last executing test programs:

4.306444476s ago: executing program 4 (id=141):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000004080)={<r0=>0xffffffffffffffff})
write$binfmt_elf32(r0, &(0x7f0000000240)=ANY=[], 0xfffffdb6)
sendmmsg$inet(r0, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000080)="89", 0x1}], 0x1}}], 0x1, 0x0)

4.304996646s ago: executing program 3 (id=142):
pipe(&(0x7f0000000180)={<r0=>0xffffffffffffffff})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, 0x0, 0x0)

4.255576764s ago: executing program 3 (id=143):
r0 = gettid()
timer_create(0x0, &(0x7f0000000240)={0x0, 0x0, 0x800000000004, @tid=r0}, &(0x7f00000000c0))
r1 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000340)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/fscaps', 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
recvmsg(r2, &(0x7f0000000100)={&(0x7f0000000080)=@pppol2tpv3in6={0x18, 0x1, {0x0, <r3=>0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0xab, 0x0}, 0x0)
close(r3)
timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0)
rt_sigreturn()
ioctl$FS_IOC_MEASURE_VERITY(r1, 0x5451, 0x0)

4.238478907s ago: executing program 3 (id=144):
mprotect(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$TIOCGSOFTCAR(r0, 0x541b, 0x0)

4.230163188s ago: executing program 3 (id=145):
r0 = gettid()
r1 = signalfd(0xffffffffffffffff, &(0x7f0000000080), 0x8)
readv(r1, 0x0, 0x0)
close(r1)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f00000000c0))
rt_sigreturn()
poll(0x0, 0x0, 0x64)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000004080)={<r2=>0xffffffffffffffff})
write$binfmt_elf32(r2, &(0x7f0000000240)=ANY=[], 0xfffffdb6)
sendmmsg$inet(r2, &(0x7f0000000580)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)

3.903563758s ago: executing program 2 (id=156):
mount$bind(&(0x7f00000002c0)='.\x00', 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, 0x0, 0x0, 0x0, &(0x7f0000002140)={[{@xino_off}, {@nfs_export_on}, {@index_on}, {@redirect_dir={'redirect_dir', 0x3d, './file0'}}, {@metacopy_on}, {@nfs_export_on}, {@upperdir={'upperdir', 0x3d, './file0/file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}], [{@defcontext={'defcontext', 0x3d, 'staff_u'}}, {@rootcontext={'rootcontext', 0x3d, 'staff_u'}}, {@fscontext={'fscontext', 0x3d, 'system_u'}}, {@euid_eq}, {@measure}, {@smackfstransmute={'smackfstransmute', 0x3d, '#'}}]})
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, &(0x7f0000000180))
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000000440)=0x82, 0x49)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @local}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r0, &(0x7f0000000480)="fbbf0b5044e308cb7bd572aa2b42e9678bcf30eff9f3aed14dc94a114bd2b45956aebe2b108a87e865501a5f9e0383611afdd3f8bac3d5cfd7772a3ab48d0ba4b600731e357e38716c449fae7c28548a4f2105f44b8fd9b33041270ae01f1a405e3f650fc3b0926d481c364fca00000000000000006d3a3ede9fc738b8d86209c060161d5ddb5fcf3d09001117cdb9d055aa2d89fe3458720724853a876448d4a1fe9ef0569ad98a05ab5df763923b4e2c576e00000000000000000000000000000000002090666159e3075f7244cf4ec3d7814c0c934f44e200219e6dd7bc23397d5f2f2c76a5baddd0fd8c340362691ef226f7a0ac51b74b6be5ed6737948514cd466943d08eeb3895b80499da2b209da4f3ec5e3744ce3e863b0e04d0ec2f39edf50b6e08c4b47e448a35414763d687fbe3792ee15c5b9791310a346472723c100bf77a310b0ced8004b5ac6d48c40439f512e8ef34a53d65f55563f68136a577736ca5f6f66e01ef4ec2cdc8db34f6de50713adaa3f70189958263fddc1314f8a28ccdef6e1390c5fbaeadc3035d019f0dc75de307de6c0d010000000000000027083d1d5b4b013c503b863b560688d94de886b6dc73d5da2dfeff4bed1a49a975a6c8dbb480e4415ddca5657a5a8e3b111015499e952bb5e8d8f60de3d688df7802c6e8b27b31fac4e199038b79a3999920e634a5af162a9581b0e6647e410700246548234acacf9cb43ab332a37bbc926c39897395c974fda31536be523bf4260300730ae6136fecae5f0fa6ab2df8d98128b24589e3bbe5230e07dc5e0d65cc397e3f8204d48e59e8e294a6d7008ba8fba28cd5009fe1a7c569ce740078bf1c7389a6ba0f89257f0eac417aac0d2d89b05ee5dafa2f1d936c87264d077b2c0d5abdbc64ce943f895dd4c2e9dd7393543d89b00dc6b3a25045d4ec932366c67dfad087fa8dc104644828440bdf67dd97ebccb3bd", 0xfffffea5, 0xc000, 0x0, 0xfffffcef)
recvmsg(r0, &(0x7f00000033c0)={&(0x7f00000003c0)=@ethernet={0x0, @dev}, 0x80, &(0x7f0000002040)=[{&(0x7f0000000080)=""/49, 0x31}, {&(0x7f0000000f80)=""/4096, 0xffffffe1}, {0x0}, {&(0x7f0000000100)=""/102, 0x66}, {&(0x7f00000021c0)=""/4096, 0x1000}], 0x5, &(0x7f0000001f80)=""/178, 0xb2}, 0x120)
shutdown(r0, 0x0)

3.769503129s ago: executing program 2 (id=159):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x3, 0x8, 0x8}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10)
gettid()

3.711473768s ago: executing program 2 (id=161):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @random="0106002010ff"})
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x0, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r3, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10)
sendto$inet6(r3, &(0x7f0000000300), 0xfdef, 0x0, 0x0, 0xfffffffffffffdfd)

3.627542791s ago: executing program 0 (id=164):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDEL6RD(r0, 0x89fa, &(0x7f0000000180)={'sit0\x00', &(0x7f0000000140)={@loopback, @multicast1}})

3.627471541s ago: executing program 0 (id=165):
r0 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
symlinkat(&(0x7f0000000000)='.\x00', r1, &(0x7f0000000140)='./file0\x00')
openat(r1, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)

3.593355776s ago: executing program 0 (id=166):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000000100)=0x7d, 0x4)
r1 = fcntl$dupfd(r0, 0x0, r0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @local}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r0, &(0x7f0000000480)="fbbf0b5044e308cb7bd572aa2b42e9678bcf30eff9f3aed14dc94a114bd2b45956aebe2b108a87e865501a5f9e0383611afdd3f8bac3d5cfd7772a3ab48d0ba4b600731e357e38716c449fae7c28548a4f2105f44b8fd9b33041270ae01f1a405e3f650fc3b0926d481c364fca00000000000000006d3a3ede9fc738b8d86209c060161d5ddb5fcf3d09001117cdb9d055aa2d89fe3458720724853a876448d4a1fe9ef0569ad98a05ab5df763923b4e2c576e00000000000000000000000000000000002090666159e3075f7244cf4ec3d7814c0c934f44e200219e6dd7bc23397d5f2f2c76a5baddd0fd8c340362691ef226f7a0ac51b74b6be5ed6737948514cd466943d08eeb3895b80499da2b209da4f3ec5e3744ce3e863b0e04d0ec2f39edf50b6e08c4b47e448a35414763d687fbe3792ee15c5b9791310a346472723c100bf77a310b0ced8004b5ac6d48c40439f512e8ef34a53d65f55563f68136a577736ca5f6f66e01ef4ec2cdc8db34f6de50713adaa3f70189958263fddc1314f8a28ccdef6e1390c5fbaeadc3035d019f0dc75de307de6c0d010000000000000027083d1d5b4b013c503b863b560688d94de886b6dc73d5da2dfeff4bed1a49a975a6c8dbb480e4415ddca5657a5a8e3b111015499e952bb5e8d8f60de3d688df7802c6e8b27b31fac4e199038b79a3999920e634a5af162a9581b0e6647e410700246548234acacf9cb43ab332a37bbc926c39897395c974fda31536be523bf4260300730ae6136fecae5f0fa6ab2df8d98128b24589e3bbe5230e07dc5e0d65cc397e3f8204d48e59e8e294a6d7008ba8fba28cd5009fe1a7c569ce740078bf1c7389a6ba0f89257f0eac417aac0d2d89b05ee5dafa2f1d936c87264d077b2c0d5abdbc64ce943f895dd4c2e9dd7393543d89b00dc6b3a25045d4ec932366c67dfad087fa8dc104644828440bdf67dd97ebccb3bd", 0xfffffea5, 0xc000, 0x0, 0xfffffcef)
recvmmsg(r0, &(0x7f0000000c80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, 0x0)

3.540060094s ago: executing program 1 (id=168):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e0000000800000000001800038014000380"], 0x44}}, 0x0)

3.468242995s ago: executing program 1 (id=169):
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xe, 0x4, 0x4, 0x4, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00008feff0)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x4, 0x0, &(0x7f00008feff0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="020d0000100000002f3144e8edffffff03000600ff18000002004909000100000000000000001e0e080012000200010000d200000000000030006c540203009f7eae02000000adb20200000000f52c000000cdff00000001020014bb000001000000002300001300030005000020000002"], 0x80}}, 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
sendmmsg(r0, &(0x7f00000000c0), 0x2c8, 0x0)

3.468053905s ago: executing program 1 (id=170):
unshare(0x40400)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r0}, 0x10)
r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8)
close(r2)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000d00000295"], &(0x7f0000000700)='GPL\x00'}, 0x90)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000740)={r3, 0xe0, &(0x7f0000000600)={0x0, <r4=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000780)={r4}, 0x4)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000080)={@map=0x1, r5, 0x2f, 0x0, 0xffffffffffffffff, @prog_id}, 0x20)
bpf$BPF_PROG_ATTACH(0x9, &(0x7f0000000140)={@map=0x1, r3, 0x2f, 0x10, 0xffffffffffffffff, @prog_fd=r5}, 0x20)

3.464871636s ago: executing program 1 (id=171):
mlockall(0x1)
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x5452, 0x0)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
openat$pidfd(0xffffffffffffff9c, 0x0, 0x0, 0x0)

3.464807716s ago: executing program 4 (id=172):
r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
close(r0)
socket$inet_tcp(0x2, 0x1, 0x0)
bind$unix(r0, &(0x7f0000002dc0)=@abs, 0x6e)

3.453990857s ago: executing program 4 (id=173):
socketpair(0x0, 0x0, 0x0, &(0x7f0000000340)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
dup3(0xffffffffffffffff, r0, 0x0)
syz_mount_image$fuse(0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0)
mlockall(0x1)
syz_clone3(&(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

3.388512358s ago: executing program 3 (id=174):
mlockall(0x1)
ioctl$BTRFS_IOC_DEV_INFO(0xffffffffffffffff, 0xd000941e, 0x0)
close(0xffffffffffffffff)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
epoll_ctl$EPOLL_CTL_DEL(0xffffffffffffffff, 0x2, 0xffffffffffffffff)

2.795448899s ago: executing program 2 (id=175):
r0 = openat$null(0xffffffffffffff9c, &(0x7f0000002500), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)

2.743751517s ago: executing program 2 (id=176):
mlockall(0x1)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0x801c581f, 0x0)
mlock2(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x0)

2.743417117s ago: executing program 0 (id=177):
r0 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
symlinkat(&(0x7f0000000000)='.\x00', r1, &(0x7f0000000140)='./file0\x00')
openat(r1, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)

2.72113049s ago: executing program 0 (id=178):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000007c0)=ANY=[@ANYBLOB="1400000042000b06"], 0x14}}, 0x0)
recvmmsg(r0, &(0x7f0000000540)=[{{0x0, 0x0, &(0x7f0000005600)=[{&(0x7f0000004080)=""/229, 0xe5}, {&(0x7f0000004240)=""/4084, 0xff4}, {&(0x7f0000005240)=""/186, 0xba}, {&(0x7f0000005300)=""/209, 0xd1}, {&(0x7f0000005400)=""/188, 0xbc}, {&(0x7f0000005540)=""/133, 0x85}], 0x6}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0)
r1 = syz_clone(0x20003000, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt(r2, 0x0, 0x7, 0x0, &(0x7f0000000080))
fcntl$setown(r2, 0x8, r1)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x34}, 0x20)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000100))
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r6 = dup3(r5, r4, 0x0)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000005c0)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r7, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, &(0x7f0000000040))
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000800)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x18, &(0x7f00000004c0)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x1, 0x0}, @fda}, &(0x7f0000000240)={0x0, 0x28, 0x50}}}], 0x0, 0x0, 0x0})
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r3, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1}, 0x90)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={r8, 0x0, 0x0}, 0x10)

2.673722958s ago: executing program 0 (id=179):
mlockall(0x1)
pipe2$9p(&(0x7f0000000280)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
dup(r0)
write$P9_RREAD(0xffffffffffffffff, 0x0, 0x46)
write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0)
openat$pidfd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = socket$inet6_icmp(0xa, 0x2, 0x3a)
setsockopt$inet6_IPV6_RTHDR(r1, 0x29, 0x39, &(0x7f00000000c0)={0x33, 0x6, 0x0, 0x0, 0x0, [@empty, @ipv4={'\x00', '\xff\xff', @empty}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}]}, 0x38)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0)
fcntl$setown(r1, 0x8, 0x0)
r2 = accept(r1, &(0x7f0000001280)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev}}}, 0x0)
r3 = openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = getgid()
getsockopt$sock_cred(r2, 0x1, 0x11, 0x0, &(0x7f00000063c0))
syz_fuse_handle_req(r3, 0x0, 0x0, 0x0)
fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000000)='system.posix_acl_default\x00', &(0x7f0000000140)={{}, {0x1, 0x4}, [{0x2, 0x5}], {}, [{}, {}, {}, {}, {0x8, 0x2, r4}], {0x10, 0xc}, {0x20, 0x6}}, 0x54, 0x5)
syz_clone(0x0, 0x0, 0x29, 0x0, 0x0, 0x0)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
ioctl$BTRFS_IOC_BALANCE_CTL(0xffffffffffffffff, 0x40049421, 0x1)

1.979454785s ago: executing program 4 (id=180):
r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x800)
read$FUSE(r0, 0x0, 0x0)

1.979357075s ago: executing program 4 (id=181):
r0 = signalfd4(0xffffffffffffffff, &(0x7f00000020c0), 0x8, 0x0)
setsockopt$inet_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, 0x0, 0x0)

1.960309128s ago: executing program 4 (id=182):
socket$inet_tcp(0x2, 0x1, 0x0)
mlockall(0x1)
r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
ioctl$BTRFS_IOC_SNAP_DESTROY_V2(r0, 0x5452, 0x0)

1.824148869s ago: executing program 3 (id=183):
mlockall(0x1)
mremap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3000, 0x0, &(0x7f0000ff5000/0x3000)=nil)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
munlock(&(0x7f0000fff000/0x1000)=nil, 0x1000)
ioctl$FAT_IOCTL_SET_ATTRIBUTES(0xffffffffffffffff, 0x5411, 0x0)
listen(0xffffffffffffffff, 0x0)

1.695490099s ago: executing program 1 (id=184):
mlockall(0x3)
ioctl$EXT4_IOC_GET_ES_CACHE(0xffffffffffffffff, 0xc020662a, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$pidfd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$unix(0x1, 0x0, 0x0)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
ioctl$TIOCMBIS(0xffffffffffffffff, 0x5416, 0x0)

720.159379ms ago: executing program 2 (id=185):
mlockall(0x1)
ioctl$BTRFS_IOC_BALANCE(0xffffffffffffffff, 0x5000940c, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
syz_open_pts(r0, 0x2080)

0s ago: executing program 1 (id=186):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @random="0106002010ff"})
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x0, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r3, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10)
sendto$inet6(r3, &(0x7f0000000300), 0xfdef, 0x0, 0x0, 0xfffffffffffffdfd)

kernel console output (not intermixed with test programs):

hd_t tclass=fifo_file permissive=1
[   14.299169][   T23] audit: type=1400 audit(1719601334.100:64): avc:  denied  { rlimitinh } for  pid=287 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   14.301591][   T23] audit: type=1400 audit(1719601334.100:65): avc:  denied  { siginh } for  pid=287 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
Warning: Permanently added '10.128.0.37' (ED25519) to the list of known hosts.
[   20.520184][   T23] audit: type=1400 audit(1719601340.330:66): avc:  denied  { mounton } for  pid=341 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   20.521604][  T341] cgroup1: Unknown subsys name 'net'
[   20.542709][   T23] audit: type=1400 audit(1719601340.330:67): avc:  denied  { mount } for  pid=341 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   20.547921][  T341] cgroup1: Unknown subsys name 'net_prio'
[   20.575294][  T341] cgroup1: Unknown subsys name 'devices'
[   20.582265][   T23] audit: type=1400 audit(1719601340.400:68): avc:  denied  { unmount } for  pid=341 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   20.748888][  T341] cgroup1: Unknown subsys name 'hugetlb'
[   20.754705][  T341] cgroup1: Unknown subsys name 'rlimit'
[   20.947082][   T23] audit: type=1400 audit(1719601340.760:69): avc:  denied  { setattr } for  pid=341 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   20.970291][   T23] audit: type=1400 audit(1719601340.760:70): avc:  denied  { mounton } for  pid=341 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   20.975800][  T343] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   20.995455][   T23] audit: type=1400 audit(1719601340.760:71): avc:  denied  { mount } for  pid=341 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   21.027382][   T23] audit: type=1400 audit(1719601340.840:72): avc:  denied  { relabelto } for  pid=343 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   21.052891][   T23] audit: type=1400 audit(1719601340.840:73): avc:  denied  { write } for  pid=343 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[   21.129839][   T23] audit: type=1400 audit(1719601340.940:74): avc:  denied  { read } for  pid=341 comm="syz-executor" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   21.155198][   T23] audit: type=1400 audit(1719601340.940:75): avc:  denied  { open } for  pid=341 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   21.181124][  T341] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   21.428174][  T350] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.435005][  T350] bridge0: port 1(bridge_slave_0) entered disabled state
[   21.442358][  T350] device bridge_slave_0 entered promiscuous mode
[   21.450768][  T350] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.457675][  T350] bridge0: port 2(bridge_slave_1) entered disabled state
[   21.464796][  T350] device bridge_slave_1 entered promiscuous mode
[   21.526734][  T352] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.533552][  T352] bridge0: port 1(bridge_slave_0) entered disabled state
[   21.540863][  T352] device bridge_slave_0 entered promiscuous mode
[   21.583070][  T352] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.590067][  T352] bridge0: port 2(bridge_slave_1) entered disabled state
[   21.597316][  T352] device bridge_slave_1 entered promiscuous mode
[   21.637231][  T355] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.644058][  T355] bridge0: port 1(bridge_slave_0) entered disabled state
[   21.651474][  T355] device bridge_slave_0 entered promiscuous mode
[   21.661816][  T355] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.668786][  T355] bridge0: port 2(bridge_slave_1) entered disabled state
[   21.676212][  T355] device bridge_slave_1 entered promiscuous mode
[   21.701555][  T354] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.708413][  T354] bridge0: port 1(bridge_slave_0) entered disabled state
[   21.715742][  T354] device bridge_slave_0 entered promiscuous mode
[   21.748897][  T354] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.755723][  T354] bridge0: port 2(bridge_slave_1) entered disabled state
[   21.763079][  T354] device bridge_slave_1 entered promiscuous mode
[   21.820375][  T353] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.827320][  T353] bridge0: port 1(bridge_slave_0) entered disabled state
[   21.834590][  T353] device bridge_slave_0 entered promiscuous mode
[   21.857734][  T353] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.864563][  T353] bridge0: port 2(bridge_slave_1) entered disabled state
[   21.872198][  T353] device bridge_slave_1 entered promiscuous mode
[   21.938560][  T350] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.945386][  T350] bridge0: port 2(bridge_slave_1) entered forwarding state
[   21.952549][  T350] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.959284][  T350] bridge0: port 1(bridge_slave_0) entered forwarding state
[   21.978108][  T355] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.984924][  T355] bridge0: port 2(bridge_slave_1) entered forwarding state
[   21.992068][  T355] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.998831][  T355] bridge0: port 1(bridge_slave_0) entered forwarding state
[   22.060748][  T352] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.067593][  T352] bridge0: port 2(bridge_slave_1) entered forwarding state
[   22.074705][  T352] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.081477][  T352] bridge0: port 1(bridge_slave_0) entered forwarding state
[   22.093217][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.100640][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[   22.107811][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.114709][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[   22.121810][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   22.129141][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.136153][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[   22.157386][  T342] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   22.165490][  T342] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.172331][  T342] bridge0: port 1(bridge_slave_0) entered forwarding state
[   22.179826][  T342] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   22.188006][  T342] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.194811][  T342] bridge0: port 2(bridge_slave_1) entered forwarding state
[   22.219453][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   22.226959][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   22.234128][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   22.242124][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.248953][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   22.256736][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   22.264652][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.271514][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   22.297496][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   22.305273][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   22.313176][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   22.322878][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   22.349959][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   22.369101][  T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   22.377373][  T342] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   22.385285][  T342] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.392112][  T342] bridge0: port 1(bridge_slave_0) entered forwarding state
[   22.399638][  T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   22.407457][  T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   22.414839][  T342] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   22.429531][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   22.437889][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   22.445791][  T124] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.452554][  T124] bridge0: port 2(bridge_slave_1) entered forwarding state
[   22.459834][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   22.468094][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   22.496307][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   22.504529][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   22.513524][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   22.521872][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   22.529665][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   22.537550][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   22.545214][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   22.553052][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   22.560714][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   22.569031][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   22.577015][  T124] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.583819][  T124] bridge0: port 1(bridge_slave_0) entered forwarding state
[   22.591025][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   22.598642][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   22.606369][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   22.614412][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   22.622520][  T124] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.629439][  T124] bridge0: port 2(bridge_slave_1) entered forwarding state
[   22.650180][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   22.658202][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   22.666368][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   22.674157][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   22.683999][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   22.691863][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   22.706073][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   22.713478][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   22.720999][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   22.729287][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   22.737372][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.744185][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   22.751402][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   22.759526][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   22.767694][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.774503][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   22.782032][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   22.801458][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   22.809269][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   22.817791][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   22.825821][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   22.837214][  T342] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   22.845341][  T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   22.866251][  T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   22.874289][  T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   22.883077][  T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   22.891398][  T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   22.899655][  T342] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   22.907724][  T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   22.915784][  T342] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   22.923916][  T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   22.947724][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   22.955836][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   22.965092][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   22.990738][  T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   22.998632][  T342] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   23.007051][  T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   23.014666][  T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   23.022421][  T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   23.030940][  T342] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   23.038889][  T342] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   23.046959][  T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   23.054973][  T342] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   23.063178][  T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   23.071296][  T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   23.079551][  T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   23.112752][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   23.124538][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   23.132975][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   23.145674][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   23.176888][  T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   23.190892][  T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   23.226057][  T375] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   23.234128][  T375] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   23.269428][  T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   23.269708][  T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   23.286438][  T342] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   23.299972][  T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   23.308320][  T342] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   23.316565][  T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   23.515803][  T410] cgroup: syz.1.11 (410) created nested cgroup for controller "memory" which has incomplete hierarchy support. Nested cgroups may change behavior in the future.
[   23.531708][  T410] cgroup: "memory" requires setting use_hierarchy to 1 on the root
[   23.646862][  T421] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   23.937035][  T438] netlink: 'syz.2.24': attribute type 6 has an invalid length.
[   24.304629][  T441] syz.4.22 (441) used greatest stack depth: 21304 bytes left
[   25.268561][  T484] netlink: 12 bytes leftover after parsing attributes in process `syz.2.39'.
[   25.346065][  T373] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   25.586120][  T373] usb 4-1: Using ep0 maxpacket: 8
[   25.742508][  T373] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   25.766172][  T373] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   25.775741][  T373] usb 4-1: New USB device found, idVendor=2179, idProduct=0077, bcdDevice= 0.00
[   25.796062][  T373] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   25.814170][  T373] usb 4-1: config 0 descriptor??
[   27.101627][   T23] kauditd_printk_skb: 48 callbacks suppressed
[   27.101636][   T23] audit: type=1400 audit(1719601346.910:124): avc:  denied  { read write } for  pid=548 comm="syz.2.59" name="fuse" dev="devtmpfs" ino=9171 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[   27.131422][  T550] netlink: 12 bytes leftover after parsing attributes in process `syz.2.59'.
[   27.185195][   T23] audit: type=1400 audit(1719601346.910:125): avc:  denied  { open } for  pid=548 comm="syz.2.59" path="/dev/fuse" dev="devtmpfs" ino=9171 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[   28.036102][  T373] usbhid 4-1:0.0: can't add hid device: -71
[   28.041921][  T373] usbhid: probe of 4-1:0.0 failed with error -71
[   28.066420][  T373] usb 4-1: USB disconnect, device number 2
[   28.148632][   T23] audit: type=1400 audit(1719601347.960:126): avc:  denied  { getopt } for  pid=573 comm="syz.3.67" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   28.746341][    C1] TCP: request_sock_TCP: Possible SYN flooding on port 2. Dropping request.  Check SNMP counters.
[   28.763439][   T23] audit: type=1400 audit(1719601348.570:127): avc:  denied  { read } for  pid=592 comm="syz.4.73" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[   28.962123][  T599] netlink: 12 bytes leftover after parsing attributes in process `syz.4.75'.
[   29.043751][   T23] audit: type=1400 audit(1719601348.850:128): avc:  denied  { mounton } for  pid=603 comm="syz.0.77" path="/root/syzkaller.kTkB2a/12/file0" dev="sda1" ino=1970 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=fifo_file permissive=1
[   29.043949][  T604] 9pnet: Insufficient options for proto=fd
[   29.098766][   T23] audit: type=1400 audit(1719601348.910:129): avc:  denied  { bind } for  pid=606 comm="syz.1.78" lport=6 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   29.123981][   T23] audit: type=1400 audit(1719601348.910:130): avc:  denied  { node_bind } for  pid=606 comm="syz.1.78" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1
[   29.205804][  T617] kernel profiling enabled (shift: 2)
[   29.250733][   T23] audit: type=1400 audit(1719601349.060:131): avc:  denied  { create } for  pid=620 comm="syz.0.85" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   29.306078][   T23] audit: type=1400 audit(1719601349.060:132): avc:  denied  { write } for  pid=620 comm="syz.0.85" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   29.329988][  T630] 9pnet: Insufficient options for proto=fd
[   29.356542][   T23] audit: type=1400 audit(1719601349.060:133): avc:  denied  { setopt } for  pid=622 comm="syz.0.86" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   29.482334][  T646] request_module fs-cramfs succeeded, but still no fs?
[   29.706131][   T74] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   29.928275][  T691] 9pnet: Insufficient options for proto=fd
[   30.144893][   T74] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping
[   30.225583][   T74] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   30.256684][   T74] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   30.266352][   T74] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   30.356636][   T74] usb 1-1: config 0 descriptor??
[   30.376117][  T638] raw-gadget gadget: fail, usb_ep_enable returned -22
[   30.402597][   T74] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[   30.410831][  T702] netlink: 12 bytes leftover after parsing attributes in process `syz.2.117'.
[   30.480086][  T707] Alternate GPT is invalid, using primary GPT.
[   30.486334][  T707]  loop1: p1 p2 p3
[   30.560292][  T491] udevd[491]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory
[   30.571397][  T713] udevd[713]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory
[   30.599309][  T351] udevd[351]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory
[   31.138047][  T723] EXT4-fs (loop2): Unsupported blocksize for fs encryption
[   31.446106][   T74] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   31.866222][   T74] usb 3-1: config 253 has an invalid descriptor of length 0, skipping remainder of the config
[   31.876452][   T74] usb 3-1: config 253 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   31.886602][   T74] usb 3-1: config 253 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping
[   31.897099][   T74] usb 3-1: config 253 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   31.909925][   T74] usb 3-1: New USB device found, idVendor=06cd, idProduct=010a, bcdDevice=80.51
[   31.918709][   T74] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   32.123132][   T23] kauditd_printk_skb: 9 callbacks suppressed
[   32.123141][   T23] audit: type=1400 audit(1719601351.930:143): avc:  denied  { unmount } for  pid=353 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[   32.167367][   T13] usb 3-1: USB disconnect, device number 2
[   32.449076][   T13] usb 1-1: USB disconnect, device number 2
[   32.483911][  T788] 9pnet_virtio: no channels available for device syz
[   32.505721][   T23] audit: type=1400 audit(1719601352.310:144): avc:  denied  { set_context_mgr } for  pid=789 comm="syz.0.150" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[   32.525694][   T23] audit: type=1400 audit(1719601352.330:145): avc:  denied  { map } for  pid=789 comm="syz.0.150" path="/dev/binderfs/binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[   32.551828][   T23] audit: type=1400 audit(1719601352.330:146): avc:  denied  { call } for  pid=789 comm="syz.0.150" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[   32.618048][  T799] 9pnet_virtio: no channels available for device syz
[   32.682806][   T23] audit: type=1400 audit(1719601352.490:147): avc:  denied  { unmount } for  pid=355 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[   32.969343][   T23] audit: type=1400 audit(1719601352.780:148): avc:  denied  { mount } for  pid=821 comm="syz.0.165" name="/" dev="ramfs" ino=14532 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[   33.104602][   T23] audit: type=1400 audit(1719601352.910:149): avc:  denied  { create } for  pid=833 comm="syz.1.169" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   33.136773][   T23] audit: type=1400 audit(1719601352.940:150): avc:  denied  { write } for  pid=833 comm="syz.1.169" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   34.156519][   T23] audit: type=1400 audit(1719601353.970:151): avc:  denied  { setopt } for  pid=861 comm="syz.0.179" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[   34.205861][   T23] audit: type=1400 audit(1719601353.970:152): avc:  denied  { accept } for  pid=861 comm="syz.0.179" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[   36.726018][    C1] ==================================================================
[   36.733921][    C1] BUG: KASAN: stack-out-of-bounds in profile_pc+0xa4/0xe0
[   36.740841][    C1] Read of size 8 at addr ffff8881dc407900 by task syz-executor/354
[   36.748560][    C1] 
[   36.750743][    C1] CPU: 1 PID: 354 Comm: syz-executor Not tainted 5.4.274-syzkaller-00003-g51e9abf68baf #0
[   36.760461][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   36.770347][    C1] Call Trace:
[   36.773468][    C1]  <IRQ>
[   36.776166][    C1]  dump_stack+0x1d8/0x241
[   36.780332][    C1]  ? nf_ct_l4proto_log_invalid+0x258/0x258
[   36.785971][    C1]  ? printk+0xd1/0x111
[   36.789878][    C1]  ? profile_pc+0xa4/0xe0
[   36.794047][    C1]  ? wake_up_klogd+0xb2/0xf0
[   36.798484][    C1]  ? profile_pc+0xa4/0xe0
[   36.802639][    C1]  print_address_description+0x8c/0x600
[   36.808019][    C1]  ? panic+0x89d/0x89d
[   36.811926][    C1]  ? profile_pc+0xa4/0xe0
[   36.816088][    C1]  __kasan_report+0xf3/0x120
[   36.820519][    C1]  ? profile_pc+0xa4/0xe0
[   36.824683][    C1]  ? _raw_write_lock+0xbc/0x170
[   36.829367][    C1]  kasan_report+0x30/0x60
[   36.833537][    C1]  profile_pc+0xa4/0xe0
[   36.837530][    C1]  profile_tick+0xb9/0x100
[   36.841779][    C1]  tick_sched_timer+0x237/0x3c0
[   36.846470][    C1]  ? tick_setup_sched_timer+0x460/0x460
[   36.851851][    C1]  __hrtimer_run_queues+0x3e9/0xb90
[   36.856979][    C1]  ? _raw_spin_unlock_irq+0x4a/0x60
[   36.862021][    C1]  ? hrtimer_interrupt+0x890/0x890
[   36.866958][    C1]  ? kvm_sched_clock_read+0x14/0x40
[   36.871990][    C1]  ? sched_clock+0x36/0x40
[   36.876247][    C1]  ? sched_clock_cpu+0x18/0x3a0
[   36.880933][    C1]  ? ktime_get_update_offsets_now+0x26c/0x280
[   36.886838][    C1]  hrtimer_interrupt+0x38a/0x890
[   36.891613][    C1]  smp_apic_timer_interrupt+0x110/0x460
[   36.896991][    C1]  apic_timer_interrupt+0xf/0x20
[   36.901756][    C1]  </IRQ>
[   36.904552][    C1] RIP: 0010:_raw_write_lock+0xbc/0x170
[   36.909835][    C1] Code: e8 c9 df 42 fd 4c 89 ff be 04 00 00 00 e8 bc df 42 fd 43 0f b6 04 26 84 c0 75 7d 8b 44 24 20 b9 ff 00 00 00 f0 41 0f b1 4d 00 <75> 33 48 c7 04 24 0e 36 e0 45 49 c7 04 1c 00 00 00 00 65 48 8b 04
[   36.929274][    C1] RSP: 0018:ffff8881dc407900 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[   36.937528][    C1] RAX: 0000000000000000 RBX: 1ffff1103b880f20 RCX: 00000000000000ff
[   36.945329][    C1] RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffff8881dc407920
[   36.953143][    C1] RBP: ffff8881dc407990 R08: dffffc0000000000 R09: 0000000000000003
[   36.960951][    C1] R10: ffffffffffffffff R11: dffffc0000000001 R12: dffffc0000000000
[   36.968769][    C1] R13: ffff8881c66a43e0 R14: 1ffff1103b880f24 R15: ffff8881dc407920
[   36.976588][    C1]  ? _raw_write_trylock+0x1a0/0x1a0
[   36.981611][    C1]  ? memset+0x1f/0x40
[   36.985433][    C1]  ? ext4_discard_preallocations+0x522/0xb90
[   36.991247][    C1]  ? __dquot_initialize+0x212/0xd50
[   36.996281][    C1]  ext4_es_remove_extent+0x127/0x420
[   37.001403][    C1]  ? _raw_spin_lock_irqsave+0x210/0x210
[   37.006805][    C1]  ? ext4_es_lookup_extent+0x9d0/0x9d0
[   37.012078][    C1]  ? _raw_spin_unlock_irq+0x4a/0x60
[   37.017115][    C1]  ext4_clear_inode+0x44/0x170
[   37.021710][    C1]  ext4_free_inode+0x2d7/0xe80
[   37.026309][    C1]  ? ext4_blocks_for_truncate+0x210/0x210
[   37.031860][    C1]  ? ext4_orphan_add+0x8e0/0x8e0
[   37.036638][    C1]  ? ext4_end_bitmap_read+0xb0/0xb0
[   37.041670][    C1]  ? kmem_cache_alloc+0xd9/0x250
[   37.046460][    C1]  ? jbd2__journal_start+0x341/0x6c0
[   37.051568][    C1]  ext4_evict_inode+0x1431/0x1ac0
[   37.056517][    C1]  ? ext4_truncate_restart_trans+0xe0/0xe0
[   37.062153][    C1]  ? asan.module_dtor+0x20/0x20
[   37.066839][    C1]  ? up_write+0xa6/0x270
[   37.070920][    C1]  ? ext4_truncate_restart_trans+0xe0/0xe0
[   37.076561][    C1]  evict+0x29b/0x6a0
[   37.080296][    C1]  do_unlinkat+0x48e/0x8b0
[   37.084549][    C1]  ? fsnotify_link_count+0x80/0x80
[   37.089494][    C1]  ? getname_flags+0x1ec/0x4e0
[   37.094092][    C1]  do_syscall_64+0xca/0x1c0
[   37.098471][    C1]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   37.104156][    C1] RIP: 0033:0x7fdcc9a491e7
[   37.108406][    C1] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   37.127857][    C1] RSP: 002b:00007ffe09696578 EFLAGS: 00000206 ORIG_RAX: 0000000000000057
[   37.136096][    C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fdcc9a491e7
[   37.143902][    C1] RDX: 00007ffe096965a0 RSI: 00007ffe09696630 RDI: 00007ffe09696630
[   37.151797][    C1] RBP: 00007ffe09696630 R08: 0000000000000000 R09: 0000000000000000
[   37.159616][    C1] R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffe096976e0
[   37.167456][    C1] R13: 00007fdcc9ab764a R14: 0000000000008770 R15: 00007ffe09697720
[   37.175233][    C1] 
[   37.177400][    C1] The buggy address belongs to the page:
[   37.182879][    C1] page:ffffea00077101c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0
[   37.191808][    C1] flags: 0x8000000000000000()
[   37.196325][    C1] raw: 8000000000000000 ffffea00077101c8 ffffea00077101c8 0000000000000000
[   37.204746][    C1] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   37.213156][    C1] page dumped because: kasan: bad access detected
[   37.219452][    C1] page_owner tracks the page as allocated
[   37.224963][    C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO)
[   37.236173][    C1]  prep_new_page+0x18f/0x370
[   37.240586][    C1]  get_page_from_freelist+0x2d13/0x2d90
[   37.245986][    C1]  __alloc_pages_nodemask+0x393/0x840
[   37.251178][    C1]  dup_task_struct+0x85/0x600
[   37.255691][    C1]  copy_process+0x56d/0x3230
[   37.260116][    C1]  _do_fork+0x197/0x900
[   37.264111][    C1]  __x64_sys_clone+0x26b/0x2c0
[   37.268710][    C1]  do_syscall_64+0xca/0x1c0
[   37.273050][    C1]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   37.278772][    C1] page_owner free stack trace missing
[   37.283978][    C1] 
[   37.286151][    C1] addr ffff8881dc407900 is located in stack of task syz-executor/354 at offset 0 in frame:
[   37.295958][    C1]  _raw_write_lock+0x0/0x170
[   37.300555][    C1] 
[   37.302731][    C1] this frame has 1 object:
[   37.306979][    C1]  [32, 36) 'cnts.i.i'
[   37.306980][    C1] 
[   37.313053][    C1] Memory state around the buggy address:
[   37.318525][    C1]  ffff8881dc407800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   37.326423][    C1]  ffff8881dc407880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   37.334318][    C1] >ffff8881dc407900: f1 f1 f1 f1 04 f3 f3 f3 00 00 00 00 00 00 00 00
[   37.342224][    C1]                    ^
[   37.346125][    C1]  ffff8881dc407980: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
[   37.354021][    C1]  ffff8881dc407a00: 04 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[   37.361917][    C1] ==================================================================
[   37.369816][    C1] Disabling lock debugging due to kernel taint
[   38.386841][  T352] syz-executor (352) used greatest stack depth: 21080 bytes left
[   39.016347][  T391] device bridge_slave_1 left promiscuous mode
[   39.022396][  T391] bridge0: port 2(bridge_slave_1) entered disabled state
[   39.029958][  T391] device bridge_slave_0 left promiscuous mode
[   39.035881][  T391] bridge0: port 1(bridge_slave_0) entered disabled state