last executing test programs:

14.495337185s ago: executing program 2 (id=3):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$unix(r1, 0x0, 0x64004084)
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r4, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r4, 0x0)
preadv(r4, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=ANY=[@ANYRESOCT, @ANYRES16=r0, @ANYBLOB="c3"], 0x30}, 0x1, 0x0, 0x0, 0x40010}, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000025c0)=[{{&(0x7f0000000000)={0xa, 0x4e22, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, 0x7ff}, 0x1c, 0x0}}], 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

12.935604439s ago: executing program 0 (id=1):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f)
socket$inet6(0xa, 0x3, 0x28ed)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)
openat(0xffffffffffffff9c, 0x0, 0x101142, 0xeaff)
setsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f00000001c0)={{{@in=@dev={0xac, 0x14, 0x14, 0x1a}, @in6=@local, 0x4e20, 0x0, 0x4e20, 0x9, 0xa, 0x80, 0x0, 0xbd}, {0x41, 0xa, 0x6, 0x7b, 0x2, 0x6, 0x1, 0x3}, {0x1, 0x3, 0x3, 0xf}, 0x80000001, 0x6e6bbb, 0x2, 0x1, 0x3, 0x3}, {{@in6=@loopback, 0x4d2, 0x32}, 0x2, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x3500, 0x1, 0x0, 0x0, 0x3, 0xeb, 0x5}}, 0xe8)

12.696583717s ago: executing program 2 (id=6):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$unix(r1, &(0x7f0000000ac0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xcc040}, 0x64004084)
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r4, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r4, 0x0)
preadv(r4, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=ANY=[@ANYRESOCT, @ANYRES16=r0, @ANYBLOB="c3"], 0x30}, 0x1, 0x0, 0x0, 0x40010}, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000025c0)=[{{&(0x7f0000000000)={0xa, 0x4e22, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, 0x7ff}, 0x1c, 0x0}}], 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

8.217738289s ago: executing program 0 (id=7):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0, 0x23}], 0x2)
syz_io_uring_setup(0x49a, 0x0, 0x0, 0x0, &(0x7f0000000000))
io_uring_setup(0xf08, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x80}, 0x4000080)
openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'})
syz_mount_image$ext4(&(0x7f00000005c0)='ext4\x00', &(0x7f0000000600)='./file0\x00', 0x0, &(0x7f0000000380)={[{@dioread_nolock}]}, 0x1, 0x5bc, &(0x7f0000001440)="$eJzs3V2IXGcdB+D/md1N87E1H7Zqa2xWQ20gdGez2YREvLDEj1qTWlG8CIWwZKe7IbM7a3YD3algizeiIII3IggVe2FFNJCbSqntRYs3Ckr9oKIxoIIIRSsFEdSRdz620+akCe7uHJrzPHBm3/Oe2X3f2eE355w57zkngNIaSw9ZxGhEXIyI7Z3Z1z9hrPOjefDCXJqyaLU+/bes/byZgxfmek/t/d629DAcsTkidh3LYu/Ile0urTTPTtfrtXPd+ery/GJ1aaV595n56dnabG3h0JGpo5OHp45Mrd9rnfjZ1lv/fOf9l594/p///tZvDv8g9Xe0u6z/dayXsRjr/k9GYmdf/XAWcd96N1aQoc5bHXf21WXDBXaI69Zq7fp+ev/eHhF72/nfHkPRefNeevrBf2yPX91bdB+BjdPqyV/8Sgu4YVXa28BZZTwiOuVKZXy8sw1/S2yt1BtLy/sfapxfmOlsK++IkcpDZ+q1ie6+wo4YydL8gXb5tfnJN8wfjGhvA39paEt7fvx0oz4z6A87oG004tLFz53etO0N+f/LUCf/wI0r5f+XLzz1bCq/OlR0b4BBSvn/3qvznwj5h9KRfygv+Yfykn8oL/mH8pJ/KC/5h/KSfygv+Yfykn8or17+HzhxIh44caLV7J7/vtCYPXN2bvHo5MT4/PnT46cb5xbHZxuN2fYZO/PX/rv1RmPxwGScf7i6XFtari6tNE/NN84vLJ9qn9d/qpZzKQCgACcvb75v557nXsoi4tEPbGlPyabuclmFG1urlUXR5yADxbDrD+XlUm1QXvbxgewayzdfbUF9/fsCDEal6A4AhbnrNsf/oKx8/w/l5ft/KC/b+IDv/6F8fP8P5TV6lft/3dx3766JiHhbRPx0aOSm3r2+gLeU1+3qj0ZcuvSdz1ZX78OtoKCgsFoo7oMKGIzXQl90T4CizBy8MNebBtXmM7ODagnI8/I9nUFAKffN7tRZMrx6bGBkg8YJ7bwjPf7o94/vmxtKU3Q/hzagKSDHo49FxLvy1v9Z+9jAju7zdnWeFrdExK0R8Y6IeOca2/7GpyLG4oVaf538w+Bcb/5vi4i0ur49It4dEbsj4j1rbPsXF1P+f72lv07+oRw+/3zRPQCK8vGniu4BUJSTxhhAaX33kaJ7ABTl6R8W3QOgKF99segeQLk9d09ETOQd/6u0j/f3jHSvC3hT91oAWyJia0Rs655DeHP3HMHtfccMr+XUJyPG4o4f99c5/geD0xv/17xi/F9ldfzfUETsWUMbz3xw9Ct59dO7U/6feKQ3/i9Nqf3eWEBgY738WMTtufnPVsf8ZpFyGvHe/7ONsS9cfjKv/sX7098d+bn8QzFa3454f+TnvyeVqsvzi9Wllebd7ft4z9YWDh2ZOjp5eOrIVLV9iZBq70IhOY7//ZX9efW/m0z5/+Yh+YdipPX/1qvkv3/7/31raOPY1798Mq9+9I8p/7ufffP8V/66KftMe753X4KHp5eXzx2I2JQdv7J+cg0dhRtcLyO9DKX879ubv/+/q/s7af1/LCI+nLYXIuI/EfHfiPhIRHw0Ij4WEfe+SZtfu2v2cl79H55M+X/8rPU/FCPlf+Ya6//0819raGP/vp98Ma/+Q3tS/sd/+6fjDw6nSf4BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1t/SSvPsdL1eO7eBhaJfIwAAAAAAAJTF/wIAAP//d8Uzog==")
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x14b442, 0x2)
r2 = open(&(0x7f0000000140)='./file1\x00', 0x141242, 0x40)
socket$nl_generic(0x10, 0x3, 0x10)
pwrite64(r2, &(0x7f0000000080)="16", 0xff8d, 0x8000c5d)

8.178923813s ago: executing program 2 (id=8):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]})
close_range(r0, 0xffffffffffffffff, 0x0)
socket$inet(0xa, 0x801, 0x84)
socket$inet(0xa, 0x801, 0x84)
timerfd_create(0x0, 0x800)
socket$inet6(0xa, 0x1, 0x0)
socket$inet6(0xa, 0x2, 0x0)
close(0x3)
socket$inet(0xa, 0x801, 0x84)
socket$netlink(0x10, 0x3, 0x4)
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x15, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180200001e00000000000000000000007a02500003ffffff95"], &(0x7f0000000080)='GPL\x00', 0x4, 0x0, 0x0, 0x40f00}, 0x94)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x69, 0x0, 0xfe}, {0x6}]})
io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000000)=[0xffffffffffffffff], 0x1)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x11}, 0x94)

5.494752752s ago: executing program 2 (id=9):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0, 0x23}], 0x2)
syz_io_uring_setup(0x49a, 0x0, 0x0, 0x0, &(0x7f0000000000))
io_uring_setup(0xf08, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x80}, 0x4000080)
openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'})
syz_mount_image$ext4(&(0x7f00000005c0)='ext4\x00', &(0x7f0000000600)='./file0\x00', 0x0, &(0x7f0000000380)={[{@dioread_nolock}]}, 0x1, 0x5bc, &(0x7f0000001440)="$eJzs3V2IXGcdB+D/md1N87E1H7Zqa2xWQ20gdGez2YREvLDEj1qTWlG8CIWwZKe7IbM7a3YD3algizeiIII3IggVe2FFNJCbSqntRYs3Ckr9oKIxoIIIRSsFEdSRdz620+akCe7uHJrzPHBm3/Oe2X3f2eE355w57zkngNIaSw9ZxGhEXIyI7Z3Z1z9hrPOjefDCXJqyaLU+/bes/byZgxfmek/t/d629DAcsTkidh3LYu/Ile0urTTPTtfrtXPd+ery/GJ1aaV595n56dnabG3h0JGpo5OHp45Mrd9rnfjZ1lv/fOf9l594/p///tZvDv8g9Xe0u6z/dayXsRjr/k9GYmdf/XAWcd96N1aQoc5bHXf21WXDBXaI69Zq7fp+ev/eHhF72/nfHkPRefNeevrBf2yPX91bdB+BjdPqyV/8Sgu4YVXa28BZZTwiOuVKZXy8sw1/S2yt1BtLy/sfapxfmOlsK++IkcpDZ+q1ie6+wo4YydL8gXb5tfnJN8wfjGhvA39paEt7fvx0oz4z6A87oG004tLFz53etO0N+f/LUCf/wI0r5f+XLzz1bCq/OlR0b4BBSvn/3qvznwj5h9KRfygv+Yfykn8oL/mH8pJ/KC/5h/KSfygv+Yfykn8or17+HzhxIh44caLV7J7/vtCYPXN2bvHo5MT4/PnT46cb5xbHZxuN2fYZO/PX/rv1RmPxwGScf7i6XFtari6tNE/NN84vLJ9qn9d/qpZzKQCgACcvb75v557nXsoi4tEPbGlPyabuclmFG1urlUXR5yADxbDrD+XlUm1QXvbxgewayzdfbUF9/fsCDEal6A4AhbnrNsf/oKx8/w/l5ft/KC/b+IDv/6F8fP8P5TV6lft/3dx3766JiHhbRPx0aOSm3r2+gLeU1+3qj0ZcuvSdz1ZX78OtoKCgsFoo7oMKGIzXQl90T4CizBy8MNebBtXmM7ODagnI8/I9nUFAKffN7tRZMrx6bGBkg8YJ7bwjPf7o94/vmxtKU3Q/hzagKSDHo49FxLvy1v9Z+9jAju7zdnWeFrdExK0R8Y6IeOca2/7GpyLG4oVaf538w+Bcb/5vi4i0ur49It4dEbsj4j1rbPsXF1P+f72lv07+oRw+/3zRPQCK8vGniu4BUJSTxhhAaX33kaJ7ABTl6R8W3QOgKF99segeQLk9d09ETOQd/6u0j/f3jHSvC3hT91oAWyJia0Rs655DeHP3HMHtfccMr+XUJyPG4o4f99c5/geD0xv/17xi/F9ldfzfUETsWUMbz3xw9Ct59dO7U/6feKQ3/i9Nqf3eWEBgY738WMTtufnPVsf8ZpFyGvHe/7ONsS9cfjKv/sX7098d+bn8QzFa3454f+TnvyeVqsvzi9Wllebd7ft4z9YWDh2ZOjp5eOrIVLV9iZBq70IhOY7//ZX9efW/m0z5/+Yh+YdipPX/1qvkv3/7/31raOPY1798Mq9+9I8p/7ufffP8V/66KftMe753X4KHp5eXzx2I2JQdv7J+cg0dhRtcLyO9DKX879ubv/+/q/s7af1/LCI+nLYXIuI/EfHfiPhIRHw0Ij4WEfe+SZtfu2v2cl79H55M+X/8rPU/FCPlf+Ya6//0819raGP/vp98Ma/+Q3tS/sd/+6fjDw6nSf4BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1t/SSvPsdL1eO7eBhaJfIwAAAAAAAJTF/wIAAP//d8Uzog==")
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x14b442, 0x2)
r2 = open(&(0x7f0000000140)='./file1\x00', 0x141242, 0x40)
socket$nl_generic(0x10, 0x3, 0x10)
pwrite64(r2, &(0x7f0000000080)="16", 0xff8d, 0x8000c5d)

4.752573845s ago: executing program 3 (id=4):
openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x2000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x14)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x854}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40000)
syz_emit_ethernet(0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x66)
socket$nl_netfilter(0x10, 0x3, 0xc)

3.463662173s ago: executing program 0 (id=10):
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r0 = syz_open_dev$usbmon(&(0x7f00000001c0), 0x0, 0x88082)
ioctl$MON_IOCQ_URB_LEN(r0, 0x9201)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
syz_mount_image$udf(&(0x7f00000000c0), &(0x7f0000000180)='./file7\x00', 0x2000002, &(0x7f00000003c0)=ANY=[@ANYBLOB='volume=00000000000000001062,gid=', @ANYRESDEC=0x0, @ANYBLOB=',noadinicb,rootdir=00000000000000000004,gid=forget,unhide,noadinicb,iocharset=cp861,longad,\x00'], 0x1, 0xc32, &(0x7f0000000e00)="$eJzs3U1sXNd9N+D/uRyKI/l9KyZ2FCeNi0lbpLJiufqKqViFO6pptgFkWQjF7AJwJI7UgSmSIKlGNtKC6aaLLgIURRdZEWiNAikaGE0RdMm0LpBsvCiy6opoYSMoumCLAFkFLO6dM9KQIm1GFCVKeh6b+s3ce86dc+4Z3ysLOvcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDxe6+dP3EyPexWAAAP0sXxr5445f4PAE+Uy/7/HwAAAAAAAAAAAAAA9rsURTwdKeYurqXJ6n1X/UJn8OatidGxrasdTFXNgap8+VM/eer0mS+9NHK2lxc6Mx9R/377bLwxfvl849XZG3Pz7YWF9lRjYqZzdXaqveMj7Lb+ZseqE9C48ebNqWvXFhqnXjy9Yfet4Q+HnjoyfG7k+ePP9cpOjI6Njd8pUu8vX7vnhnRtN8PjQBRxPFK88L2fplZEFLH7c1F/sGO/2cGqE8eqTkyMjlUdme60ZhbLnZd6J6KIaPRVavbO0dZjEbXBB9qH7TUjlsrmlw0+VnZvfK4137oy3W5cas0vdhY7szOXUre1ZX8aUcTZFLEcEatDdx9uMIqoRYrvHF5LVyJioHcevlhNDN6+HcUe9nEHynY2BiOWi0dgzPaxoSji9Ujxs/eOxtV8namuNV+IeL3MH0S8U+YrEan8YpyJ+GCL7xGPploU8efl+J9bS1PV9aB3XbnwtcZXZq7N9pXtXVd+yfvDXVeKh3R/OLgpH4x9fm2qRxGt6oq/lu79NzsAAAAAAAAAAAAAAAAA3G8Ho4jPRIrX/u2PqnnFUc1LP3xu5PeH/3//nPFnP+Y4ZdkXI2Kp2Nmc3AN5YuCldCmlhzyX+ElWjyL+OM//+9bDbgwAAAAAAAAAAAAAAAAAAMATrYifRIqX3z+alqN/TfHOzPXG5daV6e6qsL21f3trpq+vr683UjebOSdzLuVczrmSczVnFLl+zmbOyZxLOZdzruRczRkDuX7OZs7JnEs5l3Ou5FzNGbVcP2cz52TOpZzLOVdyruaMfbJ2LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA46SIIn4RKb79jbUUKSKaEZPRzZWhh906AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA0lIr4fqRo/EHz9rZaRKTq366j5S9nonmgzE9Gc6TMV6J5PmerylrzWw+h/ezOYCrix5FiqP7u7QHP4z/YfXf7axDvfPPOu8/WujnQ2zn84dBTRw6fGxn7tWe3e522asCxC52Zm7caE6NjY+N9m2v50z/Zt204f25xf7pORCy89fabrenp9vy9vyi/Aruo/gi9SLUnpadeVC+iti+a8XD6zhOgvP9/ECl++/1/793wu/f/evy/7rvbd/j4+Z/cuf+/vPlAO7z/1zbXy/f/8p6+1f3/6b5tL+ffjQzWIuqLN+YGj0TUF956+3jnRut6+3p75syJE18eGfny6RODByLq1zrT7b5X9+V0AQAAAAAAAAAAAAAAADw4qYjfjRStH6+lRkTcquZrDZ8bef74cwMxUM232jBv+43xy+cbr87emJtvLyy0pxoTM52rs1PtnX5cvZruNTE6tied+VgH97j9B+uvzs69Nd+5/oeLW+4/VD9/ZWFxvnV1691xMIqIZv+WY1WDJ0bHqkZPd1ozVdVLW06m/+UNpiL+I1JcPdNIn8/b8vz/zTP8N8z/X9p8oD2a//+Jvm3lZ6ZUxM8jxW/9xbPx+aqdh+Kuc5bL/U2kOHb2c7lcHCjL9drQfa5Ad2ZgWfZ/IsU//GJj2d58yKfvlD254xP7iCjH/3Ck+P6ffTd+PW/b+PyHrcf/0OYD7dH4P9O37dCG5xXsuuvk8T8eKV55+t34jbzto57/0Xv2xtFc+PbzOfZo/D/Vt204f+5v3p+uAwAAAAAAAAAAPNIGUxF/Gyl+OFZLL+VtO/n7f1ObD7RHf//r033bpu7PekUf+2LXJxUAAAAA9onBVMRPIsX1xXdvz6HeOP+7b/7n79yZ/zmaNu2t/pzvV6rnBtzPP//rN5w/d3L33QYAAAAAAAAAAAAAAAAAAIB9JaUiXsrrqU9W8/mntl1PfSVSvPZfL+Ry6UhZrrcO/HD1a/3i7Mzx89PTs1dbi60r0+3G+Fzrarus+0ykWPvrz+W6RbW+em+9+e4a73fWYp+PFGN/1yvbXYu9tzb5M72yS+2TZdlPRIr//PuNZXvrWH/qznFPlWX/KlJ8/Z+2LnvkTtnTZdnvRooffb3RK3uoLNt7Puqn75R98epssQejAgAAAAAAAAAAAAAAAAAAwJNmMBXxp5Hiv28s357Ln9f/H+x7W3nnm33r/W9yq1rnf7ha/3+71/ey/n/1XIGl7T4VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeTymKeDtSzF1cSytD5fuu+oXOzM1bE6NjW1c7mKqaA1X58qd+8tTpM196aeRsLz+6/v32mXhj/PL5xquzN+bm2wsL7anGxEzn6uxUe8dH2G39zY5VJ6Bx482bU9euLTROvXh6w+5bwx8OPXVk+NzI88ef65WdGB0bG+8rUxu850+/S9pm+4Eo4i8jxQvf+2n64VBEEbs/Fx/z3dlrB6tOHKs6MTE6VnVkutOaWSx3XuqdiCKi0Vep2TtHD2AsdqUZsVQ2v2zwsbJ743Ot+daV6XbjUmt+sbPYmZ25lLqtLfvTiCLOpojliFgduvtwg1HEm5HiO4fX0j8PRQz0zsMXL45/9cSp7dtR7GEfd6BsZ2MwYrn4qDHbosNsMBRF/GOk+Nl7R+NfhiJq0f2JL0S8XuYPIt6J7nin8otxJuIDp/WxUYsi/rcc/3Nr6b2h8nrQu65c+FrjKzPXZvvK9q4rj/z94UHa5/eTehTxo+qKv5b+1X/XAAAAAAAAAAAAAAAAAPtIEb8aKV5+/2iq5gffnlPcmbneuNy6Mt2d1teb+9ebM72+vr7eSN1s5pzMuZRzOedKztWcUeT6OZtl1tfXJ/P7pZzLOVdyruaMgVw/ZzPnZM6lnMs5V3Ku5oxarp+zmXMy51LO5ZwrOVdzxj6ZuwcAAAAAAAAAAAAAAAAAADxeiuqfFN/+xlpaH6rWlx7o7VuxHuhj7/8CAAD//0pa+Ck=")
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x4000000000001, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x0, 0x0})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='devices.list\x00', 0x275a, 0x0)
syz_mount_image$ext4(&(0x7f0000000900)='ext3\x00', &(0x7f0000000180)='./file0\x00', 0x2008002, &(0x7f0000000800)={[{@data_err_ignore}, {@nodiscard}, {@quota}]}, 0x1, 0x580, &(0x7f0000001f80)="$eJzs3c+PG1cdAPDvzP7sJu0m0ANUQAIUQhXFzjptVHppufBDVaVCxYlDuuw6qyV2HGJv6S4rsf0bQAKJE4i/gAMSB6SeOHDjiMQBEOWAVCACJSAORjOe3bi7XuKsvXay/nykyfx4M/6+N96Z9/zszAtgYp2PiJ2ImI2INyNisdieFFO80pmy/e7e2V65d2d7JYl2+42/J3l6ti26jsmcKl5zPiK+9qWIbyYH4zY3t24s12rV28V6uVW/VW5ubl1ary+vVdeqNyuVq0tXL7945YXK0Mp6rv7z97+4/urXf/XLj7/3253nvptl63SR1l2OYeoUfWYvTmY6Il49jmBjMFXMZ49y8H9+9tXnhpsdHlIaER+KiE/l1/9iTOV/nQDASdZuL0Z7sXsdADjp0rwPLElLEZGmRSOg1OnDezoW0lqj2bp4vbFxc7XTV3YmZtLr67Xq5bNzv/92vvNMkq0v5Wl5er5e2bd+JSLORsQP5p7I10srjdrqeJo8ADDxTnXX/xHxr7k0LZX6OrTHt3oAwGNjftwZAABGTv0PAJNH/Q8Ak6eP+r/4sn/n2PMCAIyGz/8AMHnU/wAwedT/ADBRXn/ttWxq3yuef7361ubGjcZbl1arzRul+sZKaaVx+1ZprdFYy5/ZU3/Q69UajVtLz8fG2+VWtdkqNze3rtUbGzdb1/Lnel+rzoykVADA/3P23Lu/SyJi56Un8im6xnJQV8PJlg5xL+DxMjXIwRoI8Fgz2hdMrr6q8LyR8JtjzwswHj0f5j3fc/GDfvQQQfzOCB4pFz7af///kcZ4Bh5ZevZhch2t///loecDGL0j9///cbj5AEav3U72j/k/u5fU7fVRjkoMABynAX7C1/7esBohwFg9aDDvzlf3nz+Y8DDf/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAJczoivhVJWsrHAk+zf9NSKeLJiDgTM8n19Vr1ckQ8FeciYmYuW18ad6YBgAGlf02K8b8uLD57en/qbPLvuXweEd/58Rs/fHu51bq9lG3/x972ud3hwyr3jxtgXEEAoH9/7menvP6uFPOuD/J372yv7E7HmMcD3v/C3uCjK/fubOdTJ2U62u12O2I+b0ss/DOJ6eKY+Yh4JiKmhhB/552I+Eiv8id538iZYuTT7vhRxH5ypPHTD8RP87TOPDt9Hx5CXmDSvJvdf17pdf2lcT6f977+5/M71ODy+998xO69715X/Oki0lSP+Nk1f77fGM//+isHNrYXO2nvRDwz3St+shc/OST+s33G/8PHPvH9lw9Ja/8k4kL0jt8dq9yq3yo3N7curdeX16pr1ZuVytWlq5dfvPJCpZz3UZd3e6oP+ttLF586LG9Z+RcOid9550/tK//s3rGf6bP8P/3vm9/45P3Vuf3xP/fp3u//0/m89/nP6sTP9hl/eeEX84elZfFXDyn/g97/i33Gf+8vW6t97goAjEBzc+vGcq1WvT3QQvYpdBivc2Ahy2J/O+82FwcL+qfIF+6fliSSGHa5ssZYPzvPDP+sfnm7c5Ye/vDd89vXztN7bcVhZH6qs7BQvOSw/8YesJAOoRSD5znOFAt3R1X2Ed+IgJG7f9GPOycAAAAAAAAAAAAAAMBhRvE/qMZdRgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE6u/wUAAP//dQy6iw==")
syz_mount_image$exfat(0x0, &(0x7f0000000200)='./file0\x00', 0xe1c00, 0x0, 0x0, 0x0, &(0x7f0000000000))
mkdir(0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)

1.155304364s ago: executing program 3 (id=11):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000003c0))
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$isdn(0x22, 0x2, 0x22)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0x3, &(0x7f0000000300)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x8}}, &(0x7f0000000040)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x38, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffff}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0xe, 0x4, 0x4, 0x1, 0x0, 0x1, 0xfffffffc}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x14, &(0x7f00000001c0)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000480)={{r0}, &(0x7f0000000280), &(0x7f0000000000)=r1}, 0x20)
socket(0x10, 0xa, 0x200)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r3=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000002c0)={r1, r3, 0x25, 0x2, @void}, 0x10)
syz_emit_ethernet(0x11, &(0x7f00000005c0)={@remote, @random="001a00e100", @void, {@mpls_uc={0x8847, {[], @llc={@llc={0x42, 0xaa, "d4"}}}}}}, 0x0)

957.527361ms ago: executing program 2 (id=12):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$unix(r1, 0x0, 0x64004084)
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r4, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r4, 0x0)
preadv(r4, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=ANY=[@ANYRESOCT, @ANYRES16=r0, @ANYBLOB="c3"], 0x30}, 0x1, 0x0, 0x0, 0x40010}, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000025c0)=[{{&(0x7f0000000000)={0xa, 0x4e22, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, 0x7ff}, 0x1c, 0x0}}], 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

327.596052ms ago: executing program 4 (id=5):
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080))
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000980)={[0x4001ffffffffd]}, 0x8, 0x0)
syz_io_uring_setup(0x186, &(0x7f0000000080)={0x0, 0x3416, 0x13100, 0x2, 0x24, 0x0, r0}, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$kcm(0xa, 0x2, 0x0)
socket(0x15, 0x5, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f00004d4000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000890000/0x3000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r2 = io_uring_setup(0x1195, &(0x7f0000000040)={0x0, 0x2150, 0xc000, 0x3, 0xc0})
writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000001480)}], 0x1)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYRES8=r1], 0x50)
io_uring_enter(r2, 0x2219, 0xcf74, 0x51, 0x0, 0x0)

125.977398ms ago: executing program 1 (id=2):
socket(0x2, 0x80805, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r1, 0x0, 0x12)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1100, 0x2})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xc36e5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
read$FUSE(r5, &(0x7f0000001180)={0x2020}, 0x2020)

0s ago: executing program 3 (id=13):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0, 0x23}], 0x2)
syz_io_uring_setup(0x49a, 0x0, 0x0, 0x0, &(0x7f0000000000))
io_uring_setup(0xf08, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x80}, 0x4000080)
openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00'})
syz_mount_image$ext4(&(0x7f00000005c0)='ext4\x00', &(0x7f0000000600)='./file0\x00', 0x0, &(0x7f0000000380)={[{@dioread_nolock}]}, 0x1, 0x5bc, &(0x7f0000001440)="$eJzs3V2IXGcdB+D/md1N87E1H7Zqa2xWQ20gdGez2YREvLDEj1qTWlG8CIWwZKe7IbM7a3YD3algizeiIII3IggVe2FFNJCbSqntRYs3Ckr9oKIxoIIIRSsFEdSRdz620+akCe7uHJrzPHBm3/Oe2X3f2eE355w57zkngNIaSw9ZxGhEXIyI7Z3Z1z9hrPOjefDCXJqyaLU+/bes/byZgxfmek/t/d629DAcsTkidh3LYu/Ile0urTTPTtfrtXPd+ery/GJ1aaV595n56dnabG3h0JGpo5OHp45Mrd9rnfjZ1lv/fOf9l594/p///tZvDv8g9Xe0u6z/dayXsRjr/k9GYmdf/XAWcd96N1aQoc5bHXf21WXDBXaI69Zq7fp+ev/eHhF72/nfHkPRefNeevrBf2yPX91bdB+BjdPqyV/8Sgu4YVXa28BZZTwiOuVKZXy8sw1/S2yt1BtLy/sfapxfmOlsK++IkcpDZ+q1ie6+wo4YydL8gXb5tfnJN8wfjGhvA39paEt7fvx0oz4z6A87oG004tLFz53etO0N+f/LUCf/wI0r5f+XLzz1bCq/OlR0b4BBSvn/3qvznwj5h9KRfygv+Yfykn8oL/mH8pJ/KC/5h/KSfygv+Yfykn8or17+HzhxIh44caLV7J7/vtCYPXN2bvHo5MT4/PnT46cb5xbHZxuN2fYZO/PX/rv1RmPxwGScf7i6XFtari6tNE/NN84vLJ9qn9d/qpZzKQCgACcvb75v557nXsoi4tEPbGlPyabuclmFG1urlUXR5yADxbDrD+XlUm1QXvbxgewayzdfbUF9/fsCDEal6A4AhbnrNsf/oKx8/w/l5ft/KC/b+IDv/6F8fP8P5TV6lft/3dx3766JiHhbRPx0aOSm3r2+gLeU1+3qj0ZcuvSdz1ZX78OtoKCgsFoo7oMKGIzXQl90T4CizBy8MNebBtXmM7ODagnI8/I9nUFAKffN7tRZMrx6bGBkg8YJ7bwjPf7o94/vmxtKU3Q/hzagKSDHo49FxLvy1v9Z+9jAju7zdnWeFrdExK0R8Y6IeOca2/7GpyLG4oVaf538w+Bcb/5vi4i0ur49It4dEbsj4j1rbPsXF1P+f72lv07+oRw+/3zRPQCK8vGniu4BUJSTxhhAaX33kaJ7ABTl6R8W3QOgKF99segeQLk9d09ETOQd/6u0j/f3jHSvC3hT91oAWyJia0Rs655DeHP3HMHtfccMr+XUJyPG4o4f99c5/geD0xv/17xi/F9ldfzfUETsWUMbz3xw9Ct59dO7U/6feKQ3/i9Nqf3eWEBgY738WMTtufnPVsf8ZpFyGvHe/7ONsS9cfjKv/sX7098d+bn8QzFa3454f+TnvyeVqsvzi9Wllebd7ft4z9YWDh2ZOjp5eOrIVLV9iZBq70IhOY7//ZX9efW/m0z5/+Yh+YdipPX/1qvkv3/7/31raOPY1798Mq9+9I8p/7ufffP8V/66KftMe753X4KHp5eXzx2I2JQdv7J+cg0dhRtcLyO9DKX879ubv/+/q/s7af1/LCI+nLYXIuI/EfHfiPhIRHw0Ij4WEfe+SZtfu2v2cl79H55M+X/8rPU/FCPlf+Ya6//0819raGP/vp98Ma/+Q3tS/sd/+6fjDw6nSf4BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1t/SSvPsdL1eO7eBhaJfIwAAAAAAAJTF/wIAAP//d8Uzog==")
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x14b442, 0x2)
r2 = open(&(0x7f0000000140)='./file1\x00', 0x141242, 0x40)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000640)={'wlan0\x00'})
pwrite64(r2, &(0x7f0000000080)="16", 0xff8d, 0x8000c5d)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.14' (ED25519) to the list of known hosts.
[  184.810456][ T5751] cgroup: Unknown subsys name 'net'
[  184.948205][ T5751] cgroup: Unknown subsys name 'cpuset'
[  184.963511][ T5751] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[  191.208331][ T5751] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  195.970725][ T5072] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  195.980574][ T5072] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  195.990203][ T5072] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  196.003889][ T5072] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  196.015842][ T5072] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  196.073863][   T49] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  196.111634][ T5771] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  196.121368][ T5771] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  196.132000][ T5771] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  196.149363][ T5771] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  196.159326][ T5771] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  196.168235][ T5771] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  196.195254][ T5771] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  196.204806][ T5771] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  196.209659][   T49] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  196.215188][ T5771] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  196.235510][ T5783] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  196.253221][ T5783] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  196.262777][ T5783] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  196.277311][ T5072] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  196.324669][ T5774] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  196.338716][ T5774] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  196.348426][ T5072] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  196.367652][ T5072] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  196.395232][ T5072] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  197.776806][ T5778] chnl_net:caif_netlink_parms(): no params data found
[  198.071873][ T5776] chnl_net:caif_netlink_parms(): no params data found
[  198.126289][ T5769] chnl_net:caif_netlink_parms(): no params data found
[  198.135483][   T49] Bluetooth: hci0: command tx timeout
[  198.376853][ T5072] Bluetooth: hci2: command tx timeout
[  198.376911][ T5774] Bluetooth: hci1: command tx timeout
[  198.391460][   T49] Bluetooth: hci3: command tx timeout
[  198.454393][   T49] Bluetooth: hci4: command tx timeout
[  198.468162][ T5773] chnl_net:caif_netlink_parms(): no params data found
[  198.596433][ T5782] chnl_net:caif_netlink_parms(): no params data found
[  199.114523][ T5778] bridge0: port 1(bridge_slave_0) entered blocking state
[  199.122227][ T5778] bridge0: port 1(bridge_slave_0) entered disabled state
[  199.205601][ T5778] bridge_slave_0: entered allmulticast mode
[  199.246597][ T5778] bridge_slave_0: entered promiscuous mode
[  199.264650][ T5778] bridge0: port 2(bridge_slave_1) entered blocking state
[  199.274687][ T5778] bridge0: port 2(bridge_slave_1) entered disabled state
[  199.285594][ T5778] bridge_slave_1: entered allmulticast mode
[  199.300909][ T5778] bridge_slave_1: entered promiscuous mode
[  199.599568][ T5769] bridge0: port 1(bridge_slave_0) entered blocking state
[  199.607594][ T5769] bridge0: port 1(bridge_slave_0) entered disabled state
[  199.615878][ T5769] bridge_slave_0: entered allmulticast mode
[  199.625091][ T5769] bridge_slave_0: entered promiscuous mode
[  199.637191][ T5776] bridge0: port 1(bridge_slave_0) entered blocking state
[  199.645521][ T5776] bridge0: port 1(bridge_slave_0) entered disabled state
[  199.653123][ T5776] bridge_slave_0: entered allmulticast mode
[  199.662483][ T5776] bridge_slave_0: entered promiscuous mode
[  199.676614][ T5776] bridge0: port 2(bridge_slave_1) entered blocking state
[  199.685858][ T5776] bridge0: port 2(bridge_slave_1) entered disabled state
[  199.724921][ T5776] bridge_slave_1: entered allmulticast mode
[  199.755583][ T5776] bridge_slave_1: entered promiscuous mode
[  199.822164][ T5778] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  199.836587][ T5769] bridge0: port 2(bridge_slave_1) entered blocking state
[  199.845197][ T5769] bridge0: port 2(bridge_slave_1) entered disabled state
[  199.852674][ T5769] bridge_slave_1: entered allmulticast mode
[  199.863065][ T5769] bridge_slave_1: entered promiscuous mode
[  199.972976][ T5778] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  200.070965][ T5776] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  200.137322][ T5773] bridge0: port 1(bridge_slave_0) entered blocking state
[  200.145455][ T5773] bridge0: port 1(bridge_slave_0) entered disabled state
[  200.152952][ T5773] bridge_slave_0: entered allmulticast mode
[  200.162152][ T5773] bridge_slave_0: entered promiscuous mode
[  200.209559][ T5776] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  200.219003][   T49] Bluetooth: hci0: command tx timeout
[  200.265274][ T5769] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  200.285417][ T5769] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  200.296616][ T5773] bridge0: port 2(bridge_slave_1) entered blocking state
[  200.303998][ T5773] bridge0: port 2(bridge_slave_1) entered disabled state
[  200.312271][ T5773] bridge_slave_1: entered allmulticast mode
[  200.321689][ T5773] bridge_slave_1: entered promiscuous mode
[  200.331469][ T5782] bridge0: port 1(bridge_slave_0) entered blocking state
[  200.339980][ T5782] bridge0: port 1(bridge_slave_0) entered disabled state
[  200.347706][ T5782] bridge_slave_0: entered allmulticast mode
[  200.357144][ T5782] bridge_slave_0: entered promiscuous mode
[  200.406343][ T5778] team0: Port device team_slave_0 added
[  200.454912][   T49] Bluetooth: hci1: command tx timeout
[  200.455108][ T5072] Bluetooth: hci3: command tx timeout
[  200.460559][ T5774] Bluetooth: hci2: command tx timeout
[  200.484379][ T5782] bridge0: port 2(bridge_slave_1) entered blocking state
[  200.492107][ T5782] bridge0: port 2(bridge_slave_1) entered disabled state
[  200.500135][ T5782] bridge_slave_1: entered allmulticast mode
[  200.509161][ T5782] bridge_slave_1: entered promiscuous mode
[  200.534466][ T5774] Bluetooth: hci4: command tx timeout
[  200.559030][ T5778] team0: Port device team_slave_1 added
[  200.659588][ T5776] team0: Port device team_slave_0 added
[  200.702955][ T5769] team0: Port device team_slave_0 added
[  200.731785][ T5773] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  200.775649][ T5776] team0: Port device team_slave_1 added
[  200.815827][ T5769] team0: Port device team_slave_1 added
[  200.831012][ T5773] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  200.850197][ T5782] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  200.890285][ T5778] batman_adv: batadv0: Adding interface: batadv_slave_0
[  200.897560][ T5778] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  200.924878][ T5778] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  201.002682][ T5782] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  201.041052][ T5778] batman_adv: batadv0: Adding interface: batadv_slave_1
[  201.048747][ T5778] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  201.075769][ T5778] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  201.172371][ T5776] batman_adv: batadv0: Adding interface: batadv_slave_0
[  201.180052][ T5776] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  201.206885][ T5776] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  201.240618][ T5769] batman_adv: batadv0: Adding interface: batadv_slave_0
[  201.247947][ T5769] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  201.274544][ T5769] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  201.294801][ T5773] team0: Port device team_slave_0 added
[  201.329771][ T5776] batman_adv: batadv0: Adding interface: batadv_slave_1
[  201.337610][ T5776] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  201.364651][ T5776] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  201.400778][ T5769] batman_adv: batadv0: Adding interface: batadv_slave_1
[  201.408134][ T5769] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  201.435018][ T5769] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  201.455476][ T5773] team0: Port device team_slave_1 added
[  201.468933][ T5782] team0: Port device team_slave_0 added
[  201.487999][ T5782] team0: Port device team_slave_1 added
[  201.664672][ T5773] batman_adv: batadv0: Adding interface: batadv_slave_0
[  201.671759][ T5773] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  201.698659][ T5773] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  201.785280][ T5778] hsr_slave_0: entered promiscuous mode
[  201.796399][ T5778] hsr_slave_1: entered promiscuous mode
[  201.836223][ T5773] batman_adv: batadv0: Adding interface: batadv_slave_1
[  201.843411][ T5773] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  201.870461][ T5773] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  201.895754][ T5782] batman_adv: batadv0: Adding interface: batadv_slave_0
[  201.902850][ T5782] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  201.929601][ T5782] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  202.013306][ T5776] hsr_slave_0: entered promiscuous mode
[  202.022482][ T5776] hsr_slave_1: entered promiscuous mode
[  202.031056][ T5776] debugfs: 'hsr0' already exists in 'hsr'
[  202.037034][ T5776] Cannot create hsr debugfs directory
[  202.065789][ T5782] batman_adv: batadv0: Adding interface: batadv_slave_1
[  202.072971][ T5782] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  202.099280][ T5782] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  202.143258][ T5769] hsr_slave_0: entered promiscuous mode
[  202.152115][ T5769] hsr_slave_1: entered promiscuous mode
[  202.160418][ T5769] debugfs: 'hsr0' already exists in 'hsr'
[  202.166387][ T5769] Cannot create hsr debugfs directory
[  202.294371][ T5774] Bluetooth: hci0: command tx timeout
[  202.534725][ T5774] Bluetooth: hci3: command tx timeout
[  202.534916][   T49] Bluetooth: hci2: command tx timeout
[  202.540322][ T5774] Bluetooth: hci1: command tx timeout
[  202.594455][ T5782] hsr_slave_0: entered promiscuous mode
[  202.603465][ T5782] hsr_slave_1: entered promiscuous mode
[  202.612186][ T5782] debugfs: 'hsr0' already exists in 'hsr'
[  202.618280][ T5774] Bluetooth: hci4: command tx timeout
[  202.624347][ T5782] Cannot create hsr debugfs directory
[  202.644462][ T5773] hsr_slave_0: entered promiscuous mode
[  202.653484][ T5773] hsr_slave_1: entered promiscuous mode
[  202.661983][ T5773] debugfs: 'hsr0' already exists in 'hsr'
[  202.667954][ T5773] Cannot create hsr debugfs directory
[  203.878141][ T5778] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  203.899765][ T5778] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  203.938044][ T5778] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  203.959277][ T5778] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  204.067832][ T5769] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  204.112544][ T5769] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  204.137989][ T5769] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  204.189108][ T5769] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  204.371365][ T5773] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  204.386495][ T5774] Bluetooth: hci0: command tx timeout
[  204.440138][ T5773] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  204.491579][ T5773] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  204.541830][ T5773] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  204.615162][ T5072] Bluetooth: hci3: command tx timeout
[  204.616937][   T49] Bluetooth: hci1: command tx timeout
[  204.620993][ T5774] Bluetooth: hci2: command tx timeout
[  204.694363][ T5774] Bluetooth: hci4: command tx timeout
[  204.831966][ T5776] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  204.869048][ T5776] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  204.952483][ T5776] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  205.015151][ T5776] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  205.096128][ T5778] 8021q: adding VLAN 0 to HW filter on device bond0
[  205.265783][ T5782] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  205.322045][ T5782] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  205.350997][ T5782] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  205.379732][ T5778] 8021q: adding VLAN 0 to HW filter on device team0
[  205.398985][ T5782] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  205.539095][   T34] bridge0: port 1(bridge_slave_0) entered blocking state
[  205.546783][   T34] bridge0: port 1(bridge_slave_0) entered forwarding state
[  205.629839][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  205.637337][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  205.746180][ T5769] 8021q: adding VLAN 0 to HW filter on device bond0
[  205.950753][ T5769] 8021q: adding VLAN 0 to HW filter on device team0
[  206.020363][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  206.027964][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  206.142466][   T56] bridge0: port 2(bridge_slave_1) entered blocking state
[  206.149972][   T56] bridge0: port 2(bridge_slave_1) entered forwarding state
[  206.199162][ T5773] 8021q: adding VLAN 0 to HW filter on device bond0
[  206.502027][ T5773] 8021q: adding VLAN 0 to HW filter on device team0
[  206.630507][   T34] bridge0: port 1(bridge_slave_0) entered blocking state
[  206.638089][   T34] bridge0: port 1(bridge_slave_0) entered forwarding state
[  206.687213][ T5776] 8021q: adding VLAN 0 to HW filter on device bond0
[  206.791842][   T56] bridge0: port 2(bridge_slave_1) entered blocking state
[  206.799756][   T56] bridge0: port 2(bridge_slave_1) entered forwarding state
[  206.973808][ T5776] 8021q: adding VLAN 0 to HW filter on device team0
[  207.010722][ T5782] 8021q: adding VLAN 0 to HW filter on device bond0
[  207.111950][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  207.119693][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  207.268253][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  207.275880][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  207.342635][ T5782] 8021q: adding VLAN 0 to HW filter on device team0
[  207.493745][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  207.501457][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  207.589816][ T5778] 8021q: adding VLAN 0 to HW filter on device batadv0
[  207.627474][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  207.635290][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  208.380581][ T5769] 8021q: adding VLAN 0 to HW filter on device batadv0
[  208.579432][ T5778] veth0_vlan: entered promiscuous mode
[  208.752571][ T5778] veth1_vlan: entered promiscuous mode
[  208.813852][ T5773] 8021q: adding VLAN 0 to HW filter on device batadv0
[  209.293389][ T5769] veth0_vlan: entered promiscuous mode
[  209.453749][ T5776] 8021q: adding VLAN 0 to HW filter on device batadv0
[  209.497569][ T5778] veth0_macvtap: entered promiscuous mode
[  209.558719][ T5778] veth1_macvtap: entered promiscuous mode
[  209.600271][ T5769] veth1_vlan: entered promiscuous mode
[  209.881052][ T5778] batman_adv: batadv0: Interface activated: batadv_slave_0
[  209.920658][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  209.930883][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  209.956747][ T5782] 8021q: adding VLAN 0 to HW filter on device batadv0
[  210.043170][ T5778] batman_adv: batadv0: Interface activated: batadv_slave_1
[  210.189437][   T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  210.264479][   T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  210.336480][   T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  210.367357][ T5769] veth0_macvtap: entered promiscuous mode
[  210.383884][ T5776] veth0_vlan: entered promiscuous mode
[  210.411033][   T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  210.520376][ T5769] veth1_macvtap: entered promiscuous mode
[  210.641965][ T5776] veth1_vlan: entered promiscuous mode
[  210.733209][ T5782] veth0_vlan: entered promiscuous mode
[  210.840686][ T5769] batman_adv: batadv0: Interface activated: batadv_slave_0
[  210.913142][ T5769] batman_adv: batadv0: Interface activated: batadv_slave_1
[  211.005769][ T5773] veth0_vlan: entered promiscuous mode
[  211.020184][ T5782] veth1_vlan: entered promiscuous mode
[  211.050220][ T1016] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  211.059721][ T1016] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  211.117808][ T1016] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  211.215633][ T1016] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  211.311690][ T5773] veth1_vlan: entered promiscuous mode
[  211.346140][ T5776] veth0_macvtap: entered promiscuous mode
[  211.426091][ T5776] veth1_macvtap: entered promiscuous mode
[  211.704147][ T5782] veth0_macvtap: entered promiscuous mode
[  211.784216][ T5776] batman_adv: batadv0: Interface activated: batadv_slave_0
[  211.841776][ T5782] veth1_macvtap: entered promiscuous mode
[  211.903166][ T5776] batman_adv: batadv0: Interface activated: batadv_slave_1
[  211.932412][   T57] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  212.014838][   T57] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  212.026078][ T5773] veth0_macvtap: entered promiscuous mode
[  212.088745][   T57] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  212.124382][   T57] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  212.142581][ T5773] veth1_macvtap: entered promiscuous mode
[  212.237500][ T5782] batman_adv: batadv0: Interface activated: batadv_slave_0
[  212.351524][ T5782] batman_adv: batadv0: Interface activated: batadv_slave_1
[  212.480173][  T997] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  212.514341][  T997] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  212.523486][  T997] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  212.598860][  T997] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  212.637825][ T5773] batman_adv: batadv0: Interface activated: batadv_slave_0
[  212.767092][ T5773] batman_adv: batadv0: Interface activated: batadv_slave_1
[  212.959474][  T148] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  212.989590][  T148] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  213.053644][   T13] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  213.086298][   T13] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  215.531864][  T515] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  215.578765][  T515] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  215.840592][  T148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  215.860069][  T148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  216.410813][ T5778] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  217.202877][ T5940] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  217.245305][   T34] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  217.253356][   T34] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  217.652782][  T148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  217.706844][ T5940] kvm: kvm [5937]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0x100
[  217.716354][  T148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  217.761008][ T5940] kvm: kvm [5937]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x80
[  217.784728][ T5940] kvm: kvm [5937]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111
[  221.580323][  T515] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  222.228194][  T515] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  222.935233][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  222.943278][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  223.379779][ T5975] loop0: detected capacity change from 0 to 512
[  223.918576][ T5975] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  224.865355][  T148] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  224.873682][  T148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  226.257422][   T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  226.266113][   T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  226.875270][ T5988] loop2: detected capacity change from 0 to 512
[  227.799877][ T5988] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  228.588890][   T56] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  228.639978][ T5769] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  228.647199][   T56] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  229.108685][    T0] NOHZ tick-stop error: local softirq work is pending, handler #0a!!!
[  229.280521][   T29] audit: type=1800 audit(1775910994.895:2): pid=5988 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.9" name="file1" dev="loop2" ino=15 res=0 errno=0
[  229.567770][   T29] audit: type=1800 audit(1775910994.895:3): pid=5992 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.9" name="file1" dev="loop2" ino=15 res=0 errno=0
[  229.572931][ T5968] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  230.014220][ T5968] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  230.328037][ T5778] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  230.762377][ T5999] delete_channel: no stack
[  231.064875][ T6002] loop0: detected capacity change from 0 to 2048
[  231.271029][ T6002] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  232.143657][ T6015] loop3: detected capacity change from 0 to 512
[  232.882121][    C1] =====================================================
[  232.889388][    C1] BUG: KMSAN: uninit-value in __flush_smp_call_function_queue+0x362/0x18e0
[  232.898190][    C1]  __flush_smp_call_function_queue+0x362/0x18e0
[  232.904642][    C1]  generic_smp_call_function_single_interrupt+0x1c/0x30
[  232.911889][    C1]  __sysvec_call_function_single+0x4b/0x3e0
[  232.918063][    C1]  sysvec_call_function_single+0x7c/0x90
[  232.923891][    C1]  asm_sysvec_call_function_single+0x1f/0x30
[  232.930056][    C1]  _raw_spin_unlock_irqrestore+0x33/0x60
[  232.935886][    C1]  snd_rawmidi_transmit+0x667/0x710
[  232.941322][    C1]  snd_vmidi_output_work+0x1bd/0x4a0
[  232.946819][    C1]  process_scheduled_works+0xb82/0x1e80
[  232.952577][    C1]  worker_thread+0xee4/0x1590
[  232.957494][    C1]  kthread+0x53f/0x600
[  232.961758][    C1]  ret_from_fork+0x20f/0x910
[  232.966512][    C1]  ret_from_fork_asm+0x1a/0x30
[  232.971476][    C1] 
[  232.973882][    C1] Local variable rf created at:
[  232.978817][    C1]  __schedule+0x3b/0x8640
[  232.983309][    C1]  preempt_schedule_irq+0x50/0xa0
[  232.988516][    C1] 
[  232.990980][    C1] CPU: 1 UID: 0 PID: 25 Comm: kworker/1:0H Not tainted syzkaller #0 PREEMPT(full) 
[  233.000643][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  233.010869][    C1] Workqueue: events_highpri snd_vmidi_output_work
[  233.017513][    C1] =====================================================
[  233.024578][    C1] Disabling lock debugging due to kernel taint
[  233.030847][    C1] Kernel panic - not syncing: kmsan.panic set ...
[  233.037409][    C1] CPU: 1 UID: 0 PID: 25 Comm: kworker/1:0H Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  233.048464][    C1] Tainted: [B]=BAD_PAGE
[  233.052719][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  233.063033][    C1] Workqueue: events_highpri snd_vmidi_output_work
[  233.069692][    C1] Call Trace:
[  233.073133][    C1]  <IRQ>
[  233.076080][    C1]  __dump_stack+0x26/0x30
[  233.080617][    C1]  dump_stack_lvl+0x50/0x1c0
[  233.085400][    C1]  ? dump_stack+0x12/0x25
[  233.089919][    C1]  dump_stack+0x1e/0x25
[  233.094263][    C1]  vpanic+0x7b4/0x1430
[  233.098561][    C1]  panic+0x15d/0x160
[  233.102711][    C1]  kmsan_report+0x31a/0x320
[  233.107512][    C1]  ? __msan_warning+0x1b/0x30
[  233.112396][    C1]  ? __flush_smp_call_function_queue+0x362/0x18e0
[  233.119011][    C1]  ? generic_smp_call_function_single_interrupt+0x1c/0x30
[  233.126330][    C1]  ? __sysvec_call_function_single+0x4b/0x3e0
[  233.132601][    C1]  ? sysvec_call_function_single+0x7c/0x90
[  233.138615][    C1]  ? asm_sysvec_call_function_single+0x1f/0x30
[  233.144963][    C1]  ? _raw_spin_unlock_irqrestore+0x33/0x60
[  233.150969][    C1]  ? snd_rawmidi_transmit+0x667/0x710
[  233.156564][    C1]  ? snd_vmidi_output_work+0x1bd/0x4a0
[  233.162313][    C1]  ? process_scheduled_works+0xb82/0x1e80
[  233.168306][    C1]  ? worker_thread+0xee4/0x1590
[  233.173335][    C1]  ? kthread+0x53f/0x600
[  233.177773][    C1]  ? ret_from_fork+0x20f/0x910
[  233.182713][    C1]  ? ret_from_fork_asm+0x1a/0x30
[  233.187863][    C1]  ? kmsan_get_metadata+0xf1/0x160
[  233.193160][    C1]  ? kmsan_get_metadata+0xf1/0x160
[  233.198441][    C1]  ? kmsan_internal_set_shadow_origin+0x7a/0x110
[  233.205008][    C1]  ? kmsan_internal_unpoison_memory+0x14/0x20
[  233.211310][    C1]  ? kmsan_get_metadata+0xf1/0x160
[  233.216591][    C1]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  233.222577][    C1]  ? kmsan_get_metadata+0xf1/0x160
[  233.227946][    C1]  ? kmsan_internal_set_shadow_origin+0x7a/0x110
[  233.234504][    C1]  ? kmsan_get_metadata+0xf1/0x160
[  233.239787][    C1]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  233.245775][    C1]  ? kmsan_get_metadata+0xf1/0x160
[  233.251062][    C1]  __msan_warning+0x1b/0x30
[  233.255764][    C1]  __flush_smp_call_function_queue+0x362/0x18e0
[  233.262191][    C1]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  233.268203][    C1]  generic_smp_call_function_single_interrupt+0x1c/0x30
[  233.275346][    C1]  __sysvec_call_function_single+0x4b/0x3e0
[  233.281454][    C1]  sysvec_call_function_single+0x7c/0x90
[  233.287287][    C1]  </IRQ>
[  233.290323][    C1]  <TASK>
[  233.293358][    C1]  asm_sysvec_call_function_single+0x1f/0x30
[  233.299535][    C1] RIP: 0010:_raw_spin_unlock_irqrestore+0x33/0x60
[  233.306249][    C1] Code: 56 53 48 89 f3 49 89 fe e8 ea 70 9f f1 4c 89 f7 e8 22 64 9f f1 c6 00 00 41 c6 06 00 f7 c3 00 02 00 00 74 01 fb be 04 00 00 00 <48> c7 c7 28 b0 84 95 e8 31 66 9f f1 65 ff 0d b2 c5 78 04 74 0a 5b
[  233.326132][    C1] RSP: 0018:ffff88810078bad0 EFLAGS: 00000206
[  233.332368][    C1] RAX: ffff8881173b3c38 RBX: 0000000000000286 RCX: 000000000057567f
[  233.340479][    C1] RDX: ffff8881177b3c38 RSI: 0000000000000004 RDI: ffff888117bb3c38
[  233.348607][    C1] RBP: ffff88810078bae0 R08: ffffea000000000f R09: 0000000000000000
[  233.356742][    C1] R10: ffff888237c90028 R11: ffffffff81ba3640 R12: 0000000000000001
[  233.364945][    C1] R13: 0000000000000000 R14: ffff888117bb3c38 R15: ffff888117bb3c38
[  233.373068][    C1]  ? __pfx_task_woken_rt+0x10/0x10
[  233.378405][    C1]  snd_rawmidi_transmit+0x667/0x710
[  233.383863][    C1]  snd_vmidi_output_work+0x1bd/0x4a0
[  233.389711][    C1]  ? __pfx_snd_vmidi_output_work+0x10/0x10
[  233.395763][    C1]  process_scheduled_works+0xb82/0x1e80
[  233.401595][    C1]  worker_thread+0xee4/0x1590
[  233.406517][    C1]  kthread+0x53f/0x600
[  233.410836][    C1]  ? __pfx_worker_thread+0x10/0x10
[  233.416168][    C1]  ? __pfx_kthread+0x10/0x10
[  233.420971][    C1]  ret_from_fork+0x20f/0x910
[  233.425743][    C1]  ? __switch_to+0x51c/0x750
[  233.430550][    C1]  ? __pfx_kthread+0x10/0x10
[  233.435351][    C1]  ret_from_fork_asm+0x1a/0x30
[  233.440348][    C1]  </TASK>
[  233.443746][    C1] Kernel Offset: disabled
[  233.448353][    C1] Rebooting in 86400 seconds..