last executing test programs:

3.519170356s ago: executing program 1 (id=68):
openat$selinux_avc_cache_threshold(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
socket$nl_route(0x10, 0x3, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x65, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x68}, [@initr0]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
socket$xdp(0x2c, 0x3, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r6}, 0xc)
syz_open_dev$usbfs(0x0, 0x76, 0x101301)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180), 0x200, 0x0)
newfstatat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
pwritev2(0xffffffffffffffff, &(0x7f0000000140)=[{0x0}], 0x1, 0x5405, 0x0, 0x0)

2.648710742s ago: executing program 1 (id=76):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000380)='mm_page_alloc\x00'}, 0x10)
r0 = syz_open_procfs(0x0, &(0x7f00000002c0)='environ\x00')
preadv(r0, &(0x7f0000000380)=[{0x0}, {&(0x7f0000000040)=""/99, 0x63}], 0x2, 0x0, 0x0)

2.637081522s ago: executing program 1 (id=77):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1770, 0xff00, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r1, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r1}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00'}, 0x10)
syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0022060000000803"], 0x0}, 0x0)

2.061774416s ago: executing program 3 (id=81):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
utime(&(0x7f0000000200)='./file0\x00', 0x0)

1.683276959s ago: executing program 3 (id=83):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b7030000000000de850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, 0x0, 0x0)
setsockopt$inet_udp_encap(r1, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4)
syz_emit_ethernet(0x86, &(0x7f00000000c0)={@multicast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @broadcast}, {0x0, 0x4e20, 0x64, 0x0, @wg=@response={0x2, 0x0, 0x0, "09f0c6564b6ac6413304000000d9f8f22f81ae81c2bd7edd9aeaf6fd91c25227", "60326eacce5de87bf00be86b3ebbb957", {"fcc68dd1b5242bdc6466eba8cab8d7b2", "05fef0e9b077b6c6639938f9db7c621b"}}}}}}}, 0x0)

1.639472259s ago: executing program 3 (id=84):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xa, 0x2, 0x9, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
syz_emit_ethernet(0xfed7, &(0x7f00000002c0)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaaaa86dd6002adf700383a00fe880000000000000000000000000001ff020000000000000000000000000001"], 0x0)

1.542756579s ago: executing program 2 (id=85):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
syz_mount_image$fuse(0x0, &(0x7f0000000340)='./file0\x00', 0x2112018, 0x0, 0xff, 0x0, 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r2, &(0x7f00000077c0)={0x2020, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_INIT(r2, &(0x7f0000004200)={0x50, 0x0, r3, {0x7, 0x1f, 0x0, 0x207611a}}, 0x50)
syz_fuse_handle_req(r2, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba523440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff00", 0x2000, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)

1.542463989s ago: executing program 3 (id=86):
openat$selinux_avc_cache_threshold(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
socket$nl_route(0x10, 0x3, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x65, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x68}, [@initr0]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
socket$xdp(0x2c, 0x3, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r6}, 0xc)
syz_open_dev$usbfs(0x0, 0x76, 0x101301)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180), 0x200, 0x0)
newfstatat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
pwritev2(0xffffffffffffffff, &(0x7f0000000140)=[{0x0}], 0x1, 0x5405, 0x0, 0x0)

1.41090989s ago: executing program 2 (id=87):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000380)='mm_page_alloc\x00'}, 0x10)
r0 = syz_open_procfs(0x0, &(0x7f00000002c0)='environ\x00')
preadv(r0, &(0x7f0000000380)=[{0x0}, {&(0x7f0000000040)=""/99, 0x63}], 0x2, 0x0, 0x0)

1.347923801s ago: executing program 2 (id=88):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xd, 0x87, 0x4, 0x1, 0x100, r3, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001b00)={r4, 0x0, 0x0}, 0x20)

1.228318562s ago: executing program 4 (id=92):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r0], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f0000000080)={0xa, 0x14e22, 0x0, @ipv4}, 0x1c)
listen(r2, 0x5)
syz_emit_ethernet(0x36, &(0x7f0000000e00)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2}}}}}}, 0x0)

1.227863102s ago: executing program 4 (id=93):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
utime(&(0x7f0000000200)='./file0\x00', 0x0)

1.193604172s ago: executing program 4 (id=94):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b7030000000000de850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, 0x0, 0x0)
setsockopt$inet_udp_encap(r1, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4)
syz_emit_ethernet(0x86, &(0x7f00000000c0)={@multicast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @broadcast}, {0x0, 0x4e20, 0x64, 0x0, @wg=@response={0x2, 0x0, 0x0, "09f0c6564b6ac6413304000000d9f8f22f81ae81c2bd7edd9aeaf6fd91c25227", "60326eacce5de87bf00be86b3ebbb957", {"fcc68dd1b5242bdc6466eba8cab8d7b2", "05fef0e9b077b6c6639938f9db7c621b"}}}}}}}, 0x0)

1.169811682s ago: executing program 4 (id=95):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB='\x00'/10, @ANYRES32=0x0, @ANYBLOB="00000031b0c4689600890700000001000000000000"], 0x48)
syz_mount_image$exfat(0x0, &(0x7f0000000100)='./bus\x00', 0x4800, 0x0, 0x2, 0x0, &(0x7f0000000000))
chdir(0x0)
getpid()
quotactl$Q_SETQUOTA(0x7fffffffc0000403, &(0x7f0000000340)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000680)={0x8, 0x101, 0x200, 0x100000001, 0xff, 0x0, 0xfff, 0x3, 0xb})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x7528e000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1900000004000000040000000800", @ANYRES32=0x0], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
tgkill(r5, r5, 0x1a)

794.244044ms ago: executing program 0 (id=97):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
syz_mount_image$fuse(0x0, &(0x7f0000000340)='./file0\x00', 0x2112018, 0x0, 0xff, 0x0, 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r2, &(0x7f00000077c0)={0x2020, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_INIT(r2, &(0x7f0000004200)={0x50, 0x0, r3, {0x7, 0x1f, 0x0, 0x207611a}}, 0x50)
syz_fuse_handle_req(r2, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba523440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff00", 0x2000, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)

729.477775ms ago: executing program 0 (id=98):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000380)='mm_page_alloc\x00'}, 0x10)
r0 = syz_open_procfs(0x0, &(0x7f00000002c0)='environ\x00')
preadv(r0, &(0x7f0000000380)=[{0x0}, {&(0x7f0000000040)=""/99, 0x63}], 0x2, 0x0, 0x0)

718.911665ms ago: executing program 0 (id=99):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10)
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x4030582b, &(0x7f00000001c0)={0x1100, 0x2, 0x3, 0x9})
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0)
ioctl$MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f0000000080)={0x0, 0x6})

621.841566ms ago: executing program 3 (id=100):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$incfs(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000340), 0x0, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000040)='.\x00', 0xffffffffffffff9c, &(0x7f00000006c0)='./file0\x00', 0x0)
chdir(&(0x7f00000000c0)='./bus\x00')
r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
mkdirat(r1, &(0x7f0000000300)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
rename(&(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f00000000c0)='./file0\x00')

608.889166ms ago: executing program 3 (id=101):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f00000000c0)=[{0x6}]}, 0x10)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x36, &(0x7f0000000280)={@local, @link_local, @val, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0)

537.404516ms ago: executing program 0 (id=102):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x1a, 0x3, &(0x7f00000006c0)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000f447333de39c7095758218a68bc5142f0cb2229fa6c8b0d7c8126aee6d3def94cd964218564fb1d255bce6cef9bea8322326039744a98eead8c59bc75bb5b42123eef53ae4bc331b0ad09a8efc4175c484ad74df91"], &(0x7f0000000340)='syzkaller\x00', 0x1, 0xc5, &(0x7f0000000180)=""/197, 0x0, 0x0, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x64, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={0x0, r0}, 0x10)

439.695217ms ago: executing program 0 (id=103):
r0 = socket$netlink(0x10, 0x3, 0xf)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f00000003c0)=0x6, 0xdc)
sendmsg$NFT_MSG_GETCHAIN(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000009196bd"], 0x14}}, 0x0)

401.594987ms ago: executing program 2 (id=104):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r2}, 0x18)
utime(&(0x7f0000000200)='./file0\x00', 0x0)

401.204287ms ago: executing program 2 (id=105):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r0], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f0000000080)={0xa, 0x14e22, 0x0, @ipv4}, 0x1c)
listen(r2, 0x5)
syz_emit_ethernet(0x36, &(0x7f0000000e00)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2}}}}}}, 0x0)

391.852427ms ago: executing program 0 (id=106):
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180500000000c800000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
socket$inet6(0xa, 0x2, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r6 = dup3(r5, r4, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000480)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000001b80)={@flat, @ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x1}}, &(0x7f0000000240)={0x0, 0x18, 0x40}}}], 0x0, 0x0, 0x0})

381.767507ms ago: executing program 2 (id=107):
openat$uinput(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
socket(0x10, 0x3, 0x9)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x101a00, 0x0)
r2 = syz_btf_id_by_name$bpf_lsm(0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffff4d, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
socket$inet6(0x10, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe2(&(0x7f0000000040)={<r3=>0xffffffffffffffff}, 0x0)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000200)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2407000005000000000000000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r0, @ANYBLOB="05", @ANYRES16=r0, @ANYRES8, @ANYRES16=r1, @ANYRES16=r3], 0x0)

226.761608ms ago: executing program 1 (id=108):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x5, 0x2, 0x1000, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
rt_sigsuspend(0x0, 0x0)

179.673669ms ago: executing program 4 (id=109):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
syz_mount_image$fuse(0x0, &(0x7f0000000340)='./file0\x00', 0x2112018, 0x0, 0xff, 0x0, 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r2, &(0x7f00000077c0)={0x2020, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_INIT(r2, &(0x7f0000004200)={0x50, 0x0, r3, {0x7, 0x1f, 0x0, 0x207611a}}, 0x50)
syz_fuse_handle_req(r2, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba523440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff00", 0x2000, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)

179.369879ms ago: executing program 1 (id=110):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000380)='mm_page_alloc\x00', r0}, 0x10)
r1 = syz_open_procfs(0x0, &(0x7f00000002c0)='environ\x00')
preadv(r1, &(0x7f0000000380)=[{0x0}, {&(0x7f0000000040)=""/99, 0x63}], 0x2, 0x0, 0x0)

166.706589ms ago: executing program 1 (id=111):
openat$selinux_avc_cache_threshold(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
socket$nl_route(0x10, 0x3, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x65, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x68}, [@initr0]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
socket$xdp(0x2c, 0x3, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r6}, 0xc)
syz_open_dev$usbfs(0x0, 0x76, 0x101301)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180), 0x200, 0x0)
newfstatat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
pwritev2(0xffffffffffffffff, &(0x7f0000000140)=[{0x0}], 0x1, 0x5405, 0x0, 0x0)

0s ago: executing program 4 (id=112):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$incfs(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000340), 0x0, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000040)='.\x00', 0xffffffffffffff9c, &(0x7f00000006c0)='./file0\x00', 0x0)
chdir(&(0x7f00000000c0)='./bus\x00')
r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
mkdirat(r1, &(0x7f0000000300)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
rename(&(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f00000000c0)='./file0\x00')

kernel console output (not intermixed with test programs):

[    4.160034][  T100] udevd[100]: starting version 3.2.11
[    4.235913][  T101] udevd[101]: starting eudev-3.2.11
[    4.238687][  T100] udevd (100) used greatest stack depth: 23200 bytes left
[    4.389152][  T102] udevadm (102) used greatest stack depth: 22096 bytes left
[   13.858687][   T30] kauditd_printk_skb: 50 callbacks suppressed
[   13.858706][   T30] audit: type=1400 audit(1731981353.031:61): avc:  denied  { transition } for  pid=225 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   13.868930][   T30] audit: type=1400 audit(1731981353.031:62): avc:  denied  { noatsecure } for  pid=225 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   13.873540][   T30] audit: type=1400 audit(1731981353.031:63): avc:  denied  { write } for  pid=225 comm="sh" path="pipe:[14081]" dev="pipefs" ino=14081 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[   13.885346][   T30] audit: type=1400 audit(1731981353.031:64): avc:  denied  { rlimitinh } for  pid=225 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   13.904102][   T30] audit: type=1400 audit(1731981353.031:65): avc:  denied  { siginh } for  pid=225 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
Warning: Permanently added '10.128.0.187' (ED25519) to the list of known hosts.
[   21.017562][   T30] audit: type=1400 audit(1731981360.191:66): avc:  denied  { integrity } for  pid=280 comm="syz-executor" lockdown_reason="debugfs access" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=lockdown permissive=1
[   21.041354][   T30] audit: type=1400 audit(1731981360.211:67): avc:  denied  { mounton } for  pid=280 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   21.042767][  T280] cgroup: Unknown subsys name 'net'
[   21.064140][   T30] audit: type=1400 audit(1731981360.211:68): avc:  denied  { mount } for  pid=280 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   21.091017][  T280] cgroup: Unknown subsys name 'devices'
[   21.091031][   T30] audit: type=1400 audit(1731981360.241:69): avc:  denied  { unmount } for  pid=280 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   21.234082][  T280] cgroup: Unknown subsys name 'hugetlb'
[   21.239505][  T280] cgroup: Unknown subsys name 'rlimit'
[   21.462243][   T30] audit: type=1400 audit(1731981360.641:70): avc:  denied  { setattr } for  pid=280 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=250 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   21.485282][   T30] audit: type=1400 audit(1731981360.641:71): avc:  denied  { mounton } for  pid=280 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   21.509854][   T30] audit: type=1400 audit(1731981360.641:72): avc:  denied  { mount } for  pid=280 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   21.517031][  T283] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
Setting up swapspace version 1, size = 127995904 bytes
[   21.541609][   T30] audit: type=1400 audit(1731981360.711:73): avc:  denied  { relabelto } for  pid=283 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   21.566832][   T30] audit: type=1400 audit(1731981360.711:74): avc:  denied  { write } for  pid=283 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   21.582901][  T280] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   21.592537][   T30] audit: type=1400 audit(1731981360.761:75): avc:  denied  { read } for  pid=280 comm="syz-executor" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   22.212347][  T291] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.219217][  T291] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.226744][  T291] device bridge_slave_0 entered promiscuous mode
[   22.233506][  T290] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.240352][  T290] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.247613][  T290] device bridge_slave_0 entered promiscuous mode
[   22.263383][  T291] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.270233][  T291] bridge0: port 2(bridge_slave_1) entered disabled state
[   22.277591][  T291] device bridge_slave_1 entered promiscuous mode
[   22.287757][  T290] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.294748][  T290] bridge0: port 2(bridge_slave_1) entered disabled state
[   22.301959][  T290] device bridge_slave_1 entered promiscuous mode
[   22.331349][  T292] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.338257][  T292] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.345587][  T292] device bridge_slave_0 entered promiscuous mode
[   22.352401][  T292] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.359245][  T292] bridge0: port 2(bridge_slave_1) entered disabled state
[   22.366632][  T292] device bridge_slave_1 entered promiscuous mode
[   22.409140][  T293] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.416016][  T293] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.423274][  T293] device bridge_slave_0 entered promiscuous mode
[   22.430126][  T293] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.436996][  T293] bridge0: port 2(bridge_slave_1) entered disabled state
[   22.444245][  T293] device bridge_slave_1 entered promiscuous mode
[   22.486626][  T294] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.493607][  T294] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.500758][  T294] device bridge_slave_0 entered promiscuous mode
[   22.507532][  T294] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.514489][  T294] bridge0: port 2(bridge_slave_1) entered disabled state
[   22.521910][  T294] device bridge_slave_1 entered promiscuous mode
[   22.690796][  T291] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.697672][  T291] bridge0: port 2(bridge_slave_1) entered forwarding state
[   22.704802][  T291] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.711637][  T291] bridge0: port 1(bridge_slave_0) entered forwarding state
[   22.724904][  T293] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.731756][  T293] bridge0: port 2(bridge_slave_1) entered forwarding state
[   22.738878][  T293] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.745661][  T293] bridge0: port 1(bridge_slave_0) entered forwarding state
[   22.767968][  T294] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.775032][  T294] bridge0: port 2(bridge_slave_1) entered forwarding state
[   22.782122][  T294] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.788892][  T294] bridge0: port 1(bridge_slave_0) entered forwarding state
[   22.801927][  T292] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.808877][  T292] bridge0: port 2(bridge_slave_1) entered forwarding state
[   22.816015][  T292] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.822842][  T292] bridge0: port 1(bridge_slave_0) entered forwarding state
[   22.837637][  T290] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.844515][  T290] bridge0: port 2(bridge_slave_1) entered forwarding state
[   22.851585][  T290] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.858404][  T290] bridge0: port 1(bridge_slave_0) entered forwarding state
[   22.879783][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.887600][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[   22.895285][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.902520][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[   22.909570][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.916719][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[   22.923789][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.931157][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[   22.938132][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   22.945693][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.952783][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.002907][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   23.011479][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   23.019654][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.026524][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.034207][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   23.042238][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.049088][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.056403][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   23.063702][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   23.070881][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   23.078899][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.085760][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.092977][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   23.100911][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.107773][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.114944][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   23.122980][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.129805][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.137067][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   23.145038][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.151892][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.159838][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   23.188522][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   23.218820][  T294] device veth0_vlan entered promiscuous mode
[   23.226381][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   23.234563][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.241393][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.248812][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   23.257165][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.264021][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.271176][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   23.279011][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   23.286836][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   23.294675][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   23.302412][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   23.309647][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   23.317263][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   23.325150][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   23.333048][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   23.340776][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   23.349039][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   23.356997][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   23.365406][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   23.373571][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.380400][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.387631][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   23.396020][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   23.404086][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.410917][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.418148][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   23.426507][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   23.435040][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   23.442984][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   23.454749][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   23.462287][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   23.469517][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   23.477574][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   23.485629][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   23.493760][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   23.515727][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   23.524166][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   23.533034][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   23.541122][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   23.549818][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   23.557842][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   23.566136][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   23.573569][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   23.582043][  T294] device veth1_macvtap entered promiscuous mode
[   23.589231][  T291] device veth0_vlan entered promiscuous mode
[   23.599528][  T292] device veth0_vlan entered promiscuous mode
[   23.606715][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   23.614720][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   23.622686][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   23.648606][  T292] device veth1_macvtap entered promiscuous mode
[   23.657304][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   23.665597][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   23.674033][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   23.682407][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   23.690439][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   23.698977][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   23.707017][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   23.720904][  T291] device veth1_macvtap entered promiscuous mode
[   23.728270][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   23.736572][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   23.745063][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   23.753314][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   23.761282][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   23.769196][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   23.777164][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   23.784628][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   23.795330][  T293] device veth0_vlan entered promiscuous mode
[   23.816300][  T290] device veth0_vlan entered promiscuous mode
[   23.830468][  T293] device veth1_macvtap entered promiscuous mode
[   23.844694][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   23.853042][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   23.861178][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   23.870159][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   23.878655][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   23.887372][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   23.895572][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   23.912510][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   23.920662][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   23.929521][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   23.938100][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   23.946670][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   23.954331][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   23.975744][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   23.984470][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   24.009853][  T290] device veth1_macvtap entered promiscuous mode
[   24.025704][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   24.037490][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   24.046095][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   24.071139][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   24.080041][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   24.102536][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   24.110748][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   24.207143][  T331] serio: Serial port ptm0
[   24.338213][  T351] serio: Serial port ptm0
[   25.540247][  T375] serio: Serial port ptm0
[   25.662072][   T20] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   25.723560][  T396] serio: Serial port ptm0
[   25.911897][   T20] usb 2-1: Using ep0 maxpacket: 16
[   26.673095][  T422] serio: Serial port ptm0
[   26.741952][   T20] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice=d8.08
[   26.814229][   T20] usb 2-1: New USB device strings: Mfr=40, Product=98, SerialNumber=3
[   26.834022][   T20] usb 2-1: Product: syz
[   26.842037][   T20] usb 2-1: Manufacturer: syz
[   26.862092][   T20] usb 2-1: SerialNumber: syz
[   26.876997][   T20] usb 2-1: config 0 descriptor??
[   26.932772][   T20] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected
[   26.960649][   T20] usb 2-1: Detected FT-X
[   26.973063][   T30] kauditd_printk_skb: 48 callbacks suppressed
[   26.973077][   T30] audit: type=1400 audit(1731981366.151:124): avc:  denied  { create } for  pid=434 comm="syz.2.43" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[   27.108332][  T445] loop2: detected capacity change from 0 to 8192
[   27.141958][   T20] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[   27.157989][  T445] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   27.184173][   T30] audit: type=1400 audit(1731981366.351:125): avc:  denied  { mount } for  pid=444 comm="syz.2.47" name="/" dev="loop2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[   27.206277][   T30] audit: type=1400 audit(1731981366.361:126): avc:  denied  { mounton } for  pid=444 comm="syz.2.47" path="/9/file2/file0" dev="loop2" ino=1048595 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=dir permissive=1
[   27.229860][   T30] audit: type=1400 audit(1731981366.381:127): avc:  denied  { unmount } for  pid=293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[   27.230573][  T293] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF
[   27.261922][   T30] audit: type=1400 audit(1731981366.381:128): avc:  denied  { unmount } for  pid=293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[   27.263232][  T293] FAT-fs (loop2): Filesystem has been set read-only
[   27.391944][   T20] ftdi_sio 2-1:0.0: GPIO initialisation failed: -71
[   27.400604][   T20] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0
[   27.409643][   T20] usb 2-1: USB disconnect, device number 2
[   27.421750][   T20] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[   27.431460][   T20] ftdi_sio 2-1:0.0: device disconnected
[   27.892377][   T30] audit: type=1400 audit(1731981367.071:129): avc:  denied  { wake_alarm } for  pid=462 comm="syz.0.52" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   27.925330][   T30] audit: type=1400 audit(1731981367.101:130): avc:  denied  { create } for  pid=466 comm="syz.0.54" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   27.952679][   T30] audit: type=1400 audit(1731981367.121:131): avc:  denied  { write } for  pid=466 comm="syz.0.54" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   28.322298][   T30] audit: type=1400 audit(1731981367.391:132): avc:  denied  { read } for  pid=466 comm="syz.0.54" name="binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[   28.493417][   T30] audit: type=1400 audit(1731981367.401:133): avc:  denied  { open } for  pid=466 comm="syz.0.54" path="/dev/binderfs/binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[   28.731202][  T491] loop3: detected capacity change from 0 to 512
[   28.772094][  T491] =======================================================
[   28.772094][  T491] WARNING: The mand mount option has been deprecated and
[   28.772094][  T491]          and is ignored by this kernel. Remove the mand
[   28.772094][  T491]          option from the mount to silence this warning.
[   28.772094][  T491] =======================================================
[   28.976206][  T491] EXT4-fs (loop3): 1 orphan inode deleted
[   28.981812][  T491] EXT4-fs (loop3): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,usrquota,. Quota mode: writeback.
[   29.002761][  T491] ext4 filesystem being mounted at /11/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   29.422120][   T63] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   29.731866][   T63] usb 1-1: Using ep0 maxpacket: 16
[   29.883443][  T493] syz.1.63 (493) used greatest stack depth: 20320 bytes left
[   29.891936][  T500] binder: 483:500 ioctl 4018620d 0 returned -22
[   30.042025][   T63] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice=d8.08
[   30.057758][   T63] usb 1-1: New USB device strings: Mfr=40, Product=98, SerialNumber=3
[   30.074528][   T63] usb 1-1: Product: syz
[   30.087874][   T63] usb 1-1: Manufacturer: syz
[   30.101900][   T63] usb 1-1: SerialNumber: syz
[   30.116723][   T63] usb 1-1: config 0 descriptor??
[   30.152665][   T63] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected
[   30.162244][   T63] usb 1-1: Detected FT-X
[   30.371989][   T63] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[   30.621921][   T63] ftdi_sio 1-1:0.0: GPIO initialisation failed: -71
[   30.629878][   T63] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0
[   30.642030][   T63] usb 1-1: USB disconnect, device number 2
[   30.651786][   T63] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[   30.661653][   T63] ftdi_sio 1-1:0.0: device disconnected
[   30.985842][  T545] loop4: detected capacity change from 0 to 512
[   31.081931][   T20] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   31.186019][  T545] EXT4-fs (loop4): 1 orphan inode deleted
[   31.191642][  T545] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,usrquota,. Quota mode: writeback.
[   31.212692][  T545] ext4 filesystem being mounted at /17/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   31.532464][   T20] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   31.620823][   T20] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   31.762812][   T20] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[   31.822025][   T20] usb 2-1: New USB device found, idVendor=1770, idProduct=ff00, bcdDevice= 0.00
[   31.851219][   T20] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   32.002178][   T20] usb 2-1: config 0 descriptor??
[   32.048090][   T30] kauditd_printk_skb: 75 callbacks suppressed
[   32.048251][  T565] sched: RT throttling activated
[   32.048269][   T30] audit: type=1400 audit(1731981371.201:209): avc:  denied  { unmount } for  pid=293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[   32.126045][  T569] binder: 555:569 ioctl 4018620d 0 returned -22
[   32.482973][   T20] gt683r_led 0003:1770:FF00.0001: item fetching failed at offset 1/5
[   32.495133][   T20] gt683r_led 0003:1770:FF00.0001: hid parsing failed
[   32.507824][   T20] gt683r_led: probe of 0003:1770:FF00.0001 failed with error -22
[   32.683068][  T297] usb 2-1: USB disconnect, device number 3
[   32.726736][   T30] audit: type=1400 audit(1731981371.901:210): avc:  denied  { read } for  pid=599 comm="syz.0.99" name="usbmon7" dev="devtmpfs" ino=172 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[   32.750044][   T30] audit: type=1400 audit(1731981371.901:211): avc:  denied  { open } for  pid=599 comm="syz.0.99" path="/dev/usbmon7" dev="devtmpfs" ino=172 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[   32.773699][   T30] audit: type=1400 audit(1731981371.921:212): avc:  denied  { ioctl } for  pid=599 comm="syz.0.99" path="/dev/usbmon7" dev="devtmpfs" ino=172 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[   32.819374][   T30] audit: type=1400 audit(1731981371.991:213): avc:  denied  { mounton } for  pid=602 comm="syz.3.100" path="/20/file0" dev="incremental-fs" ino=131 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   32.842561][   T30] audit: type=1400 audit(1731981371.991:214): avc:  denied  { unmount } for  pid=294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[   32.862566][  T294] ------------[ cut here ]------------
[   32.867950][  T294] WARNING: CPU: 1 PID: 294 at fs/inode.c:307 drop_nlink+0xc1/0x110
[   32.876015][  T294] Modules linked in:
[   32.879828][  T294] CPU: 0 PID: 294 Comm: syz-executor Not tainted 5.15.167-syzkaller-00348-g2e66050fb753 #0
[   32.890107][  T294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[   32.902313][  T294] RIP: 0010:drop_nlink+0xc1/0x110
[   32.907182][  T294] Code: 1e 48 8d bb b8 04 00 00 be 08 00 00 00 e8 e7 f4 f0 ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 df 99 ae ff <0f> 0b eb 88 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 62 ff ff ff 4c
[   32.926983][  T294] RSP: 0018:ffffc90000a07b08 EFLAGS: 00010293
[   32.933029][  T294] RAX: ffffffff81c1bd81 RBX: 0000000000000000 RCX: ffff88810ad33b40
[   32.940888][  T294] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   32.949008][  T294] RBP: ffffc90000a07b30 R08: ffffffff81c1bd04 R09: 0000000000000003
[   32.957155][  T294] R10: fffff52000140f50 R11: dffffc0000000001 R12: dffffc0000000000
[   32.966795][  T294] R13: 1ffff11022bd7bee R14: ffff888115ebdf28 R15: ffff888115ebdf70
[   32.974905][  T294] FS:  0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[   32.983914][  T294] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   32.999209][  T294] CR2: 000000110c2dfc29 CR3: 000000010cdb6000 CR4: 00000000003506b0
[   33.007438][  T294] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   33.015820][  T294] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   33.028832][  T294] Call Trace:
[   33.049186][  T294]  <TASK>
[   33.052729][  T294]  ? show_regs+0x58/0x60
[   33.059134][   T30] audit: type=1400 audit(1731981372.231:215): avc:  denied  { read } for  pid=614 comm="syz.2.107" name="uinput" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[   33.085220][  T294]  ? __warn+0x160/0x2f0
[   33.089219][  T294]  ? drop_nlink+0xc1/0x110
[   33.093880][  T294]  ? report_bug+0x3d9/0x5b0
[   33.098214][  T294]  ? drop_nlink+0xc1/0x110
[   33.102741][   T30] audit: type=1400 audit(1731981372.231:216): avc:  denied  { open } for  pid=614 comm="syz.2.107" path="/dev/uinput" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[   33.102776][  T294]  ? handle_bug+0x41/0x70
[   33.140136][  T294]  ? exc_invalid_op+0x1b/0x50
[   33.150230][  T294]  ? asm_exc_invalid_op+0x1b/0x20
[   33.160400][  T294]  ? drop_nlink+0x44/0x110
[   33.169332][  T294]  ? drop_nlink+0xc1/0x110
[   33.181899][  T294]  ? drop_nlink+0xc1/0x110
[   33.186247][  T294]  ? drop_nlink+0xc1/0x110
[   33.196365][  T294]  shmem_rmdir+0x59/0x90
[   33.200464][  T294]  vfs_rmdir+0x324/0x470
[   33.216543][  T294]  incfs_kill_sb+0x113/0x230
[   33.216780][   T30] audit: type=1326 audit(1731981372.391:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=616 comm="syz.1.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb11eee759 code=0x7ffc0000
[   33.220987][  T294]  deactivate_locked_super+0xad/0x110
[   33.271932][   T30] audit: type=1326 audit(1731981372.421:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=616 comm="syz.1.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7feb11eee759 code=0x7ffc0000
[   33.280568][  T294]  deactivate_super+0xbe/0xf0
[   33.300071][  T294]  cleanup_mnt+0x45c/0x510
[   33.304367][  T294]  __cleanup_mnt+0x19/0x20
[   33.308576][  T294]  task_work_run+0x129/0x190
[   33.313057][  T294]  do_exit+0xc48/0x2ca0
[   33.316998][  T294]  ? __kasan_check_read+0x11/0x20
[   33.321877][  T294]  ? put_task_struct+0x80/0x80
[   33.326453][  T294]  ? ksys_write+0x24f/0x2c0
[   33.330794][  T294]  ? exc_page_fault+0x47a/0x7f0
[   33.335551][  T294]  do_group_exit+0x141/0x310
[   33.339910][  T294]  __x64_sys_exit_group+0x3f/0x40
[   33.345184][  T294]  x64_sys_call+0x610/0x9a0
[   33.349509][  T294]  do_syscall_64+0x3b/0xb0
[   33.354117][  T294]  ? clear_bhb_loop+0x35/0x90
[   33.358535][  T294]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   33.365748][  T617] binder: 612:617 ioctl 4018620d 0 returned -22
[   33.370813][  T294] RIP: 0033:0x7f801cf3e759
[   33.376150][  T294] Code: Unable to access opcode bytes at RIP 0x7f801cf3e72f.
[   33.383432][  T294] RSP: 002b:00007ffc71db98c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   33.391728][  T294] RAX: ffffffffffffffda RBX: 00007f801cfb166e RCX: 00007f801cf3e759
[   33.399540][  T294] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[   33.407475][  T294] RBP: 0000000000000016 R08: 00007ffc71db7666 R09: 00007ffc71dbab80
[   33.415334][  T294] R10: 000000000000000a R11: 0000000000000246 R12: 00007ffc71dbab80
[   33.423147][  T294] R13: 00007f801cfb15fc R14: 000055558e5304a8 R15: 00007ffc71dbcd30
[   33.430969][  T294]  </TASK>
[   33.434097][  T294] ---[ end trace d7bc05eb2c10950a ]---
[   33.439720][  T294] ==================================================================
[   33.447597][  T294] BUG: KASAN: null-ptr-deref in ihold+0x20/0x60
[   33.453682][  T294] Write of size 4 at addr 0000000000000170 by task syz-executor/294
[   33.461487][  T294] 
[   33.463653][  T294] CPU: 1 PID: 294 Comm: syz-executor Tainted: G        W         5.15.167-syzkaller-00348-g2e66050fb753 #0
[   33.474855][  T294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[   33.484743][  T294] Call Trace:
[   33.487870][  T294]  <TASK>
[   33.490642][  T294]  dump_stack_lvl+0x151/0x1c0
[   33.495160][  T294]  ? io_uring_drop_tctx_refs+0x190/0x190
[   33.500626][  T294]  ? _raw_spin_lock+0xa4/0x1b0
[   33.505226][  T294]  ? _raw_spin_trylock_bh+0x190/0x190
[   33.510433][  T294]  kasan_report+0x16f/0x1c0
[   33.514774][  T294]  ? ihold+0x20/0x60
[   33.518504][  T294]  ? ihold+0x20/0x60
[   33.522235][  T294]  kasan_check_range+0x293/0x2a0
[   33.527010][  T294]  __kasan_check_write+0x14/0x20
[   33.531869][  T294]  ihold+0x20/0x60
[   33.535430][  T294]  vfs_rmdir+0x201/0x470
[   33.539511][  T294]  incfs_kill_sb+0x113/0x230
[   33.543934][  T294]  deactivate_locked_super+0xad/0x110
[   33.549144][  T294]  deactivate_super+0xbe/0xf0
[   33.553654][  T294]  cleanup_mnt+0x45c/0x510
[   33.557918][  T294]  __cleanup_mnt+0x19/0x20
[   33.562160][  T294]  task_work_run+0x129/0x190
[   33.566587][  T294]  do_exit+0xc48/0x2ca0
[   33.570583][  T294]  ? __kasan_check_read+0x11/0x20
[   33.575440][  T294]  ? put_task_struct+0x80/0x80
[   33.580046][  T294]  ? ksys_write+0x24f/0x2c0
[   33.584389][  T294]  ? exc_page_fault+0x47a/0x7f0
[   33.589067][  T294]  do_group_exit+0x141/0x310
[   33.593492][  T294]  __x64_sys_exit_group+0x3f/0x40
[   33.598352][  T294]  x64_sys_call+0x610/0x9a0
[   33.602692][  T294]  do_syscall_64+0x3b/0xb0
[   33.606946][  T294]  ? clear_bhb_loop+0x35/0x90
[   33.611456][  T294]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   33.617191][  T294] RIP: 0033:0x7f801cf3e759
[   33.621528][  T294] Code: Unable to access opcode bytes at RIP 0x7f801cf3e72f.
[   33.628815][  T294] RSP: 002b:00007ffc71db98c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   33.637062][  T294] RAX: ffffffffffffffda RBX: 00007f801cfb166e RCX: 00007f801cf3e759
[   33.644873][  T294] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[   33.652688][  T294] RBP: 0000000000000016 R08: 00007ffc71db7666 R09: 00007ffc71dbab80
[   33.660493][  T294] R10: 000000000000000a R11: 0000000000000246 R12: 00007ffc71dbab80
[   33.668397][  T294] R13: 00007f801cfb15fc R14: 000055558e5304a8 R15: 00007ffc71dbcd30
[   33.676212][  T294]  </TASK>
[   33.679069][  T294] ==================================================================
[   33.686967][  T294] Disabling lock debugging due to kernel taint
[   33.694492][   T39] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   33.697225][  T294] BUG: kernel NULL pointer dereference, address: 0000000000000170
[   33.709413][  T294] #PF: supervisor write access in kernel mode
[   33.715332][  T294] #PF: error_code(0x0002) - not-present page
[   33.721129][  T294] PGD 114def067 P4D 114def067 PUD 1295fb067 PMD 0 
[   33.727473][  T294] Oops: 0002 [#1] PREEMPT SMP KASAN
[   33.732501][  T294] CPU: 0 PID: 294 Comm: syz-executor Tainted: G    B   W         5.15.167-syzkaller-00348-g2e66050fb753 #0
[   33.743699][  T294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[   33.753596][  T294] RIP: 0010:ihold+0x25/0x60
[   33.757928][  T294] Code: 00 00 00 00 00 55 48 89 e5 41 56 53 49 89 fe e8 f1 91 ae ff 49 8d be 70 01 00 00 be 04 00 00 00 e8 d0 ec f0 ff bb 01 00 00 00 <f0> 41 0f c1 9e 70 01 00 00 ff c3 bf 02 00 00 00 89 de e8 74 95 ae
[   33.777470][  T294] RSP: 0018:ffffc90000a07b48 EFLAGS: 00010246
[   33.783356][  T294] RAX: ffff88810ad33b00 RBX: 0000000000000001 RCX: ffff88810ad33b40
[   33.791168][  T294] RDX: 0000000000000000 RSI: 0000000000000282 RDI: 00000000ffffffff
[   33.798983][  T294] RBP: ffffc90000a07b58 R08: ffffffff8141991b R09: 0000000000000003
[   33.806789][  T294] R10: fffffbfff0e9a64c R11: dffffc0000000001 R12: dffffc0000000000
[   33.814601][  T294] R13: ffff88811245b000 R14: 0000000000000000 R15: 1ffff1102248b606
[   33.822421][  T294] FS:  0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[   33.831185][  T294] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   33.837606][  T294] CR2: 0000000000000170 CR3: 000000010eb17000 CR4: 00000000003506b0
[   33.845420][  T294] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   33.853227][  T294] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   33.861048][  T294] Call Trace:
[   33.864162][  T294]  <TASK>
[   33.866957][  T294]  ? __die_body+0x62/0xb0
[   33.871200][  T294]  ? __die+0x7e/0x90
[   33.875015][  T294]  ? page_fault_oops+0x7f9/0xa90
[   33.879785][  T294]  ? _raw_spin_unlock+0x4d/0x70
[   33.884476][  T294]  ? kernelmode_fixup_or_oops+0xd0/0xd0
[   33.889853][  T294]  ? __schedule+0xcd4/0x1590
[   33.894288][  T294]  ? exc_page_fault+0x510/0x7f0
[   33.898978][  T294]  ? asm_exc_page_fault+0x27/0x30
[   33.903826][  T294]  ? check_panic_on_warn+0x5b/0xb0
[   33.908777][  T294]  ? ihold+0x25/0x60
[   33.912506][  T294]  ? ihold+0x20/0x60
[   33.916238][  T294]  vfs_rmdir+0x201/0x470
[   33.920357][  T294]  incfs_kill_sb+0x113/0x230
[   33.924745][  T294]  deactivate_locked_super+0xad/0x110
[   33.929965][  T294]  deactivate_super+0xbe/0xf0
[   33.934463][  T294]  cleanup_mnt+0x45c/0x510
[   33.938717][  T294]  __cleanup_mnt+0x19/0x20
[   33.942970][  T294]  task_work_run+0x129/0x190
[   33.947400][  T294]  do_exit+0xc48/0x2ca0
[   33.951393][  T294]  ? __kasan_check_read+0x11/0x20
[   33.956251][  T294]  ? put_task_struct+0x80/0x80
[   33.960849][  T294]  ? ksys_write+0x24f/0x2c0
[   33.965191][  T294]  ? exc_page_fault+0x47a/0x7f0
[   33.969883][  T294]  do_group_exit+0x141/0x310
[   33.974305][  T294]  __x64_sys_exit_group+0x3f/0x40
[   33.979174][  T294]  x64_sys_call+0x610/0x9a0
[   33.983502][  T294]  do_syscall_64+0x3b/0xb0
[   33.987754][  T294]  ? clear_bhb_loop+0x35/0x90
[   33.992272][  T294]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   33.997999][  T294] RIP: 0033:0x7f801cf3e759
[   34.002249][  T294] Code: Unable to access opcode bytes at RIP 0x7f801cf3e72f.
[   34.009463][  T294] RSP: 002b:00007ffc71db98c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   34.017699][  T294] RAX: ffffffffffffffda RBX: 00007f801cfb166e RCX: 00007f801cf3e759
[   34.025509][  T294] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[   34.033323][  T294] RBP: 0000000000000016 R08: 00007ffc71db7666 R09: 00007ffc71dbab80
[   34.041133][  T294] R10: 000000000000000a R11: 0000000000000246 R12: 00007ffc71dbab80
[   34.048944][  T294] R13: 00007f801cfb15fc R14: 000055558e5304a8 R15: 00007ffc71dbcd30
[   34.056762][  T294]  </TASK>
[   34.059625][  T294] Modules linked in:
[   34.063372][  T294] CR2: 0000000000000170
[   34.067354][  T294] ---[ end trace d7bc05eb2c10950b ]---
[   34.072725][  T294] RIP: 0010:ihold+0x25/0x60
[   34.077063][  T294] Code: 00 00 00 00 00 55 48 89 e5 41 56 53 49 89 fe e8 f1 91 ae ff 49 8d be 70 01 00 00 be 04 00 00 00 e8 d0 ec f0 ff bb 01 00 00 00 <f0> 41 0f c1 9e 70 01 00 00 ff c3 bf 02 00 00 00 89 de e8 74 95 ae
[   34.096509][  T294] RSP: 0018:ffffc90000a07b48 EFLAGS: 00010246
[   34.102406][  T294] RAX: ffff88810ad33b00 RBX: 0000000000000001 RCX: ffff88810ad33b40
[   34.110221][  T294] RDX: 0000000000000000 RSI: 0000000000000282 RDI: 00000000ffffffff
[   34.118033][  T294] RBP: ffffc90000a07b58 R08: ffffffff8141991b R09: 0000000000000003
[   34.125841][  T294] R10: fffffbfff0e9a64c R11: dffffc0000000001 R12: dffffc0000000000
[   34.133654][  T294] R13: ffff88811245b000 R14: 0000000000000000 R15: 1ffff1102248b606
[   34.141564][  T294] FS:  0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[   34.150332][  T294] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   34.156753][  T294] CR2: 0000000000000170 CR3: 000000010eb17000 CR4: 00000000003506b0
[   34.164565][  T294] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   34.172390][  T294] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   34.180195][  T294] Kernel panic - not syncing: Fatal exception
[   34.186253][  T294] Kernel Offset: disabled
[   34.190341][  T294] Rebooting in 86400 seconds..