT)
[  561.062825][ T5923] Call trace:
[  561.062861][ T5923]  show_stack+0x18/0x24 (C)
[  561.062965][ T5923]  dump_stack_lvl+0x78/0x90
[  561.063040][ T5923]  dump_stack+0x18/0x24
[  561.063105][ T5923]  should_fail_ex+0x1dc/0x234
[  561.063174][ T5923]  should_failslab+0x54/0x80
[  561.063246][ T5923]  __kmalloc_noprof+0xa8/0x5f4
[  561.063318][ T5923]  tomoyo_realpath_from_path+0x44/0x1b4
[  561.063392][ T5923]  tomoyo_path_number_perm+0xd8/0x20c
[  561.063463][ T5923]  tomoyo_file_ioctl+0x1c/0x28
[  561.063539][ T5923]  security_file_ioctl+0x8c/0x19c
[  561.063608][ T5923]  __arm64_sys_ioctl+0x48/0x104
[  561.063692][ T5923]  invoke_syscall+0x48/0x110
[  561.063767][ T5923]  el0_svc_common.constprop.0+0x40/0xe0
[  561.063845][ T5923]  do_el0_svc+0x1c/0x28
[  561.063917][ T5923]  el0_svc+0x34/0x128
[  561.063988][ T5923]  el0t_64_sync_handler+0xa0/0xe4
[  561.064058][ T5923]  el0t_64_sync+0x1a4/0x1a8
[  561.080465][ T5923] ERROR: Out of memory at tomoyo_realpath_from_path.
[  563.013149][ T5935] input: syz0 as /devices/virtual/input/input29
[  570.481444][ T5966] input: syz0 as /devices/virtual/input/input30
[  571.463707][ T5967] FAULT_INJECTION: forcing a failure.
[  571.463707][ T5967] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  571.464045][ T5967] CPU: 0 UID: 0 PID: 5967 Comm: syz.1.702 Not tainted syzkaller #0 PREEMPT 
[  571.464134][ T5967] Hardware name: linux,dummy-virt (DT)
[  571.464170][ T5967] Call trace:
[  571.464202][ T5967]  show_stack+0x18/0x24 (C)
[  571.464307][ T5967]  dump_stack_lvl+0x78/0x90
[  571.464379][ T5967]  dump_stack+0x18/0x24
[  571.464445][ T5967]  should_fail_ex+0x1dc/0x234
[  571.464517][ T5967]  should_fail+0x14/0x24
[  571.464606][ T5967]  should_fail_usercopy+0x1c/0x28
[  571.464673][ T5967]  preserve_fpsimd_context+0x24/0x1cc
[  571.464757][ T5967]  setup_rt_frame+0x378/0x11bc
[  571.464819][ T5967]  arch_do_signal_or_restart+0x26c/0x3d4
[  571.464903][ T5967]  exit_to_user_mode_loop+0x110/0x18c
[  571.464974][ T5967]  el0_interrupt+0xe4/0xe8
[  571.465045][ T5967]  __el0_irq_handler_common+0x18/0x24
[  571.465112][ T5967]  el0t_64_irq_handler+0x10/0x1c
[  571.465183][ T5967]  el0t_64_irq+0x1a4/0x1a8
[  575.593950][ T5992] input: syz0 as /devices/virtual/input/input31
[  588.263052][ T6037] team_slave_0: entered allmulticast mode
[  591.016900][ T6011] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  591.026395][ T6011] hid-generic 0000:0000:0000.0002: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  591.363393][ T6053] fido_id[6053]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  599.454005][ T6079] FAULT_INJECTION: forcing a failure.
[  599.454005][ T6079] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  599.454444][ T6079] CPU: 1 UID: 0 PID: 6079 Comm: syz.1.732 Not tainted syzkaller #0 PREEMPT 
[  599.454576][ T6079] Hardware name: linux,dummy-virt (DT)
[  599.454619][ T6079] Call trace:
[  599.454660][ T6079]  show_stack+0x18/0x24 (C)
[  599.454858][ T6079]  dump_stack_lvl+0x78/0x90
[  599.454936][ T6079]  dump_stack+0x18/0x24
[  599.455058][ T6079]  should_fail_ex+0x1dc/0x234
[  599.455232][ T6079]  should_fail+0x14/0x24
[  599.455371][ T6079]  should_fail_usercopy+0x1c/0x28
[  599.455438][ T6079]  simple_read_from_buffer+0x5c/0x138
[  599.455571][ T6079]  proc_fail_nth_read+0xac/0x134
[  599.455675][ T6079]  vfs_read+0xc0/0x318
[  599.455768][ T6079]  ksys_read+0x6c/0x100
[  599.455882][ T6079]  __arm64_sys_read+0x1c/0x28
[  599.455987][ T6079]  invoke_syscall+0x48/0x110
[  599.456416][ T6079]  el0_svc_common.constprop.0+0x40/0xe0
[  599.456525][ T6079]  do_el0_svc+0x1c/0x28
[  599.456601][ T6079]  el0_svc+0x34/0x128
[  599.456685][ T6079]  el0t_64_sync_handler+0xa0/0xe4
[  599.456750][ T6079]  el0t_64_sync+0x1a4/0x1a8
[  602.770679][ T6122] fuse: Bad value for 'fd'
[  604.261182][   T40] ==================================================================
[  604.265381][   T40] BUG: KASAN: slab-use-after-free in defer_free+0x3c/0xbc
[  604.267536][   T40] Write at addr f6f000000b4586e0 by task kworker/u8:2/40
[  604.267975][   T40] Pointer tag: [f6], memory tag: [fe]
[  604.268050][   T40] 
[  604.268990][   T40] CPU: 1 UID: 0 PID: 40 Comm: kworker/u8:2 Not tainted syzkaller #0 PREEMPT 
[  604.269328][   T40] Hardware name: linux,dummy-virt (DT)
[  604.269782][   T40] Workqueue: events_unbound bpf_map_free_deferred
[  604.271034][   T40] Call trace:
[  604.271330][   T40]  show_stack+0x18/0x24 (C)
[  604.271672][   T40]  dump_stack_lvl+0x78/0x90
[  604.271802][   T40]  print_report+0x108/0x61c
[  604.271857][   T40]  kasan_report+0x88/0xac
[  604.271902][   T40]  __do_kernel_fault+0x170/0x1c8
[  604.271954][   T40]  do_bad_area+0x68/0x78
[  604.272003][   T40]  do_tag_check_fault+0x34/0x44
[  604.272050][   T40]  do_mem_abort+0x44/0x94
[  604.272098][   T40]  el1_abort+0x44/0x68
[  604.272146][   T40]  el1h_64_sync_handler+0x50/0xac
[  604.272193][   T40]  el1h_64_sync+0x6c/0x70
[  604.272350][   T40]  defer_free+0x3c/0xbc (P)
[  604.272408][   T40]  kfree_nolock+0x1a0/0x1d4
[  604.272456][   T40]  range_tree_destroy+0x74/0x90
[  604.272505][   T40]  arena_map_free+0x64/0x90
[  604.272551][   T40]  bpf_map_free_deferred+0x70/0x180
[  604.272600][   T40]  process_one_work+0x178/0x2cc
[  604.272651][   T40]  worker_thread+0x24c/0x354
[  604.272708][   T40]  kthread+0x130/0x1fc
[  604.272754][   T40]  ret_from_fork+0x10/0x20
[  604.272995][   T40] 
[  604.273062][   T40] Allocated by task 6117:
[  604.273329][   T40]  kasan_save_stack+0x3c/0x64
[  604.273575][   T40]  save_stack_info+0x40/0x158
[  604.273616][   T40]  kasan_save_alloc_info+0x14/0x20
[  604.273651][   T40]  __kasan_kmalloc+0xb4/0xb8
[  604.273684][   T40]  kmalloc_nolock_noprof+0x1dc/0x4fc
[  604.273733][   T40]  range_tree_set+0x644/0x778
[  604.273771][   T40]  arena_map_alloc+0x11c/0x17c
[  604.273807][   T40]  map_create+0x19c/0xa98
[  604.273843][   T40]  __sys_bpf+0x348/0x1a88
[  604.273878][   T40]  __arm64_sys_bpf+0x24/0x34
[  604.273915][   T40]  invoke_syscall+0x48/0x110
[  604.273955][   T40]  el0_svc_common.constprop.0+0x40/0xe0
[  604.273994][   T40]  do_el0_svc+0x1c/0x28
[  604.274031][   T40]  el0_svc+0x34/0x128
[  604.274067][   T40]  el0t_64_sync_handler+0xa0/0xe4
[  604.274103][   T40]  el0t_64_sync+0x1a4/0x1a8
[  604.274181][   T40] 
[  604.274228][   T40] Freed by task 40:
[  604.274274][   T40]  kasan_save_stack+0x3c/0x64
[  604.274313][   T40]  save_stack_info+0x40/0x158
[  604.274348][   T40]  kasan_save_free_info+0x18/0x24
[  604.274382][   T40]  __kasan_slab_free+0x7c/0x8c
[  604.274416][   T40]  kfree_nolock+0xcc/0x1d4
[  604.274451][   T40]  range_tree_destroy+0x74/0x90
[  604.274487][   T40]  arena_map_free+0x64/0x90
[  604.274564][   T40]  bpf_map_free_deferred+0x70/0x180
[  604.274606][   T40]  process_one_work+0x178/0x2cc
[  604.274644][   T40]  worker_thread+0x24c/0x354
[  604.274679][   T40]  kthread+0x130/0x1fc
[  604.274756][   T40]  ret_from_fork+0x10/0x20
[  604.274805][   T40] 
[  604.274846][   T40] The buggy address belongs to the object at fff000000b4586c0
[  604.274846][   T40]  which belongs to the cache kmalloc-64 of size 64
[  604.274928][   T40] The buggy address is located 32 bytes inside of
[  604.274928][   T40]  64-byte region [fff000000b4586c0, fff000000b458700)
[  604.274983][   T40] 
[  604.275193][   T40] The buggy address belongs to the physical page:
[  604.275624][   T40] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xf5f000000b458fc0 pfn:0x4b458
[  604.276020][   T40] flags: 0x1ffc00000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x0)
[  604.276462][   T40] page_type: f5(slab)
[  604.277039][   T40] raw: 01ffc00000000000 f3f0000003001600 dead000000000122 0000000000000000
[  604.277104][   T40] raw: f5f000000b458fc0 0000000080400029 00000000f5000000 0000000000000000
[  604.277232][   T40] page dumped because: kasan: bad access detected
[  604.277279][   T40] 
[  604.277318][   T40] Memory state around the buggy address:
[  604.277588][   T40]  fff000000b458400: fe fe fe fe f9 f9 f9 fe f4 f4 f4 fe fe fe fe fe
[  604.277703][   T40]  fff000000b458500: fe fe fe fe fe fe fe fe fa fa fa fe f8 f8 f8 fe
[  604.277776][   T40] >fff000000b458600: fe fe fe fe f8 f8 f8 f8 f7 f7 f7 fe fe fe fe fe
[  604.277841][   T40]                                                              ^
[  604.277992][   T40]  fff000000b458700: f2 f2 f2 f2 fc fc fc fe fa fa fa fa fa fa fa fe
[  604.278025][   T40]  fff000000b458800: fe fe fe fe fc fc fc fe f6 f6 f6 fe f7 f7 f7 fe
[  604.278105][   T40] ==================================================================
[  604.279331][   T40] Disabling lock debugging due to kernel taint

VM DIAGNOSIS:
05:08:03  Registers:
info registers vcpu 0

CPU#0
 PC=ffff8000808d80f4 X00=f2f000000609df00 X01=ffffc1ffbf000000
X02=f2f00000060e0170 X03=fcf0000005931170 X04=000000000000003f
X05=000000004b5f94be X06=000000000000003f X07=ffffc1ffc0000000
X08=0010000000000000 X09=000000000000000e X10=0000000000000000
X11=f9f000000590a808 X12=0000000000000001 X13=0000000000000001
X14=00000000000002cc X15=ffff800081bd4430 X16=ffff800082dd8000
X17=fff07ffffcf04000 X18=00000000ffffffff X19=f8f0000005922000
X20=0000000000000000 X21=f9f000000590a800 X22=f6f00000032eaa00
X23=f9f000000590a800 X24=f9f000000590a808 X25=0000000000000000
X26=0000000000000040 X27=000000000000000c X28=fdf00000063c3900
X29=ffff800082ddb2b0 X30=ffff8000808d4fb4  SP=ffff800082ddb2b0
PSTATE=20402009 --C- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000000000000000 P01=0000000000000000 P02=0000000000000000
P03=0000000000000000 P04=0000000000000000 P05=0000000000000000
P06=0000000000000000 P07=0000000000000000 P08=0000000000000000
P09=0000000000000000 P10=0000000000000000 P11=0000000000000000
P12=0000000000000000 P13=0000000000000000 P14=0000000000000000
P15=0000000000000000 FFR=0000000000000000
Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00524f5252450040:0000000000000000
Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00524f5252450040:0000000000000000
Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6edc4d3a2914b135:d8e9c869e2695c88
Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:b20fae707afde253:388e9c6c4fa85ca0
Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000fffff46299a0:0000fffff46299a0
Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000fffff4629970
Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
info registers vcpu 1

CPU#1
 PC=ffff800081b7e8cc X00=ffff800082de39f8 X01=ffff800082de3a50
X02=ffff800082de3a80 X03=ffff800082fe3a80 X04=ffff800082de4000
X05=ffff800082de3a48 X06=ffff800082de3a60 X07=ffff800082de3a50
X08=ffff800082de39e8 X09=00000000000000c0 X10=00000000000001fc
X11=0000000000000001 X12=008675340a3e3c34 X13=000021983c2cfea4
X14=0000000000000000 X15=0000000000000000 X16=ffff800082de0000
X17=fff07ffffcf1d000 X18=0000000000000000 X19=ffff800080174020
X20=ffff800082de3a60 X21=fdf0000004784200 X22=0000000000000000
X23=489f800080174218 X24=ffff8000816bf768 X25=ffff8000829f1000
X26=fff000007f8e7a68 X27=ffff8000829f1000 X28=ffff800082de3ec8
X29=ffff800082de3950 X30=ffff800081b7e8fc  SP=ffff800082de3950
PSTATE=81402009 N--- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000000000000000 P01=0000000000000000 P02=0000000000000000
P03=0000000000000000 P04=0000000000000000 P05=0000000000000000
P06=0000000000000000 P07=0000000000000000 P08=0000000000000000
P09=0000000000000000 P10=0000000000000000 P11=0000000000000000
P12=0000000000000000 P13=0000000000000000 P14=0000000000000000
P15=0000000000000000 FFR=0000000000000000
Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:2525252525252525:2525252525252525
Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000007525:3a73252027732527
Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ff000000fff00000
Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffffffffff00ff:0000ff000000ff00
Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff0f00f000f0
Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:bcbcbc00bcc030fc:bcbcbc00bcc030fc
Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000073:0000aaaaf3800c90
Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000074:0000aaaaf37fdf70
Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000fffff9d7bb00:0000fffff9d7bb00
Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd8:0000fffff9d7bad0
Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000