Extracting prog: 4m7.854316446s
Minimizing prog: 24m13.669429187s
Simplifying prog options: 0s
Extracting C: 1m1.515320768s
Simplifying C: 11m25.96945716s


extracting reproducer from 37 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-openat$proc_mixer-write$proc_mixer-syz_open_dev$video-socket$nl_route-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$nl_route-syz_open_dev$dvb_demux-ioctl$DVB_DEMUX_DMX_SET_FILTER
detailed listing:
executing program 0:
syz_usb_connect(0x3, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000cc1ef420890b070064ef000000010902120001000000000904"], 0x0)
r0 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x1, 0x0)
write$proc_mixer(r0, 0x0, 0x33)
syz_open_dev$video(0x0, 0x0, 0x10b200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800200}, 0xc, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="804000001d00000429bd7000fddbdf0900000000e20c943ffb242ae1a4fc69953c41a79bae3157ccb39a2d8ff9589b648c2543c3d200cbf578817dc86e00c9a83614d3563006eb2e1a917fbbd0e39fd29c95c426ed299a8564c9ac605ff63e32741056e0699ed3e407d813632f95400e4f46377789b6ee58cd8c5da0d0c29a92f038ee549645b968c38181c261edf33eec54dd4a4b1247d969713e2bcca224a5e0040613c1e75bc3ed8271583620b98c6e33164ba07f6591072eb3cef6789ab1cadad4194f9800"/210, @ANYRES32=r2, @ANYBLOB="08008c0a30000e8005000100070000000500010008000000050001003f000000040002000500010008000000050001003800000005000c000600000008000d000400000008000d000200000014000100fc0100000000000000000000000000010800090006000000"], 0x80}, 0x1, 0x0, 0x0, 0x40000}, 0x24040045)
r3 = syz_open_dev$dvb_demux(&(0x7f00000002c0), 0x1, 0x0)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r3, 0x403c6f2b, &(0x7f0000000200)={0x7, {"9db867d09ed91aa9c5c29f2f1e4be6bf", "cc6c2d12e0353c0e42899a29fdefe3bc", "9defe9f49655f386b84e6bb715dac54f"}, 0x445, 0x7})

program did not crash
single: failed to extract reproducer
bisect: bisecting 37 programs with base timeout 30s
testing program (duration=39s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 10, 30, 15, 10, 30, 30, 30, 28, 23, 2, 30, 9, 17, 17, 29, 23, 30, 2, 30, 30, 30, 15, 4, 28, 5, 3, 23, 2, 28, 15, 9, 11, 11, 6, 2, 28]
detailed listing:
executing program 2:
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$sock_linger(r0, 0x1, 0xd, 0x0, 0x0)
setsockopt$inet_int(r0, 0x0, 0x18, &(0x7f0000000040)=0x8003, 0x4) (fail_nth: 7)
executing program 2:
r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket$key(0xf, 0x3, 0x2)
syz_open_dev$sndpcmp(&(0x7f0000000300), 0x1, 0x203)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f000012d000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f00005a4000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}], 0x40000000000012d, 0x2, 0x0)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x2e, &(0x7f0000000500)={@broadcast, @broadcast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
executing program 2:
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec778000)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCPKT(r1, 0x5420, &(0x7f0000000100)=0x10000)
ioctl$TIOCSSOFTCAR(r1, 0x541a, &(0x7f0000000000))
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @empty}, 0x2}, 0x1c)
connect$inet6(r2, &(0x7f0000000100)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0xd}, 0x1c)
recvmsg(r2, 0x0, 0x40010082)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
unshare(0x2a020400)
syz_io_uring_submit(0x0, 0x0, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = getpid()
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x2, 0x0)
syz_io_uring_setup(0x88f, &(0x7f0000000340)={0x0, 0xaee2, 0x0, 0x0, 0xbfdffffc}, &(0x7f0000000300)=<r5=>0x0, &(0x7f0000000180)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
unshare(0x8000400)
r7 = socket$pppoe(0x18, 0x1, 0x0)
r8 = io_uring_setup(0x7464, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r8, 0x12, 0x0, r9)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r7, 0x0, &(0x7f00000003c0)="3fcb24f5e7c4fbca9df187c46c8943ffa4430b8176903a14d5464a3c9948e5325575a8e9d4c96ec7cb498b7478d19a54e6e6fc40243677cdf88387f4e9d53cdaef602e4b8f7db82c87107c9593f4e195c250bcfd156b0bc99923376711718f3d32f1193980582f01161610ba88ada01b7124cdbd0af6b3136858f6fca2e30c318a9b3b1f8fc6159cb6761aaa1cc8a58cd8bfc654cba20a4662fe1c0482a1a46a6075151fe57c66bfdb", 0xa9, 0x10080, 0x1, {0x0, r9}})
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r10, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="500000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c000280040001"], 0x50}}, 0x0)
sendmsg$NFT_BATCH(r10, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_DELRULE={0x78, 0x8, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x5}, [@NFTA_RULE_ID={0x8, 0x9, 0x1, 0x0, 0x1}, @NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x4}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x3}, @NFTA_RULE_COMPAT={0x3c, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_PROTO_IPV6={0x8}, @NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x89}, @NFTA_RULE_COMPAT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_RULE_COMPAT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_RULE_COMPAT_PROTO_IPV4={0x8, 0x1, 0x1, 0x0, 0x8}, @NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_RULE_COMPAT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xa0}, 0x1, 0x0, 0x0, 0x24080}, 0x8000)
executing program 2:
r0 = socket$inet(0x2, 0x1, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000002280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000002280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',g'], 0x0, 0x0, 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f00000002c0)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x4000}})
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x9801)
move_mount(r4, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x89901)
move_mount(r5, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
open_tree(r4, &(0x7f0000000640)='\x00', 0x89901)
setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @local}, 0xc)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000140)=ANY=[@ANYBLOB="e0000001ac1414aa0000000003"], 0x1c)
setsockopt$inet_mreqn(r0, 0x0, 0x25, &(0x7f0000000080)={@multicast1, @local}, 0xc)
executing program 2:
r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket$key(0xf, 0x3, 0x2)
syz_open_dev$sndpcmp(&(0x7f0000000300), 0x1, 0x203)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f000012d000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f00005a4000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}], 0x40000000000012d, 0x2, 0x0)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x2e, &(0x7f0000000500)={@broadcast, @broadcast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x10000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_GET_MSRS_cpu(r2, 0xc008ae88, &(0x7f0000000280)={0x1, 0x0, [{0x443, 0x0, 0x8000000000000001}, {0x274, 0x0, 0x200000000001}, {0x275, 0x0, 0x16}, {0x8e5, 0x0, 0x9}, {0x960, 0x0, 0x3}]})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x163101, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r4 = socket$kcm(0x2, 0xa, 0x2)
r5 = socket$packet(0x11, 0x3, 0x300)
bind$packet(r5, &(0x7f0000000240)={0x11, 0xd, 0x0, 0x1, 0x10, 0x6, @local}, 0x14)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'ipvlan1\x00', @link_local})
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
syz_usb_connect$uac1(0x2, 0x8e, &(0x7f0000000000)=ANY=[@ANYBLOB="120110010000004082057d0040000102030109027c0003010048060904000000010100000a240106000a0002010209040100000102000009040001010102000011240201090404035cd868ee6e1a5bc8e40b2402017f0206072d727309050109080000037f0725010c000200090402"], 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
r8 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f00000000c0)={0x3, 0x1000}, 0x4)
r9 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4808037e70e4509c5bb", 0x50}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
setsockopt$packet_rx_ring(r8, 0x107, 0x5, &(0x7f0000000140)=@req3={0x8000, 0x61, 0x1800000, 0x3e, 0x9, 0xb, 0x4}, 0x1c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, 0x0)
r10 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r10, 0x8914, 0x0)
bpf$ITER_CREATE(0x21, 0x0, 0x0)
r11 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r11, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x800)
executing program 32:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x10000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_GET_MSRS_cpu(r2, 0xc008ae88, &(0x7f0000000280)={0x1, 0x0, [{0x443, 0x0, 0x8000000000000001}, {0x274, 0x0, 0x200000000001}, {0x275, 0x0, 0x16}, {0x8e5, 0x0, 0x9}, {0x960, 0x0, 0x3}]})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x163101, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r4 = socket$kcm(0x2, 0xa, 0x2)
r5 = socket$packet(0x11, 0x3, 0x300)
bind$packet(r5, &(0x7f0000000240)={0x11, 0xd, 0x0, 0x1, 0x10, 0x6, @local}, 0x14)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'ipvlan1\x00', @link_local})
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
syz_usb_connect$uac1(0x2, 0x8e, &(0x7f0000000000)=ANY=[@ANYBLOB="120110010000004082057d0040000102030109027c0003010048060904000000010100000a240106000a0002010209040100000102000009040001010102000011240201090404035cd868ee6e1a5bc8e40b2402017f0206072d727309050109080000037f0725010c000200090402"], 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
r8 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f00000000c0)={0x3, 0x1000}, 0x4)
r9 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4808037e70e4509c5bb", 0x50}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
setsockopt$packet_rx_ring(r8, 0x107, 0x5, &(0x7f0000000140)=@req3={0x8000, 0x61, 0x1800000, 0x3e, 0x9, 0xb, 0x4}, 0x1c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, 0x0)
r10 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r10, 0x8914, 0x0)
bpf$ITER_CREATE(0x21, 0x0, 0x0)
r11 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r11, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x800)
executing program 4:
r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=ANY=[@ANYBLOB="1b00000000000000000000000020000000000000", @ANYRES32, @ANYBLOB="000000a0a8c3ec6100"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000540)={r0, 0x0, 0x0}, 0x20)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
socket$unix(0x1, 0x5, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x16, 0x19, &(0x7f0000000700)=ANY=[@ANYBLOB="18480000faffffff0000000000000000b7080000000000007b8af8ff00000000b7080000040000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="00fa000000000000b70500000800000085000000a50000000fb60c00ffffffff18110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000010000008500000082000000"], &(0x7f0000000240)='syzkaller\x00', 0x1000, 0x89, &(0x7f0000000800)=""/137, 0x40f00, 0x2, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, &(0x7f00000008c0)={0x8, 0x3}, 0x8, 0x10, &(0x7f0000000900)={0x0, 0xe, 0x8, 0x6698}, 0x10, 0x0, 0xffffffffffffffff, 0x6, &(0x7f0000000980)=[r0, r0, r0], &(0x7f00000009c0)=[{0x5, 0x4, 0x1, 0xc}, {0x3, 0x2, 0x9, 0x2}, {0x4, 0x5, 0x9, 0xf}, {0x3, 0x2, 0x1}, {0x5, 0x14, 0x9, 0x9}, {0x2, 0x3, 0xe}], 0x10, 0x3ff}, 0x94)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="300000003e0007012bbd700000000000027c00000400fc800f0001806d14314965356ee88bd2"], 0x30}, 0x1, 0x0, 0x0, 0xc000}, 0xc040)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000100)={'sit0\x00', &(0x7f0000000b00)={'gretap0\x00', 0x0, 0x7f80, 0x7, 0x89e3, 0x2, {{0x3e, 0x4, 0x2, 0x0, 0xf8, 0x67, 0x0, 0xfe, 0x2f, 0x0, @rand_addr=0x64010101, @remote, {[@ssrr={0x89, 0xf, 0x29, [@private=0xa010101, @loopback, @remote]}, @cipso={0x86, 0x50, 0x3, [{0x7, 0x8, "9841def4559d"}, {0x0, 0x6, "d3492682"}, {0x7, 0xd, "370c0b0929d75b814ec3b3"}, {0x1, 0x10, "d0763686995fbf7ed8ac3d8789ad"}, {0x1, 0x10, "f08944ff8c7e47b2a8b024c05208"}, {0x6, 0xf, "ce2e4e05409f1e255d4a3cb8f3"}]}, @timestamp_addr={0x44, 0x34, 0xc8, 0x1, 0x5, [{@empty, 0x2}, {@multicast1, 0x2}, {@broadcast, 0x8}, {@remote, 0xa}, {@local, 0x4}, {@remote, 0x2}]}, @rr={0x7, 0x17, 0xc3, [@initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, @rand_addr=0x64010102, @loopback, @initdev={0xac, 0x1e, 0x0, 0x0}]}, @cipso={0x86, 0x39, 0xffffffffffffffff, [{0x2, 0x6, "ca27ae76"}, {0x6, 0xa, "2e4a57f4083231cf"}, {0x5, 0x4, "ec73"}, {0x0, 0x5, "ce639a"}, {0x1, 0xb, "455925f8117e259dd1"}, {0x6, 0x8, "600109aa5d47"}, {0x2, 0x7, "9c19040344"}]}]}}}}})
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$sock_int(r6, 0x1, 0xf, &(0x7f0000000140)=0xb8, 0x4)
connect$inet6(r6, &(0x7f0000000040)={0xa, 0x4e23, 0xffffffff, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x25}}, 0xfd}, 0x1c)
setsockopt$inet6_mreq(r6, 0x29, 0x15, &(0x7f00000000c0)={@loopback}, 0x14)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x0, &(0x7f00000005c0)={0x8, 0x70, 0x80000}, 0x20)
syz_open_dev$loop(0x0, 0x2, 0x2001)
ioctl$KVM_GET_SUPPORTED_HV_CPUID_sys(r3, 0xc008aec1, &(0x7f0000000580)={0x8, 0x0, [{0x80000007, 0xb15, 0x4, 0x8, 0xffffff89, 0xc99, 0x3}, {0x80000000, 0xfffffd65, 0x7, 0x0, 0x7, 0x2, 0x5}, {0x80000007, 0xf, 0x2, 0x9, 0xff, 0x100, 0x8072}, {0x80000000, 0x7, 0x5, 0x8, 0xb5f, 0x5, 0x5}, {0x40000000, 0x401, 0x1, 0x3, 0x2c, 0x9, 0xfffffae4}, {0x80000019, 0x3, 0x5, 0x2, 0xa2, 0x1ff, 0x3}, {0x80000007, 0x9, 0x5, 0xffff, 0xffffffff, 0x6, 0xee88}, {0xa, 0x79da3af3, 0x4, 0x401, 0x5, 0x4, 0x10000}]})
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r7, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x14, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d960001000000000000000000007efff100004000", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c527d3d458dd4992861ac00", "f4bd000000801900", [0x8, 0x1000000000e]}})
clock_adjtime(0x1, &(0x7f0000000400)={0x5, 0xc1bb, 0x5, 0xffffffffffffffff, 0x5, 0x8, 0x66, 0x57, 0x2, 0x8, 0x1, 0x8000000000000001, 0x6, 0x100, 0x5, 0x80000001, 0x7, 0x8b, 0x3, 0x4, 0x7, 0x63, 0x1, 0x3, 0x9, 0x5})
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket(0x400000000010, 0x3, 0x0)
r9 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
executing program 4:
syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0)
r0 = socket(0x80000000000000a, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000407000/0x18000)=nil, &(0x7f0000000600)=[@text32={0x20, &(0x7f0000000140)="7d0066baf80cb8bb91a285ef66bafc0cb086ee0fc77d00660f38dd9100200000c4c3055fd302c4c2f59ac9b805000000b994add14b0f01d9260f0f5e048e64660f3839c966baf80cb8b1b98d86ef66bafc0cb000ee"}], 0x1, 0x0, 0x0, 0x13)
sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010027bd7000fcdbdf250600000008082b00030000000800230006000000050037000100000008002c00faffffff08002b00190000004a8a6836010de87ad2ffed791583256e7cd92bc5f2bd7feeddf900af784f358ddd22a9752dc97529f7dbccd701ce7027cb6559783bb03d64ca041c4ca4178bf206b4314645c02ad6c8c87972fdc9375ce2a090e87880d636e6cd5e005a7d37874d18d30642c411d6bd82cab7a329cf2fdaff8b53"], 0x3c}, 0x1, 0x0, 0x0, 0x20040020}, 0x20040010)
socket$inet6_sctp(0xa, 0x5, 0x84)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f00000000c0)={<r4=>0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}]}, &(0x7f0000000100)=0x10)
r5 = socket(0x200000000000011, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'team0\x00', <r6=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYRES8=r6, @ANYRES32=0x0, @ANYRESHEX=0x0, @ANYRES32=r6], 0x3c}}, 0x4040800)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000240)={0x0, @in={{0x2, 0x0, @empty}}, 0xff, 0x4}, 0x90)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000840)={r4, @in6={{0xa, 0x4e20, 0x3ae, @empty, 0x129}}, 0x2, 0x2, 0x614, 0x1, 0xd, 0x7, 0x4}, 0x9c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x8, 0x6, &(0x7f0000000200)=ANY=[], 0x0, 0x47, 0x0, 0x0, 0x41000, 0xf72cb191e650caa, '\x00', r6, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
syz_open_dev$loop(&(0x7f0000000280), 0xffff, 0x14f600)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x6, &(0x7f0000000000)=[{0x3, 0xfc, 0x9, 0x7fff}, {0x0, 0x0, 0xfe, 0xfffff858}, {0xfff9, 0x80, 0xd8, 0x7f}, {0x8, 0x1, 0x5, 0xeffa}, {0x795a, 0x9, 0x3, 0xe}, {0x3, 0x4, 0xd, 0xbefc}]})
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000380), 0x0, 0x10}, 0x40014)
executing program 4:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
creat(&(0x7f0000000040)='./file0\x00', 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x260000, 0x1)
file_getattr(r1, 0x0, &(0x7f0000000100), 0x18, 0x1000)
ptrace$setregs(0xd, r0, 0xfffffffffffffffc, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYRESHEX=r0, @ANYRES16, @ANYBLOB="050027bd7000fedbdf"], 0x80}, 0x1, 0x0, 0x0, 0x40048}, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000100)=ANY=[], 0x9)
write$binfmt_script(r4, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r4, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
preadv(r4, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
r5 = syz_open_dev$vbi(&(0x7f0000000000), 0x2, 0x2)
ioctl$VIDIOC_S_INPUT(r5, 0xc0045627, &(0x7f0000000100)=0x3)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r5, 0xc0845657, &(0x7f0000000040)={0x0, @bt={0xa00, 0x63c, 0x1, 0x3, 0xd59f83, 0x19f5, 0x3f, 0x7, 0x3, 0x6, 0x2800, 0x2800, 0x12, 0xba2, 0x1b, 0x3e, {0x8, 0x40}, 0xcf, 0x9}})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
r6 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r6, 0x40345410, &(0x7f00000083c0)={{0x3}})
ioctl$SNDRV_TIMER_IOCTL_STATUS32(r6, 0x80585414, 0x0)
executing program 4:
r0 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89c, 0xc000, 0xa, 0x20002f7})
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)
executing program 0:
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0)
write$vga_arbiter(r0, &(0x7f0000000040)=ANY=[@ANYBLOB='unlock '], 0xe)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x400, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x4d, 0xfffffffb, 0x7fffffff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084)
sendmsg$nl_route_sched(r3, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001300)=@newqdisc={0x878, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdf8, {0x0, 0x0, 0x0, r5, {0x10}, {}, {0xc, 0x3}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x84c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x3f, 0x1, 0x0, 0x0, 0x97ab, 0x40}, {0x2, 0x0, 0x3, 0x57, 0x8, 0x3}, 0x1, 0x20202, 0xa2d}}, @TCA_TBF_PBURST={0x8, 0x7, 0x86c}, @TCA_TBF_PTAB={0x404, 0x3, [0x9, 0x4, 0x7, 0x3, 0x2, 0x8, 0x6, 0x641e, 0x7, 0x3, 0x5, 0x7, 0x10, 0x9, 0x1, 0x7, 0x7, 0x896, 0x581, 0x9, 0x2, 0x8, 0x7, 0x2498, 0x80, 0xffffffff, 0x7, 0x3, 0x4a, 0x6, 0x6, 0x6, 0x5, 0x8, 0x93d1, 0x0, 0x4, 0x48000000, 0x2, 0x0, 0xa18, 0x70, 0x8, 0x6, 0x0, 0x800, 0xbda0, 0x7d1, 0x1, 0x40, 0x0, 0xfffff801, 0xa, 0x3ff, 0x1, 0x9, 0x1d7048e3, 0x9, 0x3, 0xfad8dbc, 0x1000, 0x7ffd, 0xa, 0x400, 0x2, 0x4, 0xa, 0x0, 0xffffffff, 0xfffffffb, 0x8, 0xb, 0x0, 0x3452ba86, 0xee5e, 0x8, 0x46, 0x81, 0x6, 0x58a, 0x1, 0x10000, 0x100, 0x5, 0x1, 0x436, 0x46d35f4d, 0x5, 0x2, 0x2, 0x7, 0xdea5, 0xfffffffb, 0x7, 0x4, 0x2, 0x10, 0x6, 0x0, 0x0, 0x4, 0x4, 0xd, 0x8, 0x9, 0x7d, 0x3, 0x8000, 0xdd87, 0x6, 0x3, 0x1, 0x80000000, 0x7, 0x3, 0x10000, 0x1, 0xa, 0xb, 0xfe00, 0x46, 0x8, 0x892, 0x97f, 0x80000000, 0x7, 0x1ff, 0x3, 0xfffffff7, 0x10001, 0x3, 0x9, 0x1, 0x7fffffff, 0xc49, 0x8000, 0x1, 0x4, 0x2, 0x5, 0x7, 0x5, 0x5, 0x1, 0xfffffff9, 0xebe, 0x3, 0x5, 0xffffffcd, 0x0, 0x5, 0x0, 0x1, 0x9, 0x3ff, 0x1, 0x0, 0x6, 0x5, 0x4, 0x401, 0x10, 0x101, 0x93, 0xda0, 0x5, 0xffff, 0x9, 0x10, 0x8001, 0x5, 0x61, 0x2, 0x7fff, 0x3, 0xa6e, 0x9, 0x6, 0xff, 0x5, 0x8, 0x1, 0x7fff8000, 0x7fffffff, 0x1, 0x5, 0x586, 0x2, 0x7, 0xc20b, 0xd, 0xd, 0x2de, 0x7f, 0x8, 0x3, 0xc, 0x1, 0x7fffffff, 0x7, 0x7f, 0x1, 0x6, 0x5, 0x9, 0x0, 0x1, 0x6ea, 0x8, 0x7, 0x6, 0x1cad, 0x3, 0x5, 0x3, 0x7, 0x6, 0x4, 0x6, 0x38f, 0x5, 0x1, 0x10000, 0x3, 0x1, 0x4, 0x6, 0x10, 0xffffffff, 0xfffffff9, 0xe, 0xfffffffe, 0xffff, 0x5, 0x1, 0x9b, 0x4, 0x5, 0x4, 0xaa, 0x4, 0xcd37, 0x1000000, 0xe6c, 0xffff, 0x7fff, 0x0, 0x18000, 0x400, 0xc, 0x200, 0x2, 0x8, 0x5, 0x400, 0x1fb4eb52]}, @TCA_TBF_PBURST={0x8, 0x7, 0xa31}, @TCA_TBF_BURST={0x8, 0x6, 0xd912}, @TCA_TBF_RTAB={0x404, 0x2, [0x8, 0x3, 0x2a069f11, 0x4, 0x5, 0x7, 0x1, 0x89, 0x3, 0x4, 0xa58e, 0x8, 0x100, 0x6, 0x0, 0x7fffffff, 0x10, 0xf, 0xc00000, 0x8, 0xcd5, 0x1000, 0x7, 0x4, 0xef47, 0xffffff7f, 0xfffffffe, 0x7, 0x1, 0x544a, 0x7, 0x9, 0x4, 0x1, 0x7, 0x9, 0x101, 0x401, 0x800, 0x3, 0x900, 0x4, 0x959, 0x0, 0x2, 0x733, 0x200, 0x19, 0x100, 0x642e36ee, 0x4, 0x5, 0x3, 0x4, 0x0, 0x4, 0x4, 0x5, 0xa0, 0x8dca, 0xf9d67b2, 0x5, 0x56996efc, 0x9, 0x1, 0x2, 0x5, 0x8, 0xffff, 0x7ff, 0x0, 0x2, 0x3, 0x192, 0x1ff, 0x7, 0xa, 0x0, 0x9, 0x5, 0x9, 0x6604, 0x80000000, 0x8, 0x8, 0xffff0000, 0x40007, 0x9, 0x80000001, 0x100, 0x8, 0x7, 0xfffffffd, 0xff, 0x7, 0x10001, 0x1, 0x800, 0x8001, 0x8, 0x100, 0x5, 0x5edfd482, 0x42, 0x0, 0x3, 0x10000, 0x626, 0xffff, 0x400, 0x400, 0x7, 0x0, 0xc8, 0x5, 0x5, 0x6, 0x1, 0x9, 0xfffffffc, 0x3dafc201, 0x9, 0x81, 0x280, 0x8, 0xb3, 0x5, 0xffffff5f, 0x2, 0xee, 0x3, 0x5, 0x8, 0xf31, 0x6f, 0x100, 0x8, 0x1, 0xfc8, 0x7fff, 0x3, 0x9a8, 0x1, 0x8001, 0x1, 0x9, 0xe7, 0x58, 0x1, 0x4, 0x7, 0xff, 0x18, 0x400, 0x5, 0x7, 0xfffffff9, 0x5, 0x8, 0xfffffffe, 0x1, 0xffffffff, 0x1, 0x7, 0x0, 0x9, 0x4, 0x6, 0x7, 0x8, 0x1, 0xf, 0x1, 0xb, 0xa, 0x9, 0x4, 0xb, 0x3, 0xd6, 0x4, 0x2, 0x2, 0x7, 0x280, 0x0, 0x6, 0x3, 0x3, 0x3, 0xae, 0x2a56, 0x6, 0x5, 0x2, 0x1, 0x8, 0x1, 0x10000, 0x7, 0x8, 0x7, 0x4, 0xff40, 0x4, 0x5, 0x0, 0x2, 0x3, 0x48000000, 0x5, 0x1, 0x0, 0x663d4cf3, 0xffff4f57, 0xffff67f3, 0x5, 0xfffffff7, 0x0, 0xe8, 0x50f3, 0x101, 0x1, 0x6, 0x7fff, 0xfffffff3, 0xd, 0xfffffffa, 0x2, 0x5389, 0xc, 0x7, 0x8, 0xdfd, 0x7fff, 0x8, 0x2860, 0x7, 0x103, 0x4000000, 0x8, 0xa4da, 0x5, 0x7, 0xd48, 0xa177, 0x6, 0x80000000, 0x4, 0x6, 0x9, 0x4, 0x7, 0x6, 0x3, 0x2]}]}}]}, 0x878}, 0x1, 0x0, 0x0, 0x40098}, 0x0)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000008c0)={{{@in=@private, @in=@remote}}, {{@in6=@local}, 0x0, @in6=@dev}}, &(0x7f00000000c0)=0xe8)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r6)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x4361, 0x7, 0xffffffff, 0x3}}}}]}, 0x4c}}, 0x0)
r9 = openat$cuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0)
pipe2(&(0x7f0000000300)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff}, 0x0)
write$FUSE_NOTIFY_POLL(r11, &(0x7f0000000040)={0x18, 0x1, 0x0, {0x7fffffffffffffff}}, 0x18)
splice(r10, 0x0, r9, 0x0, 0x18, 0x9)
ioctl$BLKZEROOUT(r10, 0x127f, &(0x7f0000000080)={0x7, 0x1})
sendmsg$nl_route_sched(r7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)=@gettaction={0xd4, 0x32, 0x10, 0x70bd29, 0x25dfdbfe, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1}}, @action_gd=@TCA_ACT_TAB={0x10, 0x1, [{0xc, 0x1e, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x9}}]}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x9}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x3}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc}, @action_gd=@TCA_ACT_TAB={0x70, 0x1, [{0x10, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0x10, 0x7, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'vlan\x00'}}, {0x10, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'vlan\x00'}}, {0x10, 0x2, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}, {0xc, 0x15, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x3}}, {0x10, 0x18, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0x10, 0x0, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'sample\x00'}}]}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1}}]}, 0xd4}, 0x1, 0x0, 0x0, 0x240040e0}, 0x4890)
socket$packet(0x11, 0x3, 0x300)
r12 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r12, &(0x7f0000000080)={0xa, 0x4e1d, 0x6, @ipv4={'\x00', '\xff\xff', @remote}, 0x2}, 0x1c)
r13 = syz_open_procfs(0x0, &(0x7f00000001c0)='mountstats\x00')
read$FUSE(r13, &(0x7f0000012400)={0x2020}, 0x2020)
newfstatat(0xffffffff0000005d, 0x0, 0x0, 0x1000)
executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xd)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r3=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="700200001300290a000000000000000007000000", @ANYRES32=r3, @ANYBLOB="000000000000000010010c8013000c800ca3488008000000000000000800038064001d80050006000000000014000500714abbd2547de97cbbf6efb226f19bf90d0002003a288e5e5b5b5a40000000006000078014000400293a02149f3b75a67093c28fd6f55a2314000400e48f01e49713f0c2d839f940d9f088d8050006000000003bd00002006272696467655f736c6176655f30000007000200293a00000500060000000000080001000000000018002580140004004d2906d0880fc8acc30fe2020f9849675000028004000500a1085e7df341b9dc3d8008a2fe5bdaad140004009c7e472c916020fe41bcc5aa8f56c9471400050080ab8be51421cfa3c9e5cbfe8217e0af0800010000000000080001000000000060001a803f0003"], 0x270}, 0x1, 0x0, 0x0, 0x20008014}, 0x4)
r4 = socket(0x10, 0x3, 0x0)
sendmmsg(r4, &(0x7f0000000000), 0x4000000000001f2, 0x0)
executing program 4:
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f0000000340)={0x1d, r1, 0x1000, {0x2, 0xff, 0x4}, 0xfe}, 0x18)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r3=>0x0})
fcntl$getflags(r2, 0x2)
r4 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x25, &(0x7f0000000000)=0x6d93, 0x4)
sendmsg$sock(r4, &(0x7f0000000780)={&(0x7f0000000300)=@in6={0xa, 0x4e23, 0x401, @loopback, 0x4}, 0x80, 0x0, 0x0, &(0x7f0000000080)=[@mark={{0x18, 0x1, 0x51, 0xfffffffb}}], 0x18}, 0x0)
bind$can_j1939(r2, &(0x7f0000000340)={0x1d, r3, 0x1003, {0x2, 0xff, 0x4}, 0xfe}, 0x18)
r5 = syz_open_dev$swradio(&(0x7f00000005c0), 0x1, 0x2)
r6 = openat$sequencer2(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$SNDCTL_TMR_TEMPO(r6, 0xc0045405, &(0x7f0000000380)=0x5b)
ioctl$VIDIOC_ENUM_FMT(r5, 0xc0405602, &(0x7f0000000600)={0xf5, 0x1, 0x2, "57243d06160370c1dee27cb8bd18301a40670b3a69c2789cbb38a6720e0dcc4a", 0x39565559})
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r7, 0x402c5342, &(0x7f0000000040)={0x0, 0x10, 0x7, {0x7ff, 0x1}, 0x6e, 0xb153}) (fail_nth: 2)
executing program 4:
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0xc1105511, &(0x7f0000000040)={0xa, 0x0, 0x3d, 0x10000, 'syz1\x00', 0x5})
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f0000000080)={0xffffffffffffffff, 0x0, {0x0, 0x0, 0x0, 0x7, 0x4000000000000ffc, 0x0, 0x4, 0x1, 0x15, "faf98317e5a1149989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d680f985881a7beda9d69098c8b534464c516bdd8a0f35", "32d8cc26f7060000df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7b55b7cd800b2f7b6aa54cc50a1fcaed1e831fa79a00000000000000000000000080", "67523760fd40f78d2cfc03d81a8ca55ba139c01802c4dae4162e43ac61b7ad33", [0x40000000000010, 0x9]}})
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaa"], 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="40000000100003040000000000000000", @ANYRES32], 0x40}}, 0x0)
syz_usb_connect$uac3(0x2, 0x92, &(0x7f0000000dc0)=ANY=[@ANYBLOB="120101020000002044060f804000010203010902800003010310c0080b0002012030400904000000010130000a"], &(0x7f0000001200)={0x0, 0x0, 0x0, 0x0})
r0 = add_key$user(&(0x7f00000001c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000240)="166ec4b16abf8d77f0", 0x9, 0xfffffffffffffffe)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
executing program 3:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r2 = add_key$user(&(0x7f00000003c0), &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000340), 0x0, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f00000000c0)={r2, r2, r2}, &(0x7f0000000080)=""/34, 0x22, &(0x7f0000000000)={&(0x7f0000000280)={'wp512-generic\x00'}})
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
umount2(&(0x7f00000002c0)='./file0\x00', 0xb)
keyctl$update(0x2, r2, &(0x7f0000000040)="3a77ca2f441f0166a88d84e4f8716573a5372153d986d6a9e3b04844134d40", 0x1f)
kexec_load(0x8, 0x9a, 0x0, 0x160000)
socket$inet6_sctp(0xa, 0x5, 0x84)
rseq(&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x4}, 0x20, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYRES16], 0x24}, 0x1, 0x0, 0x0, 0x44004}, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15)
syz_clone(0x25000011, 0x0, 0x0, 0x0, 0x0, 0x0)
keyctl$set_reqkey_keyring(0xe, 0x3)
r4 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r4, 0xc0045005, &(0x7f0000001180)=0x2000000)
mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r4, 0x0)
ioctl$SNDCTL_DSP_GETOPTR(r4, 0x5008, 0x0)
ioctl$SNDCTL_DSP_SYNC(r4, 0x5001, 0x0)
ioctl$SNDCTL_DSP_GETOPTR(r4, 0x800c5012, &(0x7f0000000200))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f00000003c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r6, 0x0, 0x0, 0x0)
executing program 0:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
creat(&(0x7f0000000040)='./file0\x00', 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x260000, 0x1)
file_getattr(r1, 0x0, &(0x7f0000000100), 0x18, 0x1000)
ptrace$setregs(0xd, r0, 0xfffffffffffffffc, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYRESHEX=r0, @ANYRES16, @ANYBLOB="050027bd7000fedbdf"], 0x80}, 0x1, 0x0, 0x0, 0x40048}, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000100)=ANY=[], 0x9)
write$binfmt_script(r4, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r4, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
preadv(r4, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
r5 = syz_open_dev$vbi(&(0x7f0000000000), 0x2, 0x2)
ioctl$VIDIOC_S_INPUT(r5, 0xc0045627, &(0x7f0000000100)=0x3)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r5, 0xc0845657, &(0x7f0000000040)={0x0, @bt={0xa00, 0x63c, 0x1, 0x3, 0xd59f83, 0x19f5, 0x3f, 0x7, 0x3, 0x6, 0x2800, 0x2800, 0x12, 0xba2, 0x1b, 0x3e, {0x8, 0x40}, 0xcf, 0x9}})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
r6 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r6, 0x40345410, &(0x7f00000083c0)={{0x3}})
ioctl$SNDRV_TIMER_IOCTL_STATUS32(r6, 0x80585414, 0x0)
executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x3, &(0x7f0000000000)=0x1, 0x4)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, 0x0, 0x0)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
getsockname$unix(r2, &(0x7f0000000300)=@abs, &(0x7f0000000200)=0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000000)={0x38, 0x0, 0x1, 0x8001, 0x0, 0xb49, 0x200000000002, 0x9, 0xa, 0x5}, 0x0)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
r4 = socket$netlink(0x10, 0x3, 0x15)
writev(r4, &(0x7f0000000100)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
recvmmsg(r4, &(0x7f0000000680)=[{{0x0, 0x0, 0x0}, 0x5}, {{0x0, 0x0, 0x0}, 0x4}], 0x2, 0x40010000, 0x0)
keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0x71)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, &(0x7f00000003c0)='encrypted\x00', &(0x7f0000000240))
poll(&(0x7f0000000000), 0x20000000000000b5, 0x9)
r5 = syz_open_dev$vim2m(0x0, 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r5, 0xc0d05605, &(0x7f0000000cc0)={0x1, @sliced={0xfff, [0x9, 0xfa, 0x80, 0x401, 0x0, 0xff80, 0x1c00, 0x2590, 0x1, 0x9, 0x0, 0x7f4, 0x7, 0x2, 0x9, 0x9, 0xfff, 0xfff9, 0xfffe, 0x10, 0xf837, 0xe020, 0x800, 0x8, 0x0, 0x200, 0x53, 0xff, 0x8, 0x9, 0xa, 0x101, 0x6, 0x1, 0x7, 0xe03c, 0xfff, 0x0, 0xf801, 0xdf8, 0x6, 0x1, 0x5, 0x4, 0xdc2, 0x2, 0x400, 0xa15d], 0x2}})
readlinkat(0xffffffffffffffff, &(0x7f0000000140)='./mnt\x00', 0x0, 0x0)
epoll_create1(0x80000)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, 0x0, &(0x7f0000000080))
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x40200, 0x0)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f00000001c0))
bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e22, 0x9, @loopback, 0x6}, 0x1c)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000040)=0x40, 0x4)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x2840, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x24000000}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x5, 0x0, 0x0, {0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x5}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x34, 0x4, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x20, 0x2, 0x0, 0x1, [@NFTA_TARGET_INFO={0x7, 0x3, "d61418"}, @NFTA_TARGET_REV={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_TARGET_NAME={0xc, 0x1, 'NFQUEUE\x00'}]}}}]}]}], {0x14}}, 0xd0}}, 0x0)
executing program 0:
r0 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000380)=@hci={0x1f, 0x5965, 0x31}, 0x80, &(0x7f0000000300)=[{&(0x7f0000000000)="c2e512c488edbffe2d10000081007aa2892f", 0x12}], 0x1}, 0x20000000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
msgctl$MSG_STAT(0x0, 0xb, 0x0)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$dri(&(0x7f0000000240), 0xd21, 0x4000)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r3 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000040)={0x0, &(0x7f0000000480)=[@nested_amd_vmload={0x182, 0x18, 0x3}, @uexit={0x0, 0x18, 0x8001}, @wr_drn={0x68, 0x20, {0x3, 0xc4}}, @nested_amd_invlpga={0x17d, 0x20, {0x0, 0xdaae}}, @out_dx={0x6a, 0x28, {0x1581, 0x0, 0x1}}, @code={0xa, 0x56, {"f20f108100680000470f0966b808018ed80f2043410f01d166ba400066ed66baa100b000eec744240051000000c74424020d000000ff1c242ef30fc7b680ffffff410f01f8"}}, @nested_create_vm={0x12d, 0x18, 0x8}, @nested_amd_vmcb_write_mask={0x17c, 0x38, {0x2, @save_area=0x457, 0x10, 0xffff, 0x2}}, @uexit={0x0, 0x18, 0x2}, @enable_nested={0x12c, 0x18}, @nested_amd_inject_event={0x180, 0x38, {0x3, 0x56, 0x2, 0x4, 0x2}}], 0x1a6})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000)
syz_clone(0x100011, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x1, 0x2, &(0x7f0000000140)=@raw=[@ldst={0x1, 0x2, 0x3, 0x0, 0x1, 0x8}, @exit], &(0x7f00000000c0)='GPL\x00', 0x9}, 0x94)
r4 = syz_open_dev$vim2m(&(0x7f0000000680), 0x8, 0x2)
r5 = syz_open_dev$usbfs(&(0x7f0000000180), 0x205, 0x2581)
r6 = fcntl$dupfd(r5, 0x0, r5)
ioctl$USBDEVFS_SUBMITURB(r6, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x10004, 0x4, &(0x7f0000000100)={0x80, 0x0, 0x0, 0x0, 0x7995}, 0x8, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0})
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x44dad9eb3ee52315)
ioctl$USBDEVFS_REAPURB(r6, 0x4008550c, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000040)={'tunl0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0x0, {0x0, 0x0, 0x0, r9, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xffe0}}, [@qdisc_kind_options=@q_plug={{0x9}, {0xc, 0x2, {0x3, 0x7}}}]}, 0x3c}}, 0x4000010)
sendmmsg$inet(r7, &(0x7f0000005200)=[{{0x0, 0x4b, &(0x7f0000000000), 0x1}}], 0x1, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x800007, 0x11, r4, 0x0)
executing program 3:
r0 = socket$kcm(0x29, 0x5, 0x0)
write$cgroup_pressure(0xffffffffffffffff, &(0x7f0000000140)={'full', 0x20, 0x3, 0x20, 0xfffffffffffffffc}, 0x2f)
ioctl$int_in(r0, 0x5452, &(0x7f0000000240)=0x7)
sendmsg$kcm(r0, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x20000818)
r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000200000700000018", @ANYRES32=<r2=>0xffffffffffffffff, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ff"], 0x0, 0x9, 0x0, 0x0, 0x41000, 0xb}, 0x94)
ptrace(0x10, r1)
ptrace$setregset(0x4205, r1, 0x1, &(0x7f0000000100)={&(0x7f0000000040)="dcef58b7f29c1f7c93d183044aedba283413e674c7719c33a4b17f028f68610a6c55bb2bf8282853f3e16f8394a8676ff55a3507e2ad50248c6130863b0f7433c7fbc9b978a39eae88bffd05d139cedbee444f7c98e1f92b0f64462b4b470bedced2125e0b1f38fbaa348c6d75aa1a4011e9cdae15ecb9309b0101edbf6dd6d111d6132f1821a4e4cbec8438c571a70e7ca7b0451a6cc55c", 0x98})
ptrace$setregset(0x4205, r1, 0x200, &(0x7f00000001c0)={&(0x7f0000000440)="c94522e546f93f6dedf11f1509685636", 0x60})
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB, @ANYRESHEX=r1, @ANYRES64=r0, @ANYRESDEC=0x0, @ANYBLOB, @ANYRES32=r2])
read$FUSE(0xffffffffffffffff, &(0x7f00000021c0)={0x2020}, 0x2020)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000004200)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d838aae8c05dd22d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x28a43, 0x0)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r4, 0xffffffffffffffff, 0x0)
sendmmsg$sock(r3, &(0x7f0000002480), 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x900802, 0x0)
sendmsg$netlink(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000200)=ANY=[], 0x58c}], 0x1, 0x0, 0x0, 0x4048041}, 0x8880)
r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f00003a1000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f0000000000)="9a01000000f800b8d58800000f23d00f21f8351000000d0f23f864640f79ea66baf80cb8c85f5480ef66bafc0cecc4c2adac17b9550200000f320f2860c7c4e11751df0f2e2d00000080b9800000c00f3235008000000f30", 0x58}], 0x1, 0x4a, 0x0, 0x0)
ioctl$KVM_SET_GUEST_DEBUG_x86(r6, 0x4048ae9b, &(0x7f0000000080)={0xe0003, 0x0, {[0xffffffffffffffff, 0x1f8, 0x7c84, 0x26, 0x3, 0x4, 0xbf9]}})
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="1400000000000000290000003400000004000004000000b25bd03900000000002900040034000000fdffffff0000000070000000000000002900000004000000040a000000000000fe00801409e12e5f0b6bdcf72f2ec7008a15fa88b025e0ad070800000001007a018005020a7e00010005020007c910fc0200000000000000000000000000009211e80ee304ecb784ec4655260cecea14c3980000000000001400000000000000290000003400000000001400000000000000290000003e000000080000000000000020000000000000002900000037000000730000000000000000010000000000001400000000000000290000000b0000000000000200000000180000000000000029000000390000000000000000000000380000000000000029000000390000003a04027000000000ff010000000000000000000000000001ff020000000000000000000000000001ed83dc201c478de45d6adc98ce0579678a99b1fa03c9beb4cd9454795260f7fca8bbbc84eaf9079f92e475047c6ccefe4a98c62d012d8337d44ab9d3cbab8807a64f31b266439b8d00080000009597231ef15b79e77a9b3c423af323e2f63aebcae960787cfe502e3f5eddfb68c72879e9c16c86596bb58de9ddab292fff07f7d935cca94ec763f4493ecbf9f0589da5f60d19cbe1cf38c70eb27479d9b16a1d0ff51fae9d579ba8328d9cf924a4842cf5f46fd48b14c07c3d523927d836c9d2349fd6d2ee1d7652fd8881ae8d66fa7fc2b97936782acdf66c20ef14deea2db7b9c15f75f992bc289cde108fe39e9853c4eb5804ee115793f7497b5bd49785ba0fc522a4161df191a70f7399d05345c568dfaba684"], 0x158}}], 0x1, 0x4040c94)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
executing program 3:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x21800, 0x0)
select(0xff44, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x300}, 0x0, 0x0, &(0x7f0000000100)={0x77359400})
r2 = syz_open_dev$vim2m(&(0x7f0000000180), 0x0, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r2, 0xc0405602, &(0x7f0000000040)={0x14, 0x2, 0x0, "11010000001400000100b64c0000000f4cb85200000400", 0x30314442})
socket(0x1d, 0x2, 0x6)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(0xffffffffffffffff, 0x40045532, 0x0)
r3 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'veth1_to_team\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xa}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x14, 0x2, [@TCA_HHF_RESET_TIMEOUT={0x8}, @TCA_HHF_HH_FLOWS_LIMIT={0x8, 0x3, 0x80}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x40000dc}, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps_rollup\x00')
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
read$FUSE(r5, &(0x7f00000007c0)={0x2020}, 0x2020)
r6 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r6, 0xaf01, 0x0)
r7 = eventfd2(0x43, 0x1)
ioctl$VHOST_SET_VRING_KICK(r6, 0x4008af20, 0x0)
ioctl$VHOST_SET_VRING_KICK(r6, 0x4008af20, &(0x7f00000005c0)={0x0, r7})
writev(r7, &(0x7f0000000080)=[{0x0}], 0x1)
r8 = syz_open_procfs$pagemap(0x0, &(0x7f0000001080))
ioctl$PAGEMAP_SCAN(r8, 0xc0606610, &(0x7f00000001c0)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x8000, 0x0, 0x0, 0x0, 0x33, 0x40, 0x0, 0xe4})
r9 = socket$kcm(0xa, 0x2, 0x0)
syz_emit_ethernet(0xe, &(0x7f00000013c0)=ANY=[@ANYBLOB="0180c200000201805900000088fb"], 0x0)
sendmsg$sock(r9, &(0x7f0000000000)={&(0x7f0000000580)=@in6={0x2, 0x4e23, 0x1, @private2={0xfc, 0x2, '\x00', 0x1}, 0xd}, 0x80, 0x0, 0x0, &(0x7f0000000640)}, 0x4800)
executing program 1:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) (async)
ioctl$VHOST_GET_VRING_BASE(r0, 0x4001af84, 0x0) (async)
bind$unix(0xffffffffffffffff, &(0x7f0000000f80)=@abs={0x1, 0x0, 0x4e22}, 0x6e)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_mreqn(r1, 0x0, 0x53, 0x0, &(0x7f0000000040)=0xf) (async)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, 0x0}], 0x1, 0x0, &(0x7f00000000c0)=[@cr4={0x1, 0x425c}], 0x1) (async)
r4 = dup(r3) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r4, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, 0x0}], 0x1, 0x42, 0x0, 0x0) (async)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x48, 0x0, 0x0) (async)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
executing program 5:
r0 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000500)={'team0\x00', <r1=>0x0})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0x34, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r1, {0x0, 0xfff2}, {0xffff, 0xffff}, {0x3}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}}, 0x48004) (fail_nth: 2)
executing program 1:
syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0)
r0 = socket(0x80000000000000a, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000407000/0x18000)=nil, &(0x7f0000000600)=[@text32={0x20, &(0x7f0000000140)="7d0066baf80cb8bb91a285ef66bafc0cb086ee0fc77d00660f38dd9100200000c4c3055fd302c4c2f59ac9b805000000b994add14b0f01d9260f0f5e048e64660f3839c966baf80cb8b1b98d86ef66bafc0cb000ee"}], 0x1, 0x0, 0x0, 0x13)
sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010027bd7000fcdbdf250600000008082b00030000000800230006000000050037000100000008002c00faffffff08002b00190000004a8a6836010de87ad2ffed791583256e7cd92bc5f2bd7feeddf900af784f358ddd22a9752dc97529f7dbccd701ce7027cb6559783bb03d64ca041c4ca4178bf206b4314645c02ad6c8c87972fdc9375ce2a090e87880d636e6cd5e005a7d37874d18d30642c411d6bd82cab7a329cf2fdaff8b53"], 0x3c}, 0x1, 0x0, 0x0, 0x20040020}, 0x20040010)
socket$inet6_sctp(0xa, 0x5, 0x84)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f00000000c0)={<r6=>0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}]}, &(0x7f0000000100)=0x10)
r7 = socket(0x200000000000011, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000080)={'team0\x00', <r8=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYRES8=r8, @ANYRES32=0x0, @ANYRESHEX=0x0, @ANYRES32=r8], 0x3c}}, 0x4040800)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000240)={0x0, @in={{0x2, 0x0, @empty}}, 0xff, 0x4}, 0x90)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000840)={r6, @in6={{0xa, 0x4e20, 0x3ae, @empty, 0x129}}, 0x2, 0x2, 0x614, 0x1, 0xd, 0x7, 0x4}, 0x9c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x8, 0x6, &(0x7f0000000200)=ANY=[], 0x0, 0x47, 0x0, 0x0, 0x41000, 0xf72cb191e650caa, '\x00', r8, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
syz_open_dev$loop(&(0x7f0000000280), 0xffff, 0x14f600)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x6, &(0x7f0000000000)=[{0x3, 0xfc, 0x9, 0x7fff}, {0x0, 0x0, 0xfe, 0xfffff858}, {0xfff9, 0x80, 0xd8, 0x7f}, {0x8, 0x1, 0x5, 0xeffa}, {0x795a, 0x9, 0x3, 0xe}, {0x3, 0x4, 0xd, 0xbefc}]})
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000380), 0x0, 0x10}, 0x40014)
executing program 5:
r0 = syz_open_dev$vbi(&(0x7f00000001c0), 0x1, 0x2)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r1, 0x100000000)
r2 = fcntl$dupfd(r0, 0x0, r0)
write$binfmt_script(r2, &(0x7f0000000100), 0xfffffd9d) (fail_nth: 6)
executing program 3:
r0 = fsopen(&(0x7f0000000040)='ceph\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000100)='test_dummy_encryption', &(0x7f0000000240)='v2\x00ul\x00\x00\x00\x00\x00loc\x8d\x8b#\xe0\xb9\xbd\"\xeb.\xc7]\xa67\x97 \xc9\xfc|\x85o7Z\xdc}U\x8c\xdd\n\xaa?4\xafq\x1d\xf6(\xe6\x9em_\x1a\xbfDi\x15\x81\xd47\x8e\x86\xa2u~FC\x9c\xe3\x98\x87\x98\xf7\xa2\xb5\x12\x8cv\xe4_\x91\xa8G!mm\f\xcf\xfb[\xd5Qf\x15\xfe\xc80\xad\xaa\xe9', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='test_dummy_encryption', &(0x7f0000000080)='v1\x00ul\x00\x00\x03\x00\x00loc\x8d\x8b#\xe0\xb9\xbd\"\xeb.\xc7]\xa67\x97 \xc9\xfc|\x85o7Z\xdc}U\x8c\xdd\n\xaa?4\xafq\x1d\xf6(\xe6\x9em_\x1a\xbfDi\x15\x81\xd47\x8e\x86\xa2u~FC\x9c\xe3\x98\x87\x98\xf7\xa2\xb5\x12\x8cv\xe4_\x91\xa8G!mm\f\xcf\xfb[\xd5Qf\x15\xfe\xc80\xad\xaa\xe9', 0x0)
executing program 3:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
creat(&(0x7f0000000040)='./file0\x00', 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x260000, 0x1)
file_getattr(r1, 0x0, &(0x7f0000000100), 0x18, 0x1000)
ptrace$setregs(0xd, r0, 0xfffffffffffffffc, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYRESHEX=r0, @ANYRES16, @ANYBLOB="050027bd7000fedbdf"], 0x80}, 0x1, 0x0, 0x0, 0x40048}, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000100)=ANY=[], 0x9)
write$binfmt_script(r4, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r4, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
preadv(r4, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
r5 = syz_open_dev$vbi(&(0x7f0000000000), 0x2, 0x2)
ioctl$VIDIOC_S_INPUT(r5, 0xc0045627, &(0x7f0000000100)=0x3)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r5, 0xc0845657, &(0x7f0000000040)={0x0, @bt={0xa00, 0x63c, 0x1, 0x3, 0xd59f83, 0x19f5, 0x3f, 0x7, 0x3, 0x6, 0x2800, 0x2800, 0x12, 0xba2, 0x1b, 0x3e, {0x8, 0x40}, 0xcf, 0x9}})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
r6 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r6, 0x40345410, &(0x7f00000083c0)={{0x3}})
ioctl$SNDRV_TIMER_IOCTL_STATUS32(r6, 0x80585414, 0x0)
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x24000000}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x5, 0x0, 0x0, {0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x5}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x34, 0x4, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x20, 0x2, 0x0, 0x1, [@NFTA_TARGET_INFO={0x7, 0x3, "d61418"}, @NFTA_TARGET_REV={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_TARGET_NAME={0xc, 0x1, 'NFQUEUE\x00'}]}}}]}]}], {0x14}}, 0xd0}}, 0x0)
executing program 0:
socket$netlink(0x10, 0x3, 0x0)
openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0x0, 0xfffffffffffffff9)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000440)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
r2 = gettid()
rt_sigtimedwait(0x0, 0x0, 0x0, 0x0)
tkill(r2, 0x15)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x0, 0x1, 0x401, 0x0, 0xa9, 0x8000000000000000, 0x8, 0x7, 0x8000003}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc1002}]})
r3 = syz_open_procfs(0x0, &(0x7f0000000300)='attr\x00')
r4 = open_tree(r3, 0x0, 0x89901)
move_mount(r4, 0x0, 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r4, 0xc0045516, &(0x7f00000000c0)=0x7fff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
timer_create(0x2, 0x0, &(0x7f0000bbdffc))
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x600, 0x10000)
madvise(&(0x7f000034d000/0x3000)=nil, 0x3000, 0xc)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ptrace$PTRACE_GETSIGMASK(0x420a, r2, 0x8, &(0x7f00000001c0))
sendmsg$NL80211_CMD_GET_SURVEY(r5, &(0x7f0000000080)={0x0, 0xfffe, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="a903030000000000000032000000"], 0x1c}}, 0x4004050)
pipe2$watch_queue(&(0x7f0000000000), 0x80)
executing program 1:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$unix(0x1, 0x1, 0x0)
r2 = socket$kcm(0x11, 0x3, 0x0)
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r5, {0x0, 0x1}, {0xffff, 0xffff}, {0xfff9, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=@newtfilter={0x54, 0x2c, 0xf3f, 0x30bd2b, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0xb, 0xf}, {}, {0x7, 0x8}}, [@filter_kind_options=@f_basic={{0xa}, {0x24, 0x2, [@TCA_BASIC_EMATCHES={0x20, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x10, 0x1, 0x0, 0x0, {{0x45aa, 0x2, 0x6}, {0x1}}}]}]}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x20041090}, 0x810)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r6)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$kcm(r2, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x7, r7, 0x4}, 0x80, &(0x7f0000000480)=[{&(0x7f0000000600)="1e", 0x1}], 0x1, 0x0, 0x0, 0xb00}, 0x4c00c)
executing program 3:
syz_usb_connect(0x3, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000cc1ef420890b070064ef000000010902120001000000000904"], 0x0)
r0 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x1, 0x0)
write$proc_mixer(r0, 0x0, 0x33)
syz_open_dev$video(0x0, 0x0, 0x10b200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800200}, 0xc, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="804000001d00000429bd7000fddbdf0900000000e20c943ffb242ae1a4fc69953c41a79bae3157ccb39a2d8ff9589b648c2543c3d200cbf578817dc86e00c9a83614d3563006eb2e1a917fbbd0e39fd29c95c426ed299a8564c9ac605ff63e32741056e0699ed3e407d813632f95400e4f46377789b6ee58cd8c5da0d0c29a92f038ee549645b968c38181c261edf33eec54dd4a4b1247d969713e2bcca224a5e0040613c1e75bc3ed8271583620b98c6e33164ba07f6591072eb3cef6789ab1cadad4194f9800"/210, @ANYRES32=r2, @ANYBLOB="08008c0a30000e8005000100070000000500010008000000050001003f000000040002000500010008000000050001003800000005000c000600000008000d000400000008000d000200000014000100fc0100000000000000000000000000010800090006000000"], 0x80}, 0x1, 0x0, 0x0, 0x40000}, 0x24040045)
r3 = syz_open_dev$dvb_demux(&(0x7f00000002c0), 0x1, 0x0)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r3, 0x403c6f2b, &(0x7f0000000200)={0x7, {"9db867d09ed91aa9c5c29f2f1e4be6bf", "cc6c2d12e0353c0e42899a29fdefe3bc", "9defe9f49655f386b84e6bb715dac54f"}, 0x445, 0x7})
executing program 5:
r0 = socket$rxrpc(0x21, 0x2, 0xa)
sendmsg$inet(r0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[@ip_ttl={{0x14, 0x110, 0x2, 0x4}}, @ip_ttl={{0x14, 0x110, 0x2, 0x400}}], 0x30, 0x4c00}, 0x810)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
getsockopt$ARPT_SO_GET_ENTRIES(r1, 0x0, 0x61, &(0x7f0000000140)=ANY=[@ANYBLOB="66496c7465720000000000000000000000001d255af00000000000000000000004"], &(0x7f0000000080)=0x2c) (async)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$F2FS_IOC_WRITE_CHECKPOINT(r2, 0xf507, 0x0) (async)
sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000040)=ANY=[@ANYBLOB="280000006800250a0000000000000008000500"/28, @ANYRES32=0x0, @ANYBLOB="0600070001000000"], 0x28}}, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r4, 0x84, 0xb, &(0x7f0000001080)={0x81, 0xf1, 0x0, 0x4, 0xa, 0x5, 0xd, 0x5, 0xf, 0x1, 0x30, 0x8, 0x2e, 0x24}, 0xe) (async)
write$UHID_INPUT(r3, &(0x7f0000000000)={0xa, {"a2e39b214fc752f91b2909094bf70e0dd038e7ff7fc6e5539b324d078b089b3b0838681a0890e0878f0e1ac6e7049b3d6d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b343b0d076c0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c30900004288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef7becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe505003d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6ae4effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d71eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d471c8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949d9a92587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15aa82000000000000a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000", 0x1000}}, 0x1006)
executing program 5:
unshare(0x2a020600)
socket$inet_udp(0x2, 0x2, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='numa_maps\x00')
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000140)={0x1, &(0x7f0000000200)=[{0x6, 0x9, 0x7, 0x7fffffff}]})
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff6000/0x3000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r0 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89c, 0xc000, 0xa, 0x20002f7})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xfff0}, {0xe, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4)
socket$inet_sctp(0x2, 0x1, 0x84)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)
executing program 1:
syz_usb_connect(0x3, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000cc1ef420890b070064ef000000010902120001000000000904"], 0x0)
r0 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x1, 0x0)
write$proc_mixer(r0, 0x0, 0x33)
syz_open_dev$video(0x0, 0x0, 0x10b200)
r1 = syz_open_dev$dvb_demux(&(0x7f00000002c0), 0x1, 0x0)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r1, 0x403c6f2b, &(0x7f0000000200)={0x7, {"9db867d09ed91aa9c5c29f2f1e4be6bf", "cc6c2d12e0353c0e42899a29fdefe3bc", "9defe9f49655f386b84e6bb715dac54f"}, 0x445, 0x7}) (fail_nth: 3)
executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x5, &(0x7f0000000500)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002e000000850000000500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x2f00, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
executing program 5:
syz_emit_ethernet(0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000002aaaaaaaaaaaa08004500006000000000002f9078640101000000000024806558000000000000000010000800000086dd"], 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000880)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a280000f5010a010200000000000000000a0000060900010073797a310000000008000240000000013c000000180a00000000000000000000000000060900020073797a310000000008000740000000000900010073797a300000000008000740000000011c000000090a030000000000000000000500000208000c4004000089140000001100010000000000000000000100000a8a482ae3240e789a2c04f6d340794fac91f77ca16158cd10"], 0xa8}, 0x1, 0x0, 0x0, 0x2000c814}, 0x4000)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=ANY=[@ANYBLOB="140000001000010000000000080000000000000020000000000a01020000000000000000010000000900010073797a30000000004000ffff0900010073797a30000000000900020073797a03000000001400038008000140000000009a6e606bb616883783fcea9d564c930afbaf34d918841b3447ce7923698b77cad20145743246d28a63bf9f0bd3461285e81ab1efcd94380d644143d244fa7dd67a60df3205cc5ffef5c89f9e8d8573107d781dcb8a2a7fa156b042ee345093303d8ffebe269f4bed88f109df35a36a5571a16762b54798d4c1a98850d7de8316d5ded3db6380a713d3bc1c96890d73efe0477648c69a85b01b134980d7b236cfc3808338e1e109c93af72f8354d93b3e"], 0x138}}, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes192\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0)
sendmsg$IPCTNL_MSG_EXP_NEW(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000080)={0x4c, 0x0, 0x2, 0x401, 0x0, 0x0, {0xa, 0x0, 0x5}, [@CTA_EXPECT_MASTER={0x4}, @CTA_EXPECT_MASK={0x4}, @CTA_EXPECT_TUPLE={0x30, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0xd4}, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x10)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)={0x44, r7, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_OURS={0x18, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x8, 0x4, '\x00\x00\x00\x00'}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x20}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}, @ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001300)=@newtfilter={0x5c, 0x2c, 0xf25, 0x70bd25, 0x2, {0x0, 0x0, 0x0, r5, {0x0, 0x8}, {}, {0x8, 0x4}}, [@filter_kind_options=@f_flow={{0x9}, {0x2c, 0x2, [@TCA_FLOW_EMATCHES={0x28, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x100}}, @TCA_EMATCH_TREE_LIST={0x1c, 0x2, 0x0, 0x1, [@TCF_EM_CMP={0x18, 0x1, 0x0, 0x0, {{0x7, 0x1, 0xbc}, {0x5, 0x100000, 0x3, 0x4, 0x0, 0x1, 0x1}}}]}]}]}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYRES64=r2], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x54)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0)
r8 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x1, 0x0)
ioctl$IOMMU_VFIO_CHECK_EXTENSION(r8, 0x3b65, 0xa)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000000b00010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0)
syz_open_dev$usbfs(&(0x7f0000000100), 0x1ff, 0x200100)
sendmsg$NFT_BATCH(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @flow_offload={{0x11}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x20}}, 0x80}, 0x1, 0x0, 0x0, 0x2000094}, 0x4000800)
write$vhost_msg_v2(r8, 0x0, 0x0)

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 1 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-openat$proc_mixer-write$proc_mixer-syz_open_dev$video-socket$nl_route-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$nl_route-syz_open_dev$dvb_demux-ioctl$DVB_DEMUX_DMX_SET_FILTER
detailed listing:
executing program 0:
syz_usb_connect(0x3, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000cc1ef420890b070064ef000000010902120001000000000904"], 0x0)
r0 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x1, 0x0)
write$proc_mixer(r0, 0x0, 0x33)
syz_open_dev$video(0x0, 0x0, 0x10b200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800200}, 0xc, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="804000001d00000429bd7000fddbdf0900000000e20c943ffb242ae1a4fc69953c41a79bae3157ccb39a2d8ff9589b648c2543c3d200cbf578817dc86e00c9a83614d3563006eb2e1a917fbbd0e39fd29c95c426ed299a8564c9ac605ff63e32741056e0699ed3e407d813632f95400e4f46377789b6ee58cd8c5da0d0c29a92f038ee549645b968c38181c261edf33eec54dd4a4b1247d969713e2bcca224a5e0040613c1e75bc3ed8271583620b98c6e33164ba07f6591072eb3cef6789ab1cadad4194f9800"/210, @ANYRES32=r2, @ANYBLOB="08008c0a30000e8005000100070000000500010008000000050001003f000000040002000500010008000000050001003800000005000c000600000008000d000400000008000d000200000014000100fc0100000000000000000000000000010800090006000000"], 0x80}, 0x1, 0x0, 0x0, 0x40000}, 0x24040045)
r3 = syz_open_dev$dvb_demux(&(0x7f00000002c0), 0x1, 0x0)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r3, 0x403c6f2b, &(0x7f0000000200)={0x7, {"9db867d09ed91aa9c5c29f2f1e4be6bf", "cc6c2d12e0353c0e42899a29fdefe3bc", "9defe9f49655f386b84e6bb715dac54f"}, 0x445, 0x7})

program crashed: WARNING in as102_dvb_dmx_start_feed
single: successfully extracted reproducer
found reproducer with 9 syscalls
minimizing guilty program
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-openat$proc_mixer-write$proc_mixer-syz_open_dev$video-socket$nl_route-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$nl_route-syz_open_dev$dvb_demux
detailed listing:
executing program 0:
syz_usb_connect(0x3, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000cc1ef420890b070064ef000000010902120001000000000904"], 0x0)
r0 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x1, 0x0)
write$proc_mixer(r0, 0x0, 0x33)
syz_open_dev$video(0x0, 0x0, 0x10b200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800200}, 0xc, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="804000001d00000429bd7000fddbdf0900000000e20c943ffb242ae1a4fc69953c41a79bae3157ccb39a2d8ff9589b648c2543c3d200cbf578817dc86e00c9a83614d3563006eb2e1a917fbbd0e39fd29c95c426ed299a8564c9ac605ff63e32741056e0699ed3e407d813632f95400e4f46377789b6ee58cd8c5da0d0c29a92f038ee549645b968c38181c261edf33eec54dd4a4b1247d969713e2bcca224a5e0040613c1e75bc3ed8271583620b98c6e33164ba07f6591072eb3cef6789ab1cadad4194f9800"/210, @ANYRES32=r2, @ANYBLOB="08008c0a30000e8005000100070000000500010008000000050001003f000000040002000500010008000000050001003800000005000c000600000008000d000400000008000d000200000014000100fc0100000000000000000000000000010800090006000000"], 0x80}, 0x1, 0x0, 0x0, 0x40000}, 0x24040045)
syz_open_dev$dvb_demux(&(0x7f00000002c0), 0x1, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-openat$proc_mixer-write$proc_mixer-syz_open_dev$video-socket$nl_route-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$nl_route-ioctl$DVB_DEMUX_DMX_SET_FILTER
detailed listing:
executing program 0:
syz_usb_connect(0x3, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000cc1ef420890b070064ef000000010902120001000000000904"], 0x0)
r0 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x1, 0x0)
write$proc_mixer(r0, 0x0, 0x33)
syz_open_dev$video(0x0, 0x0, 0x10b200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800200}, 0xc, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="804000001d00000429bd7000fddbdf0900000000e20c943ffb242ae1a4fc69953c41a79bae3157ccb39a2d8ff9589b648c2543c3d200cbf578817dc86e00c9a83614d3563006eb2e1a917fbbd0e39fd29c95c426ed299a8564c9ac605ff63e32741056e0699ed3e407d813632f95400e4f46377789b6ee58cd8c5da0d0c29a92f038ee549645b968c38181c261edf33eec54dd4a4b1247d969713e2bcca224a5e0040613c1e75bc3ed8271583620b98c6e33164ba07f6591072eb3cef6789ab1cadad4194f9800"/210, @ANYRES32=r2, @ANYBLOB="08008c0a30000e8005000100070000000500010008000000050001003f000000040002000500010008000000050001003800000005000c000600000008000d000400000008000d000200000014000100fc0100000000000000000000000000010800090006000000"], 0x80}, 0x1, 0x0, 0x0, 0x40000}, 0x24040045)
ioctl$DVB_DEMUX_DMX_SET_FILTER(0xffffffffffffffff, 0x403c6f2b, &(0x7f0000000200)={0x7, {"9db867d09ed91aa9c5c29f2f1e4be6bf", "cc6c2d12e0353c0e42899a29fdefe3bc", "9defe9f49655f386b84e6bb715dac54f"}, 0x445, 0x7})

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-openat$proc_mixer-write$proc_mixer-syz_open_dev$video-socket$nl_route-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-syz_open_dev$dvb_demux-ioctl$DVB_DEMUX_DMX_SET_FILTER
detailed listing:
executing program 0:
syz_usb_connect(0x3, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000cc1ef420890b070064ef000000010902120001000000000904"], 0x0)
r0 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x1, 0x0)
write$proc_mixer(r0, 0x0, 0x33)
syz_open_dev$video(0x0, 0x0, 0x10b200)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000080))
r1 = syz_open_dev$dvb_demux(&(0x7f00000002c0), 0x1, 0x0)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r1, 0x403c6f2b, &(0x7f0000000200)={0x7, {"9db867d09ed91aa9c5c29f2f1e4be6bf", "cc6c2d12e0353c0e42899a29fdefe3bc", "9defe9f49655f386b84e6bb715dac54f"}, 0x445, 0x7})

program crashed: WARNING in as102_dvb_dmx_start_feed
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-openat$proc_mixer-write$proc_mixer-syz_open_dev$video-socket$nl_route-syz_open_dev$dvb_demux-ioctl$DVB_DEMUX_DMX_SET_FILTER
detailed listing:
executing program 0:
syz_usb_connect(0x3, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000cc1ef420890b070064ef000000010902120001000000000904"], 0x0)
r0 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x1, 0x0)
write$proc_mixer(r0, 0x0, 0x33)
syz_open_dev$video(0x0, 0x0, 0x10b200)
socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_open_dev$dvb_demux(&(0x7f00000002c0), 0x1, 0x0)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r1, 0x403c6f2b, &(0x7f0000000200)={0x7, {"9db867d09ed91aa9c5c29f2f1e4be6bf", "cc6c2d12e0353c0e42899a29fdefe3bc", "9defe9f49655f386b84e6bb715dac54f"}, 0x445, 0x7})

program crashed: WARNING in as102_dvb_dmx_start_feed
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-openat$proc_mixer-write$proc_mixer-syz_open_dev$video-syz_open_dev$dvb_demux-ioctl$DVB_DEMUX_DMX_SET_FILTER
detailed listing:
executing program 0:
syz_usb_connect(0x3, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000cc1ef420890b070064ef000000010902120001000000000904"], 0x0)
r0 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x1, 0x0)
write$proc_mixer(r0, 0x0, 0x33)
syz_open_dev$video(0x0, 0x0, 0x10b200)
r1 = syz_open_dev$dvb_demux(&(0x7f00000002c0), 0x1, 0x0)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r1, 0x403c6f2b, &(0x7f0000000200)={0x7, {"9db867d09ed91aa9c5c29f2f1e4be6bf", "cc6c2d12e0353c0e42899a29fdefe3bc", "9defe9f49655f386b84e6bb715dac54f"}, 0x445, 0x7})

program crashed: WARNING in as102_dvb_dmx_start_feed
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-openat$proc_mixer-write$proc_mixer-syz_open_dev$dvb_demux-ioctl$DVB_DEMUX_DMX_SET_FILTER
detailed listing:
executing program 0:
syz_usb_connect(0x3, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000cc1ef420890b070064ef000000010902120001000000000904"], 0x0)
r0 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x1, 0x0)
write$proc_mixer(r0, 0x0, 0x33)
r1 = syz_open_dev$dvb_demux(&(0x7f00000002c0), 0x1, 0x0)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r1, 0x403c6f2b, &(0x7f0000000200)={0x7, {"9db867d09ed91aa9c5c29f2f1e4be6bf", "cc6c2d12e0353c0e42899a29fdefe3bc", "9defe9f49655f386b84e6bb715dac54f"}, 0x445, 0x7})

program crashed: WARNING in as102_dvb_dmx_start_feed
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-openat$proc_mixer-syz_open_dev$dvb_demux-ioctl$DVB_DEMUX_DMX_SET_FILTER
detailed listing:
executing program 0:
syz_usb_connect(0x3, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000cc1ef420890b070064ef000000010902120001000000000904"], 0x0)
openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x1, 0x0)
r0 = syz_open_dev$dvb_demux(&(0x7f00000002c0), 0x1, 0x0)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r0, 0x403c6f2b, &(0x7f0000000200)={0x7, {"9db867d09ed91aa9c5c29f2f1e4be6bf", "cc6c2d12e0353c0e42899a29fdefe3bc", "9defe9f49655f386b84e6bb715dac54f"}, 0x445, 0x7})

program crashed: WARNING in as102_dvb_dmx_start_feed
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_open_dev$dvb_demux-ioctl$DVB_DEMUX_DMX_SET_FILTER
detailed listing:
executing program 0:
syz_usb_connect(0x3, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000cc1ef420890b070064ef000000010902120001000000000904"], 0x0)
r0 = syz_open_dev$dvb_demux(&(0x7f00000002c0), 0x1, 0x0)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r0, 0x403c6f2b, &(0x7f0000000200)={0x7, {"9db867d09ed91aa9c5c29f2f1e4be6bf", "cc6c2d12e0353c0e42899a29fdefe3bc", "9defe9f49655f386b84e6bb715dac54f"}, 0x445, 0x7})

program crashed: WARNING in as102_dvb_dmx_start_feed
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$dvb_demux-ioctl$DVB_DEMUX_DMX_SET_FILTER
detailed listing:
executing program 0:
r0 = syz_open_dev$dvb_demux(&(0x7f00000002c0), 0x1, 0x0)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r0, 0x403c6f2b, &(0x7f0000000200)={0x7, {"9db867d09ed91aa9c5c29f2f1e4be6bf", "cc6c2d12e0353c0e42899a29fdefe3bc", "9defe9f49655f386b84e6bb715dac54f"}, 0x445, 0x7})

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_open_dev$dvb_demux-ioctl$DVB_DEMUX_DMX_SET_FILTER
detailed listing:
executing program 0:
syz_usb_connect(0x3, 0x24, 0x0, 0x0)
r0 = syz_open_dev$dvb_demux(&(0x7f00000002c0), 0x1, 0x0)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r0, 0x403c6f2b, &(0x7f0000000200)={0x7, {"9db867d09ed91aa9c5c29f2f1e4be6bf", "cc6c2d12e0353c0e42899a29fdefe3bc", "9defe9f49655f386b84e6bb715dac54f"}, 0x445, 0x7})

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_open_dev$dvb_demux-ioctl$DVB_DEMUX_DMX_SET_FILTER
detailed listing:
executing program 0:
syz_usb_connect(0x3, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x0)
r0 = syz_open_dev$dvb_demux(&(0x7f00000002c0), 0x1, 0x0)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r0, 0x403c6f2b, &(0x7f0000000200)={0x7, {"9db867d09ed91aa9c5c29f2f1e4be6bf", "cc6c2d12e0353c0e42899a29fdefe3bc", "9defe9f49655f386b84e6bb715dac54f"}, 0x445, 0x7})

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_open_dev$dvb_demux-ioctl$DVB_DEMUX_DMX_SET_FILTER
detailed listing:
executing program 0:
syz_usb_connect(0x3, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000cc1ef420890b070064ef000000010902120001000000000904"], 0x0)
r0 = syz_open_dev$dvb_demux(0x0, 0x1, 0x0)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r0, 0x403c6f2b, &(0x7f0000000200)={0x7, {"9db867d09ed91aa9c5c29f2f1e4be6bf", "cc6c2d12e0353c0e42899a29fdefe3bc", "9defe9f49655f386b84e6bb715dac54f"}, 0x445, 0x7})

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_open_dev$dvb_demux-ioctl$DVB_DEMUX_DMX_SET_FILTER
detailed listing:
executing program 0:
syz_usb_connect(0x3, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000cc1ef420890b070064ef000000010902120001000000000904"], 0x0)
r0 = syz_open_dev$dvb_demux(&(0x7f00000002c0), 0x1, 0x0)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r0, 0x403c6f2b, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_open_dev$dvb_demux-ioctl$DVB_DEMUX_DMX_SET_FILTER
program crashed: WARNING in as102_dvb_dmx_start_feed
simplifying C reproducer
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_open_dev$dvb_demux-ioctl$DVB_DEMUX_DMX_SET_FILTER
program crashed: WARNING in as102_dvb_dmx_start_feed
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_open_dev$dvb_demux-ioctl$DVB_DEMUX_DMX_SET_FILTER
program did not crash
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_open_dev$dvb_demux-ioctl$DVB_DEMUX_DMX_SET_FILTER
program crashed: WARNING in as102_dvb_dmx_start_feed
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_open_dev$dvb_demux-ioctl$DVB_DEMUX_DMX_SET_FILTER
program crashed: WARNING in as102_dvb_dmx_start_feed
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_open_dev$dvb_demux-ioctl$DVB_DEMUX_DMX_SET_FILTER
program crashed: WARNING in as102_dvb_dmx_start_feed
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_open_dev$dvb_demux-ioctl$DVB_DEMUX_DMX_SET_FILTER
program crashed: WARNING in as102_dvb_dmx_start_feed
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_open_dev$dvb_demux-ioctl$DVB_DEMUX_DMX_SET_FILTER
program crashed: WARNING in as102_dvb_dmx_start_feed
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_open_dev$dvb_demux-ioctl$DVB_DEMUX_DMX_SET_FILTER
program crashed: WARNING in as102_dvb_dmx_start_feed
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_open_dev$dvb_demux-ioctl$DVB_DEMUX_DMX_SET_FILTER
detailed listing:
executing program 0:
syz_usb_connect(0x3, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000cc1ef420890b070064ef000000010902120001000000000904"], 0x0)
r0 = syz_open_dev$dvb_demux(&(0x7f00000002c0), 0x1, 0x0)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r0, 0x403c6f2b, &(0x7f0000000200)={0x7, {"9db867d09ed91aa9c5c29f2f1e4be6bf", "cc6c2d12e0353c0e42899a29fdefe3bc", "9defe9f49655f386b84e6bb715dac54f"}, 0x445, 0x7})

program did not crash
validation run: crashed=false
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_open_dev$dvb_demux-ioctl$DVB_DEMUX_DMX_SET_FILTER
detailed listing:
executing program 0:
syz_usb_connect(0x3, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000cc1ef420890b070064ef000000010902120001000000000904"], 0x0)
r0 = syz_open_dev$dvb_demux(&(0x7f00000002c0), 0x1, 0x0)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r0, 0x403c6f2b, &(0x7f0000000200)={0x7, {"9db867d09ed91aa9c5c29f2f1e4be6bf", "cc6c2d12e0353c0e42899a29fdefe3bc", "9defe9f49655f386b84e6bb715dac54f"}, 0x445, 0x7})

program crashed: WARNING in as102_dvb_dmx_start_feed
validation run: crashed=true
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_open_dev$dvb_demux-ioctl$DVB_DEMUX_DMX_SET_FILTER
detailed listing:
executing program 0:
syz_usb_connect(0x3, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000cc1ef420890b070064ef000000010902120001000000000904"], 0x0)
r0 = syz_open_dev$dvb_demux(&(0x7f00000002c0), 0x1, 0x0)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r0, 0x403c6f2b, &(0x7f0000000200)={0x7, {"9db867d09ed91aa9c5c29f2f1e4be6bf", "cc6c2d12e0353c0e42899a29fdefe3bc", "9defe9f49655f386b84e6bb715dac54f"}, 0x445, 0x7})

program crashed: WARNING in as102_dvb_dmx_start_feed
validation run: crashed=true
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_open_dev$dvb_demux-ioctl$DVB_DEMUX_DMX_SET_FILTER
detailed listing:
executing program 0:
syz_usb_connect(0x3, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000cc1ef420890b070064ef000000010902120001000000000904"], 0x0)
r0 = syz_open_dev$dvb_demux(&(0x7f00000002c0), 0x1, 0x0)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r0, 0x403c6f2b, &(0x7f0000000200)={0x7, {"9db867d09ed91aa9c5c29f2f1e4be6bf", "cc6c2d12e0353c0e42899a29fdefe3bc", "9defe9f49655f386b84e6bb715dac54f"}, 0x445, 0x7})

program crashed: WARNING in as102_dvb_dmx_start_feed
validation run: crashed=true
reproducing took 47m15.696691036s
repro crashed as (corrupted=false):
------------[ cut here ]------------
DEBUG_LOCKS_WARN_ON(lock->magic != lock)
WARNING: kernel/locking/mutex.c:593 at __mutex_lock_common kernel/locking/mutex.c:593 [inline], CPU#1: syz.1.26/6086
WARNING: kernel/locking/mutex.c:593 at __mutex_lock+0x10a4/0x1300 kernel/locking/mutex.c:776, CPU#1: syz.1.26/6086
Modules linked in:
CPU: 1 UID: 0 PID: 6086 Comm: syz.1.26 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
RIP: 0010:__mutex_lock_common kernel/locking/mutex.c:593 [inline]
RIP: 0010:__mutex_lock+0x10ab/0x1300 kernel/locking/mutex.c:776
Code: 11 90 48 c1 e8 03 42 0f b6 04 28 84 c0 0f 85 33 02 00 00 83 3d d9 a1 61 04 00 75 13 48 8d 3d 1c b7 64 04 48 c7 c6 c0 e0 cc 8b <67> 48 0f b9 3a 90 e9 ac f0 ff ff 90 0f 0b 90 e9 73 f4 ff ff 90 0f
RSP: 0018:ffffc9000264fa20 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 1ffff920004c9f5c RCX: ffff8880319d9e80
RDX: 0000000000000000 RSI: ffffffff8bcce0c0 RDI: ffffffff9014fc10
RBP: ffffc9000264fbd8 R08: ffffffff9011e6c3 R09: 1ffffffff2023cd8
R10: dffffc0000000000 R11: fffffbfff2023cd9 R12: ffff8880465b4b60
R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
FS:  000055556ea2b500(0000) GS:ffff88812555d000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2fc63fff CR3: 0000000045674000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 as102_dvb_dmx_start_feed+0x70/0x290 drivers/media/usb/as102/as102_drv.c:139
 dmx_section_feed_start_filtering+0x518/0x6c0 drivers/media/dvb-core/dvb_demux.c:977
 dvb_dmxdev_filter_start+0xcf4/0x10e0 drivers/media/dvb-core/dmxdev.c:760
 dvb_demux_do_ioctl+0x470/0x540 drivers/media/dvb-core/dmxdev.c:1083
 dvb_usercopy+0x199/0x2e0 drivers/media/dvb-core/dvbdev.c:996
 dvb_demux_ioctl+0x29/0x40 drivers/media/dvb-core/dmxdev.c:1201
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:597 [inline]
 __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:583
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f9ca739c799
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc50a3a8b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f9ca7615fa0 RCX: 00007f9ca739c799
RDX: 0000200000000200 RSI: 00000000403c6f2b RDI: 0000000000000004
RBP: 00007f9ca7432c99 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f9ca7615fac R14: 00007f9ca7615fa0 R15: 00007f9ca7615fa0
 </TASK>
----------------
Code disassembly (best guess):
   0:	11 90 48 c1 e8 03    	adc    %edx,0x3e8c148(%rax)
   6:	42 0f b6 04 28       	movzbl (%rax,%r13,1),%eax
   b:	84 c0                	test   %al,%al
   d:	0f 85 33 02 00 00    	jne    0x246
  13:	83 3d d9 a1 61 04 00 	cmpl   $0x0,0x461a1d9(%rip)        # 0x461a1f3
  1a:	75 13                	jne    0x2f
  1c:	48 8d 3d 1c b7 64 04 	lea    0x464b71c(%rip),%rdi        # 0x464b73f
  23:	48 c7 c6 c0 e0 cc 8b 	mov    $0xffffffff8bcce0c0,%rsi
* 2a:	67 48 0f b9 3a       	ud1    (%edx),%rdi <-- trapping instruction
  2f:	90                   	nop
  30:	e9 ac f0 ff ff       	jmp    0xfffff0e1
  35:	90                   	nop
  36:	0f 0b                	ud2
  38:	90                   	nop
  39:	e9 73 f4 ff ff       	jmp    0xfffff4b1
  3e:	90                   	nop
  3f:	0f                   	.byte 0xf

final repro crashed as (corrupted=false):
------------[ cut here ]------------
DEBUG_LOCKS_WARN_ON(lock->magic != lock)
WARNING: kernel/locking/mutex.c:593 at __mutex_lock_common kernel/locking/mutex.c:593 [inline], CPU#1: syz.1.26/6086
WARNING: kernel/locking/mutex.c:593 at __mutex_lock+0x10a4/0x1300 kernel/locking/mutex.c:776, CPU#1: syz.1.26/6086
Modules linked in:
CPU: 1 UID: 0 PID: 6086 Comm: syz.1.26 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
RIP: 0010:__mutex_lock_common kernel/locking/mutex.c:593 [inline]
RIP: 0010:__mutex_lock+0x10ab/0x1300 kernel/locking/mutex.c:776
Code: 11 90 48 c1 e8 03 42 0f b6 04 28 84 c0 0f 85 33 02 00 00 83 3d d9 a1 61 04 00 75 13 48 8d 3d 1c b7 64 04 48 c7 c6 c0 e0 cc 8b <67> 48 0f b9 3a 90 e9 ac f0 ff ff 90 0f 0b 90 e9 73 f4 ff ff 90 0f
RSP: 0018:ffffc9000264fa20 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 1ffff920004c9f5c RCX: ffff8880319d9e80
RDX: 0000000000000000 RSI: ffffffff8bcce0c0 RDI: ffffffff9014fc10
RBP: ffffc9000264fbd8 R08: ffffffff9011e6c3 R09: 1ffffffff2023cd8
R10: dffffc0000000000 R11: fffffbfff2023cd9 R12: ffff8880465b4b60
R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
FS:  000055556ea2b500(0000) GS:ffff88812555d000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2fc63fff CR3: 0000000045674000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 as102_dvb_dmx_start_feed+0x70/0x290 drivers/media/usb/as102/as102_drv.c:139
 dmx_section_feed_start_filtering+0x518/0x6c0 drivers/media/dvb-core/dvb_demux.c:977
 dvb_dmxdev_filter_start+0xcf4/0x10e0 drivers/media/dvb-core/dmxdev.c:760
 dvb_demux_do_ioctl+0x470/0x540 drivers/media/dvb-core/dmxdev.c:1083
 dvb_usercopy+0x199/0x2e0 drivers/media/dvb-core/dvbdev.c:996
 dvb_demux_ioctl+0x29/0x40 drivers/media/dvb-core/dmxdev.c:1201
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:597 [inline]
 __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:583
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f9ca739c799
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc50a3a8b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f9ca7615fa0 RCX: 00007f9ca739c799
RDX: 0000200000000200 RSI: 00000000403c6f2b RDI: 0000000000000004
RBP: 00007f9ca7432c99 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f9ca7615fac R14: 00007f9ca7615fa0 R15: 00007f9ca7615fa0
 </TASK>
----------------
Code disassembly (best guess):
   0:	11 90 48 c1 e8 03    	adc    %edx,0x3e8c148(%rax)
   6:	42 0f b6 04 28       	movzbl (%rax,%r13,1),%eax
   b:	84 c0                	test   %al,%al
   d:	0f 85 33 02 00 00    	jne    0x246
  13:	83 3d d9 a1 61 04 00 	cmpl   $0x0,0x461a1d9(%rip)        # 0x461a1f3
  1a:	75 13                	jne    0x2f
  1c:	48 8d 3d 1c b7 64 04 	lea    0x464b71c(%rip),%rdi        # 0x464b73f
  23:	48 c7 c6 c0 e0 cc 8b 	mov    $0xffffffff8bcce0c0,%rsi
* 2a:	67 48 0f b9 3a       	ud1    (%edx),%rdi <-- trapping instruction
  2f:	90                   	nop
  30:	e9 ac f0 ff ff       	jmp    0xfffff0e1
  35:	90                   	nop
  36:	0f 0b                	ud2
  38:	90                   	nop
  39:	e9 73 f4 ff ff       	jmp    0xfffff4b1
  3e:	90                   	nop
  3f:	0f                   	.byte 0xf