last executing test programs:

29.704131585s ago: executing program 0 (id=1):
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000002c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301)
ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r4, 0x80045505, &(0x7f0000000040)=@usbdevfs_connect)
r5 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x1ff, 0x1501)
ioctl$USBDEVFS_BULK(r5, 0xc0185502, &(0x7f0000000400)={{{0x3, 0x1}}, 0x0, 0x6, 0x0})
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1900000004000000040000000800000000000000", @ANYRES32, @ANYRES64=r0, @ANYRES32=0x0, @ANYRES64=r2, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0x48)
r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r7, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$DEVLINK_CMD_PORT_GET(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="300000001a00010000000000000000000a00"/27], 0x30}}, 0x0)
r8 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
tgkill(r8, r8, 0x12)

22.724485811s ago: executing program 0 (id=12):
io_setup(0x101, &(0x7f0000000000)=<r0=>0x0)
io_pgetevents(r0, 0x2, 0x0, 0x0, 0x0, 0x0)

20.892714992s ago: executing program 0 (id=13):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x4000, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x5c, 0x30, 0x1, 0x0, 0x0, {}, [{0x48, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = dup(r5)
ioctl$KVM_REGISTER_COALESCED_MMIO(r6, 0x4010ae67, &(0x7f0000000200))
ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f00000001c0))
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r6, 0x4010ae68, &(0x7f0000000040))
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r7}, 0x18)
r8 = openat$procfs(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/asound/seq/clients\x00', 0x0, 0x0)
lseek(r8, 0x9, 0x0)
fsopen(&(0x7f0000000000)='proc\x00', 0x0)
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(0xffffffffffffffff, 0x50009405, &(0x7f0000000480))
preadv2(r0, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0x1fee00}], 0x2, 0x0, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0xc)

10.443380886s ago: executing program 0 (id=19):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7, 0x0, 0xffff}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x48, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xd}, @NFTA_SET_EXPRESSIONS={0x4}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x110}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x90}}, 0x20050800)

9.95271131s ago: executing program 0 (id=20):
mlockall(0x1)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
mlockall(0x7)

4.27282252s ago: executing program 1 (id=24):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bond_slave_1\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000080)=@newlink={0x38, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @hsr={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE1={0x8, 0x1, r1}]}}}]}, 0x38}}, 0x0)

4.035278327s ago: executing program 1 (id=25):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x1)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x3e4})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000280)={{&(0x7f0000000000/0x3000)=nil, 0x3000}, 0x4})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000440)={&(0x7f00001df000/0x1000)=nil, &(0x7f0000984000/0x3000)=nil, &(0x7f00007b3000/0xa000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f000064c000/0x2000)=nil, &(0x7f0000b02000/0x1000)=nil, &(0x7f00003bb000/0x4000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f000018f000/0x1000)=nil, &(0x7f0000c00000/0x400000)=nil, &(0x7f0000e0e000/0x3000)=nil, 0x0}, 0x68)

2.47319058s ago: executing program 1 (id=26):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000540)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000400)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x3c}, @fd={0x66642a85, 0x0, r3}, @ptr={0x70742a85, 0x0, &(0x7f0000000340)=""/102, 0x66, 0x1, 0x38}}, &(0x7f0000000200)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0})

2.312074515s ago: executing program 1 (id=27):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
sendmsg$nl_route(r0, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=@newlink={0x44, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x300}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x8, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}]}}}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x44}}, 0x8000)

1.899787347s ago: executing program 1 (id=28):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0a000000050000000200000004"], 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x1014, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7020000010000e1850000008600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000001800007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4)
sendmsg$unix(r3, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000}, 0x4000044)

1.539897727s ago: executing program 1 (id=29):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
kexec_load(0x0, 0x1, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x10000}], 0x0)

0s ago: executing program 0 (id=30):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000400000000040000102030109025c000201000000090400"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:35961' (ED25519) to the list of known hosts.
syzkaller login: [  116.966669][ T3267] cgroup: Unknown subsys name 'net'
[  117.371490][ T3267] cgroup: Unknown subsys name 'cpuset'
[  117.406223][ T3267] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[  118.046816][ T3267] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  131.006397][ T3272] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  131.097628][ T3272] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  131.349506][ T3273] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  131.376774][ T3273] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  133.026858][ T3272] hsr_slave_0: entered promiscuous mode
[  133.036197][ T3272] hsr_slave_1: entered promiscuous mode
[  133.135245][ T3273] hsr_slave_0: entered promiscuous mode
[  133.139041][ T3273] hsr_slave_1: entered promiscuous mode
[  133.141719][ T3273] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  133.142325][ T3273] Cannot create hsr debugfs directory
[  134.487396][ T3273] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  134.538902][ T3273] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  134.574498][ T3273] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  134.592091][ T3273] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  134.830226][ T3272] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  134.866456][ T3272] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  134.887098][ T3272] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  134.940129][ T3272] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  136.355544][ T3273] 8021q: adding VLAN 0 to HW filter on device bond0
[  136.619747][ T3272] 8021q: adding VLAN 0 to HW filter on device bond0
[  140.497927][ T3273] veth0_vlan: entered promiscuous mode
[  140.574336][ T3273] veth1_vlan: entered promiscuous mode
[  140.588395][ T3272] veth0_vlan: entered promiscuous mode
[  140.652407][ T3272] veth1_vlan: entered promiscuous mode
[  140.775322][ T3273] veth0_macvtap: entered promiscuous mode
[  140.814989][ T3273] veth1_macvtap: entered promiscuous mode
[  140.889150][ T3272] veth0_macvtap: entered promiscuous mode
[  140.936565][ T3272] veth1_macvtap: entered promiscuous mode
[  141.115077][ T3273] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  141.115938][ T3273] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  141.116562][ T3273] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  141.117142][ T3273] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  141.199000][ T3272] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  141.199898][ T3272] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  141.200743][ T3272] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  141.201568][ T3272] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  141.820997][ T3273] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  146.080136][ T3425] misc userio: Invalid payload size
[  146.585366][ T3429] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  146.595759][ T3429] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  147.010349][ T3431] netlink: 288 bytes leftover after parsing attributes in process `syz.1.10'.
[  159.292121][ T3449] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  159.296182][ T3449] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  161.077699][ T3458] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  163.235696][ T3464] ip6tnl1: entered promiscuous mode
[  163.237858][ T3464] ip6tnl1: entered allmulticast mode
[  163.437555][ T3464] netlink: 16 bytes leftover after parsing attributes in process `syz.1.18'.
[  166.752429][ T3467] netlink: 'syz.1.21': attribute type 4 has an invalid length.
[  166.786221][ T3467] netlink: 'syz.1.21': attribute type 4 has an invalid length.
[  169.360723][ T3480] binder: 3479:3480 tried to acquire reference to desc 0, got 1 instead
[  169.372177][ T3480] binder: 3479:3480 got transaction with too large buffer
[  169.377472][ T3480] binder: 3479:3480 transaction async to 3479:0 failed 5/29201/-22, size 104-24 line 3612
[  169.382303][ T3384] binder: undelivered TRANSACTION_ERROR: 29201
[  169.590797][ T3482] netlink: 'syz.1.27': attribute type 1 has an invalid length.
[  169.652955][ T3482] ip6erspan0: entered promiscuous mode
[  169.661237][ T3482] ip6erspan0: entered allmulticast mode
[  171.846929][ T3488] Unable to handle kernel paging request at virtual address ffffffffc0000000
[  171.848089][ T3488] Mem abort info:
[  171.850708][ T3488]   ESR = 0x0000000096000006
[  171.851590][ T3488]   EC = 0x25: DABT (current EL), IL = 32 bits
[  171.852637][ T3488]   SET = 0, FnV = 0
[  171.853677][ T3488]   EA = 0, S1PTW = 0
[  171.854295][ T3488]   FSC = 0x06: level 2 translation fault
[  171.855204][ T3488] Data abort info:
[  171.855862][ T3488]   ISV = 0, ISS = 0x00000006, ISS2 = 0x00000000
[  171.856609][ T3488]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0
[  171.857582][ T3488]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[  171.858588][ T3488] swapper pgtable: 4k pages, 52-bit VAs, pgdp=0000000042815000
[  171.859585][ T3488] [ffffffffc0000000] pgd=1000000042d0a003, p4d=0000000042c17403, pud=0000000042c18403, pmd=0000000000000000
[  171.863142][ T3488] Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP
[  171.864096][ T3488] Modules linked in:
[  171.864886][ T3488] CPU: 0 UID: 0 PID: 3488 Comm: syz.1.29 Not tainted 6.13.0-syzkaller-07078-gb46c89c08f41 #0
[  171.865779][ T3488] Hardware name: linux,dummy-virt (DT)
[  171.866387][ T3488] pstate: 81402009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
[  171.867067][ T3488] pc : trans_pgd_create_copy+0x214/0x844
[  171.868000][ T3488] lr : trans_pgd_create_copy+0x34/0x844
[  171.868448][ T3488] sp : ffff800088e1bc20
[  171.868851][ T3488] x29: ffff800088e1bc20 x28: fff0ffffffffffff x27: ffff800088e1bd68
[  171.869636][ T3488] x26: ffff800088e1bd68 x25: ffffffffc0000000 x24: fff000007fdff000
[  171.870357][ T3488] x23: fff1000000000000 x22: ffff800082a66000 x21: fff0000000000000
[  171.871054][ T3488] x20: fff0008000000000 x19: ffff800000000000 x18: 0000000000000000
[  171.871757][ T3488] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000001
[  171.872517][ T3488] x14: 0000000000000000 x13: 0000000000000002 x12: 000000000006f3d0
[  171.873395][ T3488] x11: 0000000000000000 x10: 0000000000000001 x9 : 00000000000000fb
[  171.874205][ T3488] x8 : fbf000000959a000 x7 : 0000000000000000 x6 : 0000000049599fff
[  171.874968][ T3488] x5 : 0000000049599000 x4 : ffff7fffffffffff x3 : fbf0000009599000
[  171.875868][ T3488] x2 : 00000000bfdff000 x1 : fff0ffffffffffff x0 : 18000000bfdfe403
[  171.876772][ T3488] Call trace:
[  171.877253][ T3488]  trans_pgd_create_copy+0x214/0x844 (P)
[  171.877852][ T3488]  machine_kexec_post_load+0x158/0x2c0
[  171.878356][ T3488]  do_kexec_load+0x28c/0x2e4
[  171.878799][ T3488]  __arm64_sys_kexec_load+0x9c/0xe8
[  171.879252][ T3488]  invoke_syscall+0x48/0x110
[  171.879693][ T3488]  el0_svc_common.constprop.0+0x40/0xe0
[  171.880156][ T3488]  do_el0_svc+0x1c/0x28
[  171.880616][ T3488]  el0_svc+0x30/0xe0
[  171.881040][ T3488]  el0t_64_sync_handler+0x10c/0x138
[  171.881509][ T3488]  el0t_64_sync+0x1a4/0x1a8
[  171.882187][ T3488] Code: f900031b a94153f3 14000182 b4000820 (f9400320) 
[  171.883020][ T3488] ---[ end trace 0000000000000000 ]---
[  171.883914][ T3488] Kernel panic - not syncing: Oops: Fatal exception
[  171.884624][ T3488] SMP: stopping secondary CPUs
[  171.885644][ T3488] Kernel Offset: disabled
[  171.886063][ T3488] CPU features: 0x000,000000d0,60bef2f8,2b7ffebf
[  171.886810][ T3488] Memory Limit: none
[  171.887453][ T3488] Rebooting in 86400 seconds..

VM DIAGNOSIS:
19:21:47  Registers:
info registers vcpu 0

CPU#0
 PC=ffff800081a93874 X00=ffff800081a93870 X01=f0f0000008e9c900
X02=0000000000000004 X03=0000000000000000 X04=0000000000000001
X05=ffff8000827b33f0 X06=fff07ffffd145000 X07=fff000007f8d7028
X08=fff000007f8d72c0 X09=0000000000000001 X10=0000000000000000
X11=0000000000000001 X12=0000000000000001 X13=0000000000000343
X14=ffff800088e1b588 X15=ffff800088e1b3f0 X16=0000000000000000
X17=0000000000000000 X18=00000000ffffffff X19=0000000000000000
X20=ffff8000828c0e48 X21=ffff8000828c0e40 X22=0000000000000004
X23=0000000000000004 X24=ffff8000828c0e48 X25=0000000000000028
X26=f5f00000061c9c00 X27=000f41ffc2669900 X28=0000000000000004
X29=ffff800088de3730 X30=ffff80008016fdac  SP=ffff800088de3730
PSTATE=004020c9 ---- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000000000000000 P01=0000000000000000 P02=0000000000000000
P03=0000000000000000 P04=0000000000000000 P05=0000000000000000
P06=0000000000000000 P07=0000000000000000 P08=0000000000000000
P09=0000000000000000 P10=0000000000000000 P11=0000000000000000
P12=0000000000000000 P13=0000000000000000 P14=0000000000000000
P15=0000000000000000 FFR=0000000000000000
Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffae946418:0000ffffae946430
Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffae946428:0000ffffae946470
Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffaf4aca20:0000ffffae946410
Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffae946448:0000ffffae946420
Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffae946458:0000ffffae946450
Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffae946458:0000ffffae946450
Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffae946468:0000ffffae946460
Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffc950f980:0000ffffc950f980
Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000ffffc950f950
Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
info registers vcpu 1

CPU#1
 PC=ffff8000815c6b8c X00=fbf00000065e9100 X01=0000000000000003
X02=0000000000000002 X03=ffff800088cfba64 X04=ffff800088cfb9e4
X05=ffff800088cfba70 X06=f9f0000008ebc900 X07=0000000000000000
X08=ffff800088cfbbb8 X09=0000000000000001 X10=000000000000012f
X11=0000000000000000 X12=0000000000950806 X13=00002c1eadc1b0bc
X14=0000000000000000 X15=0000000020056940 X16=0000000000000000
X17=0000000000000000 X18=0000000000000000 X19=f5f00000065e9200
X20=ffff800088cfbd40 X21=f4f0000006bde700 X22=0000000000000000
X23=0000000000000002 X24=0000000000000002 X25=ffff800088cfbd40
X26=ffffffffffffffff X27=f4f0000006bde700 X28=00000000000015a2
X29=ffff800088cfbab0 X30=31df8000815ab754  SP=ffff800088cfbac0
PSTATE=414020c9 -Z-- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000000000000000 P01=0000000000000000 P02=0000000000000000
P03=0000000000000000 P04=0000000000000000 P05=0000000000000000
P06=0000000000000000 P07=0000000000000000 P08=0000000000000000
P09=0000000000000000 P10=0000000000000000 P11=0000000000000000
P12=0000000000000000 P13=0000000000000000 P14=0000000000000000
P15=0000000000000000 FFR=0000000000000000
Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffae946418:0000ffffae946430
Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffae946428:0000ffffae946470
Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffaf4aca20:0000ffffae946410
Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffae946448:0000ffffae946420
Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffae946458:0000ffffae946450
Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffae946458:0000ffffae946450
Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffae946468:0000ffffae946460
Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffc950f980:0000ffffc950f980
Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000ffffc950f950
Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000