last executing test programs:

11.936323048s ago: executing program 0 (id=20):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha256\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56", 0x2)

8.727785478s ago: executing program 0 (id=28):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r2 = syz_open_procfs(0x0, &(0x7f0000000180)='smaps_rollup\x00')
read$FUSE(r2, &(0x7f00000003c0)={0x2020}, 0xd5b)

4.599186618s ago: executing program 1 (id=33):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r0)
sendmsg$IEEE802154_LLSEC_ADD_DEV(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)={0x14, r1, 0x852dd6c070cd7e4d}, 0x14}, 0x4, 0x700000000000000}, 0x0)

4.376325463s ago: executing program 1 (id=34):
getpid()
dup(0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x8000000000002)
sched_setscheduler(r0, 0x2, &(0x7f0000000240)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x240, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0xf)
ioctl$TCFLSH(r3, 0x400455c8, 0x4)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000040)=0x33)

4.078309932s ago: executing program 0 (id=35):
getresuid(0x0, 0x0, 0x0)
ioctl$TUNSETOWNER(0xffffffffffffffff, 0x400454cc, 0x0)
socket$unix(0x1, 0x1, 0x0)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
fchdir(r0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x140, 0x82)

1.118693456s ago: executing program 0 (id=36):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in=@rand_addr=0x64010102, @in=@private=0xa010101, 0x0, 0x3, 0x0, 0x0, 0xa, 0x0, 0x20, 0x8}, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1d}, {0x0, 0x0, 0x0, 0x40000002dd}, 0x4, 0x0, 0x1, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@mcast2, 0x0, 0x32}, 0x2, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}]}]}, 0xfc}}, 0x0)

968.924116ms ago: executing program 0 (id=37):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = gettid()
sendmsg$unix(r0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=[@cred={{0x1c, 0x1, 0x2, {r2}}}], 0x20}, 0x400c0)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x4c, &(0x7f000002eff0)={0x133, &(0x7f0000000000)=[{}]}, 0x10)
prlimit64(0x0, 0x7, &(0x7f0000000180)={0x1, 0x8}, 0x0)
recvmmsg(r1, &(0x7f00000051c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=""/61, 0x3d}}], 0x1, 0x0, 0x0)

887.639071ms ago: executing program 0 (id=38):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x4, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
accept$inet(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x9)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000700)=ANY=[@ANYBLOB="b4050000200080006110600000000000c60000000000000095000000000000009f33ef60916e6e893f1eeb0be20000d072f5b89c3043c47c896ce0bc8731fa595b6b4d45ef26dcca5582054d54d53cd2b685b431c70ea948259c4c869b4fc8db714e4b94bdae214fa68a051d4dca7d2647bec1fc89398d2b9000f224891060017c4700de60beac671e8e8f00cb03588aa6007e71f871ab5c2ff88afc6002084e5b52710aeee835cf0d78e45f70983826fb8579c1fb47d2c59005cff414ed55b0d18a9d446935fb332bb593ee341ab59016f81860324b800c00000000000092d9c5fe34ccb80a61ffcb3363073fd8962823ee45f5d7394e9510f4ac6c702cfabe8a9c55c8dafcdb110036e14c1035cafdfef6a358cbfadb3579a285580a3c080d4e0a48d7bdc38a0437c8c1b3aa408a0000000000002248950b000000"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="12000000040000000400000012"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000ac0)=ANY=[@ANYRES32=r4, @ANYRES32=r3, @ANYBLOB='&'], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000048c0)={r4, &(0x7f00000047c0), &(0x7f0000004880)=@udp=r2}, 0x20)
recvmmsg(r2, &(0x7f0000000b80)=[{{0x0, 0xffffffffffffff6c, 0x0, 0x0, 0x0, 0x52}, 0xa}], 0x360, 0x120, 0x0)

756.53169ms ago: executing program 1 (id=39):
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ff1000/0xc000)=nil, 0xc000, &(0x7f0000000040)='\x00\x00\xef\xfaCvu\xb5i\x80\xab=-2\xb1\xc2\xab\\\xd6\x9c\xce\x15OW\xc7\xcb\xb5\"D\xf7\x15o\n\x80/\"6U\x8d\x0fY\x8cT\xdb%*3\xde\xea.\xdex\xd9\x9e{e\x9b\xf7\xf6\x14x~\x95\xe1w\x19\x8f\x0f\xf4h\x82)\x97\xcdA\x1f\xe0\xad\a\x81n\xe0\x84\x14,9\xde9\xcd\xa2\x10\x19|\x00\x00P\xeaJ;*\x91\x91\xb7\xf8\x8b\xabR|\xbc2\x8aG\xae\xf7\xee\xbb\xa7!\xaf\xce\x9e7\x18\xf0\xa4\x80h+\x1a\xa8W\xc6M-\xd2~\xb1\x001\v\xe1\xeb\xec\xd2H\xb8\xc4\x9b\xfe\xd7\n\x10\xc3\x88\x97\xd0*y\xb1\x1c\xed\xd9\x85\x8f`?H%\xe5\xf6Ai`\x9e\x9e\x9c\x1an\x04\xf0\x03\xcc}\x7fG:\xe2\xde\xda2\x14\xech_\xae\xf2\xeb_ij/\xc4\x83\xe1\xb1\x04\xc1\x11,!\xf4F2\xb9\xec\xc3\x03%3\x88&F\xe7;\x94\xb3L\x06\x8c\xac\x8f\xd6!!\xbe\xe7$$)<\xb6\xb1~V\x87\xd1g\xd2:\xd6*;\x0f\xa5\xb28\x7f\x90J\xea\xc5\x99\x89\xaa\xa7\xc8p_d\x01\xcf~\x889\x96\xc9\x98\x1d\x91:1\xe7\xae\xe8J\x19\x9e\xe3bH\x85\xbf\x82\bi\x06\xdd\x1bo\xe1\n\x10\x9bG.\xe7\xf7T\xdc\\1@\xa9\x80g\x19\xbd\xff\xd6\x9f\xed\xcce,\x06\x82h\xdd\t\xb9`\xd0\xf8\x80\x8fe\xd8\xc1\xe7\x1d\xc0\x9b\x9b\xddE\xd3\xef89F\xb8Bn\x18\xcb|\x8c\t{\xee\x106\x93r\x97\xcb\xc3]\xf7\xee\x82\xea1m\\Lu\x9a\xab\xc5\xba\x90\xaa\x84\xedr\n\x93\xdc\xc6~\xbd\xa8K\x8b\xb0\xf4\a7\xe3\xf6l\xd7\xd3\xc7e\x00\x00\xef\xdf\x9f<zFw\xde|H\x102+\x01\xb5\xa1\xc3\a\xf7\xc3\x83\x95o\xf1\xcd\xcb\xb8\xa3\xcd\xca\x8ab3\xa5\x95\xb5\x8d\xe9\x16\x1bX\xe4\x00\x18\x81\xd5\xe8\xec\xac\xa2\xedU\x00\xdd\xf2\xcbi\xa9\xf1\x86^\x832Z\x9c\xeb\x92\x112\x998j\xd9YQ\x0eS,\xc0\xac\x11\xa4\xa5b1;\xac\xbb\xdev\x17\xb0C\x8a \xabwm\x9c\x91\x10\x96\xb2\xe8\x1a!\xca\xb0b7\x8ed\x98e\xda\xe9\xcf:T\xff\x9e\x16\x12\xd5U\xe4gb\xb5\x967\xc5\xc1\xf8\x82\xc9Vb\x8a\xe4\x0e\x05\x000z\xcd\xb8\x00f}\xbf@\x11\x84\x84\xc2\xf5\x94\xcd\xf2=\x92\x98\x98\xe7D\xd6(ryq\x10\x98\xe7\x9e,iA\xf1\xd73\xbc%S\x83\xae\x81v\x80\xe2\x9a\xd4D29\xfd\x139\xc4\xa3\x174\xe4\x81Q\x87,\xa4\xafY\x97\x80|\xb5\xb3\x16u\x1f\x1a\x03\xd6G\x9d\v\xd1\xc0p\x87\x9d\x88\xaci\xb4\xe0\xf2[\xdf\x89hxZ\x13,\xbb\xac\x98\x1as\xe4(\x05\xa5\x99\x0eU>\xa0\xf7?\xe4-\x1c]')
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$setsig(0x4203, r0, 0xa, &(0x7f0000000000)={0x2f, 0x9, 0x7})

388.892534ms ago: executing program 1 (id=40):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={<r0=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000180)={'veth1_virt_wifi\x00', &(0x7f0000000440)=@ethtool_perm_addr={0x4b, 0x18, "409085367da20000000000000000000000000000042e9efa"}})

159.465049ms ago: executing program 1 (id=41):
io_setup(0x9, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/power/sync_on_suspend', 0x20001, 0x0)
io_submit(r0, 0x1, &(0x7f0000000040)=[&(0x7f0000001500)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f00000011c0)="19e71bdf", 0x4, 0x8000000000000}])

0s ago: executing program 1 (id=42):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000140)=ANY=[@ANYBLOB="8d3cb67941e6fda6539805c4feb2fd00a0901dddc03db27fc4a2b0ffb61f58ee77a54ad80e04ebbd6b466dd3b061990f8a2868713f9606b51ee0ed933de0601c56cb9d3d30110a73c102ef97ba8cb1653d093aa2eb97d82ab336dd43cab64a7ce664739dab"], 0x14}], 0x1, 0x0, 0x0, 0x84}, 0x4000300)
r3 = fsopen(&(0x7f0000000100)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000180)='user\x00N\xac]\x86\x8a\xa3\x7f\x00', &(0x7f0000000140), 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000040)='user\x00N\xac]\x86\x8a\xa3\x7f\x00', &(0x7f0000000080), 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:44502' (ED25519) to the list of known hosts.
syzkaller login: [   84.232343][ T3311] cgroup: Unknown subsys name 'net'
[   84.453955][ T3311] cgroup: Unknown subsys name 'cpuset'
[   84.479928][ T3311] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   84.916999][ T3311] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   95.162888][ T3317] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   95.179933][ T3317] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   95.361765][ T3316] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   95.381306][ T3316] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   96.329078][ T3317] hsr_slave_0: entered promiscuous mode
[   96.336076][ T3317] hsr_slave_1: entered promiscuous mode
[   96.459617][ T3316] hsr_slave_0: entered promiscuous mode
[   96.464583][ T3316] hsr_slave_1: entered promiscuous mode
[   96.469989][ T3316] debugfs: 'hsr0' already exists in 'hsr'
[   96.472842][ T3316] Cannot create hsr debugfs directory
[   97.229892][ T3317] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   97.260366][ T3317] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   97.292794][ T3317] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   97.334483][ T3317] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   97.465913][ T3316] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   97.506395][ T3316] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   97.533986][ T3316] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   97.556657][ T3316] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   98.522137][ T3317] 8021q: adding VLAN 0 to HW filter on device bond0
[   98.616369][ T3316] 8021q: adding VLAN 0 to HW filter on device bond0
[  102.110794][ T3316] veth0_vlan: entered promiscuous mode
[  102.155559][ T3316] veth1_vlan: entered promiscuous mode
[  102.378118][ T3316] veth0_macvtap: entered promiscuous mode
[  102.423558][ T3316] veth1_macvtap: entered promiscuous mode
[  102.444028][ T3317] veth0_vlan: entered promiscuous mode
[  102.528019][ T3317] veth1_vlan: entered promiscuous mode
[  102.641017][ T1677] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  102.644599][ T1677] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  102.646672][ T1677] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  102.650992][ T1677] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  102.777700][ T3317] veth0_macvtap: entered promiscuous mode
[  102.806986][ T3317] veth1_macvtap: entered promiscuous mode
[  103.022409][ T3316] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  103.106841][   T14] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  103.107344][   T14] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  103.107479][   T14] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  103.107600][   T14] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  106.935328][ T3487] netlink: 'syz.1.7': attribute type 4 has an invalid length.
[  107.022162][ T3487] netlink: 'syz.1.7': attribute type 4 has an invalid length.
[  111.026258][   T30] audit: type=1326 audit(110.840:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3503 comm="syz.1.14" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9315c3e8 code=0x7fc00000
[  115.424512][ T3547] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  115.430450][ T3547] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  123.683917][ T3579] ==================================================================
[  123.687538][ T3579] BUG: KASAN: invalid-access in __memcpy+0xc/0x54
[  123.690016][ T3579] Write at addr f6ff800088bd51df by task syz.0.38/3579
[  123.690558][ T3579] Pointer tag: [f6], memory tag: [fe]
[  123.690646][ T3579] 
[  123.691459][ T3579] CPU: 1 UID: 0 PID: 3579 Comm: syz.0.38 Not tainted syzkaller #0 PREEMPT 
[  123.691826][ T3579] Hardware name: linux,dummy-virt (DT)
[  123.692151][ T3579] Call trace:
[  123.692481][ T3579]  show_stack+0x18/0x24 (C)
[  123.692820][ T3579]  dump_stack_lvl+0x78/0x90
[  123.692947][ T3579]  print_report+0x108/0x61c
[  123.693029][ T3579]  kasan_report+0x88/0xac
[  123.693082][ T3579]  __do_kernel_fault+0x170/0x1c8
[  123.693138][ T3579]  do_bad_area+0x68/0x78
[  123.693188][ T3579]  do_tag_check_fault+0x34/0x44
[  123.693284][ T3579]  do_mem_abort+0x44/0x94
[  123.693335][ T3579]  el1_abort+0x44/0x68
[  123.693387][ T3579]  el1h_64_sync_handler+0x50/0xac
[  123.693436][ T3579]  el1h_64_sync+0x6c/0x70
[  123.693593][ T3579]  __memcpy+0xc/0x54 (P)
[  123.693653][ T3579]  convert_ctx_accesses+0x698/0xb2c
[  123.693721][ T3579]  bpf_check+0x1374/0x293c
[  123.693774][ T3579]  bpf_prog_load+0x63c/0xd40
[  123.693819][ T3579]  __sys_bpf+0x2e0/0x1a88
[  123.693870][ T3579]  __arm64_sys_bpf+0x24/0x34
[  123.693921][ T3579]  invoke_syscall+0x48/0x110
[  123.693977][ T3579]  el0_svc_common.constprop.0+0x40/0xe0
[  123.694051][ T3579]  do_el0_svc+0x1c/0x28
[  123.694106][ T3579]  el0_svc+0x34/0x128
[  123.694156][ T3579]  el0t_64_sync_handler+0xa0/0xe4
[  123.694207][ T3579]  el0t_64_sync+0x1a4/0x1a8
[  123.694464][ T3579] 
[  123.694734][ T3579] The buggy address belongs to a 1-page vmalloc region starting at 0xf6ff800088bd5000 allocated at bpf_check+0x8c/0x293c
[  123.696927][ T3579] The buggy address belongs to the physical page:
[  123.697384][ T3579] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4b3f0
[  123.697787][ T3579] flags: 0x1ffe40000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x9)
[  123.699004][ T3579] raw: 01ffe40000000000 0000000000000000 dead000000000122 0000000000000000
[  123.699074][ T3579] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[  123.699209][ T3579] page dumped because: kasan: bad access detected
[  123.699255][ T3579] 
[  123.699286][ T3579] Memory state around the buggy address:
[  123.699798][ T3579] Unable to handle kernel paging request at virtual address ffff800088bd4f00
[  123.699957][ T3579] Mem abort info:
[  123.699995][ T3579]   ESR = 0x0000000096000007
[  123.700089][ T3579]   EC = 0x25: DABT (current EL), IL = 32 bits
[  123.700164][ T3579]   SET = 0, FnV = 0
[  123.700217][ T3579]   EA = 0, S1PTW = 0
[  123.700275][ T3579]   FSC = 0x07: level 3 translation fault
[  123.700346][ T3579] Data abort info:
[  123.700393][ T3579]   ISV = 0, ISS = 0x00000007, ISS2 = 0x00000000
[  123.700444][ T3579]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0
[  123.700501][ T3579]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[  123.700643][ T3579] swapper pgtable: 4k pages, 52-bit VAs, pgdp=0000000042a58000
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  123.700720][ T3579] [ffff800088bd4f00] pgd=1000000042fcc003, p4d=1000000042fcd003, pud=1000000042fce003, pmd=1000000045e3b403, pte=0000000000000000
[  123.702317][ T3579] Internal error: Oops: 0000000096000007 [#1]  SMP
[  123.727096][ T3579] Modules linked in:
[  123.728245][ T3579] CPU: 1 UID: 0 PID: 3579 Comm: syz.0.38 Not tainted syzkaller #0 PREEMPT 
[  123.729143][ T3579] Hardware name: linux,dummy-virt (DT)
[  123.729783][ T3579] pstate: 624020c9 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
[  123.730257][ T3579] pc : kasan_metadata_fetch_row+0xc/0x28
[  123.731540][ T3579] lr : print_report+0x29c/0x61c
[  123.731981][ T3579] sp : ffff800089ef35e0
[  123.732432][ T3579] x29: ffff800089ef35e0 x28: fdf000000b302100 x27: faff800088bcd060
[  123.733211][ T3579] x26: 0000000000000060 x25: ffff800082517e30 x24: ffff800082517e38
[  123.734547][ T3579] x23: ffff800088bd51df x22: ffff8000824e8710 x21: ffff800088bd5000
[  123.735249][ T3579] x20: 00000000fffffffe x19: ffff800088bd4f00 x18: 0000000000000010
[  123.736038][ T3579] x17: 0000000000000000 x16: 0000000000006400 x15: ffff800089ef3460
[  123.736609][ T3579] x14: ffff800089ef365c x13: ffff800089ef3649 x12: ffff800082adf268
[  123.737175][ T3579] x11: 0000000000000001 x10: 0000000000000001 x9 : 000000000002ffe8
[  123.737871][ T3579] x8 : fdf000000b302100 x7 : 0000000000000010 x6 : ffff800081ce18c0
[  123.738635][ T3579] x5 : 0000000000000030 x4 : 0000000000000002 x3 : ffff800088bd5000
[  123.739195][ T3579] x2 : ffff800088bd4f00 x1 : ffff800088bd4f10 x0 : ffff800089ef3638
[  123.740107][ T3579] Call trace:
[  123.740739][ T3579]  kasan_metadata_fetch_row+0xc/0x28 (P)
[  123.741395][ T3579]  kasan_report+0x88/0xac
[  123.741772][ T3579]  __do_kernel_fault+0x170/0x1c8
[  123.742402][ T3579]  do_bad_area+0x68/0x78
[  123.742866][ T3579]  do_tag_check_fault+0x34/0x44
[  123.743295][ T3579]  do_mem_abort+0x44/0x94
[  123.743770][ T3579]  el1_abort+0x44/0x68
[  123.744106][ T3579]  el1h_64_sync_handler+0x50/0xac
[  123.744532][ T3579]  el1h_64_sync+0x6c/0x70
[  123.745051][ T3579]  __memcpy+0xc/0x54 (P)
[  123.746765][ T3579]  convert_ctx_accesses+0x698/0xb2c
[  123.747183][ T3579]  bpf_check+0x1374/0x293c
[  123.747525][ T3579]  bpf_prog_load+0x63c/0xd40
[  123.747899][ T3579]  __sys_bpf+0x2e0/0x1a88
[  123.748229][ T3579]  __arm64_sys_bpf+0x24/0x34
[  123.748785][ T3579]  invoke_syscall+0x48/0x110
[  123.749229][ T3579]  el0_svc_common.constprop.0+0x40/0xe0
[  123.749636][ T3579]  do_el0_svc+0x1c/0x28
[  123.749985][ T3579]  el0_svc+0x34/0x128
[  123.750309][ T3579]  el0t_64_sync_handler+0xa0/0xe4
[  123.750682][ T3579]  el0t_64_sync+0x1a4/0x1a8
[  123.751532][ T3579] Code: d65f03c0 91040023 aa0103e2 91004021 (d9600042) 
[  123.752749][ T3579] ---[ end trace 0000000000000000 ]---
[  123.753916][ T3579] Kernel panic - not syncing: Oops: Fatal exception
[  123.754779][ T3579] SMP: stopping secondary CPUs
[  123.756088][ T3579] Kernel Offset: disabled
[  123.756438][ T3579] CPU features: 0x000000,00068cc1,7ef8cf80,957fff3f
[  123.757216][ T3579] Memory Limit: none
[  123.758266][ T3579] Rebooting in 86400 seconds..

VM DIAGNOSIS:
06:07:27  Registers:
info registers vcpu 0

CPU#0
 PC=ffff800081b8a7fc X00=ffff800081b8a7f8 X01=f3f000000b110000
X02=0000000000000001 X03=0000000000000003 X04=0000000000000000
X05=0000000000000000 X06=0000000000000000 X07=0000000000000000
X08=ffff800082deb818 X09=ffff800082a04000 X10=0000000000000001
X11=ffff800082dae840 X12=000000000000d8bf X13=0000000000000003
X14=0000000000000003 X15=0000000000000000 X16=ffff800082de8000
X17=fff07ffffcef4000 X18=0000000000000001 X19=0000000000000000
X20=ffff800082b11908 X21=ffff800082b11900 X22=0000000000000098
X23=0000000000000004 X24=ffff800082b11908 X25=0000000000000028
X26=0000000000000000 X27=fff07ffffcef4000 X28=f8f0000003df7000
X29=ffff800082deb590 X30=ffff800080187f58  SP=ffff800082deb590
PSTATE=404020c9 -Z-- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000000000000000 P01=0000000000000000 P02=0000000000000000
P03=0000000000000000 P04=0000000000000000 P05=0000000000000000
P06=0000000000000000 P07=0000000000000000 P08=0000000000000000
P09=0000000000000000 P10=0000000000000000 P11=0000000000000000
P12=0000000000000000 P13=0000000000000000 P14=0000000000000000
P15=0000000000000000 FFR=0000000000000000
Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0100000000000000:0100000000000000
Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000100000000:0000000000000000
Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000001:0000000000000000
Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00d000a800000000:0000000000000000
Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000002
Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000001:0000000000000002
Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6edc4d3a2914b135:d8e9c869e2695c88
Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:b20fae707afde253:388e9c6c4fa85ca0
Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffe895f500:0000ffffe895f500
Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000ffffe895f4d0
Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
info registers vcpu 1

CPU#1
 PC=ffff8000809303e8 X00=0000000000000002 X01=0000000000000018
X02=ffff800082e15018 X03=ffff800082badf28 X04=f2f00000030e5880
X05=0000000000000074 X06=0000000000000063 X07=0000000000000000
X08=7f7f7f7f7f7f7f7f X09=ffff800082badf58 X10=0000000000000001
X11=ffff800089ef3100 X12=ffff800082adf268 X13=ffff800089ef2edd
X14=ffff800089ef2ee8 X15=ffff800089ef2d50 X16=0000000000006400
X17=0000000000000000 X18=00000000ffffffff X19=f6f000000304301d
X20=ffff80008093058c X21=f2f00000030e5880 X22=f6f0000003043031
X23=0000000000000000 X24=0000000000000000 X25=00000000000000c0
X26=ffffffffffffffff X27=ffff800082751000 X28=ffffffffffffffff
X29=ffff800089ef3000 X30=ffff8000809305b4  SP=ffff800089ef3000
PSTATE=804020c9 N--- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000000000000000 P01=0000000000000000 P02=0000000000000000
P03=0000000000000000 P04=0000000000000000 P05=0000000000000000
P06=0000000000000000 P07=0000000000000000 P08=0000000000000000
P09=0000000000000000 P10=0000000000000000 P11=0000000000000000
P12=0000000000000000 P13=0000000000000000 P14=0000000000000000
P15=0000000000000000 FFR=0000000000000000
Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:e9b5dba5b5c0fbcf:71374491428a2f98
Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ab1c5ed5923f82a4:59f111f13956c25b
Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:550c7dc3243185be:12835b01d807aa98
Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:c19bf1749bdc06a7:80deb1fe72be5d74
Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:240ca1cc0fc19dc6:efbe4786e49b69c1
Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:76f988da5cb0a9dc:4a7484aa2de92c6f
Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:bf597fc7b00327c8:a831c66d983e5152
Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:1429296706ca6351:d5a79147c6e00bf3
Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:53380d134d2c6dfc:2e1b213827b70a85
Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:92722c8581c2c92e:766a0abb650a7354
Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:c76c51a3c24b8b70:a81a664ba2bfe8a1
Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:106aa070f40e3585:d6990624d192e819
Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:34b0bcb52748774c:1e376c0819a4c116
Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:682e6ff35b9cca4f:4ed8aa4a391c0cb3
Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:8cc7020884c87814:78a5636f748f82ee
Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:c67178f2bef9a3f7:a4506ceb90befffa
Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:2870063eb1a8ea90:9f4cc603fc2e1e50
Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ff697c3763cbea2d:96844e4c761658b6
Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:493773d2c53b89f1:6eade328122165ee
Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ca1b73e89c327eb4:4256fe66a426e28e
Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:d65052e3f10ec91c:9e0d6910e85188b6
Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:14a4d176f7e3ea27:2d5dd83dcf71daa6
Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:d5fe75da4a040205:e753469786b0e8dc
Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:908cecda5b2c22ab:e6a76b5134e5e288
Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:31005da9b49fd5aa:e2a5ba8b7e47a24f
Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:b8c4045dd860107c:92586fb17e638827
Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:65ec9e703f758e06:5f7606146abe1788
Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000