last executing test programs:

42.48402298s ago: executing program 1 (id=2):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
write$cgroup_pid(r1, &(0x7f00000001c0), 0x12)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @cgroup_sockopt=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000400)={r2, 0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
openat$dma_heap(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r3 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$inet_opts(r3, 0x0, 0x1a, &(0x7f0000000180)="dd", 0x1)

42.062698124s ago: executing program 1 (id=3):
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x2151090, 0x0)
socket(0x2, 0x80805, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])

41.641230888s ago: executing program 1 (id=4):
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ff1000/0xc000)=nil, 0xc000, &(0x7f0000000040)='\x00\x00\xef\xfaCvu\xb5i\x80\xab=-2\xb1\xc2\xab\\\xd6\x9c\xce\x15OW\xc7\xcb\xb5\"D\xf7\x15o\n\x80/\"6U\x8d\x0fY\x8cT\xdb%*3\xde\xea.\xdex\xd9\x9e{e\x9b\xf7\xf6\x14x~\x95\xe1w\x19\x8f\x0f\xf4h\x82)\x97\xcdA\x1f\xe0\xad\a\x81n\xe0\x84\x14,9\xde9\xcd\xa2\x10\x19|\x00\x00P\xeaJ;*\x91\x91\xb7\xf8\x8b\xabR|\xbc2\x8aG\xae\xf7\xee\xbb\xa7!\xaf\xce\x9e7\x18\xf0\xa4\x80h+\x1a\xa8W\xc6M-\xd2~\xb1\x001\v\xe1\xeb\xec\xd2H\xb8\xc4\x9b\xfe\xd7\n\x10\xc3\x88\x97\xd0*y\xb1\x1c\xed\xd9\x85\x8f`?H%\xe5\xf6Ai`\x9e\x9e\x9c\x1an\x04\xf0\x03\xcc}\x7fG:\xe2\xde\xda2\x14\xech_\xae\xf2\xeb_ij/\xc4\x83\xe1\xb1\x04\xc1\x11,!\xf4F2\xb9\xec\xc3\x03%3\x88&F\xe7;\x94\xb3L\x06\x8c\xac\x8f\xd6!!\xbe\xe7$$)<\xb6\xb1~V\x87\xd1g\xd2:\xd6*;\x0f\xa5\xb28\x7f\x90J\xea\xc5\x99\x89\xaa\xa7\xc8p_d\x01\xcf~\x889\x96\xc9\x98\x1d\x91:1\xe7\xae\xe8J\x19\x9e\xe3bH\x85\xbf\x82\bi\x06\xdd\x1bo\xe1\n\x10\x9bG.\xe7\xf7T\xdc\\1@\xa9\x80g\x19\xbd\xff\xd6\x9f\xed\xcce,\x06\x82h\xdd\t\xb9`\xd0\xf8\x80\x8fe\xd8\xc1\xe7\x1d\xc0\x9b\x9b\xddE\xd3\xef89F\xb8Bn\x18\xcb|\x8c\t{\xee\x106\x93r\x97\xcb\xc3]\xf7\xee\x82\xea1m\\Lu\x9a\xab\xc5\xba\x90\xaa\x84\xedr\n\x93\xdc\xc6~\xbd\xa8K\x8b\xb0\xf4\a7\xe3\xf6l\xd7\xd3\xc7e\x00\x00\xef\xdf\x9f<zFw\xde|H\x102+\x01\xb5\xa1\xc3\a\xf7\xc3\x83\x95o\xf1\xcd\xcb\xb8\xa3\xcd\xca\x8ab3\xa5\x95\xb5\x8d\xe9\x16\x1bX\xe4\x00\x18\x81\xd5\xe8\xec\xac\xa2\xedU\x00\xdd\xf2\xcbi\xa9\xf1\x86^\x832Z\x9c\xeb\x92\x112\x998j\xd9YQ\x0eS,\xc0\xac\x11\xa4\xa5b1;\xac\xbb\xdev\x17\xb0C\x8a \xabwm\x9c\x91\x10\x96\xb2\xe8\x1a!\xca\xb0b7\x8ed\x98e\xda\xe9\xcf:T\xff\x9e\x16\x12\xd5U\xe4gb\xb5\x967\xc5\xc1\xf8\x82\xc9Vb\x8a\xe4\x0e\x05\x000z\xcd\xb8\x00f}\xbf@\x11\x84\x84\xc2\xf5\x94\xcd\xf2=\x92\x98\x98\xe7D\xd6(ryq\x10\x98\xe7\x9e,iA\xf1\xd73\xbc%S\x83\xae\x81v\x80\xe2\x9a\xd4D29\xfd\x139\xc4\xa3\x174\xe4\x81Q\x87,\xa4\xafY\x97\x80|\xb5\xb3\x16u\x1f\x1a\x03\xd6G\x9d\v\xd1\xc0p\x87\x9d\x88\xaci\xb4\xe0\xf2[\xdf\x89hxZ\x13,\xbb\xac\x98\x1as\xe4(\x05\xa5\x99\x0eU>\xa0\xf7?\xe4-\x1c]')
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f000000e000/0xa000)=nil, 0x3000, 0x3})

41.298025041s ago: executing program 1 (id=5):
r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x80)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x12, 0x4, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000001000000000000000000000071180a000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock_addr=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000240)={r2, r1, 0x20, 0x0, @val=@tracing={0xffffffffffffffff, 0x5}}, 0x20)
r3 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0)
r4 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000d00)={0x0, <r5=>0x0}, 0x8)
r6 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000000)=r5, 0x4)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000040)={r6, r4, 0x0, r3}, 0x10)

41.297622891s ago: executing program 32 (id=5):
r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x80)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x12, 0x4, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000001000000000000000000000071180a000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock_addr=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000240)={r2, r1, 0x20, 0x0, @val=@tracing={0xffffffffffffffff, 0x5}}, 0x20)
r3 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0)
r4 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000d00)={0x0, <r5=>0x0}, 0x8)
r6 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000000)=r5, 0x4)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000040)={r6, r4, 0x0, r3}, 0x10)

4.898054035s ago: executing program 2 (id=78):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4)
socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_mtu(r2, 0x0, 0xa, &(0x7f0000000080)=0x4, 0x4)
sendto$inet(r2, &(0x7f0000000040)="0400", 0xffec, 0x0, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)

4.54862291s ago: executing program 2 (id=81):
syz_emit_ethernet(0x36, &(0x7f0000000000)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3a}, @void, {@ipv6={0x86dd, @generic={0xc, 0x6, "370c89", 0x0, 0x3c, 0x1, @rand_addr=' \x01\x00', @local}}}}, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x89f1, &(0x7f0000000900)={'ip6tnl0\x00', @random="0600002000"})

4.381321601s ago: executing program 0 (id=82):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f)
setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000300)=0x48a, 0x4)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)

4.380968831s ago: executing program 2 (id=83):
r0 = socket(0xa, 0x3, 0xff)
setsockopt$inet6_int(r0, 0x29, 0x4d, &(0x7f0000000040)=0x7, 0x4)
recvmmsg(r0, &(0x7f0000000080)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0)=""/61, 0x3d}, 0xd9}], 0x1, 0x0, 0x0)
syz_emit_ethernet(0x42, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa3986dd6c370c89000c2c0120010000000000000000000000000001fe8000000000000000000000000000aaff"], 0x0)

3.61028133s ago: executing program 2 (id=84):
openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x4)
r0 = socket$inet(0x2, 0x801, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x80, 0x0)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0)
ppoll(&(0x7f0000000300)=[{r0, 0xc3c2}], 0x1, 0x0, 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080)={<r2=>0xffffffffffffffff}, 0x111}}, 0x20)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300), 0x111, 0x8}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0xfffb, 0x7, @loopback, 0xa098}, {0xa, 0x4e21, 0x9, @mcast1, 0x9}, r2, 0x7fff}}, 0x48)
writev(r1, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2)

3.444089331s ago: executing program 2 (id=85):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x1f, 0x14, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000ffffff7f0000000009000000180100002020693400000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000f8ffffff850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000040000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002000000850000006d00000095"], &(0x7f0000000600)='GPL\x00', 0x3, 0x0, 0x0, 0x41000, 0x11}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)

3.279122742s ago: executing program 2 (id=86):
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x8000}})
read$FUSE(r1, &(0x7f00000062c0)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r1, &(0x7f0000004200)={0x50, 0x0, r2, {0x7, 0x29, 0x0, 0x80000}}, 0x50)
syz_fuse_handle_req(r1, &(0x7f00000042c0)="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000970700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000eeffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100", 0x2000, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x20, 0x0, 0x400000000000, {0x0, 0x7}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x42, 0x0)
ioctl$UFFDIO_WRITEPROTECT(r3, 0xc018aa06, &(0x7f00000003c0)={{&(0x7f0000ffb000/0x2000)=nil, 0x2000}, 0x2})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
readv(r3, &(0x7f0000000380)=[{&(0x7f0000000340)=""/5, 0x5}], 0x20)

1.679428136s ago: executing program 0 (id=87):
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
splice(r1, 0x0, r0, 0x0, 0xffff, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r3=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r3, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
sendmmsg$unix(r2, &(0x7f0000000140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20000000)

611.466332ms ago: executing program 0 (id=88):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0500000005000000060000000700"], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000180), &(0x7f00000001c0), 0x75, r0}, 0x38)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000680)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4000}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @printk={@s, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x2000000}}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000003c0)={r1, r0}, 0xc)

493.621358ms ago: executing program 0 (id=89):
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000680)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB='+\x00\x00\x00\x00 '], 0x20)

400.180759ms ago: executing program 0 (id=90):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB="210000000000000000000000000010000004"], 0x48)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
bpf$OBJ_GET_MAP(0x7, 0x0, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3000001, 0x11, r0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[], 0x48)
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
mlockall(0x7)

0s ago: executing program 0 (id=91):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000380)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)=@newtfilter={0x48, 0x2c, 0xf3f, 0x130bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xb, 0xfff3}, {0x0, 0x1}, {0x7, 0x300}}, [@filter_kind_options=@f_bpf={{0x8}, {0x1c, 0x2, [@TCA_BPF_FLAGS={0x8}, @TCA_BPF_FD={0x8}, @TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x3}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20041090}, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:3399' (ED25519) to the list of known hosts.
syzkaller login: [   85.537904][ T3311] cgroup: Unknown subsys name 'net'
[   85.698772][ T3311] cgroup: Unknown subsys name 'cpuset'
[   85.722348][ T3311] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   86.203700][ T3311] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   96.068525][ T3317] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   96.091537][ T3317] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   96.401722][ T3316] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   96.417532][ T3316] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   96.920539][ T3317] hsr_slave_0: entered promiscuous mode
[   96.929691][ T3317] hsr_slave_1: entered promiscuous mode
[   97.539691][ T3316] hsr_slave_0: entered promiscuous mode
[   97.545085][ T3316] hsr_slave_1: entered promiscuous mode
[   97.552812][ T3316] debugfs: 'hsr0' already exists in 'hsr'
[   97.556253][ T3316] Cannot create hsr debugfs directory
[   97.933508][ T3317] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   97.984094][ T3317] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   98.033503][ T3317] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   98.078138][ T3317] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   98.545263][ T3316] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   98.571095][ T3316] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   98.591738][ T3316] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   98.613216][ T3316] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   99.379418][ T3317] 8021q: adding VLAN 0 to HW filter on device bond0
[   99.739062][ T3316] 8021q: adding VLAN 0 to HW filter on device bond0
[  103.104470][ T3316] veth0_vlan: entered promiscuous mode
[  103.142829][ T3317] veth0_vlan: entered promiscuous mode
[  103.178988][ T3316] veth1_vlan: entered promiscuous mode
[  103.215483][ T3317] veth1_vlan: entered promiscuous mode
[  103.404841][ T3316] veth0_macvtap: entered promiscuous mode
[  103.472639][ T3316] veth1_macvtap: entered promiscuous mode
[  103.506192][ T3317] veth0_macvtap: entered promiscuous mode
[  103.556147][ T3317] veth1_macvtap: entered promiscuous mode
[  103.726849][ T1103] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  103.730670][ T1103] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  103.731102][ T1103] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  103.731436][ T1103] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  103.830300][ T1103] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  103.846308][ T1103] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  103.848538][ T1103] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  103.881459][ T1103] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  104.376782][ T3316] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  105.882810][ T1103] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  105.969735][ T1103] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  106.053409][ T1103] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  106.147463][ T1103] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  106.956649][ T1103] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  107.008122][ T1103] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  107.045041][ T1103] bond0 (unregistering): Released all slaves
[  107.207149][ T1103] hsr_slave_0: left promiscuous mode
[  107.213946][ T1103] hsr_slave_1: left promiscuous mode
[  107.247384][ T1103] veth1_macvtap: left promiscuous mode
[  107.258162][ T1103] veth0_macvtap: left promiscuous mode
[  107.259951][ T1103] veth1_vlan: left promiscuous mode
[  107.261426][ T1103] veth0_vlan: left promiscuous mode
[  110.594632][ T3510] fuse: Bad value for 'fd'
[  111.414631][ T3475] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  111.438001][ T3475] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  112.645492][ T3475] hsr_slave_0: entered promiscuous mode
[  112.649872][ T3475] hsr_slave_1: entered promiscuous mode
[  113.669753][ T3475] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  113.717292][ T3475] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  113.753421][ T3475] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  113.813852][ T3475] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  114.111953][ T3554] fuse: Bad value for 'fd'
[  115.054474][ T3475] 8021q: adding VLAN 0 to HW filter on device bond0
[  117.479691][ T3601] fuse: Bad value for 'fd'
[  117.950083][ T3475] veth0_vlan: entered promiscuous mode
[  117.972881][ T3475] veth1_vlan: entered promiscuous mode
[  118.043116][ T3475] veth0_macvtap: entered promiscuous mode
[  118.073673][ T3475] veth1_macvtap: entered promiscuous mode
[  118.219749][   T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  118.221472][   T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  118.226260][   T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  118.227430][   T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  118.956995][ T3614] gre1: entered promiscuous mode
[  120.878388][ T3627] fuse: Invalid rootmode
[  122.420258][ T3641] fuse: Invalid rootmode
[  123.194958][ T3648] gre1: entered promiscuous mode
[  123.911828][ T3660] fuse: Invalid rootmode
[  124.491314][ T3668] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  124.621599][ T3672] fuse: Bad value for 'rootmode'
[  125.995314][ T3680] process 'syz.0.39' launched '/dev/fd/3' with NULL argv: empty string added
[  127.284352][ T3692] fuse: Bad value for 'rootmode'
[  128.730734][ T3710] netlink: 8 bytes leftover after parsing attributes in process `syz.0.46'.
[  128.731210][ T3710] netlink: 32 bytes leftover after parsing attributes in process `syz.0.46'.
[  129.742690][ T3722] fuse: Unknown parameter 'use00000000000000000000'
[  130.879362][ T3735] fuse: Unknown parameter 'use00000000000000000000'
[  134.227224][ T3749] fuse: Unknown parameter 'use00000000000000000000'
[  134.786603][ T3760] fuse: Unknown parameter 'user_i00000000000000000000'
[  137.556689][ T3768] netlink: 8 bytes leftover after parsing attributes in process `syz.2.69'.
[  137.958794][ T3773] fuse: Unknown parameter 'user_i00000000000000000000'
[  141.244783][ T3780] macvlan0: entered promiscuous mode
[  141.282770][ T3780] netlink: 'syz.0.73': attribute type 1 has an invalid length.
[  141.288771][ T3780] netlink: 'syz.0.73': attribute type 2 has an invalid length.
[  141.296841][ T3780] netlink: 8 bytes leftover after parsing attributes in process `syz.0.73'.
[  142.387924][ T3790] IPv4: Oversized IP packet from 127.0.0.1
[  142.390962][    C0] IPv4: Oversized IP packet from 127.0.0.1
[  147.168798][ T1103] ==================================================================
[  147.173588][ T1103] BUG: KASAN: slab-use-after-free in defer_free+0x3c/0xbc
[  147.176392][ T1103] Write at addr f6f0000006b6d560 by task kworker/u8:8/1103
[  147.176968][ T1103] Pointer tag: [f6], memory tag: [fe]
[  147.177051][ T1103] 
[  147.177945][ T1103] CPU: 1 UID: 0 PID: 1103 Comm: kworker/u8:8 Not tainted syzkaller #0 PREEMPT 
[  147.178322][ T1103] Hardware name: linux,dummy-virt (DT)
[  147.178845][ T1103] Workqueue: events_unbound bpf_map_free_deferred
[  147.180192][ T1103] Call trace:
[  147.180576][ T1103]  show_stack+0x18/0x24 (C)
[  147.180931][ T1103]  dump_stack_lvl+0x78/0x90
[  147.181055][ T1103]  print_report+0x108/0x61c
[  147.181108][ T1103]  kasan_report+0x88/0xac
[  147.181257][ T1103]  __do_kernel_fault+0x170/0x1c8
[  147.181381][ T1103]  do_bad_area+0x68/0x78
[  147.181440][ T1103]  do_tag_check_fault+0x34/0x44
[  147.181494][ T1103]  do_mem_abort+0x44/0x94
[  147.181544][ T1103]  el1_abort+0x44/0x68
[  147.181597][ T1103]  el1h_64_sync_handler+0x50/0xac
[  147.181657][ T1103]  el1h_64_sync+0x6c/0x70
[  147.181852][ T1103]  defer_free+0x3c/0xbc (P)
[  147.181912][ T1103]  kfree_nolock+0x1a0/0x1d4
[  147.181967][ T1103]  range_tree_destroy+0x74/0x90
[  147.182021][ T1103]  arena_map_free+0x64/0x90
[  147.182071][ T1103]  bpf_map_free_deferred+0x70/0x180
[  147.182124][ T1103]  process_one_work+0x178/0x2cc
[  147.182183][ T1103]  worker_thread+0x24c/0x354
[  147.182239][ T1103]  kthread+0x130/0x1fc
[  147.182292][ T1103]  ret_from_fork+0x10/0x20
[  147.182644][ T1103] 
[  147.182714][ T1103] Allocated by task 3817:
[  147.182923][ T1103]  kasan_save_stack+0x3c/0x64
[  147.183176][ T1103]  save_stack_info+0x40/0x158
[  147.183217][ T1103]  kasan_save_alloc_info+0x14/0x20
[  147.183254][ T1103]  __kasan_kmalloc+0xb4/0xb8
[  147.183290][ T1103]  kmalloc_nolock_noprof+0x1dc/0x4fc
[  147.183331][ T1103]  range_tree_set+0x644/0x778
[  147.183369][ T1103]  arena_map_alloc+0x11c/0x17c
[  147.183448][ T1103]  map_create+0x19c/0xa98
[  147.183488][ T1103]  __sys_bpf+0x348/0x1a88
[  147.183527][ T1103]  __arm64_sys_bpf+0x24/0x34
[  147.183562][ T1103]  invoke_syscall+0x48/0x110
[  147.183602][ T1103]  el0_svc_common.constprop.0+0x40/0xe0
[  147.183651][ T1103]  do_el0_svc+0x1c/0x28
[  147.183691][ T1103]  el0_svc+0x34/0x128
[  147.183728][ T1103]  el0t_64_sync_handler+0xa0/0xe4
[  147.183764][ T1103]  el0t_64_sync+0x1a4/0x1a8
[  147.183843][ T1103] 
[  147.183892][ T1103] Freed by task 1103:
[  147.183948][ T1103]  kasan_save_stack+0x3c/0x64
[  147.183989][ T1103]  save_stack_info+0x40/0x158
[  147.184023][ T1103]  kasan_save_free_info+0x18/0x24
[  147.184056][ T1103]  __kasan_slab_free+0x7c/0x8c
[  147.184090][ T1103]  kfree_nolock+0xcc/0x1d4
[  147.184122][ T1103]  range_tree_destroy+0x74/0x90
[  147.184156][ T1103]  arena_map_free+0x64/0x90
[  147.184192][ T1103]  bpf_map_free_deferred+0x70/0x180
[  147.184231][ T1103]  process_one_work+0x178/0x2cc
[  147.184268][ T1103]  worker_thread+0x24c/0x354
[  147.184302][ T1103]  kthread+0x130/0x1fc
[  147.184335][ T1103]  ret_from_fork+0x10/0x20
[  147.184382][ T1103] 
[  147.184473][ T1103] The buggy address belongs to the object at fff0000006b6d540
[  147.184473][ T1103]  which belongs to the cache kmalloc-64 of size 64
[  147.184639][ T1103] The buggy address is located 32 bytes inside of
[  147.184639][ T1103]  64-byte region [fff0000006b6d540, fff0000006b6d580)
[  147.184691][ T1103] 
[  147.184971][ T1103] The buggy address belongs to the physical page:
[  147.185561][ T1103] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x46b6d
[  147.186062][ T1103] anon flags: 0x1ffc00000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x0)
[  147.186548][ T1103] page_type: f5(slab)
[  147.187223][ T1103] raw: 01ffc00000000000 f4f0000003001600 0000000000000000 dead000000000001
[  147.187287][ T1103] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000
[  147.187411][ T1103] page dumped because: kasan: bad access detected
[  147.187453][ T1103] 
[  147.187485][ T1103] Memory state around the buggy address:
[  147.187778][ T1103]  fff0000006b6d300: f1 f1 f1 fe fd fd fd fe f2 f2 f2 f2 f8 f8 f8 f8
[  147.187885][ T1103]  fff0000006b6d400: fa fa fa fa f9 f9 f9 f9 f1 f1 f1 f1 f8 f8 f8 fe
[  147.187953][ T1103] >fff0000006b6d500: fb fb fb fe fe fe fe fe fd fd fd fe f5 f5 f5 fe
[  147.188022][ T1103]                                      ^
[  147.188143][ T1103]  fff0000006b6d600: fd fd fd fd f0 f0 f0 f0 f6 f6 f6 f6 f2 f2 f2 f2
[  147.188176][ T1103]  fff0000006b6d700: f5 f5 f5 f5 f5 f5 f5 f5 f7 f7 f7 f7 fa fa fa fa
[  147.188253][ T1103] ==================================================================
[  147.189535][ T1103] Disabling lock debugging due to kernel taint
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  148.250973][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  148.331196][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  148.419644][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  148.522452][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  149.160861][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  149.220459][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  149.241038][   T12] bond0 (unregistering): Released all slaves
[  149.353065][   T12] hsr_slave_0: left promiscuous mode
[  149.364350][   T12] hsr_slave_1: left promiscuous mode
[  149.384150][   T12] veth1_macvtap: left promiscuous mode
[  149.385457][   T12] veth0_macvtap: left promiscuous mode
[  149.390890][   T12] veth1_vlan: left promiscuous mode
[  149.391575][   T12] veth0_vlan: left promiscuous mode

VM DIAGNOSIS:
01:00:21  Registers:
info registers vcpu 0

CPU#0
 PC=ffff800080307ec0 X00=fff0000008ef9700 X01=fff07ffffcf04000
X02=0000000000000000 X03=fff000007f8d64e0 X04=fff000007f8dda90
X05=00000000000000e8 X06=0000000000000000 X07=fff000000b4f0000
X08=ffff800082ddbdc8 X09=0000000000000066 X10=ffff800082ddbd78
X11=000000000000005a X12=0000000000000001 X13=0000000000000000
X14=0000000000000165 X15=ffff800081bd4430 X16=ffff800082dd8000
X17=fff07ffffcf04000 X18=00000000ffffffff X19=fff000007f8dda90
X20=ffffc1ffc01a7a20 X21=0000000000002820 X22=00000000000000e8
X23=c2ff800080308e40 X24=fff000007f8d64e0 X25=0000000000000001
X26=000000000000001d X27=0000000000004210 X28=faf000000b4f4210
X29=ffff800082ddb9d0 X30=ffff800080307f30  SP=ffff800082ddb9d0
PSTATE=a04020c9 N-C- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000000000000000 P01=0000000000000000 P02=0000000000000000
P03=0000000000000000 P04=0000000000000000 P05=0000000000000000
P06=0000000000000000 P07=0000000000000000 P08=0000000000000000
P09=0000000000000000 P10=0000000000000000 P11=0000000000000000
P12=0000000000000000 P13=0000000000000000 P14=0000000000000000
P15=0000000000000000 FFR=0000000000000000
Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00524f5252450040:0000000000000000
Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00524f5252450040:0000000000000000
Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6edc4d3a2914b135:d8e9c869e2695c88
Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:b20fae707afde253:388e9c6c4fa85ca0
Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000fffffb93e2d0:0000fffffb93e2d0
Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000fffffb93e2a0
Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
info registers vcpu 1

CPU#1
 PC=ffff800081b88b34 X00=0000000000000004 X01=fff07ffffcf1d000
X02=0000000000000000 X03=0000000000000010 X04=0000000000000014
X05=0000000000000001 X06=ffff800082a1d710 X07=0000000000000190
X08=fff000007f8f0c80 X09=0000000000001000 X10=00000000000003ab
X11=0000000000000001 X12=000000000000001d X13=0000000000000000
X14=00000000000003ab X15=0000000000000000 X16=0000000000000000
X17=0000000000000000 X18=0000000000000000 X19=fdf0000003fe1080
X20=fff000007f8f0b80 X21=0000000000000000 X22=f5f0000004d3c200
X23=0000000000000001 X24=f5f0000004d3c200 X25=38cf800081b897f0
X26=faf0000003024028 X27=f5f0000004d3c8f0 X28=0000000000000000
X29=ffff800084233c20 X30=ffff800081b88f0c  SP=ffff800084233c20
PSTATE=214020c9 --C- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000000000000000 P01=0000000000000000 P02=0000000000000000
P03=0000000000000000 P04=0000000000000000 P05=0000000000000000
P06=0000000000000000 P07=0000000000000000 P08=0000000000000000
P09=0000000000000000 P10=0000000000000000 P11=0000000000000000
P12=0000000000000000 P13=0000000000000000 P14=0000000000000000
P15=0000000000000000 FFR=0000000000000000
Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:000065676e616863:00746e657665752f
Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffff000000000000:ff00000000000000
Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ff000000f0000000
Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00000000000000ff
Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:3303330333033303:3303330333033303
Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:bcbcbcc0bc00c003:bcbcbcc0bc00c003
Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000073:0000aaaae9498c90
Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000074:0000aaaae9495f70
Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffcd5f6300:0000ffffcd5f6300
Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000ffffcd5f62d0
Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000