[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   77.767816] sshd (6792) used greatest stack depth: 53248 bytes left
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   78.456959] kauditd_printk_skb: 1 callbacks suppressed
[   78.456989] audit: type=1800 audit(1543959804.512:29): pid=6727 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   78.481946] audit: type=1800 audit(1543959804.522:30): pid=6727 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.13' (ECDSA) to the list of known hosts.
2018/12/04 21:43:37 fuzzer started
2018/12/04 21:43:42 dialing manager at 10.128.0.26:40217
2018/12/04 21:43:42 syscalls: 1
2018/12/04 21:43:42 code coverage: enabled
2018/12/04 21:43:42 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/12/04 21:43:42 setuid sandbox: enabled
2018/12/04 21:43:42 namespace sandbox: enabled
2018/12/04 21:43:42 Android sandbox: /sys/fs/selinux/policy does not exist
2018/12/04 21:43:42 fault injection: enabled
2018/12/04 21:43:42 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/12/04 21:43:42 net packet injection: enabled
2018/12/04 21:43:42 net device setup: enabled
21:48:11 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
close(0xffffffffffffffff)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000400)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(cast5)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000001c0)="00f7350000000000000000", 0xb)
r2 = accept$alg(r1, 0x0, 0x0)
sendmsg$alg(r2, &(0x7f0000001380)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0)
write$binfmt_script(r2, &(0x7f0000000300)=ANY=[], 0xffffffaa)
recvmsg(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000040)=""/13, 0xd}, {&(0x7f00000023c0)=""/4096, 0x1000}], 0x2}, 0x0)

syzkaller login: [  365.823723] IPVS: ftp: loaded support on port[0] = 21
[  368.229259] bridge0: port 1(bridge_slave_0) entered blocking state
[  368.235994] bridge0: port 1(bridge_slave_0) entered disabled state
[  368.245329] device bridge_slave_0 entered promiscuous mode
[  368.384468] bridge0: port 2(bridge_slave_1) entered blocking state
[  368.390996] bridge0: port 2(bridge_slave_1) entered disabled state
[  368.401936] device bridge_slave_1 entered promiscuous mode
[  368.539291] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  368.675167] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
21:48:15 executing program 1:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={<r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
clock_gettime(0x7, &(0x7f0000000000)={<r1=>0x0})
clock_settime(0x0, &(0x7f0000000080)={r1})

[  369.105351] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  369.276237] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  369.710174] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  369.717494] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  369.854315] IPVS: ftp: loaded support on port[0] = 21
[  370.379169] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  370.388137] team0: Port device team_slave_0 added
[  370.569132] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  370.578343] team0: Port device team_slave_1 added
[  370.848788] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  370.855980] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  370.865683] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  371.121123] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  371.128276] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  371.138055] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  371.338549] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  371.347021] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  371.356646] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  371.634024] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  371.641970] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  371.651189] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  373.988835] bridge0: port 1(bridge_slave_0) entered blocking state
[  373.995752] bridge0: port 1(bridge_slave_0) entered disabled state
[  374.004713] device bridge_slave_0 entered promiscuous mode
[  374.200821] bridge0: port 2(bridge_slave_1) entered blocking state
[  374.207535] bridge0: port 2(bridge_slave_1) entered disabled state
[  374.216729] device bridge_slave_1 entered promiscuous mode
[  374.354840] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  374.416649] bridge0: port 2(bridge_slave_1) entered blocking state
[  374.423266] bridge0: port 2(bridge_slave_1) entered forwarding state
[  374.430448] bridge0: port 1(bridge_slave_0) entered blocking state
[  374.437134] bridge0: port 1(bridge_slave_0) entered forwarding state
[  374.446924] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  374.495462] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
21:48:20 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r0, &(0x7f0000000200), 0x0, 0x20008011, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000280)='/dev/qat_adf_ctl\x00', 0x1, 0x0)
fstat(r1, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0})
getgroups(0x2, &(0x7f00000003c0)=[0xee00, <r3=>0x0])
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000740)={{0x2cb17920, 0x0, r2, 0x0, r3, 0x100, 0x5f76}, 0x9, 0xfffffffffffffffd, 0x0, 0x4, 0x6319})
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00002d3000/0x4000)=nil, 0x4000}})
write(0xffffffffffffffff, &(0x7f0000000400)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000140)={0x0, 0x795}, &(0x7f0000000180)=0x8)
recvfrom(r0, &(0x7f0000f9cf9b)=""/101, 0x389756b1353686c0, 0x120, 0x0, 0xffffffffffffffeb)

[  374.813828] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  375.226065] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  375.550533] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  375.617667] IPVS: ftp: loaded support on port[0] = 21
[  375.913495] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  375.920542] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  376.156830] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  376.164149] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  377.066015] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  377.075387] team0: Port device team_slave_0 added
[  377.403937] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  377.413457] team0: Port device team_slave_1 added
[  377.710037] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  377.717366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  377.727023] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  378.016799] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  378.024033] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  378.033305] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  378.240111] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  378.247978] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  378.257489] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  378.586730] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  378.594666] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  378.604257] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  380.254185] bridge0: port 1(bridge_slave_0) entered blocking state
[  380.260785] bridge0: port 1(bridge_slave_0) entered disabled state
[  380.269914] device bridge_slave_0 entered promiscuous mode
[  380.523708] bridge0: port 2(bridge_slave_1) entered blocking state
[  380.530359] bridge0: port 2(bridge_slave_1) entered disabled state
[  380.539634] device bridge_slave_1 entered promiscuous mode
[  380.870490] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  381.156039] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  381.773929] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  381.804297] bridge0: port 2(bridge_slave_1) entered blocking state
[  381.810933] bridge0: port 2(bridge_slave_1) entered forwarding state
[  381.818273] bridge0: port 1(bridge_slave_0) entered blocking state
[  381.824987] bridge0: port 1(bridge_slave_0) entered forwarding state
[  381.835099] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  381.983730] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  382.091240] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  382.415911] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  382.423240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  382.759008] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  382.766277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
21:48:29 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000700)={&(0x7f0000000000), 0xc, &(0x7f00000006c0)={&(0x7f0000000040)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x1}}, 0x0)

[  383.588503] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  383.597477] team0: Port device team_slave_0 added
[  384.034020] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  384.043302] team0: Port device team_slave_1 added
[  384.420283] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  384.427556] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  384.437024] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  384.593008] IPVS: ftp: loaded support on port[0] = 21
[  384.807783] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  384.815182] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  384.824562] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  385.194601] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  385.202551] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  385.211838] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  385.548065] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  385.555867] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  385.565419] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  386.446916] 8021q: adding VLAN 0 to HW filter on device bond0
[  387.832606] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  389.190774] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  389.197311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  389.205716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  389.377095] bridge0: port 2(bridge_slave_1) entered blocking state
[  389.383782] bridge0: port 2(bridge_slave_1) entered forwarding state
[  389.390942] bridge0: port 1(bridge_slave_0) entered blocking state
[  389.397623] bridge0: port 1(bridge_slave_0) entered forwarding state
[  389.407398] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  389.652711] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  390.444156] 8021q: adding VLAN 0 to HW filter on device team0
[  390.574417] bridge0: port 1(bridge_slave_0) entered blocking state
[  390.580968] bridge0: port 1(bridge_slave_0) entered disabled state
[  390.589996] device bridge_slave_0 entered promiscuous mode
[  390.946408] bridge0: port 2(bridge_slave_1) entered blocking state
[  390.953296] bridge0: port 2(bridge_slave_1) entered disabled state
[  390.962725] device bridge_slave_1 entered promiscuous mode
[  391.322650] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  391.686361] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  392.632850] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  392.990285] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  393.336409] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  393.343606] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  393.685002] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  393.692340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
21:48:39 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/tcp\x00')
sendfile(r0, r1, &(0x7f0000000040)=0x78010e08, 0x8001)

[  394.840283] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  394.849458] team0: Port device team_slave_0 added
[  395.314410] IPVS: ftp: loaded support on port[0] = 21
[  395.338779] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  395.348030] team0: Port device team_slave_1 added
[  395.769742] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  395.776986] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  395.786628] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  395.867135] 8021q: adding VLAN 0 to HW filter on device bond0
[  396.276374] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  396.283618] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  396.293324] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  396.785090] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  396.792915] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  396.802184] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  397.231621] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  397.239407] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  397.248863] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  397.448681] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  399.090595] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  399.097205] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  399.105514] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
21:48:46 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100)='/dev/zero\x00', 0x8000, 0x0)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000340)='/dev/loop-control\x00', 0x0, 0x0)
ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000300)=0x7)
sendto$packet(r0, &(0x7f0000000040), 0x0, 0x4005, 0x0, 0x0)
r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2)
recvfrom(r0, 0x0, 0x0, 0x0, &(0x7f0000000200)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x4, 0x2, 0x0, 0x3, {0xa, 0x4e23, 0x0, @empty, 0xfffff00000000000}}}, 0x80)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_GET_ENDIAN(0x13, &(0x7f0000000140))
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000380)={0x51ec, {{0x2, 0x0, @local}}}, 0x88)
bind$inet(r3, &(0x7f0000000100)={0x2, 0x4e23, @rand_addr=0x3}, 0x10)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x8101, 0x0)
io_setup(0x100, &(0x7f00000001c0))
sendto$inet(r3, 0x0, 0x0, 0x20000003, &(0x7f0000000040)={0x2, 0x1000004e23, @local}, 0x10)
r5 = memfd_create(&(0x7f0000000200)='Pev ', 0x0)
ioctl$sock_bt_hidp_HIDPGETCONNLIST(r4, 0x800448d2, &(0x7f0000000080)={0x1, &(0x7f0000000440)=[{}]})
ftruncate(r5, 0x200739)
sendfile(r3, r5, &(0x7f0000000240)=0xfa0, 0xa00004000000004)

[  400.314943] hrtimer: interrupt took 52776 ns
[  400.846802] 8021q: adding VLAN 0 to HW filter on device team0
21:48:48 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100)='/dev/zero\x00', 0x8000, 0x0)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000340)='/dev/loop-control\x00', 0x0, 0x0)
ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000300)=0x7)
sendto$packet(r0, &(0x7f0000000040), 0x0, 0x4005, 0x0, 0x0)
r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2)
recvfrom(r0, 0x0, 0x0, 0x0, &(0x7f0000000200)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x4, 0x2, 0x0, 0x3, {0xa, 0x4e23, 0x0, @empty, 0xfffff00000000000}}}, 0x80)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_GET_ENDIAN(0x13, &(0x7f0000000140))
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000380)={0x51ec, {{0x2, 0x0, @local}}}, 0x88)
bind$inet(r3, &(0x7f0000000100)={0x2, 0x4e23, @rand_addr=0x3}, 0x10)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x8101, 0x0)
io_setup(0x100, &(0x7f00000001c0))
sendto$inet(r3, 0x0, 0x0, 0x20000003, &(0x7f0000000040)={0x2, 0x1000004e23, @local}, 0x10)
r5 = memfd_create(&(0x7f0000000200)='Pev ', 0x0)
ioctl$sock_bt_hidp_HIDPGETCONNLIST(r4, 0x800448d2, &(0x7f0000000080)={0x1, &(0x7f0000000440)=[{}]})
ftruncate(r5, 0x200739)
sendfile(r3, r5, &(0x7f0000000240)=0xfa0, 0xa00004000000004)

[  402.531695] bridge0: port 2(bridge_slave_1) entered blocking state
[  402.538432] bridge0: port 2(bridge_slave_1) entered forwarding state
[  402.545663] bridge0: port 1(bridge_slave_0) entered blocking state
[  402.552372] bridge0: port 1(bridge_slave_0) entered forwarding state
[  402.562248] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  402.772008] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  403.276621] bridge0: port 1(bridge_slave_0) entered blocking state
[  403.283696] bridge0: port 1(bridge_slave_0) entered disabled state
[  403.293238] device bridge_slave_0 entered promiscuous mode
21:48:49 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100)='/dev/zero\x00', 0x8000, 0x0)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000340)='/dev/loop-control\x00', 0x0, 0x0)
ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000300)=0x7)
sendto$packet(r0, &(0x7f0000000040), 0x0, 0x4005, 0x0, 0x0)
r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2)
recvfrom(r0, 0x0, 0x0, 0x0, &(0x7f0000000200)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x4, 0x2, 0x0, 0x3, {0xa, 0x4e23, 0x0, @empty, 0xfffff00000000000}}}, 0x80)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_GET_ENDIAN(0x13, &(0x7f0000000140))
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000380)={0x51ec, {{0x2, 0x0, @local}}}, 0x88)
bind$inet(r3, &(0x7f0000000100)={0x2, 0x4e23, @rand_addr=0x3}, 0x10)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x8101, 0x0)
io_setup(0x100, &(0x7f00000001c0))
sendto$inet(r3, 0x0, 0x0, 0x20000003, &(0x7f0000000040)={0x2, 0x1000004e23, @local}, 0x10)
r5 = memfd_create(&(0x7f0000000200)='Pev ', 0x0)
ioctl$sock_bt_hidp_HIDPGETCONNLIST(r4, 0x800448d2, &(0x7f0000000080)={0x1, &(0x7f0000000440)=[{}]})
ftruncate(r5, 0x200739)
sendfile(r3, r5, &(0x7f0000000240)=0xfa0, 0xa00004000000004)

[  403.721870] bridge0: port 2(bridge_slave_1) entered blocking state
[  403.728563] bridge0: port 2(bridge_slave_1) entered disabled state
[  403.737747] device bridge_slave_1 entered promiscuous mode
[  404.395620] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
21:48:50 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100)='/dev/zero\x00', 0x8000, 0x0)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000340)='/dev/loop-control\x00', 0x0, 0x0)
ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000300)=0x7)
sendto$packet(r0, &(0x7f0000000040), 0x0, 0x4005, 0x0, 0x0)
r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2)
recvfrom(r0, 0x0, 0x0, 0x0, &(0x7f0000000200)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x4, 0x2, 0x0, 0x3, {0xa, 0x4e23, 0x0, @empty, 0xfffff00000000000}}}, 0x80)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_GET_ENDIAN(0x13, &(0x7f0000000140))
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000380)={0x51ec, {{0x2, 0x0, @local}}}, 0x88)
bind$inet(r3, &(0x7f0000000100)={0x2, 0x4e23, @rand_addr=0x3}, 0x10)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x8101, 0x0)
io_setup(0x100, &(0x7f00000001c0))
sendto$inet(r3, 0x0, 0x0, 0x20000003, &(0x7f0000000040)={0x2, 0x1000004e23, @local}, 0x10)
r5 = memfd_create(&(0x7f0000000200)='Pev ', 0x0)
ioctl$sock_bt_hidp_HIDPGETCONNLIST(r4, 0x800448d2, &(0x7f0000000080)={0x1, &(0x7f0000000440)=[{}]})
ftruncate(r5, 0x200739)
sendfile(r3, r5, &(0x7f0000000240)=0xfa0, 0xa00004000000004)

[  404.692519] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
21:48:52 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100)='/dev/zero\x00', 0x8000, 0x0)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000340)='/dev/loop-control\x00', 0x0, 0x0)
ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000300)=0x7)
sendto$packet(r0, &(0x7f0000000040), 0x0, 0x4005, 0x0, 0x0)
r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2)
recvfrom(r0, 0x0, 0x0, 0x0, &(0x7f0000000200)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x4, 0x2, 0x0, 0x3, {0xa, 0x4e23, 0x0, @empty, 0xfffff00000000000}}}, 0x80)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_GET_ENDIAN(0x13, &(0x7f0000000140))
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000380)={0x51ec, {{0x2, 0x0, @local}}}, 0x88)
bind$inet(r3, &(0x7f0000000100)={0x2, 0x4e23, @rand_addr=0x3}, 0x10)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x8101, 0x0)
io_setup(0x100, &(0x7f00000001c0))
sendto$inet(r3, 0x0, 0x0, 0x20000003, &(0x7f0000000040)={0x2, 0x1000004e23, @local}, 0x10)
r5 = memfd_create(&(0x7f0000000200)='Pev ', 0x0)
ioctl$sock_bt_hidp_HIDPGETCONNLIST(r4, 0x800448d2, &(0x7f0000000080)={0x1, &(0x7f0000000440)=[{}]})
ftruncate(r5, 0x200739)
sendfile(r3, r5, &(0x7f0000000240)=0xfa0, 0xa00004000000004)

[  405.931252] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  406.478733] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  406.966316] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  406.973658] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
21:48:53 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100)='/dev/zero\x00', 0x8000, 0x0)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000340)='/dev/loop-control\x00', 0x0, 0x0)
ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000300)=0x7)
sendto$packet(r0, &(0x7f0000000040), 0x0, 0x4005, 0x0, 0x0)
r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2)
recvfrom(r0, 0x0, 0x0, 0x0, &(0x7f0000000200)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x4, 0x2, 0x0, 0x3, {0xa, 0x4e23, 0x0, @empty, 0xfffff00000000000}}}, 0x80)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_GET_ENDIAN(0x13, &(0x7f0000000140))
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000380)={0x51ec, {{0x2, 0x0, @local}}}, 0x88)
bind$inet(r3, &(0x7f0000000100)={0x2, 0x4e23, @rand_addr=0x3}, 0x10)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x8101, 0x0)
io_setup(0x100, &(0x7f00000001c0))
sendto$inet(r3, 0x0, 0x0, 0x20000003, &(0x7f0000000040)={0x2, 0x1000004e23, @local}, 0x10)
r5 = memfd_create(&(0x7f0000000200)='Pev ', 0x0)
ioctl$sock_bt_hidp_HIDPGETCONNLIST(r4, 0x800448d2, &(0x7f0000000080)={0x1, &(0x7f0000000440)=[{}]})
ftruncate(r5, 0x200739)
sendfile(r3, r5, &(0x7f0000000240)=0xfa0, 0xa00004000000004)

[  407.386544] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  407.393833] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  407.465627] 8021q: adding VLAN 0 to HW filter on device bond0
21:48:53 executing program 5:
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x204000, 0x0)
ioctl$sock_inet_SIOCGIFBRDADDR(r0, 0x8919, &(0x7f0000000040)={'bond0\x00', {0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x19}}})
setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000080)=0x36d94cc307e56f98, 0x4)
read(r0, &(0x7f00000000c0)=""/4096, 0x1000)
getsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f00000010c0)={<r1=>0x0, 0x0, 0x7, 0xf2d}, &(0x7f0000001100)=0x10)
getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000001140)={<r2=>r1, 0x7050}, &(0x7f0000001180)=0x8)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r0, 0x404c534a, &(0x7f00000011c0)={0x4, 0x9})
sendmmsg(r0, &(0x7f0000002200)=[{{&(0x7f0000001240)=@pppol2tpin6={0x18, 0x1, {0x0, r0, 0x1, 0x3, 0x2, 0x0, {0xa, 0x4e21, 0x100000001, @loopback, 0x2}}}, 0x80, &(0x7f0000001480)=[{&(0x7f00000012c0)="e0e0d9df1fe1d6ad6197e3e16a66691919bed62a26e4c42dadd9b8fb3cb00de857be861f6b43a33ba6147da797ca474edde55dbf55c0d6dbf5554a99a1f78162859625fe74fd6434e6c74862c9f5825819f7aa27b96942bf2cd6126a4ecca99d0777ee45fb13e67a51dcc438955a162518e04f90d04694439d8b46a7e18b316d40a59df077af56dc92e2e6430f6cf261e5039aca3d666b9ae7d4e3fb0ca1d748a4437d7ff81657c360f7656fd60e17303c896c4fe0e41e13f677127260a0f0713390af1b462bf8ee", 0xc8}, {&(0x7f00000013c0)="c29035347c632fdbadc790945b21ea1f7981577f0a797ef1c5de3550a58621be54dfb87af6547e178572169c8fee03670c3a8d6a4c84fe21e14a155e97f172194645b578128639e716d9c43a1fc898cd69a739e9cd32b34bcd1ee8b4d63a39e38773e3ffb65305c8cc7bfa68bf8f2aa49899ad3a361d0264748a915b12819899ee01f9118eaf2923f96a51b1e7a86f3f2006de463238", 0x96}], 0x2, &(0x7f00000014c0)=[{0xf0, 0x10b, 0x4, "9d6090affe514a61d88539eddcf7978d07f3187463b55bcc6ce1eefdec2287df889de9605c4f8e63287f5193f6d190f15dd8945ae4461d2d34565b7f733a8bb767fd818680434cd6c822970612ff6ebc5d09b32408d9a32d839c354e0db39afdbd4f666ad1d50dd54b5bbbcdab833dca6a4acebb7d48baa9ef3d2af0aef407da9fbe04c825e86a8fc29bae6d904e27ef18b730933d6adebb53119860db97ff640986291ba575b6338a27742d99c90caae1cbe2e5ad7c051d32c9be78b2d95b7694574de8accf7b46c93feac0878b5f20b7c772e82d2ca09daa66"}, {0xd8, 0x116, 0x8000, "e09aad4f6bdfe90e61af038dc2f26e890843da40ff127e8b51aa8770f85ff10e1ca04603654a8beb297184e785b74e351ebd8e05142c4d6b848e62d456d0fdd2220a1ca247d6434886c37e61ea227f855bc38cc75d6618db599a8674b5f18c050bff8670f3823192de8857600505f975c63f5fbc427474cb4a94c8d28322937398aaeac2c73ac195b494262f2a900b07c14cbc2b27ee9eb4ef93a9bdcc2fd156488520158924ffd4aa00a8b1e8634746a5e081e686fba6d20024350748f3ba008d4bc3da67070f"}, {0x40, 0x11b, 0x401, "78d78ec35b5942de5d2e11c15a4395b28eeba8972c5bb3f59ed1cbda72adb1966fc60c7fdc6a179bad1bf1ff"}, {0x30, 0x6, 0x4, "d38d96701ca92baf0ce75d520354a6647b9f492b559fe107155fc7ab4bf5f8"}, {0xf0, 0x11, 0xff, "9f846f729c54839ed9bd170299b7f6c4a356f2041d3c9c0b74d36247ad9c77b5c96fdd3687bd8fef9a4ba27fc5143eaf05d558fc6079cca6ede305684b37232227b06667b826b7f1b4044ac02717e5f630516c63d89cbbeaf78548cf6516cbb0c527e31c941dc3188aed5b9625753c7cbbe46f44e1f081512713177376ba76700998395f6268a6336fe38b927ca8a47e8d0ea540bd823fba6dfc94a3bacf6010b515c30d4bb4f0bbe58a8fd796083ee74583110026c48cac19ac5a7c0433d3dd7e9a9c9e06fa72f967f7b34401704c44dd575aa6cc83cecc4059"}, {0x100, 0x10a, 0xff, "19a5fda83be6d3ddb5d78015f61b0fff88305e85f6a75bbd14d1d3d77985a76b8d3bbe26d7e2b82104c8e59b270fce93531cf68607eab79f441ecef5222c846d5e4d0e063bb3fdf5fd07579ed7d08d39147f825d2354e55a0614502d90260284d0712c97fc00a6af4f9d6ead12d9d7eb9fac6f3fea22084e2c2b11439bd5fbc5adf28ce8caa853eb085ea2f40dada79bf507e69810481e23ecd2a295973e09ca55a573de2d1f17fae6adf9a29b76c2b7c36dac2de4aacaf239eb18f2595939098f05614ee0953e8e7c969ad14aca58337ade80c7ed4cdb94c1302c85f973a4aae390bb7e70f4e09c19bdf8dc53449d47"}, {0xe8, 0x117, 0x0, "ccc28740e6a7a2485ad0e10c7e693845945eb772fca2b5092dae0ed8527452dde65e704751ebf170a2bc7c6ea5e05b602c0c890049906ab8748ff21a047ae62f0137e786ba896fd97e73a98dad3ca340ece47e22e5dfac01e564a9a22c77f1b5b4c8adb3c336ed6f66dbfc79851ee6f50f9d3ed4d83a2eaa2a3cf21c85762b6f3d852d57ecbcbf45f1cf67369ff23762b8665f4b1255f063bd2711d24334642be5a2313b8f0e33619bd877ee939e8297fc9356e3956a4e1d08d4aa08032fe86fb422b077a5d2e1d82f1b695fbd31d6c57afde7"}], 0x510, 0x24000844}}, {{0x0, 0x0, &(0x7f0000001b40)=[{&(0x7f0000001a00)="11f53e54952c35b7cf95e36a9a1389c69015b2a705eeec52b9cc40183c6a65855690f115011b8e39bf1be4a177025810e5a519c91e28007ae9464a92abf3f1733220d97838df8aff0acac3551ec44d2156190dacdacd5a93033d454b00b7fc52e64dc1d0fdb5fb41914464297c37ab18a31c249e55483e941f64f6c3948482fa5ac5b12bff211339be540f814abf433d558121f0ac21b33575218dfa3ff790c56401ea19ca4765c38d170f8c00dd14e6f194ba0d518571bea213480753f7ba5cfee15f7d49e3ad43c58621e91447b2c9699ef0176ff4c3938f568a44b9ec8bb5e784e0efce94dff40cd37f", 0xeb}, {&(0x7f0000001b00)="e973b73e5a83dfc85163c78fea", 0xd}], 0x2, &(0x7f0000001b80)=[{0xf0, 0x111, 0x1, "2b7ab640a65e2473d3824ffe09aa3a9f13e4eeaddd50480d2c6207d86a6a739a193763973251278258deb0cafaa4067ddc1a5559721e0d9d2a5ab0fd4c43fca8c8673622df53db20776da5c5845cc99b096fffaa606edcbc2a749bb65464bea29b41a0d10b32f8ffe7023ecc9da4ca77828278ec0772d6078d2521855ce3eaa7f5071b07acccc23391d2ad3a0409e5808380104000f1ed7bc0acfa627c51d82d3d36bfb1f7b2b48682e0687bd048cb7f4d4a47a07e667f51be739fd05d4d3d69efe188f2f508385c64fe2a595132fdac5af689bc0f597a22ae42eebdd7"}, {0xe8, 0x119, 0x8001, "6dfb0c5e0c1a0c4bf98f3f39f1dc51a9573192e5982fb0afd9e5dafec1da0df4aca3c22d3a1f0e6709c47307fafcebc116ed81a0a6cef5f77a59fcfb581cb8356536c0da1f954b90dc35780a8143ecb89be2a0bf1e036473c951adcc4b685fe0c20f7343d66616ebeaa874b091c6326cabfa5ab091806a9f53694473f8a24d402742bc4250115b6881b90d75987d5677f354cdb93203379d6719630acbe6ed323feaa484e464913c52adb2a0bd3565b1ac2573e393e58b4e44665fc43f0ed1d9baa73c4aab6c317a7b0ab2aeae066ccfa138"}, {0xa8, 0x0, 0x2cf, "f4da983d25a68bd28854d84b87798b32b72ab056587346366baf060a07ce9db8773063df69f8c0b40623f561d1b07ea98c7fbc86c553c4d0a7235a85901d4dd7cee5636483185657d2c3f7e038d2b91dd8ee5429eda6db7de59588f3d9bbb9c46589b22e5d76633a5d4c81bf12e8870e043d15540555b913a21e10d03586f4f4fb2b121fc1691182cbf45e655560c86ed1ce3dc464f020"}], 0x280, 0x40}, 0x2}, {{&(0x7f0000001e00)=@pppol2tp={0x18, 0x1, {0x0, r0, {0x2, 0x4e20, @rand_addr=0x5}, 0x0, 0x2, 0x3, 0x3}}, 0x80, &(0x7f0000002040)=[{&(0x7f0000001e80)="2f8c2ea02dadcbc75e31018dc035a20a7630813c7e9d558af8a4d53b8169826d8f0e0cfbec47add14b863daaad9609ab9c3edc43fec690897eb6e2f3bd9ebd1660f521104d81d9a45b841849ac1c056464b45f3ef3c9b77bf006fbf4495d657292e0314226feeac5d4ec1385360189f5fb8dcf91d3121aeec3d9ec0f6e0c4b6db5c1b2c18146385bb5ede9702f1d1c0347a55cea5236746e52984d54dd68", 0x9e}, {&(0x7f0000001f40)="893bdb0865a2c5dd3aadf61105e0723821b3116fc55f9bae4f0a2662469d525da5045999c131a4d93963163ad5637e72fff29e102f69e9919f9902940f265f6fed554b63469c", 0x46}, {&(0x7f0000001fc0)="2d12a939596a8ad86bccc528fa25f578bf8b78e4a9f7e9e2ae17d79b82e7dea4a683d906d603ada2cf05064498b670d2e29354f3a14e04d1e113bde93ca8f33d17cddecea9a9af4c", 0x48}], 0x3, &(0x7f0000002080)=[{0x48, 0x119, 0x8001, "63f7a3e1c0addaabd1fc01047a0675debd2c520e25d67f12cdb18ad798f3237e18fbe14fcb3b021b371f19cf2adcae577866d0869b"}, {0x70, 0x3a, 0x5b2, "e08efda762e6e4abdb673e930a9b11a63c6774a3e747cc59a018a221bde67a785966eb0c55986a34af82fc8f0f899726aeea2ca09d859df8fe7578e216e8b9213f6d58fe312b00b7e0bd5bb06b842985110c1d3413c4b7a85fa6ce1cf5c5f2"}, {0xa0, 0x10b, 0x7, "cc63b985c1931e9fc531b421ae766fbf8f2d24df68470bf62afeb480730fbc16aa4bbf99a28fe04c33046ff2abd413c81293f007e611c447776a07f89d740c03a96632b8224288daadca99f2e322c13a5d7c2ec65508afe4958ef3c7820b50eaf83e2e1d64c35ad1db5167a31b4900882fa5a8b340a61c5e549be60b221c44e20c1317907909109fb78b4ca485"}], 0x158, 0x10}, 0xfffffffffffffff7}], 0x3, 0x90796e0d57fa06ca)
fcntl$setsig(r0, 0xa, 0x36)
ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000022c0)={0x0, 0x0, 0x1, 0x0, [], [{0x6ee, 0x8fd, 0x81, 0x2, 0x6, 0x6}, {0x1, 0x5517, 0x366340cc, 0x1, 0x80, 0x3f}], [[]]})
ioctl$sock_SIOCADDDLCI(r0, 0x8980, &(0x7f00000023c0)={'veth0_to_bond\x00', 0x4})
getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000002440)={{{@in6=@local, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0, <r4=>0x0}}, {{@in6=@loopback}, 0x0, @in=@multicast1}}, &(0x7f0000002540)=0xe8)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000002580)={<r5=>0x0, 0x0, <r6=>0x0}, &(0x7f00000025c0)=0xc)
getgroups(0x2, &(0x7f0000002600)=[<r7=>0xee00, 0xee01])
fsetxattr$system_posix_acl(r0, &(0x7f0000002400)='system.posix_acl_access\x00', &(0x7f0000002640)={{}, {0x1, 0x2}, [{0x2, 0x4, r4}], {0x4, 0x4}, [{0x8, 0x1, r6}, {0x8, 0x1, r7}], {0x10, 0x2}, {0x20, 0x4}}, 0x3c, 0x3)
ioctl$VT_RELDISP(r0, 0x5605)
syz_kvm_setup_cpu$x86(r0, r0, &(0x7f0000fe7000/0x18000)=nil, &(0x7f00000026c0)=[@text32={0x20, &(0x7f0000002680)="dac90f01c9b817a700000f23c00f21f83500000b000f23f8260f08d1e9f46564660f38820367660f38811d66b801018ee80f06", 0x33}], 0x1, 0x14, &(0x7f0000002700)=[@vmwrite={0x8, 0x0, 0xff, 0x0, 0x8, 0x0, 0xffffffffffffff81, 0x0, 0x1f}, @efer={0x2, 0x1400}], 0x2)
sendmsg$xdp(r0, &(0x7f0000002800)={&(0x7f0000002740)={0x2c, 0x7, r3, 0x22}, 0x10, &(0x7f00000027c0)=[{&(0x7f0000002780)="fb6d767de32522821c70ac76a76cb5ea0bdd71f016cb8d5438838fe4c5377aa7c0ac1f43795ce03f9f19ad06ea84b3d2f82535c8594f93261e7d4d1f77", 0x3d}], 0x1, 0x0, 0x0, 0x40}, 0x4000)
ioctl$KVM_IRQ_LINE_STATUS(r0, 0xc008ae67, &(0x7f0000002840)={0xffffffff80000001, 0x9})
r8 = openat$rtc(0xffffffffffffff9c, &(0x7f0000002880)='/dev/rtc0\x00', 0x40, 0x0)
ioctl$TIOCNXCL(r8, 0x540d)
syz_open_dev$sndmidi(&(0x7f00000028c0)='/dev/snd/midiC#D#\x00', 0x820, 0x80)
open_by_handle_at(r0, &(0x7f0000002900)={0x4b, 0x61, "8de80837483b92fd0f3e8e5947e08d4eb974ca7cf7d8f34254fcaa1850774d3e1069958fad492c67837049abddaadb58b67c47158e37630a96f8ec55a893ca406ee9a9"}, 0x80)
r9 = syz_open_procfs(r5, &(0x7f0000002980)='net/udplite\x00')
ioctl$KVM_IRQFD(r9, 0x4020ae76, &(0x7f00000029c0)={r9, 0x2000000, 0x3, r0})
mkdirat(r9, &(0x7f0000002a00)='./file0\x00', 0x8)
setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000002a40)={r2, 0x1ff}, 0x8)
kcmp$KCMP_EPOLL_TFD(r5, r5, 0x7, r9, &(0x7f0000002a80)={r0, r8, 0x6})
ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000002ac0)=""/217)
ioctl$VIDIOC_STREAMON(r0, 0x40045612, &(0x7f0000002bc0)=0x7ff)

21:48:54 executing program 0:
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
getxattr(&(0x7f0000000700)='./file0\x00', &(0x7f0000000340)=@known='security.capability\x00', 0x0, 0x0)

[  408.847297] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  408.856268] team0: Port device team_slave_0 added
[  409.046639] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  409.141562] IPVS: ftp: loaded support on port[0] = 21
[  409.151484] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  409.160731] team0: Port device team_slave_1 added
[  409.462474] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  409.469566] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  409.478882] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  409.857302] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  409.864516] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  409.873956] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  410.241519] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  410.249544] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  410.258854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  410.406671] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  410.413297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  410.421509] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  410.630801] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  410.638801] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  410.648364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
21:48:57 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
msgget$private(0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000000)={0x0, 0x6, 0x0, 0x0, 0x0, 0x9917}, 0x0)
r0 = syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x1, 0x0)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000000)=0x1000)
mmap(&(0x7f0000ffc000/0x3000)=nil, 0x200000, 0xfffffffffffffffd, 0x2012, r0, 0x0)
mlockall(0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
pipe(&(0x7f0000000680))
timer_create(0x0, 0x0, 0x0)
timer_delete(0x0)
write(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000540)={0x0, <r1=>0x0})
pselect6(0x40, &(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0)
setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, &(0x7f0000000080)=0x2, 0x4)

[  411.810457] 8021q: adding VLAN 0 to HW filter on device team0
[  414.149342] bridge0: port 2(bridge_slave_1) entered blocking state
[  414.156031] bridge0: port 2(bridge_slave_1) entered forwarding state
[  414.163434] bridge0: port 1(bridge_slave_0) entered blocking state
[  414.170041] bridge0: port 1(bridge_slave_0) entered forwarding state
[  414.179711] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  414.292083] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  414.801036] bridge0: port 1(bridge_slave_0) entered blocking state
[  414.807797] bridge0: port 1(bridge_slave_0) entered disabled state
[  414.816827] device bridge_slave_0 entered promiscuous mode
[  415.147981] bridge0: port 2(bridge_slave_1) entered blocking state
[  415.154718] bridge0: port 2(bridge_slave_1) entered disabled state
[  415.163473] device bridge_slave_1 entered promiscuous mode
[  415.440383] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  415.774760] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  416.605046] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  416.900608] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  417.174402] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  417.181477] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  417.361458] 8021q: adding VLAN 0 to HW filter on device bond0
[  417.450370] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  417.457590] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  418.204079] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  418.360057] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  418.369164] team0: Port device team_slave_0 added
[  418.614527] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  418.623978] team0: Port device team_slave_1 added
[  418.947932] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  418.955203] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  418.965400] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  419.239061] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  419.245648] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  419.254142] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  419.376892] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  419.384180] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  419.393810] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  419.742763] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  419.750502] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  419.759883] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  420.028781] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  420.036719] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  420.046183] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  420.692089] 8021q: adding VLAN 0 to HW filter on device team0
21:49:08 executing program 2:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000240))

[  423.191822] bridge0: port 2(bridge_slave_1) entered blocking state
[  423.198424] bridge0: port 2(bridge_slave_1) entered forwarding state
[  423.205774] bridge0: port 1(bridge_slave_0) entered blocking state
[  423.212437] bridge0: port 1(bridge_slave_0) entered forwarding state
[  423.222332] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  423.228937] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  425.099484] 8021q: adding VLAN 0 to HW filter on device bond0
[  425.869808] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
21:49:12 executing program 3:
epoll_create1(0x0)
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc\x00', 0x0, 0x0)
pread64(r0, &(0x7f0000000000)=""/211, 0xd3, 0x0)
ioctl$RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000100)={0x2, 0x0, {0x0, 0x0, 0x0, 0x1e, 0x0, 0x64}})
poll(&(0x7f00000001c0), 0x0, 0x0)

[  426.552604] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  426.559079] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  426.567482] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  427.086996] 8021q: adding VLAN 0 to HW filter on device team0
[  430.138405] 8021q: adding VLAN 0 to HW filter on device bond0
[  430.657425] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
21:49:16 executing program 4:

21:49:16 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$IPVS_CMD_DEL_DAEMON(r3, &(0x7f0000000440)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)={0x14, 0x0, 0x200, 0x70bd25, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x20000040)
write(0xffffffffffffffff, 0x0, 0x0)
clock_gettime(0x0, &(0x7f0000000180)={0x0, <r4=>0x0})
write$binfmt_misc(r0, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup3(r1, r0, 0x0)
bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0)
pselect6(0x40, &(0x7f00000000c0), &(0x7f0000000100)={0x20}, &(0x7f0000000140)={0x8}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

21:49:16 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
msgget$private(0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000000)={0x0, 0x6, 0x0, 0x0, 0x0, 0x9917}, 0x0)
r0 = syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x1, 0x0)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000000)=0x1000)
mmap(&(0x7f0000ffc000/0x3000)=nil, 0x200000, 0xfffffffffffffffd, 0x2012, r0, 0x0)
mlockall(0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
pipe(&(0x7f0000000680))
timer_create(0x0, 0x0, 0x0)
timer_delete(0x0)
write(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000540)={0x0, <r1=>0x0})
pselect6(0x40, &(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0)
setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, &(0x7f0000000080)=0x2, 0x4)

21:49:16 executing program 2:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000004fc8)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f0000006000)="1b0000005200030f07fffd946fa283bc04eee6d87986c497271d85", 0x1b}], 0x1}, 0x0)
read(r0, &(0x7f0000000280)=""/151, 0x97)

21:49:16 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x3, 0x3c)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @remote, 0x6}, 0x5d)
write$binfmt_script(r0, &(0x7f0000002ec0)=ANY=[@ANYBLOB="2121202e2f6669afdd0c0a"], 0xb)

21:49:17 executing program 2:

21:49:17 executing program 4:

[  431.488840] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  431.495226] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  431.503681] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  431.889944] 8021q: adding VLAN 0 to HW filter on device team0
21:49:19 executing program 3:

21:49:19 executing program 1:

21:49:19 executing program 5:

21:49:19 executing program 2:

21:49:19 executing program 4:

21:49:19 executing program 0:

21:49:20 executing program 1:

21:49:20 executing program 3:

21:49:20 executing program 2:

21:49:20 executing program 0:

21:49:20 executing program 4:

21:49:20 executing program 5:

21:49:20 executing program 3:

21:49:20 executing program 1:

21:49:20 executing program 2:

21:49:20 executing program 4:

21:49:20 executing program 0:

21:49:20 executing program 2:

21:49:20 executing program 5:

21:49:20 executing program 1:

21:49:20 executing program 3:

21:49:20 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070")
recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000300)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000080)="6e65742f6970365f6d725f636163686500d3f43df9e5cce51c9592ea641acf9847fa82bae338e744e205b599e2ec0ab64e5563c1ba00010026da30e412a0bc22651095511dfca2551bc8005782d8ff3b27f764130482eca9ea7806c37c11f5251fc89b268f79555675c451dad9fa7891639fcd0d3db63f0cfb28b8972cbb255207dbfbfede398e140001993726752554f55b9298500824d3300d1623ca")
preadv(r1, &(0x7f00000017c0), 0x199, 0x67)

21:49:21 executing program 2:
r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
r2 = openat$cgroup_int(r1, &(0x7f0000000040)='rdma.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000000)='./cgroup\x00')
close(r2)

21:49:21 executing program 3:
r0 = syz_open_dev$sndseq(&(0x7f0000000200)='/dev/snd/seq\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000418f50)={{0x80}, "0a4ceaa05d9a00000000000000039b3fd4cec307e8ef3d13eb790ec9c65abaf90d229db692542e5b78f8b29e0a27800f0000000000000009fb42f376589701a4"})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40a85321, &(0x7f0000000080)={0x80})
openat$sequencer2(0xffffffffffffff9c, 0x0, 0x0, 0x0)

21:49:21 executing program 1:
clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
syz_execute_func(&(0x7f0000000280)="3666440f50f564ff0941c366440f56c9c4c27d794e0066420fe2e3c441dfd04b00c442019dccd3196f")
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151)
connect$inet6(r0, &(0x7f0000000580), 0x1c)
r1 = dup2(r0, r0)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x131f64)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$sock_SIOCADDDLCI(r0, 0x8980, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r1, 0x0, 0x43, 0x0, &(0x7f0000000080))

21:49:21 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000380)="0f0766b818008ed80f20e035000040000f22e00faea66647000066ba2000b801000000efc4c13565d4b805000000b9f4ce05c80f01d9670f01750c66b8e3000f00d8c4c2e99626", 0x47}], 0x1, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:49:21 executing program 5:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x200000000000a, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={"0000000000000000000000000200", 0x20000015001})
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
write$tun(r0, &(0x7f0000000340)={@void, @val={0x1, 0x0, 0x8}, @mpls={[], @ipv6={0x0, 0x6, "314092", 0x18, 0x0, 0x0, @dev, @mcast2, {[], @icmpv6=@mld={0x0, 0x0, 0x0, 0x0, 0x0, @dev}}}}}, 0xff23)

21:49:21 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000, 0x0, 0x0, 0x20000, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100)='/dev/zero\x00', 0x8000, 0x0)
clone(0x30100, &(0x7f00000000c0)="333815e78ee405879d96e4fdd1", 0x0, &(0x7f0000000180), &(0x7f0000000440)="8064d64b4fab9f63747bd32032834a28b3df8244ab46e55aeb2e8e72d4ab6cfa3f0d4e8210441f95412eb9c1920a2eb1a466bb26223fabd9003f6b9dd07fe60d3dbb6b4455adff38fdacb24a097165ce5bfed70b68a0ef6bcfeeab95558a410dd433b37567bf1ecb720a11ebdcce7e91a63a18fa04370aaaf1084139f6dd29a0e3611d4f033a023ff63659091f24eb75e84e0e81e803a1a256")
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000340)='/dev/loop-control\x00', 0x20000040, 0x0)
ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000300)=0x7)
sendto$packet(r0, &(0x7f0000000040)="1787d88bee7cecab2065de115213d575f0f84a2b41a916e08d1df5228ad3d8cc04fcf53e6e9f2bc02cc3eec2518702309b6dc29ba050c657cc6221b74f6ef72a015d9ee804f69843a100947009072a7afb7d5f94", 0x54, 0x4005, 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000002c0)={0x0, 0x0}, 0x10)
prctl$PR_GET_ENDIAN(0x13, &(0x7f0000000280))
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000380)={0x51ec, {{0x2, 0x4e24, @local}}}, 0x88)
bind$inet(r2, &(0x7f0000000100)={0x2, 0x4e23, @rand_addr=0x3}, 0x10)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x8101, 0x0)
io_setup(0x100, &(0x7f00000001c0))
sendto$inet(r2, 0x0, 0x0, 0x20000003, &(0x7f0000000040)={0x2, 0x1000004e23, @local}, 0x10)
ioctl$KDSETMODE(r3, 0x4b3a, 0xffff)
r4 = memfd_create(&(0x7f0000000200)='Pev ', 0x0)
ftruncate(0xffffffffffffffff, 0x200739)
sendfile(r2, r4, &(0x7f0000000240)=0xfa0, 0xa00004000000004)

[  435.270584] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  435.278162] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  435.335994] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
21:49:21 executing program 2:
r0 = socket(0x11, 0x802, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={"7465616d30001000"})
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000240)={"7465616d300000ffffffc00000100007", 0x4bfd})

21:49:21 executing program 3:
r0 = syz_open_dev$sndseq(&(0x7f0000000200)='/dev/snd/seq\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000418f50)={{0x80}, "0a4ceaa05d9a00000000000000039b3fd4cec307e8ef3d13eb790ec9c65abaf90d229db692542e5b78f8b29e0a27800f0000000000000009fb42f376589701a4"})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40a85321, &(0x7f0000000080)={0x80})
openat$sequencer2(0xffffffffffffff9c, 0x0, 0x0, 0x0)

[  435.526959] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
21:49:21 executing program 1:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu\x00', 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f00000000c0)='cpuset.memory_spread_page\x00', 0x2, 0x0)
write$cgroup_int(r1, &(0x7f0000000100), 0x12)

[  435.631446] device team0 entered promiscuous mode
[  435.636656] device team_slave_0 entered promiscuous mode
[  435.642802] device team_slave_1 entered promiscuous mode
[  435.653208] 8021q: adding VLAN 0 to HW filter on device team0
[  435.732858] device team0 left promiscuous mode
[  435.737722] device team_slave_0 left promiscuous mode
[  435.744334] device team_slave_1 left promiscuous mode
[  435.764086] device team0 entered promiscuous mode
[  435.769022] device team_slave_0 entered promiscuous mode
[  435.775096] device team_slave_1 entered promiscuous mode
[  435.784514] 8021q: adding VLAN 0 to HW filter on device team0
21:49:21 executing program 3:
r0 = syz_open_dev$sndseq(&(0x7f0000000200)='/dev/snd/seq\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000418f50)={{0x80}, "0a4ceaa05d9a00000000000000039b3fd4cec307e8ef3d13eb790ec9c65abaf90d229db692542e5b78f8b29e0a27800f0000000000000009fb42f376589701a4"})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40a85321, &(0x7f0000000080)={0x80})
openat$sequencer2(0xffffffffffffff9c, 0x0, 0x0, 0x0)

21:49:22 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_opts(r0, 0x29, 0x39, &(0x7f000042d000)=@routing={0x0, 0x2, 0x2, 0x80000001, 0x0, [@mcast1]}, 0x18)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r1, 0x20000200008912, &(0x7f00000001c0)="0a5c2d0240316285717070")
setsockopt$inet6_opts(r0, 0x29, 0x37, 0x0, 0x0)

21:49:22 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000, 0x0, 0x0, 0x20000, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100)='/dev/zero\x00', 0x8000, 0x0)
clone(0x30100, &(0x7f00000000c0)="333815e78ee405879d96e4fdd1", 0x0, &(0x7f0000000180), &(0x7f0000000440)="8064d64b4fab9f63747bd32032834a28b3df8244ab46e55aeb2e8e72d4ab6cfa3f0d4e8210441f95412eb9c1920a2eb1a466bb26223fabd9003f6b9dd07fe60d3dbb6b4455adff38fdacb24a097165ce5bfed70b68a0ef6bcfeeab95558a410dd433b37567bf1ecb720a11ebdcce7e91a63a18fa04370aaaf1084139f6dd29a0e3611d4f033a023ff63659091f24eb75e84e0e81e803a1a256")
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000340)='/dev/loop-control\x00', 0x20000040, 0x0)
ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000300)=0x7)
sendto$packet(r0, &(0x7f0000000040)="1787d88bee7cecab2065de115213d575f0f84a2b41a916e08d1df5228ad3d8cc04fcf53e6e9f2bc02cc3eec2518702309b6dc29ba050c657cc6221b74f6ef72a015d9ee804f69843a100947009072a7afb7d5f94", 0x54, 0x4005, 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000002c0)={0x0, 0x0}, 0x10)
prctl$PR_GET_ENDIAN(0x13, &(0x7f0000000280))
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000380)={0x51ec, {{0x2, 0x4e24, @local}}}, 0x88)
bind$inet(r2, &(0x7f0000000100)={0x2, 0x4e23, @rand_addr=0x3}, 0x10)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x8101, 0x0)
io_setup(0x100, &(0x7f00000001c0))
sendto$inet(r2, 0x0, 0x0, 0x20000003, &(0x7f0000000040)={0x2, 0x1000004e23, @local}, 0x10)
ioctl$KDSETMODE(r3, 0x4b3a, 0xffff)
r4 = memfd_create(&(0x7f0000000200)='Pev ', 0x0)
ftruncate(0xffffffffffffffff, 0x200739)
sendfile(r2, r4, &(0x7f0000000240)=0xfa0, 0xa00004000000004)

21:49:22 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000, 0x0, 0x0, 0x20000, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100)='/dev/zero\x00', 0x8000, 0x0)
clone(0x30100, &(0x7f00000000c0)="333815e78ee405879d96e4fdd1", 0x0, &(0x7f0000000180), &(0x7f0000000440)="8064d64b4fab9f63747bd32032834a28b3df8244ab46e55aeb2e8e72d4ab6cfa3f0d4e8210441f95412eb9c1920a2eb1a466bb26223fabd9003f6b9dd07fe60d3dbb6b4455adff38fdacb24a097165ce5bfed70b68a0ef6bcfeeab95558a410dd433b37567bf1ecb720a11ebdcce7e91a63a18fa04370aaaf1084139f6dd29a0e3611d4f033a023ff63659091f24eb75e84e0e81e803a1a256")
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000340)='/dev/loop-control\x00', 0x20000040, 0x0)
ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000300)=0x7)
sendto$packet(r0, &(0x7f0000000040)="1787d88bee7cecab2065de115213d575f0f84a2b41a916e08d1df5228ad3d8cc04fcf53e6e9f2bc02cc3eec2518702309b6dc29ba050c657cc6221b74f6ef72a015d9ee804f69843a100947009072a7afb7d5f94", 0x54, 0x4005, 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000002c0)={0x0, 0x0}, 0x10)
prctl$PR_GET_ENDIAN(0x13, &(0x7f0000000280))
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000380)={0x51ec, {{0x2, 0x4e24, @local}}}, 0x88)
bind$inet(r2, &(0x7f0000000100)={0x2, 0x4e23, @rand_addr=0x3}, 0x10)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x8101, 0x0)
io_setup(0x100, &(0x7f00000001c0))
sendto$inet(r2, 0x0, 0x0, 0x20000003, &(0x7f0000000040)={0x2, 0x1000004e23, @local}, 0x10)
ioctl$KDSETMODE(r3, 0x4b3a, 0xffff)
r4 = memfd_create(&(0x7f0000000200)='Pev ', 0x0)
ftruncate(0xffffffffffffffff, 0x200739)
sendfile(r2, r4, &(0x7f0000000240)=0xfa0, 0xa00004000000004)

21:49:22 executing program 2:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x202, 0x0)
mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x0, 0x20011, r0, 0x0)
mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x20011, r0, 0x0)

21:49:22 executing program 3:
r0 = syz_open_dev$sndseq(&(0x7f0000000200)='/dev/snd/seq\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000418f50)={{0x80}, "0a4ceaa05d9a00000000000000039b3fd4cec307e8ef3d13eb790ec9c65abaf90d229db692542e5b78f8b29e0a27800f0000000000000009fb42f376589701a4"})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40a85321, &(0x7f0000000080)={0x80})
openat$sequencer2(0xffffffffffffff9c, 0x0, 0x0, 0x0)

21:49:22 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000380)="0f0766b818008ed80f20e035000040000f22e00faea66647000066ba2000b801000000efc4c13565d4b805000000b9f4ce05c80f01d9670f01750c66b8e3000f00d8c4c2e99626", 0x47}], 0x1, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:49:22 executing program 3:
r0 = syz_open_dev$sndseq(&(0x7f0000000200)='/dev/snd/seq\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000418f50)={{0x80}, "0a4ceaa05d9a00000000000000039b3fd4cec307e8ef3d13eb790ec9c65abaf90d229db692542e5b78f8b29e0a27800f0000000000000009fb42f376589701a4"})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40a85321, &(0x7f0000000080)={0x80})

21:49:22 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000380)="0f0766b818008ed80f20e035000040000f22e00faea66647000066ba2000b801000000efc4c13565d4b805000000b9f4ce05c80f01d9670f01750c66b8e3000f00d8c4c2e99626", 0x47}], 0x1, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:49:22 executing program 2:
openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x602000, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x8, 0x4, 0x4, 0x400}, 0x2c)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x10020000000, 0x0}, 0x2c)

21:49:22 executing program 3:
r0 = syz_open_dev$sndseq(&(0x7f0000000200)='/dev/snd/seq\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000418f50)={{0x80}, "0a4ceaa05d9a00000000000000039b3fd4cec307e8ef3d13eb790ec9c65abaf90d229db692542e5b78f8b29e0a27800f0000000000000009fb42f376589701a4"})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40a85321, &(0x7f0000000080)={0x80})

21:49:22 executing program 4:

21:49:22 executing program 1:

21:49:23 executing program 2:

21:49:23 executing program 3:
r0 = syz_open_dev$sndseq(&(0x7f0000000200)='/dev/snd/seq\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40a85321, &(0x7f0000000080)={0x80})

21:49:23 executing program 1:

21:49:23 executing program 4:

21:49:23 executing program 2:

21:49:23 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000380)="0f0766b818008ed80f20e035000040000f22e00faea66647000066ba2000b801000000efc4c13565d4b805000000b9f4ce05c80f01d9670f01750c66b8e3000f00d8c4c2e99626", 0x47}], 0x1, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:49:23 executing program 5:

21:49:23 executing program 2:

21:49:23 executing program 3:
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(0xffffffffffffffff, 0xc0a85320, &(0x7f0000418f50)={{0x80}, "0a4ceaa05d9a00000000000000039b3fd4cec307e8ef3d13eb790ec9c65abaf90d229db692542e5b78f8b29e0a27800f0000000000000009fb42f376589701a4"})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0x40a85321, &(0x7f0000000080)={0x80})

21:49:23 executing program 1:

21:49:23 executing program 4:

21:49:23 executing program 4:

21:49:23 executing program 3:
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(0xffffffffffffffff, 0xc0a85320, &(0x7f0000418f50)={{0x80}, "0a4ceaa05d9a00000000000000039b3fd4cec307e8ef3d13eb790ec9c65abaf90d229db692542e5b78f8b29e0a27800f0000000000000009fb42f376589701a4"})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0x40a85321, &(0x7f0000000080)={0x80})

21:49:23 executing program 1:

21:49:23 executing program 5:

21:49:24 executing program 2:

21:49:24 executing program 4:

21:49:24 executing program 3:
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(0xffffffffffffffff, 0xc0a85320, &(0x7f0000418f50)={{0x80}, "0a4ceaa05d9a00000000000000039b3fd4cec307e8ef3d13eb790ec9c65abaf90d229db692542e5b78f8b29e0a27800f0000000000000009fb42f376589701a4"})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0x40a85321, &(0x7f0000000080)={0x80})

21:49:24 executing program 0:

21:49:24 executing program 2:

21:49:24 executing program 1:

21:49:24 executing program 4:

21:49:24 executing program 5:

21:49:24 executing program 2:

21:49:24 executing program 5:

21:49:24 executing program 0:

21:49:24 executing program 3:
r0 = syz_open_dev$sndseq(0x0, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000418f50)={{0x80}, "0a4ceaa05d9a00000000000000039b3fd4cec307e8ef3d13eb790ec9c65abaf90d229db692542e5b78f8b29e0a27800f0000000000000009fb42f376589701a4"})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40a85321, &(0x7f0000000080)={0x80})

21:49:24 executing program 1:

21:49:24 executing program 4:

21:49:24 executing program 2:

21:49:25 executing program 5:

21:49:25 executing program 4:

21:49:25 executing program 1:

21:49:25 executing program 0:

21:49:25 executing program 3:
r0 = syz_open_dev$sndseq(0x0, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000418f50)={{0x80}, "0a4ceaa05d9a00000000000000039b3fd4cec307e8ef3d13eb790ec9c65abaf90d229db692542e5b78f8b29e0a27800f0000000000000009fb42f376589701a4"})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40a85321, &(0x7f0000000080)={0x80})

21:49:25 executing program 2:

21:49:25 executing program 4:

21:49:25 executing program 5:

21:49:25 executing program 0:

21:49:25 executing program 3:
r0 = syz_open_dev$sndseq(0x0, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000418f50)={{0x80}, "0a4ceaa05d9a00000000000000039b3fd4cec307e8ef3d13eb790ec9c65abaf90d229db692542e5b78f8b29e0a27800f0000000000000009fb42f376589701a4"})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40a85321, &(0x7f0000000080)={0x80})

21:49:25 executing program 1:

21:49:25 executing program 0:

21:49:25 executing program 2:

21:49:25 executing program 5:

21:49:25 executing program 4:

21:49:25 executing program 0:

21:49:25 executing program 1:

21:49:25 executing program 5:

21:49:25 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_XCRS(r2, 0x4188aea7, &(0x7f0000000000)={0x1, 0x0, [{0x0, 0x0, 0x7}]})

21:49:25 executing program 3:
r0 = syz_open_dev$sndseq(&(0x7f0000000200)='/dev/snd/seq\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(0xffffffffffffffff, 0xc0a85320, &(0x7f0000418f50)={{0x80}, "0a4ceaa05d9a00000000000000039b3fd4cec307e8ef3d13eb790ec9c65abaf90d229db692542e5b78f8b29e0a27800f0000000000000009fb42f376589701a4"})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40a85321, &(0x7f0000000080)={0x80})

21:49:26 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={<r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
clock_gettime(0x0, 0x0)
clock_settime(0x0, &(0x7f0000000080))

21:49:26 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000012, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x0, 0x0, @loopback}, 0x1c)

21:49:26 executing program 1:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x200000000000a, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={"0000000000000000000000000200", 0x20000015001})
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
write$tun(r0, &(0x7f0000000340)={@void, @val={0x1}, @mpls={[], @ipv6={0x0, 0x6, "314092", 0x18, 0x3a, 0x0, @dev, @mcast2, {[], @icmpv6=@mld={0x0, 0x0, 0x0, 0x0, 0x0, @dev}}}}}, 0xff23)

21:49:26 executing program 4:
bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, 0xffffffffffffff9c}, 0x2c)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000040))
r1 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x5, 0x0)
ioctl$RNDZAPENTCNT(r1, 0x5204, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x800000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0)
ioctl$LOOP_SET_CAPACITY(r1, 0x4c07)
ioctl$TCSETS(r2, 0x40045431, &(0x7f00003b9fdc))
syz_open_dev$vcsa(&(0x7f00000000c0)='/dev/vcsa#\x00', 0x100, 0x200800)
socket$inet_sctp(0x2, 0x5, 0x84)
syz_open_pts(r2, 0x0)
unshare(0x40000100)
write(r2, &(0x7f0000c34fff), 0xffffff0b)
ioctl$TCSETS(r2, 0x5402, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x3})
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0)

[  440.277596] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  440.284528] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
21:49:26 executing program 2:
clone(0x202102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = socket$inet(0x2, 0x80001, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000000100)=0x1, 0xfb)
bind$inet(r0, &(0x7f0000738ff0)={0x2, 0x4e21, @multicast1}, 0x10)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e23, @multicast1}, 0x10)
connect$inet(r0, &(0x7f00000e5000)={0x2, 0x4e23, @loopback, [0x1800000000000003]}, 0x10)

21:49:26 executing program 3:
r0 = syz_open_dev$sndseq(&(0x7f0000000200)='/dev/snd/seq\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40a85321, &(0x7f0000000080)={0x80})

[  440.435941] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
21:49:26 executing program 0:
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0xce, &(0x7f0000000300)=""/206}, 0x48)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000"], 0x0}, 0x48)
bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000140)='./file0\x00'}, 0x10)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000001c80)={&(0x7f0000000540)=@pptp={0x18, 0x2, {0x0, @broadcast}}, 0x80, &(0x7f0000001b80)=[{&(0x7f0000000440)=""/49, 0x31}, {&(0x7f0000000780)=""/123, 0x7b}, {&(0x7f0000001880)=""/198, 0xc6}, {&(0x7f0000000800)=""/59, 0x3b}, {&(0x7f0000001980)=""/76, 0x4c}, {&(0x7f0000000840)=""/57, 0x39}, {&(0x7f0000001a00)=""/222, 0xde}, {&(0x7f0000001b00)=""/23, 0x17}, {&(0x7f0000001b40)=""/27, 0x1b}], 0x9, &(0x7f0000001c40)=""/38, 0x26, 0x3f}, 0x40012022)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x18000000000002a0, 0x34, 0x0, &(0x7f0000000280)="b90703e6680d698cb89e40f02cead5dc57ee41dea43e63a377fb8a977c3f1d1788e8ad30d84648a27f11c72be0000e01e1977d48", 0x0, 0x100}, 0x28)
socketpair(0x1, 0x2000000001, 0x0, &(0x7f0000000740))

21:49:27 executing program 2:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
shmat(0x0, &(0x7f0000ffe000/0x2000)=nil, 0x4000)

[  444.145761] clocksource: timekeeping watchdog on CPU1: Marking clocksource 'tsc' as unstable because the skew is too large:
[  444.157227] clocksource:                       'acpi_pm' wd_now: cb79c9 wd_last: fbbb9 mask: ffffff
[  444.166638] clocksource:                       'tsc' cs_now: f35fb2bcf5 cs_last: f1887ac7bd mask: ffffffffffffffff
[  444.177284] tsc: Marking TSC unstable due to clocksource watchdog
[  444.197451] TSC found unstable after boot, most likely due to broken BIOS. Use 'tsc=unstable'.
[  444.206366] sched_clock: Marking unstable (444265722826, -68306200)<-(444321500891, -124083920)
[  444.869237] clocksource: Switched to clocksource acpi_pm
21:49:31 executing program 2:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f000051cff6)='/dev/ptmx\x00', 0x0, 0x0)
r1 = gettid()
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
readv(r0, &(0x7f0000dcdff0)=[{&(0x7f0000cd8000)=""/1, 0x1}], 0x1)
ioctl$int_in(r2, 0x5452, &(0x7f0000b28000)=0x3e)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000fb9000))
fcntl$setsig(r2, 0xa, 0x12)
poll(&(0x7f0000b2c000)=[{r3}], 0x1, 0xfffffffffffffff8)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000080))
dup2(r2, r3)
fcntl$setown(r3, 0x8, r1)
tkill(r1, 0x14)

21:49:31 executing program 0:
perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x800000000040, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = gettid()
tgkill(r0, r0, 0x0)

21:49:31 executing program 3:
r0 = syz_open_dev$sndseq(&(0x7f0000000200)='/dev/snd/seq\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000418f50)={{}, "0a4ceaa05d9a00000000000000039b3fd4cec307e8ef3d13eb790ec9c65abaf90d229db692542e5b78f8b29e0a27800f0000000000000009fb42f376589701a4"})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40a85321, &(0x7f0000000080)={0x80})

21:49:31 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0)
read(r0, &(0x7f0000000600)=""/11, 0x232)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000140))
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000080), 0x1c)
r2 = dup2(r1, r1)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x132186)
syz_execute_func(&(0x7f00000000c0)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccc463f960ffb56f")
clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000100)={@dev, 0x0, 0x2}, 0x20)
ioctl$TCSETA(r0, 0x5406, 0x0)

21:49:31 executing program 0:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
shmat(0x0, &(0x7f0000ffe000/0x2000)=nil, 0x4000)
r0 = shmget(0x1, 0x3000, 0x21, &(0x7f0000ffd000/0x3000)=nil)
shmctl$IPC_RMID(r0, 0x0)

21:49:31 executing program 3:
r0 = syz_open_dev$sndseq(&(0x7f0000000200)='/dev/snd/seq\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000418f50)={{0x80}, "0a4ceaa05d9a00000000000000039b3fd4cec307e8ef3d13eb790ec9c65abaf90d229db692542e5b78f8b29e0a27800f0000000000000009fb42f376589701a4"})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0x40a85321, &(0x7f0000000080)={0x80})

21:49:32 executing program 1:
clone(0x200, 0x0, 0x0, 0x0, 0x0)
mknod(&(0x7f0000000380)='./file0\x00', 0x1040, 0x0)
execve(&(0x7f0000000340)='./file0\x00', 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptmx\x00', 0x0, 0x0)
read(r0, &(0x7f0000000200)=""/11, 0x38)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040))
syz_execute_func(&(0x7f00000002c0)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f")
clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
execve(&(0x7f0000000180)='./file1\x00', 0x0, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$sock_inet_SIOCGIFBRDADDR(r1, 0x8919, 0x0)
open$dir(&(0x7f0000000140)='./file0\x00', 0x841, 0x0)

21:49:32 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0)
read(r0, &(0x7f0000000040)=""/11, 0xfd32)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000001c0))
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100))
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140))

21:49:32 executing program 4:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'xcbc(aes-fixed-time)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000000)="0a0775b005e3139d225c54dbb7c05809", 0x10)

21:49:32 executing program 3:
r0 = syz_open_dev$sndseq(&(0x7f0000000200)='/dev/snd/seq\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000418f50)={{0x80}, "0a4ceaa05d9a00000000000000039b3fd4cec307e8ef3d13eb790ec9c65abaf90d229db692542e5b78f8b29e0a27800f0000000000000009fb42f376589701a4"})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40a85321, 0x0)

21:49:32 executing program 2:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f000051cff6)='/dev/ptmx\x00', 0x0, 0x0)
r1 = gettid()
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
readv(r0, &(0x7f0000dcdff0)=[{&(0x7f0000cd8000)=""/1, 0x1}], 0x1)
ioctl$int_in(r2, 0x5452, &(0x7f0000b28000)=0x3e)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000fb9000))
fcntl$setsig(r2, 0xa, 0x12)
poll(&(0x7f0000b2c000)=[{r3}], 0x1, 0xfffffffffffffff8)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000080))
dup2(r2, r3)
fcntl$setown(r3, 0x8, r1)
tkill(r1, 0x14)

21:49:32 executing program 5:
mkdir(&(0x7f0000000300)='./file0\x00', 0x0)
mount(&(0x7f0000000180)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='ntfs\x00', 0x0, 0x0)

21:49:32 executing program 5:
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0}, 0x48)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000"], 0x0}, 0x48)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000001c80)={&(0x7f0000000540)=@pptp={0x18, 0x2, {0x0, @broadcast}}, 0x80, &(0x7f0000001b80)=[{&(0x7f0000000440)=""/49, 0x31}, {&(0x7f0000000780)=""/123, 0x7b}, {&(0x7f0000001880)=""/198, 0xc6}, {&(0x7f0000000800)=""/59, 0x3b}, {&(0x7f0000001980)=""/76, 0x4c}, {&(0x7f0000000840)=""/57, 0x39}, {&(0x7f0000001a00)=""/222, 0xde}, {&(0x7f0000001b00)=""/23, 0x17}, {&(0x7f0000001b40)=""/27, 0x1b}], 0x9, &(0x7f0000001c40)=""/38, 0x26, 0x3f}, 0x40012022)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x18000000000002a0, 0x34, 0x0, &(0x7f0000000280)="b90703e6680d698cb89e40f02cead5dc57ee41dea43e63a377fb8a977c3f1d1788e8ad30d84648a27f11c72be0000e01e1977d48", 0x0, 0x100}, 0x28)
socketpair(0x1, 0x2000000001, 0x0, &(0x7f0000000740))

21:49:32 executing program 3:
r0 = syz_open_dev$sndseq(&(0x7f0000000200)='/dev/snd/seq\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000418f50)={{0x80}, "0a4ceaa05d9a00000000000000039b3fd4cec307e8ef3d13eb790ec9c65abaf90d229db692542e5b78f8b29e0a27800f0000000000000009fb42f376589701a4"})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40a85321, &(0x7f0000000080))

21:49:32 executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000600)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nullb0\x00', 0x4000000004002, 0x0)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000b, 0x13, r1, 0x0)
madvise(&(0x7f0000836000/0x400000)=nil, 0x400000, 0x2)
r2 = socket(0x10, 0x803, 0x0)
getsockopt$SO_BINDTODEVICE(r2, 0x1, 0x2f, &(0x7f0000000000), 0x20a154cc)
socket$inet6(0xa, 0x0, 0x0)

21:49:32 executing program 4:

21:49:32 executing program 3:

21:49:32 executing program 5:

21:49:33 executing program 4:

21:49:33 executing program 1:

21:49:33 executing program 3:

21:49:33 executing program 2:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f000051cff6)='/dev/ptmx\x00', 0x0, 0x0)
r1 = gettid()
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
readv(r0, &(0x7f0000dcdff0)=[{&(0x7f0000cd8000)=""/1, 0x1}], 0x1)
ioctl$int_in(r2, 0x5452, &(0x7f0000b28000)=0x3e)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000fb9000))
fcntl$setsig(r2, 0xa, 0x12)
poll(&(0x7f0000b2c000)=[{r3}], 0x1, 0xfffffffffffffff8)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000080))
dup2(r2, r3)
fcntl$setown(r3, 0x8, r1)
tkill(r1, 0x14)

21:49:33 executing program 0:

21:49:33 executing program 5:

21:49:33 executing program 5:

21:49:33 executing program 4:

21:49:33 executing program 3:

21:49:33 executing program 1:

21:49:33 executing program 0:

21:49:33 executing program 4:

21:49:33 executing program 5:

21:49:34 executing program 1:

21:49:34 executing program 3:

21:49:34 executing program 2:

21:49:34 executing program 0:

21:49:34 executing program 4:

21:49:34 executing program 5:

21:49:34 executing program 1:

21:49:34 executing program 3:

21:49:34 executing program 1:

21:49:34 executing program 3:

21:49:34 executing program 5:

21:49:34 executing program 4:

21:49:34 executing program 0:

21:49:34 executing program 2:

21:49:34 executing program 1:

21:49:34 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000040)=0x8, 0x4)
listen(r0, 0x0)

21:49:34 executing program 4:
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0xce, &(0x7f0000000300)=""/206}, 0x48)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000"], 0x0}, 0x48)
bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000140)='./file0\x00'}, 0x10)
r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000001c80)={&(0x7f0000000540)=@pptp={0x18, 0x2, {0x0, @broadcast}}, 0x80, &(0x7f0000001b80)=[{&(0x7f0000000440)=""/49, 0x31}, {&(0x7f0000000780)=""/123, 0x7b}, {&(0x7f0000001880)=""/198, 0xc6}, {&(0x7f0000000800)=""/59, 0x3b}, {&(0x7f0000001980)=""/76, 0x4c}, {&(0x7f0000000840)=""/57, 0x39}, {&(0x7f0000001a00)=""/222, 0xde}, {&(0x7f0000001b00)=""/23, 0x17}, {&(0x7f0000001b40)=""/27, 0x1b}], 0x9, &(0x7f0000001c40)=""/38, 0x26, 0x3f}, 0x40012022)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x18000000000002a0, 0x34, 0x0, &(0x7f0000000280)="b90703e6680d698cb89e40f02cead5dc57ee41dea43e63a377fb8a977c3f1d1788e8ad30d84648a27f11c72be0000e01e1977d48", 0x0, 0x100}, 0x28)
socketpair(0x1, 0x2000000001, 0x0, &(0x7f0000000740))
perf_event_open(&(0x7f0000000100)={0x0, 0x70, 0x1ed0, 0x4, 0xffff, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000680)}, 0x0, 0x0, 0x6}, 0x0, 0x0, r1, 0x2)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='/group.stat\x00', 0x2761, 0x0)
ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x304)
ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x9b5)

21:49:35 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, &(0x7f00000000c0)="c4c379146600006543a02d0000000000000064670f01cab8010000000f01d946d8f1e1b066ba400066edb9f60800000f32f2400f0964460f35", 0x39}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000100))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:49:35 executing program 2:
r0 = socket$inet(0x2, 0x200000002, 0x88)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21}, 0x10)
r1 = dup2(r0, r0)
sendto$inet(r1, 0x0, 0x0, 0x8000, &(0x7f0000000180)={0x2, 0x4e21}, 0x10)
setsockopt$inet6_udp_encap(r1, 0x11, 0x64, &(0x7f0000000080)=0x2, 0x4)
write$UHID_CREATE(r1, &(0x7f00000001c0)={0x0, 'syz0\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x11c)

21:49:35 executing program 1:

21:49:35 executing program 0:

21:49:35 executing program 3:
syz_open_dev$adsp(&(0x7f0000000200)='/dev/adsp#\x00', 0x1, 0x44001)

21:49:35 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x4, 0x4, 0x4, 0xd}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f0000000200)}, 0x20)
socketpair(0x80000000001, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x89f0, &(0x7f0000000300)='0\x00')

21:49:35 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000040)={0x81, 0x0, [0x3]})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000001c0)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, [{0x0, 0x0, 0x0, [], 0xc0ffffff}]}})

[  449.322751] kvm: SMP vm created on host with unstable TSC; guest TSC will not be reliable
21:49:35 executing program 1:
r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9afd)
clone(0x2100001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
setxattr$security_ima(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='security.ima\x00', &(0x7f0000000180)=@ng={0x4, 0x0, "b4"}, 0x3, 0x2)
setxattr$security_ima(0x0, 0x0, &(0x7f00000000c0)=ANY=[], 0x0, 0x0)

21:49:35 executing program 0:
pipe(0x0)
unshare(0x8000400)
r0 = mq_open(&(0x7f0000000000)="5cf7a0cc16482d6f0037e6b31a8e697add303650d4880073ef75df610179dec236aa04e9468779ba0700000000000000359855b49b889bb5e49b358e793a6f7af52766d6fe93ca0672ac1b8a87ca6677d5220fb77cb613b3db9104d16aa1ca6cc76a74e7bd4bdc5226757b03f85b010324576c40c1c8655c739fc1a68df5e2bcb6e5ed46c8289e48ea75e785eb5d6497cd233b10b91832cf5e31767c1c419d4646cd883f25", 0x6e9bebbbc80884f2, 0x0, 0x0)
mq_getsetattr(r0, &(0x7f0000738fc0), 0x0)

21:49:35 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000040)={0x81, 0x0, [0x3]})
ioctl$KVM_SET_IRQCHIP(r1, 0x4020aea5, &(0x7f00000001c0)={0x0, 0x0, @ioapic={0x0, 0x0, 0x0, 0xfffffffffffffffd}})

21:49:35 executing program 5:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x5316, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000"], 0x0}, 0x48)
bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000140)='./file0\x00'}, 0x10)
r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000001c80)={&(0x7f0000000540)=@pptp={0x18, 0x2, {0x0, @broadcast}}, 0x80, &(0x7f0000001b80)=[{&(0x7f0000000440)=""/49, 0x31}, {&(0x7f0000000780)=""/123, 0x7b}, {&(0x7f0000001880)=""/198, 0xc6}, {&(0x7f0000000800)=""/59, 0x3b}, {&(0x7f0000001980)=""/76, 0x4c}, {&(0x7f0000000840)=""/57, 0x39}, {&(0x7f0000001a00)=""/222, 0xde}, {&(0x7f0000001b00)=""/23, 0x17}, {&(0x7f0000001b40)=""/27, 0x1b}], 0x9, &(0x7f0000001c40)=""/38, 0x26, 0x3f}, 0x40012022)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x18000000000002a0, 0x34, 0x0, &(0x7f0000000280)="b90703e6680d698cb89e40f02cead5dc57ee41dea43e63a377fb8a977c3f1d1788e8ad30d84648a27f11c72be0000e01e1977d48", 0x0, 0x100}, 0x28)
ioctl$TUNSETSTEERINGEBPF(0xffffffffffffffff, 0x800454e0, &(0x7f0000000500))
socketpair(0x4, 0x0, 0x0, &(0x7f00000006c0)={<r2=>0xffffffffffffffff})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000400)={'eql\x00', 0x1000})
perf_event_open(&(0x7f0000000100)={0x0, 0x70, 0x1ed0, 0x4, 0xffff, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000680)}, 0x0, 0x0, 0x6}, 0x0, 0x0, r1, 0x2)
ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40082404, &(0x7f00000004c0)=0x800)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x89f1, &(0x7f0000000000)='ip6gre0\x00')
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='/group.stat\x00', 0x2761, 0x0)
ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x304)
recvmsg$kcm(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000600)=@hci, 0xfffffffffffffec1, &(0x7f00000039c0), 0x21d, &(0x7f0000000880)=""/4096, 0x1000, 0x6}, 0x20)

21:49:35 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000b8fa8)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-aes-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001f3a)="ad56b6c5820faeb995298992ea54c7beef9f5d56534c90c2", 0x18)
r1 = accept$alg(r0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0)
r2 = dup(r1)
write$FUSE_ENTRY(r2, &(0x7f0000000500)={0x90}, 0x90)
recvmsg(r1, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000280)=""/92, 0x5c}], 0x1}, 0x0)

21:49:35 executing program 3:
syz_open_dev$adsp(&(0x7f0000000200)='/dev/adsp#\x00', 0x1, 0x44001)

21:49:36 executing program 0:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000380)="2f02726f75702e7374617000084a96ecf6b5d29a375ccdf07428cbf63e5692e37261380d8afcef581b778cd642c71b9774a864a538ba9180e05ad48625c9be517e3cc533103aaeddb4737f8be9ea651f08e4ee0142", 0x2761, 0x0)
write$cgroup_type(r0, &(0x7f0000000040)='threaded\x00', 0xfd4b)
ioctl$TUNSETTXFILTER(0xffffffffffffffff, 0x400454d1, &(0x7f0000000000)=ANY=[@ANYBLOB="000700000000000000ff"])
ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0xc020660b, 0x20000001)

21:49:36 executing program 4:
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000a0cff4)={0x4400000010, 0x0, 0x0, 0x70a0}, 0xc)

21:49:36 executing program 5:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000380)="2f02726f75702e7374617000084a96ecf6b5d29a375ccdf07428cbf63e5692e37261380d8afcef581b778cd642c71b9774a864a538ba9180e05ad48625c9be517e3cc533103aaeddb4737f8be9ea651f08e4ee0142", 0x2761, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
ioctl$TUNSETTXFILTER(0xffffffffffffffff, 0x400454d1, &(0x7f0000000000)=ANY=[@ANYBLOB="000700000000000000ff"])
ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0xc020660b, 0x20000001)

21:49:36 executing program 0:
ioprio_set$uid(0x0, 0x0, 0x7fffffff)

21:49:36 executing program 1:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000380)='highspeed\x00', 0xf)
sendto$inet(r0, 0x0, 0x0, 0x200007fc, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10)

21:49:36 executing program 2:
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0xa, 0x5, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000"], 0x0}, 0x48)
bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000140)='./file0\x00'}, 0x10)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000001c80)={&(0x7f0000000540)=@pptp={0x18, 0x2, {0x0, @broadcast}}, 0x80, &(0x7f0000001b80)=[{&(0x7f0000000440)=""/49, 0x31}, {&(0x7f0000000780)=""/123, 0x7b}, {&(0x7f0000001880)=""/198, 0xc6}, {&(0x7f0000000800)=""/59, 0x3b}, {&(0x7f0000001980)=""/76, 0x4c}, {&(0x7f0000000840)=""/57, 0x39}, {&(0x7f0000001a00)=""/222, 0xde}, {&(0x7f0000001b00)=""/23, 0x17}, {&(0x7f0000001b40)=""/27, 0x1b}], 0x9, &(0x7f0000001c40)=""/38, 0x26, 0x3f}, 0x40012022)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x18000000000002a0, 0x34, 0x0, &(0x7f0000000280)="b90703e6680d698cb89e40f02cead5dc57ee41dea43e63a377fb8a977c3f1d1788e8ad30d84648a27f11c72be0000e01e1977d48", 0x0, 0x100}, 0x28)
ioctl$TUNSETSTEERINGEBPF(0xffffffffffffffff, 0x800454e0, &(0x7f0000000500))
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000400)={'eql\x00', 0x1000})
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001000)=ANY=[], &(0x7f0000000100)='GPL\x00'}, 0x48)
socketpair(0x1, 0x2000000001, 0x0, &(0x7f0000000740)={<r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f00000004c0)=0x800)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x89f1, &(0x7f0000000000)='ip6gre0\x00')
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='/group.stat\x00', 0x2761, 0x0)

21:49:36 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'lo\x00'})
sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="000000000c0000000000000008000100736671004800020000000200000000000000000000000000000000000000c9000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x1}}, 0x0)

21:49:36 executing program 4:
r0 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x201, 0x100000000005)
ioctl$FS_IOC_FSGETXATTR(r0, 0x8008551c, &(0x7f0000000040)={0x4, 0x200000006})

21:49:36 executing program 5:
r0 = openat$uinput(0xffffffffffffff9c, 0x0, 0x2, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50c}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000180)=0xc)
getgid()
ioctl$DRM_IOCTL_SET_VERSION(r1, 0xc0106407, 0x0)
r2 = socket$inet6(0xa, 0x1, 0x0)
getsockname(r2, &(0x7f0000000180)=@pppol2tpin6={0x18, 0x1, {0x0, <r3=>0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast1}}}, &(0x7f0000000080)=0x80)
connect$vsock_dgram(r3, &(0x7f0000000340)={0x28, 0x0, 0xffffffff, @hyper}, 0xfffffce3)
socket$inet_udp(0x2, 0x2, 0x0)
pipe(&(0x7f0000000500)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
write$FUSE_NOTIFY_POLL(r5, &(0x7f0000000040)={0x18, 0x1, 0x0, {0x4}}, 0x18)
prlimit64(0x0, 0x3, &(0x7f00000017c0), 0x0)
write(r5, &(0x7f0000000340), 0x10000014c)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fremovexattr(r0, &(0x7f0000000540)=@known='system.posix_acl_default\x00')
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200), &(0x7f0000000300)={0x0})
vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000240)='net/ptype\x00')
ioctl$TIOCGWINSZ(r1, 0x5413, &(0x7f0000000400))

21:49:36 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r0, &(0x7f0000000200), 0x0, 0x20008011, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x80000001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0)
getgroups(0x2, &(0x7f00000003c0)=[0xee00, 0x0])
getpgrp(0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
recvfrom(r0, &(0x7f0000f9cf9b)=""/101, 0x389756b1353686c0, 0x120, 0x0, 0xffffffffffffffeb)

21:49:37 executing program 1:

21:49:37 executing program 2:

21:49:37 executing program 4:

21:49:37 executing program 3:

21:49:37 executing program 1:
pipe(&(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x8000002, 0x0, @loopback}, 0x1c)
sendto$inet6(r1, &(0x7f0000000100), 0x0, 0x20000001, 0x0, 0x0)
splice(r1, 0x0, r0, 0x0, 0x40000ab15, 0x0)

21:49:37 executing program 2:
r0 = socket$inet(0x2, 0x1, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000005c0), 0x10)
r1 = syz_open_procfs(0x0, &(0x7f0000000280)='net/tcp\x00')
sendfile(r0, r1, 0x0, 0x80000003)

21:49:37 executing program 4:

21:49:37 executing program 3:

21:49:37 executing program 1:

21:49:37 executing program 4:

21:49:37 executing program 5:

21:49:38 executing program 0:

21:49:38 executing program 3:

21:49:38 executing program 2:

21:49:38 executing program 1:

21:49:38 executing program 4:

21:49:38 executing program 5:

21:49:38 executing program 2:

21:49:38 executing program 3:

21:49:38 executing program 5:

21:49:38 executing program 1:

21:49:38 executing program 0:

21:49:38 executing program 4:

21:49:39 executing program 2:

21:49:39 executing program 3:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180)='/dev/net/tun\x00', 0xa, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={"0000000000000000000000000200", 0x20000015001})
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
write$tun(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="010000000000000000006031000000000000000000000000ff0200001e092b2956d7c3c00000000000000000000000010000907800000200fe80000000000000"], 0x1)

21:49:39 executing program 1:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070")
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @random="a29ab0893fde", [], {@ipv6={0x86dd, {0x0, 0x6, '?:T', 0x14, 0x2f, 0x0, @remote={0xfe, 0x80, [0x0, 0x0, 0x608]}, @mcast2, {[], @tcp={{0x0, 0x883e, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)

21:49:39 executing program 4:
r0 = open(&(0x7f0000ba0000)='./file0\x00', 0xfc, 0x0)
fcntl$setlease(r0, 0x400, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
rt_sigprocmask(0x0, &(0x7f0000032ff8)={0xfffffffffffffffe}, 0x0, 0x8)
rt_sigtimedwait(&(0x7f0000000040)={0xfffffffffffffffd}, 0xfffffffffffffffe, 0x0, 0x8)
open(&(0x7f0000001500)='./file0\x00', 0x802, 0x0)
r2 = socket(0x10, 0x3, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00')
sendfile(r2, r3, 0x0, 0x80000001)

21:49:39 executing program 5:
clock_gettime(0x0, 0x0)
clock_settime(0x0, &(0x7f0000000080))

21:49:39 executing program 2:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x9, 0x4, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x7, 0x1, 0x2c}]}, &(0x7f0000000040)='syzkaller\x00', 0x1, 0xfb, &(0x7f0000002880)=""/251, 0x0, 0x0, [], 0x0, 0xd}, 0x48)

21:49:39 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070")
bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x9, 0x4, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x7, 0x1, 0x8}]}, &(0x7f0000000040)='GPL\x00', 0x1, 0xfb, &(0x7f0000002880)=""/251}, 0x48)

[  453.190968] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  453.197876] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  453.269390] ip6_tunnel: non-ECT from fe80:0000:0800:0000:0000:0000:0000:00bb with DS=0x3
[  453.295669] ip6_tunnel: non-ECT from fe80:0000:0800:0000:0000:0000:0000:00bb with DS=0x3
[  453.327119] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
21:49:39 executing program 0:

21:49:39 executing program 5:

21:49:39 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x2, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="ebff"], 0x0, 0x0, 0x0})

21:49:39 executing program 2:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, r1, 0x0)
clone(0x0, 0x0, 0x0, 0x0, 0x0)

21:49:39 executing program 4:
r0 = open(&(0x7f0000ba0000)='./file0\x00', 0xfc, 0x0)
fcntl$setlease(r0, 0x400, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
rt_sigprocmask(0x0, &(0x7f0000032ff8)={0xfffffffffffffffe}, 0x0, 0x8)
rt_sigtimedwait(&(0x7f0000000040)={0xfffffffffffffffd}, 0xfffffffffffffffe, 0x0, 0x8)
open(&(0x7f0000001500)='./file0\x00', 0x802, 0x0)
r2 = socket(0x10, 0x3, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00')
sendfile(r2, r3, 0x0, 0x80000001)

21:49:39 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, &(0x7f00000000c0)="c4c379146600006543a02d0000000000000064670f01cab8010000000f01d946d8f1e1b066ba400066edb9f60800000f32f2400f0964460f35", 0x39}], 0x335, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000100))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x0)
getuid()

[  453.707184] binder: 8917:8918 unknown command 65515
[  453.712577] binder: 8917:8918 ioctl c0306201 20000780 returned -22
21:49:39 executing program 1:
r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000180)=0xc)
ioctl$DRM_IOCTL_SET_VERSION(r1, 0xc0106407, &(0x7f00000003c0))
r2 = socket$inet6(0xa, 0x1, 0x0)
getsockname(r2, &(0x7f0000000180)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast1}}}, &(0x7f0000000080)=0x80)
socket$inet_udp(0x2, 0x2, 0x0)
pipe(&(0x7f0000000500)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
write$FUSE_NOTIFY_POLL(r4, 0x0, 0x0)
prlimit64(0x0, 0x3, &(0x7f00000017c0), 0x0)
shmctl$IPC_INFO(0x0, 0x3, 0xfffffffffffffffd)
write(r4, &(0x7f0000000340), 0x10000014c)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r5=>0x0})
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0)
getsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, &(0x7f0000001700), &(0x7f0000001740)=0x8)
fremovexattr(0xffffffffffffffff, &(0x7f0000000540)=@known='system.posix_acl_default\x00')
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, &(0x7f0000000300)={&(0x7f00000002c0), 0x8})
vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ptype\x00')
preadv(r6, &(0x7f0000000380)=[{&(0x7f0000000280)=""/233, 0xe9}, {&(0x7f0000000440)=""/164, 0xa4}], 0x2, 0x400000000000)
ioctl$TIOCGWINSZ(r1, 0x5413, &(0x7f0000000400))

21:49:39 executing program 5:
socket$inet(0x2, 0x0, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0)
write$P9_RGETATTR(0xffffffffffffffff, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, 0x0, 0x0)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(0xffffffffffffffff, 0x54a2)
setsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, 0x0, 0x0)
ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(0xffffffffffffffff, 0x4010ae74, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)="2f65786500000000000489004bddd9de91be10eebf000ee91e18f0c76fbb232a07424ae1e901d2da75af1f0200f5ab26d7e071fb35331ce39c5a0000")
lseek(r0, 0x0, 0x4)

21:49:39 executing program 0:
pipe(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
vmsplice(r1, &(0x7f0000000200)=[{&(0x7f0000000100)="b089", 0x2}], 0x1, 0x0)
close(r1)
socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f00000000c0)='tunl0\x00', 0x10)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r2, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070")
setsockopt$inet_udp_int(r1, 0x11, 0x67, &(0x7f0000000080)=0x1, 0x4)
connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10)
splice(r0, 0x0, r1, 0x0, 0x7, 0x0)

21:49:40 executing program 4:

21:49:40 executing program 4:

21:49:40 executing program 0:

21:49:40 executing program 2:

21:49:40 executing program 5:

21:49:40 executing program 3:

21:49:40 executing program 4:

21:49:40 executing program 2:

21:49:40 executing program 0:

21:49:41 executing program 3:
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
listen(r0, 0x4)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r1, &(0x7f0000e33fe0)='X', 0x1, 0x0, 0x0, 0x0)
name_to_handle_at(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400)=ANY=[], &(0x7f0000000100), 0x400)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)=@getqdisc={0x28, 0x26, 0x4, 0x70bd26, 0x25dfdbff, {0x0, 0x0, {0x0, 0x4}, {0xd, 0xfff6}, {0xf, 0x6}}, [{0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x20040850}, 0x4000010)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r0, 0x660c)
r2 = accept4(r0, 0x0, &(0x7f00000003c0)=0x149, 0x0)
futex(&(0x7f0000003040), 0x4, 0x2, &(0x7f00000030c0), &(0x7f0000005000)=0x1, 0x2)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000140)=@assoc_value={<r3=>0x0}, &(0x7f0000000180)=0x8)
getsockopt$inet_sctp_SCTP_MAXSEG(r2, 0x84, 0xd, &(0x7f00000001c0)=@assoc_id=r3, &(0x7f0000000200)=0x4)

21:49:41 executing program 1:
r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0)
ppoll(&(0x7f0000000100)=[{r0}], 0x1, 0x0, 0x0, 0x0)
signalfd(r0, &(0x7f0000000080), 0x8)

21:49:41 executing program 2:
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
listen(r0, 0x4)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r1, &(0x7f0000e33fe0)='X', 0x1, 0x0, 0x0, 0x0)
r2 = accept4(r0, 0x0, &(0x7f00000003c0)=0x149, 0x0)
futex(&(0x7f0000003040), 0x4, 0x2, &(0x7f00000030c0), &(0x7f0000005000)=0x1, 0x2)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000140)=@assoc_value={<r3=>0x0}, &(0x7f0000000180)=0x8)
getsockopt$inet_sctp_SCTP_MAXSEG(r2, 0x84, 0xd, &(0x7f00000001c0)=@assoc_id=r3, &(0x7f0000000200)=0x4)

21:49:41 executing program 5:

21:49:41 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000280)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x238, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000fa00000000000000000000000000000000feffffff01000000030000000000000008006966623000000000000000000000000064756d6d79300000000000000000000069705f76746930000000000000000000697036746e6c30000000000000000000aaaaaaaaaabb0000000000000180c20000000000000000000000f000000070010000a801000069700000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000cb5a4715ba9c2e20000000000000000000000000000000000000000000000000002f00000000000000000000000000000000000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa000000000000000000005241544545535400000000000000000000000000000000000000000000000000200000000000000073797a3100000000000000040000000000000000000000000000000000000000736e6174000000000000000000000000000022000000000000000000000000001000000000000000aaaaaaaaaa000000000000000000000000000000000000000000000000"]}, 0x2b0)

21:49:41 executing program 4:
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
listen(r0, 0x4)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r1, &(0x7f0000e33fe0)='X', 0x1, 0x0, 0x0, 0x0)
r2 = syz_open_dev$amidi(&(0x7f0000000500)='/dev/amidi#\x00', 0x0, 0x40)
sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)=@getqdisc={0x28, 0x26, 0x4, 0x70bd26, 0x25dfdbff, {0x0, 0x0, {0x0, 0x4}, {0xd, 0xfff6}, {0xf, 0x6}}, [{0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x20040850}, 0x4000010)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r0, 0x660c)
r3 = accept4(r0, 0x0, &(0x7f00000003c0)=0x149, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000008840)=[{{&(0x7f0000000480)=@vsock={0x28, 0x0, 0x0, @my}, 0x80, &(0x7f0000000600)=[{&(0x7f00000005c0)=""/3, 0x3}], 0x1, &(0x7f0000000640)=""/186, 0xba, 0x4}}, {{&(0x7f00000060c0)=@in6={0xa, 0x0, 0x0, @remote}, 0x80, &(0x7f0000007440)=[{&(0x7f0000007140)=""/185, 0xb9}, {&(0x7f0000007200)=""/151, 0x97}], 0x2, &(0x7f00000074c0)=""/31, 0x1f}}], 0x2, 0x2, 0x0)
futex(&(0x7f0000003040), 0x4, 0x2, &(0x7f00000030c0), &(0x7f0000005000)=0x1, 0x2)
getsockopt$inet_sctp_SCTP_MAXSEG(r3, 0x84, 0xd, &(0x7f00000001c0), &(0x7f0000000200)=0x4)
ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(0xffffffffffffffff, 0xc1105518, &(0x7f0000000240)={{0x0, 0x2, 0x1000, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', &(0x7f0000000040)})

[  455.199069] sctp: failed to load transform for md5: -2
[  455.209204] sctp: failed to load transform for md5: -2
[  455.235460] sctp: failed to load transform for md5: -2
21:49:41 executing program 5:
clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x1ff, 0xc000000100079)
ioctl$KVM_SET_CPUID(r0, 0xc0185500, &(0x7f0000000000)=ANY=[@ANYBLOB="6106"])

21:49:41 executing program 5:
openat(0xffffffffffffffff, 0x0, 0x400000, 0x0)
ioctl$KDSIGACCEPT(0xffffffffffffffff, 0x4b4e, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x2, 0x0)
sendmsg(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000340)="24000000220007031dfffd946f610500000000000500000000000000421ba3a20400ff7e", 0x24}], 0x1}, 0x0)
mount(0x0, 0x0, &(0x7f0000000d00)='ramfs\x00', 0x0, 0x0)

[  455.454758] usb usb1: usbfs: process 8996 (syz-executor5) did not claim interface 0 before use
[  455.468488] usb usb1: usbfs: process 8999 (syz-executor5) did not claim interface 0 before use
21:49:41 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000280)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x238, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000fa00000000000000000000000000000000feffffff01000000030000000000000008006966623000000000000000000000000064756d6d79300000000000000000000069705f76746930000000000000000000697036746e6c30000000000000000000aaaaaaaaaabb0000000000000180c20000000000000000000000f000000070010000a801000069700000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000cb5a4715ba9c2e20000000000000000000000000000000000000000000000000002f00000000000000000000000000000000000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa000000000000000000005241544545535400000000000000000000000000000000000000000000000000200000000000000073797a3100000000000000040000000000000000000000000000000000000000736e6174000000000000000000000000000022000000000000000000000000001000000000000000aaaaaaaaaa000000000000000000000000000000000000000000000000"]}, 0x2b0)

21:49:41 executing program 4:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000003ec0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="180000000000000000000000000000000000000000000000"], 0x18}], 0x1, 0x0)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000100)="0a0743cc05e381e5b3b60ced5c54dbb7", 0x10)
r2 = accept$alg(r1, 0x0, 0x0)
sendmmsg$alg(r2, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x0, &(0x7f0000000080)=[@op={0x18}], 0x18}], 0x4924944, 0x0)

21:49:41 executing program 3:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x0, 0x0)

21:49:41 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x1, 0x0)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000000)=0x1000)
mmap(&(0x7f0000ffc000/0x3000)=nil, 0x200000, 0xfffffffffffffffd, 0x2012, r0, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
pipe(&(0x7f0000000680))
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000540))
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, 0x0, 0x0)

21:49:41 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x8000})
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, &(0x7f0000000000)=ANY=[@ANYBLOB="b0900fbe78"])
ioctl$KVM_NMI(r3, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:49:42 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x402, 0x0)
write$evdev(r0, &(0x7f0000000080)=[{}], 0xffffff6e)

21:49:42 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000280)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x238, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000fa00000000000000000000000000000000feffffff01000000030000000000000008006966623000000000000000000000000064756d6d79300000000000000000000069705f76746930000000000000000000697036746e6c30000000000000000000aaaaaaaaaabb0000000000000180c20000000000000000000000f000000070010000a801000069700000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000cb5a4715ba9c2e20000000000000000000000000000000000000000000000000002f00000000000000000000000000000000000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa000000000000000000005241544545535400000000000000000000000000000000000000000000000000200000000000000073797a3100000000000000040000000000000000000000000000000000000000736e6174000000000000000000000000000022000000000000000000000000001000000000000000aaaaaaaaaa000000000000000000000000000000000000000000000000"]}, 0x2b0)

21:49:42 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x9, 0x4, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x7, 0x1, 0xc}]}, &(0x7f0000000040)='syzkaller\x00', 0x1, 0xfb, &(0x7f0000002880)=""/251}, 0x48)

21:49:42 executing program 4:
futex(&(0x7f000000cffc)=0x100000000000004, 0x0, 0x4, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x859, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone(0x2102005ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
exit(0x0)
futex(&(0x7f000000cffc), 0x4, 0x1, 0x0, &(0x7f0000000000), 0x0)

21:49:42 executing program 1:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x40000080806, 0x0)
bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c)
listen(r0, 0x4)
r1 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [], 0xf}, 0x3}, 0x1c)
connect$inet6(r1, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @dev={0xfe, 0x80, [0x700000000000000], 0xf}}, 0x1c)

21:49:42 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x8000})
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, &(0x7f0000000000)=ANY=[@ANYBLOB="b0900fbe78"])
ioctl$KVM_NMI(r3, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:49:42 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000040)={0x81, 0x0, [0x3]})
ioctl$KVM_SET_IRQCHIP(r1, 0x4020aea5, &(0x7f00000003c0)={0xfffffffffffffffc, 0x0, @ioapic})

21:49:42 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000280)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x238, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000fa00000000000000000000000000000000feffffff01000000030000000000000008006966623000000000000000000000000064756d6d79300000000000000000000069705f76746930000000000000000000697036746e6c30000000000000000000aaaaaaaaaabb0000000000000180c20000000000000000000000f000000070010000a801000069700000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000cb5a4715ba9c2e20000000000000000000000000000000000000000000000000002f00000000000000000000000000000000000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa000000000000000000005241544545535400000000000000000000000000000000000000000000000000200000000000000073797a3100000000000000040000000000000000000000000000000000000000736e6174000000000000000000000000000022000000000000000000000000001000000000000000aaaaaaaaaa000000000000000000000000000000000000000000000000"]}, 0x2b0)

21:49:42 executing program 2:
sendmsg$nl_netfilter(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)="7374617409c0d2febcf9df2deac8c177ff171248e91193513049f831550d6f7de66cf637bdbf1311920c8a26eda4dcc3783f9db5116b34d31b0512a5608aaff01e7952340cd6fd00000000", 0x275a, 0x0)
r1 = creat(&(0x7f0000000140)='./file0\x00', 0x0)
sendmsg$nl_netfilter(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="14000000000a"], 0x6}}, 0x0)
write$P9_RREAD(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB], 0x2)
fallocate(r1, 0x0, 0x40000, 0xfff)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fallocate(r0, 0x0, 0x0, 0x110001)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000040)={0x0, r1, 0x0, 0x8})
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r1, 0x660c)

21:49:42 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$inet6(0xa, 0x1000000000002, 0x0)
write$P9_RMKDIR(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x3, 0x3c)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @remote, 0x9}, 0x1c)
setsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0)
write$binfmt_script(r0, &(0x7f0000002ec0)=ANY=[@ANYBLOB="236323a658f56f78260eb9"], 0xb)

21:49:42 executing program 0:
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000280)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x238, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000fa00000000000000000000000000000000feffffff01000000030000000000000008006966623000000000000000000000000064756d6d79300000000000000000000069705f76746930000000000000000000697036746e6c30000000000000000000aaaaaaaaaabb0000000000000180c20000000000000000000000f000000070010000a801000069700000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000cb5a4715ba9c2e20000000000000000000000000000000000000000000000000002f00000000000000000000000000000000000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa000000000000000000005241544545535400000000000000000000000000000000000000000000000000200000000000000073797a3100000000000000040000000000000000000000000000000000000000736e6174000000000000000000000000000022000000000000000000000000001000000000000000aaaaaaaaaa000000000000000000000000000000000000000000000000"]}, 0x2b0)

21:49:43 executing program 1:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x40000080806, 0x0)
bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c)
listen(r0, 0x4)
r1 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [], 0xf}, 0x3}, 0x1c)
connect$inet6(r1, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @dev={0xfe, 0x80, [0x700000000000000], 0xf}}, 0x1c)

21:49:43 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000040)={0x81, 0x0, [0x3]})
ioctl$KVM_SET_IRQCHIP(r1, 0x4020aea5, &(0x7f00000003c0)={0xfffffffffffffffc, 0x0, @ioapic})

21:49:43 executing program 0:
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000280)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x238, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000fa00000000000000000000000000000000feffffff01000000030000000000000008006966623000000000000000000000000064756d6d79300000000000000000000069705f76746930000000000000000000697036746e6c30000000000000000000aaaaaaaaaabb0000000000000180c20000000000000000000000f000000070010000a801000069700000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000cb5a4715ba9c2e20000000000000000000000000000000000000000000000000002f00000000000000000000000000000000000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa000000000000000000005241544545535400000000000000000000000000000000000000000000000000200000000000000073797a3100000000000000040000000000000000000000000000000000000000736e6174000000000000000000000000000022000000000000000000000000001000000000000000aaaaaaaaaa000000000000000000000000000000000000000000000000"]}, 0x2b0)

21:49:43 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_int(r0, 0x0, 0x17, &(0x7f0000000000)=0x67e, 0x4)
bind(r0, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10)
recvmmsg(r0, &(0x7f00000004c0)=[{{&(0x7f0000000400)=@ethernet={0x0, @dev}, 0x0, &(0x7f0000000480)}}], 0x6fdaec, 0x22, 0x0)

21:49:43 executing program 3:
bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000080), 0x4)

21:49:43 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x8000})
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, &(0x7f0000000000)=ANY=[@ANYBLOB="b0900fbe78"])
ioctl$KVM_NMI(r3, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  457.461384] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based  firewall rule not found. Use the iptables CT target to attach helpers instead.
21:49:43 executing program 0:
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000280)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x238, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000fa00000000000000000000000000000000feffffff01000000030000000000000008006966623000000000000000000000000064756d6d79300000000000000000000069705f76746930000000000000000000697036746e6c30000000000000000000aaaaaaaaaabb0000000000000180c20000000000000000000000f000000070010000a801000069700000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000cb5a4715ba9c2e20000000000000000000000000000000000000000000000000002f00000000000000000000000000000000000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa000000000000000000005241544545535400000000000000000000000000000000000000000000000000200000000000000073797a3100000000000000040000000000000000000000000000000000000000736e6174000000000000000000000000000022000000000000000000000000001000000000000000aaaaaaaaaa000000000000000000000000000000000000000000000000"]}, 0x2b0)

21:49:43 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000780)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
capset(0x0, 0x0)
ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620c, &(0x7f0000000040))
socket(0x1, 0x0, 0x0)

21:49:43 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000040)={0x81, 0x0, [0x3]})
ioctl$KVM_SET_IRQCHIP(r1, 0x4020aea5, &(0x7f00000003c0)={0xfffffffffffffffc, 0x0, @ioapic})

21:49:43 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x8000})
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, &(0x7f0000000000)=ANY=[@ANYBLOB="b0900fbe78"])
ioctl$KVM_NMI(r3, 0xae9a)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:49:43 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x402, 0x0)
write$evdev(r0, &(0x7f0000000080)=[{}], 0xffffff7d)

[  457.756402] binder: 9077:9078 ioctl c018620c 20000040 returned -1
[  457.822588] binder: 9077:9081 ioctl c018620c 20000040 returned -1
21:49:43 executing program 0:
socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000280)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x238, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000fa00000000000000000000000000000000feffffff01000000030000000000000008006966623000000000000000000000000064756d6d79300000000000000000000069705f76746930000000000000000000697036746e6c30000000000000000000aaaaaaaaaabb0000000000000180c20000000000000000000000f000000070010000a801000069700000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000cb5a4715ba9c2e20000000000000000000000000000000000000000000000000002f00000000000000000000000000000000000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa000000000000000000005241544545535400000000000000000000000000000000000000000000000000200000000000000073797a3100000000000000040000000000000000000000000000000000000000736e6174000000000000000000000000000022000000000000000000000000001000000000000000aaaaaaaaaa000000000000000000000000000000000000000000000000"]}, 0x2b0)

21:49:44 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)={0x1c, 0x22, 0x1, 0x0, 0x0, {0x4}, [@typed={0x8, 0xc, @pid}]}, 0x1c}}, 0x0)

21:49:44 executing program 1:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu\x00', 0x200002, 0x0)
munmap(&(0x7f000000e000/0x1000)=nil, 0x1000)
fchdir(r0)
r1 = creat(&(0x7f0000000700)='./bus\x00', 0x0)
write$cgroup_type(r1, &(0x7f0000000340)='threaded\x00', 0xffffffc5)
ioctl$sock_SIOCDELDLCI(0xffffffffffffffff, 0x8981, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)="2f6578650000c10000000000e9ff0700000000000054fa07424adee916d2da75afe70b35a0fd6a1f0200f5ab26d7a071fb35331ce39c5a6568641006d7c0206a74e33326530000000000000000000000")
r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0)
write$cgroup_type(r1, &(0x7f0000000000)='threaded\x00', 0x9)
fcntl$setstatus(r3, 0x4, 0x6100)
sendfile(r3, r2, 0x0, 0x100000001)

21:49:44 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket(0xa, 0x3, 0x7)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={"6272696467653000340100"})
open(&(0x7f00000000c0)='./file0\x00', 0x200, 0x120)
getsockopt$inet_mreqn(r0, 0x0, 0x85d16823c4a31b7a, &(0x7f0000001540)={@multicast1, @multicast2, <r1=>0x0}, &(0x7f0000001580)=0xc)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f00000015c0)={@mcast1, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0xe}}, @mcast1, 0x8, 0x3f, 0x2, 0x500, 0x95d6, 0xc00000, r1})
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ppp\x00', 0x200000, 0x0)
write$P9_RFSYNC(r2, &(0x7f0000000040)={0x7, 0x33, 0x2}, 0x7)
ioctl$TUNSETVNETLE(r2, 0x400454dc, &(0x7f0000000140)=0x1)
ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x89a1, &(0x7f0000000100)={'bridge0\x00', 0xfffffffffffffffd})
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x2, 0x0)
ioctl$TCSETS(r3, 0x40045431, &(0x7f00003b9fdc))
write$binfmt_elf64(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB="04b5e292cc6a6810efff0f56b1ff609a214ce8a93d34ea4b4d3177f734a8a3ee1d49bc4506c894402722b02868751ee9636b48d53b985590b4565f52e06d6c0cc6adbda433a89f200e7342009b139cadcdbd33e1dc2abde1d2c5d75598266cfa65c451b8bec8b49b7f6db7e99a6ab2a3fe0937"], 0x73)
r4 = syz_open_pts(r3, 0x181000)
ioctl$TCSETSF(r4, 0x5412, &(0x7f0000000040)={0x7f, 0x0, 0x0, 0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x10000})
ioctl$BLKROTATIONAL(r2, 0x127e, &(0x7f0000000180))
ioctl$TIOCGPGRP(r3, 0x540f, &(0x7f0000000240)=<r5=>0x0)
prctl$PR_SET_PTRACER(0x59616d61, r5)
ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, 0x0, 0x30f0, &(0x7f0000000080))

21:49:44 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000340))
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, &(0x7f00000000c0)="0f0f1ba00873850f01d1ba4000b8a989ef660f2ac3ba4000b85700eff3cfbad00466b8b200000066ef3e0f38003abaf80c66b8a206ef8766efbafc0cec", 0x3d}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000240))
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup3(r3, r4, 0x0)
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r5, 0x84, 0x7c, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)

21:49:44 executing program 0:
socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000280)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x238, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000fa00000000000000000000000000000000feffffff01000000030000000000000008006966623000000000000000000000000064756d6d79300000000000000000000069705f76746930000000000000000000697036746e6c30000000000000000000aaaaaaaaaabb0000000000000180c20000000000000000000000f000000070010000a801000069700000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000cb5a4715ba9c2e20000000000000000000000000000000000000000000000000002f00000000000000000000000000000000000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa000000000000000000005241544545535400000000000000000000000000000000000000000000000000200000000000000073797a3100000000000000040000000000000000000000000000000000000000736e6174000000000000000000000000000022000000000000000000000000001000000000000000aaaaaaaaaa000000000000000000000000000000000000000000000000"]}, 0x2b0)

[  458.385178] bridge0: port 2(bridge_slave_1) entered disabled state
[  458.394476] bridge0: port 1(bridge_slave_0) entered disabled state
21:49:44 executing program 0:
socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000280)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x238, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000fa00000000000000000000000000000000feffffff01000000030000000000000008006966623000000000000000000000000064756d6d79300000000000000000000069705f76746930000000000000000000697036746e6c30000000000000000000aaaaaaaaaabb0000000000000180c20000000000000000000000f000000070010000a801000069700000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000cb5a4715ba9c2e20000000000000000000000000000000000000000000000000002f00000000000000000000000000000000000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa000000000000000000005241544545535400000000000000000000000000000000000000000000000000200000000000000073797a3100000000000000040000000000000000000000000000000000000000736e6174000000000000000000000000000022000000000000000000000000001000000000000000aaaaaaaaaa000000000000000000000000000000000000000000000000"]}, 0x2b0)

21:49:44 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0)
read(r0, &(0x7f0000000080)=""/11, 0xb)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000))
syz_execute_func(&(0x7f00000002c0)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f")
clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
recvmmsg(r2, &(0x7f0000004380)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
r3 = fcntl$dupfd(r0, 0x0, r1)
ioctl$EVIOCSABS3F(r3, 0x401845ff, 0x0)
dup2(r0, r1)

21:49:44 executing program 2:
r0 = syz_open_dev$binder(&(0x7f0000000780)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620c, &(0x7f0000000040)={0x0, 0x7a00})

21:49:44 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x402, 0x0)
write$evdev(r0, &(0x7f0000000080)=[{}], 0xffffff7d)

[  458.684505] binder: 9110 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[  458.684569] binder: 9110:9114 ioctl c018620c 20000040 returned -22
[  458.741212] binder: 9110 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[  458.741239] binder: 9110:9120 ioctl c018620c 20000040 returned -22
21:49:44 executing program 1:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000080), 0x4)

21:49:44 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, 0x0, 0x2b0)

21:49:44 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x2, 0x10, 0xffffffffffffffff, 0x0)
r3 = fcntl$dupfd(r0, 0x0, r1)
ioctl$SCSI_IOCTL_GET_PCI(r3, 0x5387, &(0x7f0000000100))

21:49:45 executing program 2:
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000000200)=[{{0x0, 0x0, &(0x7f0000002580)=[{&(0x7f00000012c0)=""/115, 0x73}], 0x1}}], 0x1, 0x0, &(0x7f0000000240))
accept$packet(0xffffffffffffff9c, 0x0, &(0x7f00000002c0))
r0 = syz_open_procfs(0x0, &(0x7f0000000280)='cmdline\x00')
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0)

21:49:45 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, 0x0, 0x2b0)

[  460.619565] device bridge_slave_1 left promiscuous mode
[  460.625684] bridge0: port 2(bridge_slave_1) entered disabled state
[  460.664914] device bridge_slave_0 left promiscuous mode
[  460.670744] bridge0: port 1(bridge_slave_0) entered disabled state
21:49:47 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket(0xa, 0x3, 0x7)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={"6272696467653000340100"})
open(&(0x7f00000000c0)='./file0\x00', 0x200, 0x120)
getsockopt$inet_mreqn(r0, 0x0, 0x85d16823c4a31b7a, &(0x7f0000001540)={@multicast1, @multicast2, <r1=>0x0}, &(0x7f0000001580)=0xc)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f00000015c0)={@mcast1, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0xe}}, @mcast1, 0x8, 0x3f, 0x2, 0x500, 0x95d6, 0xc00000, r1})
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ppp\x00', 0x200000, 0x0)
write$P9_RFSYNC(r2, &(0x7f0000000040)={0x7, 0x33, 0x2}, 0x7)
ioctl$TUNSETVNETLE(r2, 0x400454dc, &(0x7f0000000140)=0x1)
ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x89a1, &(0x7f0000000100)={'bridge0\x00', 0xfffffffffffffffd})
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x2, 0x0)
ioctl$TCSETS(r3, 0x40045431, &(0x7f00003b9fdc))
write$binfmt_elf64(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB="04b5e292cc6a6810efff0f56b1ff609a214ce8a93d34ea4b4d3177f734a8a3ee1d49bc4506c894402722b02868751ee9636b48d53b985590b4565f52e06d6c0cc6adbda433a89f200e7342009b139cadcdbd33e1dc2abde1d2c5d75598266cfa65c451b8bec8b49b7f6db7e99a6ab2a3fe0937"], 0x73)
r4 = syz_open_pts(r3, 0x181000)
ioctl$TCSETSF(r4, 0x5412, &(0x7f0000000040)={0x7f, 0x0, 0x0, 0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x10000})
ioctl$BLKROTATIONAL(r2, 0x127e, &(0x7f0000000180))
ioctl$TIOCGPGRP(r3, 0x540f, &(0x7f0000000240)=<r5=>0x0)
prctl$PR_SET_PTRACER(0x59616d61, r5)
ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, 0x0, 0x30f0, &(0x7f0000000080))

21:49:47 executing program 2:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
io_setup(0x3, &(0x7f0000000240)=<r0=>0x0)
io_submit(r0, 0x1, &(0x7f0000000000)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff, 0x0}])

21:49:47 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, 0x0, 0x2b0)

21:49:47 executing program 4:
r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000400)='/dev/cuse\x00', 0x14000, 0x0)
ioctl$BLKTRACESTOP(0xffffffffffffffff, 0x1275, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x80006, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0x4008af12, &(0x7f0000000340)={0x0, 0x3})
flistxattr(r2, &(0x7f0000000200)=""/11, 0xb)
acct(&(0x7f00000004c0)='./file0\x00')
acct(&(0x7f0000000100)='./file0\x00')
r3 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/pmtu_disc\x00', 0x2, 0x0)
r4 = memfd_create(&(0x7f0000000380)="3fbeaeec9b3af1bdd4c9adf22cb5234ab98cecf21f709d7c7e9c410369f3932b2f52008e7110949cf6704bde5ece3e8e02ba60d6851194b6e2a23f877fc79a4edd7616cdad8bdea2d4d31484a6ad2892c6c47ce2db4e082eab59759c9a131443f182e8f0d7db77984e0687c7cd", 0x3)
syz_genetlink_get_family_id$team(&(0x7f0000000280)='team\x00')
getsockopt$inet6_mreq(r2, 0x29, 0x0, &(0x7f0000000dc0)={@loopback}, &(0x7f0000000e00)=0x14)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000e40)={'team0\x00'})
getpeername$packet(r2, &(0x7f0000000e80)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000ec0)=0x14)
getpeername$packet(r3, &(0x7f0000000f00), &(0x7f0000000f40)=0x14)
getsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f0000000fc0)={0x0, @multicast2}, &(0x7f0000001000)=0xc)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000012c0)={'veth1_to_bond\x00'})
getsockopt$inet_IP_XFRM_POLICY(r4, 0x0, 0x11, &(0x7f0000001480)={{{@in6=@loopback, @in=@multicast2}}, {{@in=@multicast1}, 0x0, @in6=@mcast1}}, &(0x7f0000001580)=0xe8)
getpeername$packet(r4, &(0x7f00000015c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000001600)=0x14)
accept4$packet(r3, &(0x7f0000001640)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000001680)=0x14, 0x80800)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f00000016c0)={'team0\x00'})
getsockopt$inet_IP_IPSEC_POLICY(r3, 0x0, 0x10, &(0x7f0000001700)={{{@in, @in6=@remote}}, {{}, 0x0, @in=@multicast2}}, &(0x7f0000001800)=0xe8)
accept4$packet(r2, &(0x7f0000002b40)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000002b80)=0x14, 0x800)
getpeername$packet(r4, &(0x7f0000003200), &(0x7f0000003240)=0x14)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000003280)={'vcan0\x00'})
getsockname$packet(r2, &(0x7f00000032c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000003300)=0x14)
accept4$packet(r2, &(0x7f0000003480), &(0x7f00000034c0)=0x14, 0x80000)
getsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000003500)={{{@in6=@ipv4={[], [], @broadcast}, @in=@multicast2}}, {{}, 0x0, @in=@multicast2}}, 0x0)
pwritev(r4, &(0x7f0000000080), 0x0, 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f00000000c0))
fcntl$addseals(r4, 0x409, 0x0)
r5 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x4, 0x0)
ioctl$LOOP_CHANGE_FD(r5, 0x125f, 0xffffffffffffffff)

21:49:47 executing program 1:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070")
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
r1 = socket(0x10, 0x80002, 0x6)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@dellink={0x28, 0x11, 0xc03, 0x0, 0x0, {}, [@IFLA_NET_NS_FD={0x8}]}, 0x28}}, 0x0)
sendmmsg$alg(r1, &(0x7f0000000140)=[{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0x492492492492805, 0x0)

21:49:47 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r2, 0x20000000008912, &(0x7f0000000080)="0a5c2d0240316285717070")
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000080)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

21:49:47 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000280)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x0, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0}, 0x2b0)

[  461.206971] binder: release 9156:9157 transaction 2 out, still active
[  461.214012] binder: unexpected work type, 4, not freed
[  461.219376] binder: undelivered TRANSACTION_COMPLETE
[  461.275537] binder: invalid inc weak node for 3
[  461.280926] binder: 9156:9157 IncRefs 0 refcount change on invalid ref 1 ret -22
[  461.297938] kernel msg: ebtables bug: please report to author: Wrong len argument
[  461.315516] binder_alloc: binder_alloc_mmap_handler: 9156 20003000-20006000 already mapped failed -16
21:49:47 executing program 2:
r0 = syz_open_dev$video(&(0x7f0000000280)='/dev/video#\x00', 0x3, 0x0)
ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205649, &(0x7f0000000040)={0x0, 0x1, 0x0, [], &(0x7f0000000000)={0x980913, 0x0, [], @p_u8=0x0}})

[  461.351494] binder: BINDER_SET_CONTEXT_MGR already set
[  461.357252] binder: 9156:9157 ioctl 40046207 0 returned -16
[  461.382355] binder_alloc: 9156: binder_alloc_buf, no vma
[  461.388170] binder: 9156:9163 transaction failed 29189/-3, size 24-8 line 2973
21:49:47 executing program 3:
perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000012, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket(0x11, 0x2, 0x0)
ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @loopback}, {0x2, 0x4e24}, {0x2, 0x4e22, @multicast2}, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0x9, 0x0, 0xd100000000000000})

[  461.423989] binder: 9156:9166 unknown command 1000
[  461.429182] binder: 9156:9166 ioctl c0306201 20000040 returned -22
21:49:47 executing program 4:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu\x00', 0x200002, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
fdatasync(r1)

[  461.473492] binder: send failed reply for transaction 2, target dead
[  461.487857] binder: undelivered TRANSACTION_ERROR: 29189
21:49:47 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000280)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x0, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0}, 0x2b0)

21:49:47 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r2, 0x20000000008912, &(0x7f0000000080)="0a5c2d0240316285717070")
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000080)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

21:49:47 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r2, 0x20000000008912, &(0x7f0000000080)="0a5c2d0240316285717070")
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000080)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

21:49:47 executing program 2:
r0 = syz_open_dev$video(&(0x7f0000000280)='/dev/video#\x00', 0x3, 0x0)
ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205649, &(0x7f0000000040)={0x0, 0x1, 0x0, [], &(0x7f0000000000)={0x980913, 0x0, [], @p_u8=0x0}})

[  461.787219] binder: release 9175:9177 transaction 7 out, still active
[  461.794327] binder: unexpected work type, 4, not freed
[  461.799648] binder: undelivered TRANSACTION_COMPLETE
[  461.814407] kernel msg: ebtables bug: please report to author: Wrong len argument
[  461.870416] binder: BINDER_SET_CONTEXT_MGR already set
[  461.876078] binder: 9179:9180 ioctl 40046207 0 returned -16
[  461.903957] binder: invalid inc weak node for 8
[  461.908799] binder: 9175:9177 IncRefs 0 refcount change on invalid ref 1 ret -22
21:49:48 executing program 3:
r0 = inotify_init1(0x0)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
fcntl$getownex(r0, 0x10, &(0x7f000045fff8)={0x0, <r1=>0x0})
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x32)
r2 = memfd_create(&(0x7f0000000000)="2c2a70726f63ef73656c662700", 0x6)
ioctl$DRM_IOCTL_GET_UNIQUE(r2, 0xc0106401, &(0x7f00000000c0)={0x59, &(0x7f0000000040)=""/89})
wait4(r1, 0x0, 0x0, 0x0)
wait4(r1, 0x0, 0x3, 0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000100)='/dev/full\x00', 0x500, 0x0)
ppoll(&(0x7f0000000140)=[{r2, 0x600}, {r2, 0x1300}, {r0, 0x8}, {r3, 0x8000}, {r0, 0x1007}, {r0, 0x80}, {r0, 0x2}, {r2, 0x200}], 0x8, &(0x7f0000000180)={0x0, 0x1c9c380}, &(0x7f00000001c0)={0x8}, 0x8)

[  461.938027] binder: release 9179:9180 transaction 10 out, still active
[  461.945077] binder: unexpected work type, 4, not freed
[  461.950400] binder: undelivered TRANSACTION_COMPLETE
21:49:48 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000280)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x0, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0}, 0x2b0)

[  462.047271] ptrace attach of "/root/syz-executor3"[7247] was attempted by "/root/syz-executor3"[9185]
[  462.064381] binder: 9179:9180 IncRefs 0 refcount change on invalid ref 1 ret -22
[  462.114767] ptrace attach of "/root/syz-executor3"[7247] was attempted by "/root/syz-executor3"[9185]
[  462.170799] kernel msg: ebtables bug: please report to author: Wrong len argument
[  462.184519] binder: send failed reply for transaction 7, target dead
[  462.191195] binder: send failed reply for transaction 10, target dead
21:49:48 executing program 1:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070")
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
r1 = socket(0x10, 0x80002, 0x6)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@dellink={0x28, 0x11, 0xc03, 0x0, 0x0, {}, [@IFLA_NET_NS_FD={0x8}]}, 0x28}}, 0x0)
sendmmsg$alg(r1, &(0x7f0000000140)=[{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0x492492492492805, 0x0)

21:49:48 executing program 2:
r0 = socket$inet6(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c)
setsockopt$sock_int(r0, 0x1, 0x4000000000000002, &(0x7f0000000040)=0x8, 0x4)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x44e20}, 0x1c)
sendto$inet6(r0, 0x0, 0x0, 0x100020040000, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)

21:49:48 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r2, 0x20000000008912, &(0x7f0000000080)="0a5c2d0240316285717070")
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000080)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

21:49:48 executing program 4:
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x0, 0x0)
r1 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x40000ffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x9208, &(0x7f0000000180))
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000600))
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000640), 0x4)
setsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, &(0x7f0000000440)=0x2, 0x187)
lgetxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000200)=@known='trusted.overlay.upper\x00', &(0x7f0000000240)=""/152, 0x98)
fsetxattr$security_evm(r0, &(0x7f0000000540)='security.evm\x00', &(0x7f0000000680)=@sha1={0x1, "8847909b687e348975a0da974e9501db6d67b5e4"}, 0x15, 0x2)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000300)={@loopback, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x27}, &(0x7f0000000380)=0x20)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0xd85, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffff9c, 0x0, 0x13, &(0x7f0000000140)='/dev/snd/controlC#\x00', 0xffffffffffffffff}, 0x30)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
accept$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, &(0x7f0000000100)=0x1c)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SMI(r5, 0xaeb7)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_SET_SREGS(r5, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x28, 0x0, 0x6500})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000015c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000012000)={0x0, 0x4}, 0x2c)

21:49:48 executing program 3:

21:49:48 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000280)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x0, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0, &(0x7f00000003c0)=ANY=[]}, 0x78)

[  462.393206] binder: release 9191:9196 transaction 14 out, still active
[  462.400039] binder: unexpected work type, 4, not freed
[  462.405635] binder: undelivered TRANSACTION_COMPLETE
[  462.464502] binder: invalid inc weak node for 15
[  462.469461] binder: 9191:9196 IncRefs 0 refcount change on invalid ref 1 ret -22
[  462.498792] kernel msg: ebtables bug: please report to author: Entries_size never zero
[  462.600651] *** Guest State ***
[  462.604310] CR0: actual=0x0000000000050032, shadow=0x0000000000050012, gh_mask=fffffffffffffff7
[  462.613502] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  462.622679] CR3 = 0x0000000000000000
[  462.626603] RSP = 0x0000000000000000  RIP = 0x0000000000008000
[  462.632922] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  462.639230] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  462.646332] CS:   sel=0x3000, attr=0x08093, limit=0xffffffff, base=0x0000000000030000
[  462.654717] DS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  462.663108] SS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  462.671287] ES:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  462.679613] FS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  462.688142] GS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  462.696550] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  462.705042] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  462.713334] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  462.721533] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  462.729847] EFER =     0x0000000000006000  PAT = 0x0007040600070406
[  462.736549] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  462.744427] Interruptibility = 00000008  ActivityState = 00000000
[  462.750831] *** Host State ***
[  462.754458] RIP = 0xffffffff812ce0a8  RSP = 0xffff88816995f368
[  462.760665] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  462.767538] FSBase=00007f2e97989700 GSBase=ffff88821fd00000 TRBase=fffffe000003d000
[  462.775690] GDTBase=fffffe000003b000 IDTBase=fffffe0000000000
[  462.782062] CR0=0000000080050033 CR3=000000016dafe000 CR4=00000000001426e0
[  462.789330] Sysenter RSP=fffffe000003c200 CS:RIP=0010:ffffffff8b001260
[  462.796451] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  462.802797] *** Control State ***
[  462.806464] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000c2
[  462.813532] EntryControls=0000d1ff ExitControls=002fefff
[  462.819197] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  462.826476] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  462.833465] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  462.840226]         reason=80000021 qualification=0000000000000000
21:49:48 executing program 3:

21:49:48 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000280)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x0, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0, &(0x7f00000003c0)=ANY=[]}, 0x78)

21:49:48 executing program 2:

[  462.846920] IDTVectoring: info=00000000 errcode=00000000
[  462.852746] TSC Offset = 0xffffff02c5ee31cf
[  462.857236] EPT pointer = 0x00000001963ae01e
[  462.890859] kernel msg: ebtables bug: please report to author: Entries_size never zero
21:49:49 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r2, 0x20000000008912, &(0x7f0000000080)="0a5c2d0240316285717070")
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000080)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[  463.014647] binder: send failed reply for transaction 14, target dead
21:49:49 executing program 3:
openat(0xffffffffffffffff, 0x0, 0x400000, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x2, 0x0)
sendmsg(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000340)="24000000220007031dfffd946f610500000000000500000000000000421ba3a20400ff7e", 0x24}], 0x1}, 0x0)
mount(0x0, 0x0, &(0x7f0000000d00)='ramfs\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)

21:49:49 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000280)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x0, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0, &(0x7f00000003c0)=ANY=[]}, 0x78)

[  463.117484] *** Guest State ***
[  463.121143] CR0: actual=0x0000000000050032, shadow=0x0000000000050012, gh_mask=fffffffffffffff7
[  463.130420] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  463.140801] CR3 = 0x0000000000000000
[  463.144778] RSP = 0x0000000000000000  RIP = 0x0000000000008000
[  463.150927] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  463.157290] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  463.164284] CS:   sel=0x3000, attr=0x08093, limit=0xffffffff, base=0x0000000000030000
[  463.172631] DS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  463.180814] SS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  463.189207] ES:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  463.197629] FS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  463.206062] GS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  463.214476] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  463.222811] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  463.231203] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  463.239523] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  463.247708] EFER =     0x0000000000006000  PAT = 0x0007040600070406
[  463.254382] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  463.262127] Interruptibility = 00000008  ActivityState = 00000000
[  463.268471] *** Host State ***
[  463.271731] RIP = 0xffffffff812ce0a8  RSP = 0xffff88816e38f368
[  463.278087] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  463.284741] FSBase=00007f2e97968700 GSBase=ffff88821fd00000 TRBase=fffffe000003d000
[  463.291371] binder: release 9211:9212 transaction 18 out, still active
[  463.292715] GDTBase=fffffe000003b000 IDTBase=fffffe0000000000
[  463.292754] CR0=0000000080050033 CR3=000000016dafe000 CR4=00000000001426e0
[  463.292792] Sysenter RSP=fffffe000003c200 CS:RIP=0010:ffffffff8b001260
[  463.292828] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  463.299501] binder: unexpected work type, 4, not freed
[  463.305558] *** Control State ***
[  463.305598] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000c2
[  463.312783] binder: undelivered TRANSACTION_COMPLETE
[  463.319476] EntryControls=0000d1ff ExitControls=002fefff
[  463.319511] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  463.359033] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
21:49:49 executing program 1:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070")
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
r1 = socket(0x10, 0x80002, 0x6)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@dellink={0x28, 0x11, 0xc03, 0x0, 0x0, {}, [@IFLA_NET_NS_FD={0x8}]}, 0x28}}, 0x0)
sendmmsg$alg(r1, &(0x7f0000000140)=[{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0x492492492492805, 0x0)

21:49:49 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/kvm\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000280)={0x0, 0x8000})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f0000000000)=ANY=[@ANYBLOB="00000f7f"])
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000003000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  463.365923] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  463.372679]         reason=80000021 qualification=0000000000000000
[  463.379040] IDTVectoring: info=00000000 errcode=00000000
[  463.384721] TSC Offset = 0xffffff0284d4f253
[  463.389078] EPT pointer = 0x0000000127b8d01e
21:49:49 executing program 4:
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x0, 0x0)
r1 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x40000ffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x9208, &(0x7f0000000180))
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000600))
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000640), 0x4)
setsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, &(0x7f0000000440)=0x2, 0x187)
lgetxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000200)=@known='trusted.overlay.upper\x00', &(0x7f0000000240)=""/152, 0x98)
fsetxattr$security_evm(r0, &(0x7f0000000540)='security.evm\x00', &(0x7f0000000680)=@sha1={0x1, "8847909b687e348975a0da974e9501db6d67b5e4"}, 0x15, 0x2)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000300)={@loopback, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x27}, &(0x7f0000000380)=0x20)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0xd85, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffff9c, 0x0, 0x13, &(0x7f0000000140)='/dev/snd/controlC#\x00', 0xffffffffffffffff}, 0x30)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
accept$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, &(0x7f0000000100)=0x1c)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SMI(r5, 0xaeb7)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_SET_SREGS(r5, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x28, 0x0, 0x6500})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000015c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000012000)={0x0, 0x4}, 0x2c)

[  463.523056] binder: invalid inc weak node for 19
[  463.528159] binder: 9211:9212 IncRefs 0 refcount change on invalid ref 1 ret -22
[  463.560482] kernel msg: ebtables bug: please report to author: Entries_size never zero
[  463.733211] *** Guest State ***
[  463.736929] CR0: actual=0x0000000000050032, shadow=0x0000000000050012, gh_mask=fffffffffffffff7
[  463.746421] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  463.755600] CR3 = 0x0000000000000000
[  463.759511] RSP = 0x0000000000000000  RIP = 0x0000000000008000
[  463.765919] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  463.773366] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  463.780242] CS:   sel=0x3000, attr=0x08093, limit=0xffffffff, base=0x0000000000030000
[  463.788829] DS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  463.790724] binder: send failed reply for transaction 18, target dead
[  463.797192] SS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  463.812443] ES:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  463.820636] FS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
21:49:49 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000080)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[  463.829038] GS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  463.837354] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  463.845754] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  463.854039] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  463.862440] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  463.870646] EFER =     0x0000000000006000  PAT = 0x0007040600070406
[  463.877413] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  463.885194] Interruptibility = 00000008  ActivityState = 00000000
[  463.891962] *** Host State ***
[  463.895373] RIP = 0xffffffff812ce0a8  RSP = 0xffff888182bdf368
[  463.901631] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  463.908561] FSBase=00007f2e97989700 GSBase=ffff88821fd00000 TRBase=fffffe000003d000
[  463.916975] GDTBase=fffffe000003b000 IDTBase=fffffe0000000000
[  463.923373] CR0=0000000080050033 CR3=000000016d996000 CR4=00000000001426e0
21:49:50 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
r3 = dup2(r1, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
sendmsg$nl_route(r0, &(0x7f0000001cc0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)

[  463.930839] Sysenter RSP=fffffe000003c200 CS:RIP=0010:ffffffff8b001260
[  463.938133] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  463.944800] *** Control State ***
[  463.949094] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000c2
[  463.956889] EntryControls=0000d1ff ExitControls=002fefff
[  463.963262] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  463.970659] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  463.978326] VMExit: intr_info=00000000 errcode=00000000 ilen=00000002
[  463.985851]         reason=80000021 qualification=0000000000000000
[  463.992751] IDTVectoring: info=00000000 errcode=00000000
[  463.998443] TSC Offset = 0xffffff0228f90f44
[  464.003496] EPT pointer = 0x000000019438d01e
[  464.059440] binder: release 9225:9227 transaction 22 out, still active
[  464.066923] binder: unexpected work type, 4, not freed
[  464.073000] binder: undelivered TRANSACTION_COMPLETE
21:49:50 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000280)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x0, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB]}, 0x78)

[  464.104904] binder: invalid inc weak node for 23
[  464.109862] binder: 9225:9227 IncRefs 0 refcount change on invalid ref 1 ret -22
[  464.263577] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
21:49:50 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000080)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[  464.305499] binder: send failed reply for transaction 22, target dead
[  464.401574] kernel msg: ebtables bug: please report to author: Entries_size never zero
[  464.435152] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  464.454764] binder: release 9237:9238 transaction 26 out, still active
[  464.461481] binder: unexpected work type, 4, not freed
[  464.467102] binder: undelivered TRANSACTION_COMPLETE
[  464.532860] binder: invalid inc weak node for 27
[  464.537828] binder: 9237:9238 IncRefs 0 refcount change on invalid ref 1 ret -22
21:49:50 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/kvm\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000280)={0x0, 0x8000})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f0000000000)=ANY=[@ANYBLOB="00000f7f"])
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000003000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:49:50 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000280)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x0, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB]}, 0x78)

21:49:50 executing program 1:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070")
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
r1 = socket(0x10, 0x80002, 0x6)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@dellink={0x28, 0x11, 0xc03, 0x0, 0x0, {}, [@IFLA_NET_NS_FD={0x8}]}, 0x28}}, 0x0)
sendmmsg$alg(r1, &(0x7f0000000140)=[{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0x492492492492805, 0x0)

21:49:50 executing program 3:

21:49:50 executing program 4:
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x0, 0x0)
r1 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x40000ffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x9208, &(0x7f0000000180))
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000600))
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000640), 0x4)
setsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, &(0x7f0000000440)=0x2, 0x187)
lgetxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000200)=@known='trusted.overlay.upper\x00', &(0x7f0000000240)=""/152, 0x98)
fsetxattr$security_evm(r0, &(0x7f0000000540)='security.evm\x00', &(0x7f0000000680)=@sha1={0x1, "8847909b687e348975a0da974e9501db6d67b5e4"}, 0x15, 0x2)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000300)={@loopback, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x27}, &(0x7f0000000380)=0x20)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0xd85, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffff9c, 0x0, 0x13, &(0x7f0000000140)='/dev/snd/controlC#\x00', 0xffffffffffffffff}, 0x30)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
accept$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, &(0x7f0000000100)=0x1c)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SMI(r5, 0xaeb7)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_SET_SREGS(r5, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x28, 0x0, 0x6500})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000015c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000012000)={0x0, 0x4}, 0x2c)

[  464.798222] kernel msg: ebtables bug: please report to author: Entries_size never zero
21:49:50 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000080)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[  464.853756] binder: send failed reply for transaction 26, target dead
21:49:51 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000280)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x0, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB]}, 0x78)

21:49:51 executing program 3:

[  465.075257] binder: release 9249:9250 transaction 30 out, still active
[  465.082392] binder: unexpected work type, 4, not freed
[  465.087720] binder: undelivered TRANSACTION_COMPLETE
[  465.151965] binder: invalid inc weak node for 31
[  465.156936] binder: 9249:9250 IncRefs 0 refcount change on invalid ref 1 ret -22
[  465.158314] *** Guest State ***
[  465.168626] CR0: actual=0x0000000000050032, shadow=0x0000000000050012, gh_mask=fffffffffffffff7
[  465.174247] kernel msg: ebtables bug: please report to author: Entries_size never zero
[  465.177827] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  465.195081] CR3 = 0x0000000000000000
[  465.199039] RSP = 0x0000000000000000  RIP = 0x0000000000008000
[  465.205348] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  465.211524] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  465.218701] CS:   sel=0x3000, attr=0x08093, limit=0xffffffff, base=0x0000000000030000
[  465.227005] DS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  465.235373] SS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  465.243729] ES:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  465.252061] FS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  465.260235] GS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  465.268620] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  465.277474] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  465.285796] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  465.294092] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  465.302407] EFER =     0x0000000000006000  PAT = 0x0007040600070406
[  465.309035] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  465.316871] Interruptibility = 00000008  ActivityState = 00000000
[  465.323419] *** Host State ***
[  465.326812] RIP = 0xffffffff812ce0a8  RSP = 0xffff88816cd6f368
[  465.333270] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  465.339912] FSBase=00007f2e97989700 GSBase=ffff88821fd00000 TRBase=fffffe000003d000
[  465.348155] GDTBase=fffffe000003b000 IDTBase=fffffe0000000000
[  465.354343] CR0=0000000080050033 CR3=000000019e877000 CR4=00000000001426e0
[  465.361662] Sysenter RSP=fffffe000003c200 CS:RIP=0010:ffffffff8b001260
[  465.368742] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  465.375148] *** Control State ***
[  465.378802] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000c2
[  465.385820] EntryControls=0000d1ff ExitControls=002fefff
[  465.391526] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  465.398858] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  465.405891] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  465.412867]         reason=80000021 qualification=0000000000000000
[  465.419374] IDTVectoring: info=00000000 errcode=00000000
[  465.425314] TSC Offset = 0xffffff01665ac333
[  465.429850] EPT pointer = 0x000000017024601e
21:49:51 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000280)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x11c, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000fa00000000000000000000000000000000feffffff01000000030000000000000008006966623000000000000000000000000064756d6d79300000000000000000000069705f76746930000000000000000000697036746e6c30000000000000000000aaaaaaaaaabb0000000000000180c20000000000000000000000f000000070010000a801000069700000000000000000000000000000000000000000000000000000"]}, 0x194)

21:49:51 executing program 3:

21:49:51 executing program 2:

21:49:51 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl(0xffffffffffffffff, 0x20000000008912, &(0x7f0000000080)="0a5c2d0240316285717070")
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000080)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[  465.594707] binder: send failed reply for transaction 30, target dead
[  465.676910] kernel msg: ebtables bug: please report to author: entries_size too small
21:49:51 executing program 4:
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x0, 0x0)
r1 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x40000ffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x9208, &(0x7f0000000180))
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000600))
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000640), 0x4)
setsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, &(0x7f0000000440)=0x2, 0x187)
lgetxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000200)=@known='trusted.overlay.upper\x00', &(0x7f0000000240)=""/152, 0x98)
fsetxattr$security_evm(r0, &(0x7f0000000540)='security.evm\x00', &(0x7f0000000680)=@sha1={0x1, "8847909b687e348975a0da974e9501db6d67b5e4"}, 0x15, 0x2)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000300)={@loopback, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x27}, &(0x7f0000000380)=0x20)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0xd85, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffff9c, 0x0, 0x13, &(0x7f0000000140)='/dev/snd/controlC#\x00', 0xffffffffffffffff}, 0x30)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
accept$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, &(0x7f0000000100)=0x1c)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SMI(r5, 0xaeb7)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_SET_SREGS(r5, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x28, 0x0, 0x6500})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000015c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000012000)={0x0, 0x4}, 0x2c)

21:49:51 executing program 1:

[  465.786330] binder: release 9261:9262 transaction 34 out, still active
[  465.793258] binder: unexpected work type, 4, not freed
[  465.798577] binder: undelivered TRANSACTION_COMPLETE
21:49:51 executing program 3:

21:49:51 executing program 2:

[  465.873071] binder: invalid inc weak node for 35
[  465.878073] binder: 9261:9262 IncRefs 0 refcount change on invalid ref 1 ret -22
21:49:52 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000280)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x11c, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000fa00000000000000000000000000000000feffffff01000000030000000000000008006966623000000000000000000000000064756d6d79300000000000000000000069705f76746930000000000000000000697036746e6c30000000000000000000aaaaaaaaaabb0000000000000180c20000000000000000000000f000000070010000a801000069700000000000000000000000000000000000000000000000000000"]}, 0x194)

21:49:52 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl(0xffffffffffffffff, 0x20000000008912, &(0x7f0000000080)="0a5c2d0240316285717070")
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000080)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[  466.079334] binder: send failed reply for transaction 34, target dead
[  466.081493] kernel msg: ebtables bug: please report to author: entries_size too small
[  466.123443] *** Guest State ***
[  466.127077] CR0: actual=0x0000000000050032, shadow=0x0000000000050012, gh_mask=fffffffffffffff7
[  466.136296] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  466.145537] CR3 = 0x0000000000000000
[  466.149460] RSP = 0x0000000000000000  RIP = 0x0000000000008000
[  466.155734] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  466.162033] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
21:49:52 executing program 2:

21:49:52 executing program 1:

[  466.168912] CS:   sel=0x3000, attr=0x08093, limit=0xffffffff, base=0x0000000000030000
[  466.177288] DS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  466.185766] SS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  466.194376] ES:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  466.202703] FS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  466.210865] GS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  466.219262] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  466.227546] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  466.235823] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  466.244130] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  466.252598] EFER =     0x0000000000006000  PAT = 0x0007040600070406
[  466.259306] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  466.267160] Interruptibility = 00000008  ActivityState = 00000000
[  466.273761] *** Host State ***
[  466.277618] RIP = 0xffffffff812ce0a8  RSP = 0xffff8881702ef368
[  466.283980] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  466.290610] FSBase=00007f2e97989700 GSBase=ffff88821fd00000 TRBase=fffffe000003d000
[  466.298814] GDTBase=fffffe000003b000 IDTBase=fffffe0000000000
[  466.305039] CR0=0000000080050033 CR3=000000019e879000 CR4=00000000001426e0
[  466.312442] Sysenter RSP=fffffe000003c200 CS:RIP=0010:ffffffff8b001260
[  466.314641] binder: release 9272:9275 transaction 38 out, still active
[  466.319358] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  466.326260] binder: unexpected work type, 4, not freed
[  466.326286] binder: undelivered TRANSACTION_COMPLETE
[  466.343842] *** Control State ***
[  466.347522] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000c2
[  466.354579] EntryControls=0000d1ff ExitControls=002fefff
[  466.360232] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  466.367563] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  466.374667] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  466.381433]         reason=80000021 qualification=0000000000000000
[  466.388245] IDTVectoring: info=00000000 errcode=00000000
[  466.393993] TSC Offset = 0xffffff00efa111ee
[  466.398515] EPT pointer = 0x000000019d8a801e
[  466.399204] binder: invalid inc weak node for 39
[  466.408116] binder: 9272:9277 IncRefs 0 refcount change on invalid ref 1 ret -22
21:49:52 executing program 3:

21:49:52 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000280)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x11c, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000fa00000000000000000000000000000000feffffff01000000030000000000000008006966623000000000000000000000000064756d6d79300000000000000000000069705f76746930000000000000000000697036746e6c30000000000000000000aaaaaaaaaabb0000000000000180c20000000000000000000000f000000070010000a801000069700000000000000000000000000000000000000000000000000000"]}, 0x194)

21:49:52 executing program 2:

21:49:52 executing program 1:

21:49:52 executing program 4:
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x0, 0x0)
r1 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x40000ffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x9208, &(0x7f0000000180))
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000600))
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000640), 0x4)
setsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, &(0x7f0000000440)=0x2, 0x187)
lgetxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000200)=@known='trusted.overlay.upper\x00', &(0x7f0000000240)=""/152, 0x98)
fsetxattr$security_evm(r0, &(0x7f0000000540)='security.evm\x00', &(0x7f0000000680)=@sha1={0x1, "8847909b687e348975a0da974e9501db6d67b5e4"}, 0x15, 0x2)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000300)={@loopback, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x27}, &(0x7f0000000380)=0x20)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0xd85, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffff9c, 0x0, 0x13, &(0x7f0000000140)='/dev/snd/controlC#\x00', 0xffffffffffffffff}, 0x30)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
accept$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, &(0x7f0000000100)=0x1c)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SMI(r5, 0xaeb7)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_SET_SREGS(r5, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x28, 0x0, 0x6500})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000015c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)

[  466.665290] kernel msg: ebtables bug: please report to author: entries_size too small
21:49:52 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl(0xffffffffffffffff, 0x20000000008912, &(0x7f0000000080)="0a5c2d0240316285717070")
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000080)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[  466.713970] binder: send failed reply for transaction 38, target dead
21:49:52 executing program 1:

21:49:52 executing program 2:

21:49:52 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000280)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x1aa, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000fa00000000000000000000000000000000feffffff01000000030000000000000008006966623000000000000000000000000064756d6d79300000000000000000000069705f76746930000000000000000000697036746e6c30000000000000000000aaaaaaaaaabb0000000000000180c20000000000000000000000f000000070010000a801000069700000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000cb5a4715ba9c2e20000000000000000000000000000000000000000000000000002f00000000000000000000000000000000000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa000000000000000000"]}, 0x222)

21:49:53 executing program 3:

[  466.901000] binder: release 9285:9286 transaction 42 out, still active
[  466.907852] binder: unexpected work type, 4, not freed
[  466.913412] binder: undelivered TRANSACTION_COMPLETE
[  466.959553] binder: invalid inc weak node for 43
[  466.964608] binder: 9285:9286 IncRefs 0 refcount change on invalid ref 1 ret -22
[  466.987263] kernel msg: ebtables bug: please report to author: entries_size too small
[  467.030252] *** Guest State ***
[  467.034015] CR0: actual=0x0000000000050032, shadow=0x0000000000050012, gh_mask=fffffffffffffff7
[  467.043234] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  467.052460] CR3 = 0x0000000000000000
[  467.056488] RSP = 0x0000000000000000  RIP = 0x0000000000008000
[  467.062871] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  467.069115] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  467.076252] CS:   sel=0x3000, attr=0x08093, limit=0xffffffff, base=0x0000000000030000
[  467.084587] DS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  467.093000] SS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  467.101211] ES:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  467.109583] FS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  467.117993] GS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  467.126405] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  467.134777] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  467.143174] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  467.151372] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  467.159785] EFER =     0x0000000000006000  PAT = 0x0007040600070406
[  467.166531] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  467.174343] Interruptibility = 00000008  ActivityState = 00000000
[  467.180764] *** Host State ***
[  467.184441] RIP = 0xffffffff812ce0a8  RSP = 0xffff8881279df368
[  467.190615] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  467.197473] FSBase=00007f2e97989700 GSBase=ffff88821fd00000 TRBase=fffffe000003d000
[  467.205598] GDTBase=fffffe000003b000 IDTBase=fffffe0000000000
[  467.211683] CR0=0000000080050033 CR3=000000016a6b1000 CR4=00000000001426e0
[  467.219063] Sysenter RSP=fffffe000003c200 CS:RIP=0010:ffffffff8b001260
21:49:53 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000280)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x1aa, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000fa00000000000000000000000000000000feffffff01000000030000000000000008006966623000000000000000000000000064756d6d79300000000000000000000069705f76746930000000000000000000697036746e6c30000000000000000000aaaaaaaaaabb0000000000000180c20000000000000000000000f000000070010000a801000069700000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000cb5a4715ba9c2e20000000000000000000000000000000000000000000000000002f00000000000000000000000000000000000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa000000000000000000"]}, 0x222)

[  467.226393] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  467.232791] *** Control State ***
[  467.236450] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000c2
[  467.243628] EntryControls=0000d1ff ExitControls=002fefff
[  467.249343] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  467.256711] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  467.263716] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  467.270523]         reason=80000021 qualification=0000000000000000
21:49:53 executing program 2:

[  467.277690] IDTVectoring: info=00000000 errcode=00000000
[  467.283572] TSC Offset = 0xffffff0067e1d6df
[  467.288074] EPT pointer = 0x00000001695e001e
21:49:53 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r2, 0x20000000008912, &(0x7f0000000080)="0a5c2d0240316285717070")
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000080)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

21:49:53 executing program 1:

21:49:53 executing program 3:

[  467.328198] binder: send failed reply for transaction 42, target dead
[  467.465186] kernel msg: ebtables bug: please report to author: entries_size too small
[  467.518278] binder: release 9296:9298 transaction 46 out, still active
[  467.525164] binder: unexpected work type, 4, not freed
[  467.530492] binder: undelivered TRANSACTION_COMPLETE
21:49:53 executing program 4:
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x0, 0x0)
r1 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x40000ffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x9208, &(0x7f0000000180))
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000600))
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000640), 0x4)
setsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, &(0x7f0000000440)=0x2, 0x187)
lgetxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000200)=@known='trusted.overlay.upper\x00', &(0x7f0000000240)=""/152, 0x98)
fsetxattr$security_evm(r0, &(0x7f0000000540)='security.evm\x00', &(0x7f0000000680)=@sha1={0x1, "8847909b687e348975a0da974e9501db6d67b5e4"}, 0x15, 0x2)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000300)={@loopback, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x27}, &(0x7f0000000380)=0x20)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0xd85, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffff9c, 0x0, 0x13, &(0x7f0000000140)='/dev/snd/controlC#\x00', 0xffffffffffffffff}, 0x30)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
accept$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, &(0x7f0000000100)=0x1c)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SMI(r5, 0xaeb7)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_SET_SREGS(r5, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x28, 0x0, 0x6500})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f00000015c0)='/dev/kvm\x00', 0x0, 0x0)

21:49:53 executing program 2:

21:49:53 executing program 1:

21:49:53 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000280)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x1aa, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000fa00000000000000000000000000000000feffffff01000000030000000000000008006966623000000000000000000000000064756d6d79300000000000000000000069705f76746930000000000000000000697036746e6c30000000000000000000aaaaaaaaaabb0000000000000180c20000000000000000000000f000000070010000a801000069700000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000cb5a4715ba9c2e20000000000000000000000000000000000000000000000000002f00000000000000000000000000000000000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa000000000000000000"]}, 0x222)

21:49:53 executing program 3:

21:49:53 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r2, 0x20000000008912, &(0x7f0000000080)="0a5c2d0240316285717070")
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000080)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[  467.817619] kernel msg: ebtables bug: please report to author: entries_size too small
[  467.819701] binder: send failed reply for transaction 46, target dead
21:49:54 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000280)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x1f1, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000fa00000000000000000000000000000000feffffff01000000030000000000000008006966623000000000000000000000000064756d6d79300000000000000000000069705f76746930000000000000000000697036746e6c30000000000000000000aaaaaaaaaabb0000000000000180c20000000000000000000000f000000070010000a801000069700000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000cb5a4715ba9c2e20000000000000000000000000000000000000000000000000002f00000000000000000000000000000000000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa000000000000000000005241544545535400000000000000000000000000000000000000000000000000200000000000000073797a310000000000000004000000000000000000000000000000000000"]}, 0x269)

21:49:54 executing program 1:

[  468.003436] *** Guest State ***
[  468.007080] CR0: actual=0x0000000000050032, shadow=0x0000000000050012, gh_mask=fffffffffffffff7
[  468.016410] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  468.025615] CR3 = 0x0000000000000000
[  468.029525] RSP = 0x0000000000000000  RIP = 0x0000000000008000
[  468.035807] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  468.042080] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
21:49:54 executing program 2:

[  468.048953] CS:   sel=0x3000, attr=0x08093, limit=0xffffffff, base=0x0000000000030000
[  468.054308] kernel msg: ebtables bug: please report to author: entries_size too small
[  468.057205] DS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  468.073634] SS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  468.082116] ES:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  468.090419] FS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  468.098762] GS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  468.107074] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  468.115389] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  468.123695] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  468.132031] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  468.140184] EFER =     0x0000000000006000  PAT = 0x0007040600070406
[  468.146895] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  468.154706] Interruptibility = 00000008  ActivityState = 00000000
[  468.161142] *** Host State ***
[  468.164682] RIP = 0xffffffff812ce0a8  RSP = 0xffff88812829f368
[  468.170934] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  468.177760] FSBase=00007f2e97989700 GSBase=ffff88821fd00000 TRBase=fffffe000003d000
[  468.185952] GDTBase=fffffe000003b000 IDTBase=fffffe0000000000
[  468.192156] CR0=0000000080050033 CR3=000000016b516000 CR4=00000000001426e0
21:49:54 executing program 3:

[  468.199362] Sysenter RSP=fffffe000003c200 CS:RIP=0010:ffffffff8b001260
[  468.206333] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  468.212729] *** Control State ***
[  468.216429] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000c2
[  468.223408] EntryControls=0000d1ff ExitControls=002fefff
[  468.229113] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  468.236346] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  468.243328] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  468.250166]         reason=80000021 qualification=0000000000000000
[  468.257836] IDTVectoring: info=00000000 errcode=00000000
[  468.263585] TSC Offset = 0xfffffeffe98b9278
[  468.268097] EPT pointer = 0x000000016fa9301e
21:49:54 executing program 2:

21:49:54 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000280)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x1f1, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000fa00000000000000000000000000000000feffffff01000000030000000000000008006966623000000000000000000000000064756d6d79300000000000000000000069705f76746930000000000000000000697036746e6c30000000000000000000aaaaaaaaaabb0000000000000180c20000000000000000000000f000000070010000a801000069700000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000cb5a4715ba9c2e20000000000000000000000000000000000000000000000000002f00000000000000000000000000000000000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa000000000000000000005241544545535400000000000000000000000000000000000000000000000000200000000000000073797a310000000000000004000000000000000000000000000000000000"]}, 0x269)

21:49:54 executing program 4:
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x0, 0x0)
r1 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x40000ffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x9208, &(0x7f0000000180))
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000600))
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000640), 0x4)
setsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, &(0x7f0000000440)=0x2, 0x187)
lgetxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000200)=@known='trusted.overlay.upper\x00', &(0x7f0000000240)=""/152, 0x98)
fsetxattr$security_evm(r0, &(0x7f0000000540)='security.evm\x00', &(0x7f0000000680)=@sha1={0x1, "8847909b687e348975a0da974e9501db6d67b5e4"}, 0x15, 0x2)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000300)={@loopback, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x27}, &(0x7f0000000380)=0x20)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0xd85, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffff9c, 0x0, 0x13, &(0x7f0000000140)='/dev/snd/controlC#\x00', 0xffffffffffffffff}, 0x30)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
accept$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, &(0x7f0000000100)=0x1c)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SMI(r5, 0xaeb7)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_SET_SREGS(r5, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x28, 0x0, 0x6500})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

21:49:54 executing program 1:

21:49:54 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r2, 0x20000000008912, &(0x7f0000000080)="0a5c2d0240316285717070")
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000080)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

21:49:54 executing program 2:

[  468.544240] kernel msg: ebtables bug: please report to author: entries_size too small
21:49:54 executing program 3:

[  468.655670] binder: release 9319:9320 transaction 50 out, still active
[  468.662673] binder: unexpected work type, 4, not freed
[  468.667993] binder: undelivered TRANSACTION_COMPLETE
21:49:54 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000280)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x1f1, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000fa00000000000000000000000000000000feffffff01000000030000000000000008006966623000000000000000000000000064756d6d79300000000000000000000069705f76746930000000000000000000697036746e6c30000000000000000000aaaaaaaaaabb0000000000000180c20000000000000000000000f000000070010000a801000069700000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000cb5a4715ba9c2e20000000000000000000000000000000000000000000000000002f00000000000000000000000000000000000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa000000000000000000005241544545535400000000000000000000000000000000000000000000000000200000000000000073797a310000000000000004000000000000000000000000000000000000"]}, 0x269)

21:49:54 executing program 1:

21:49:55 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r2, 0x20000000008912, &(0x7f0000000080)="0a5c2d0240316285717070")
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000080)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[  468.911094] kernel msg: ebtables bug: please report to author: entries_size too small
[  468.921984] binder: send failed reply for transaction 50, target dead
[  468.944101] *** Guest State ***
[  468.947622] CR0: actual=0x0000000000050032, shadow=0x0000000000050012, gh_mask=fffffffffffffff7
[  468.956892] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  468.966064] CR3 = 0x0000000000000000
[  468.969993] RSP = 0x0000000000000000  RIP = 0x0000000000008000
[  468.976329] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  468.982581] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  468.989472] CS:   sel=0x3000, attr=0x08093, limit=0xffffffff, base=0x0000000000030000
[  468.997828] DS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  469.006118] SS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  469.014839] ES:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  469.023145] FS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  469.031326] GS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  469.039600] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  469.047863] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
21:49:55 executing program 2:

21:49:55 executing program 3:

[  469.056131] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  469.064406] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  469.072650] EFER =     0x0000000000006000  PAT = 0x0007040600070406
[  469.079351] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  469.087106] Interruptibility = 00000008  ActivityState = 00000000
[  469.093611] *** Host State ***
[  469.097002] RIP = 0xffffffff812ce0a8  RSP = 0xffff88812829f368
[  469.103272] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
21:49:55 executing program 1:

[  469.109912] FSBase=00007f2e97989700 GSBase=ffff88821fc00000 TRBase=fffffe0000003000
[  469.118044] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  469.124395] CR0=0000000080050033 CR3=000000018e3cf000 CR4=00000000001426f0
[  469.131633] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff8b001260
[  469.138610] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  469.145517] *** Control State ***
[  469.149217] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000c2
[  469.156148] EntryControls=0000d1ff ExitControls=002fefff
[  469.161866] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  469.169081] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  469.176059] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  469.182939]         reason=80000021 qualification=0000000000000000
[  469.189460] IDTVectoring: info=00000000 errcode=00000000
[  469.195170] TSC Offset = 0xfffffeff621f043f
[  469.199703] EPT pointer = 0x000000018fe8201e
21:49:55 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000280)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x215, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000fa00000000000000000000000000000000feffffff01000000030000000000000008006966623000000000000000000000000064756d6d79300000000000000000000069705f76746930000000000000000000697036746e6c30000000000000000000aaaaaaaaaabb0000000000000180c20000000000000000000000f000000070010000a801000069700000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000cb5a4715ba9c2e20000000000000000000000000000000000000000000000000002f00000000000000000000000000000000000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa000000000000000000005241544545535400000000000000000000000000000000000000000000000000200000000000000073797a3100000000000000040000000000000000000000000000000000000000736e6174000000000000000000000000000022000000000000000000000000001000"]}, 0x28d)

[  469.430697] binder: 9333:9334 IncRefs 0 refcount change on invalid ref 1 ret -22
[  469.467335] kernel msg: ebtables bug: please report to author: entries_size too small
21:49:55 executing program 4:
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x0, 0x0)
r1 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x40000ffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x9208, &(0x7f0000000180))
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000600))
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000640), 0x4)
setsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, &(0x7f0000000440)=0x2, 0x187)
lgetxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000200)=@known='trusted.overlay.upper\x00', &(0x7f0000000240)=""/152, 0x98)
fsetxattr$security_evm(r0, &(0x7f0000000540)='security.evm\x00', &(0x7f0000000680)=@sha1={0x1, "8847909b687e348975a0da974e9501db6d67b5e4"}, 0x15, 0x2)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000300)={@loopback, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x27}, &(0x7f0000000380)=0x20)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0xd85, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffff9c, 0x0, 0x13, &(0x7f0000000140)='/dev/snd/controlC#\x00', 0xffffffffffffffff}, 0x30)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
accept$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, &(0x7f0000000100)=0x1c)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SMI(r5, 0xaeb7)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

21:49:55 executing program 3:

21:49:55 executing program 2:

21:49:55 executing program 1:

21:49:55 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r2, 0x20000000008912, &(0x7f0000000080)="0a5c2d0240316285717070")
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000080)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

21:49:55 executing program 1:

21:49:55 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000280)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x215, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000fa00000000000000000000000000000000feffffff01000000030000000000000008006966623000000000000000000000000064756d6d79300000000000000000000069705f76746930000000000000000000697036746e6c30000000000000000000aaaaaaaaaabb0000000000000180c20000000000000000000000f000000070010000a801000069700000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000cb5a4715ba9c2e20000000000000000000000000000000000000000000000000002f00000000000000000000000000000000000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa000000000000000000005241544545535400000000000000000000000000000000000000000000000000200000000000000073797a3100000000000000040000000000000000000000000000000000000000736e6174000000000000000000000000000022000000000000000000000000001000"]}, 0x28d)

[  469.750471] binder: 9342:9343 IncRefs 0 refcount change on invalid ref 1 ret -22
21:49:55 executing program 2:

21:49:55 executing program 3:

21:49:56 executing program 1:

[  469.946069] kernel msg: ebtables bug: please report to author: entries_size too small
21:49:56 executing program 4:
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x0, 0x0)
r1 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x40000ffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x9208, &(0x7f0000000180))
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000600))
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000640), 0x4)
setsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, &(0x7f0000000440)=0x2, 0x187)
lgetxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000200)=@known='trusted.overlay.upper\x00', &(0x7f0000000240)=""/152, 0x98)
fsetxattr$security_evm(r0, &(0x7f0000000540)='security.evm\x00', &(0x7f0000000680)=@sha1={0x1, "8847909b687e348975a0da974e9501db6d67b5e4"}, 0x15, 0x2)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000300)={@loopback, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x27}, &(0x7f0000000380)=0x20)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0xd85, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffff9c, 0x0, 0x13, &(0x7f0000000140)='/dev/snd/controlC#\x00', 0xffffffffffffffff}, 0x30)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
accept$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, &(0x7f0000000100)=0x1c)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SMI(r5, 0xaeb7)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

21:49:56 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r2, 0x20000000008912, &(0x7f0000000080)="0a5c2d0240316285717070")
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000080)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

21:49:56 executing program 3:

21:49:56 executing program 2:

21:49:56 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000280)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x215, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000fa00000000000000000000000000000000feffffff01000000030000000000000008006966623000000000000000000000000064756d6d79300000000000000000000069705f76746930000000000000000000697036746e6c30000000000000000000aaaaaaaaaabb0000000000000180c20000000000000000000000f000000070010000a801000069700000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000cb5a4715ba9c2e20000000000000000000000000000000000000000000000000002f00000000000000000000000000000000000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa000000000000000000005241544545535400000000000000000000000000000000000000000000000000200000000000000073797a3100000000000000040000000000000000000000000000000000000000736e6174000000000000000000000000000022000000000000000000000000001000"]}, 0x28d)

21:49:56 executing program 1:

[  470.242394] binder: 9352:9353 IncRefs 0 refcount change on invalid ref 1 ret -22
[  470.404858] kernel msg: ebtables bug: please report to author: entries_size too small
21:49:56 executing program 2:
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x10000261, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp\x00')
preadv(r0, &(0x7f0000000480), 0x100000000000022c, 0x0)

21:49:56 executing program 3:
r0 = open(&(0x7f0000ba0000)='./file0\x00', 0xfc, 0x0)
fcntl$setlease(r0, 0x400, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
rt_sigprocmask(0x0, &(0x7f0000032ff8)={0xfffffffffffffffe}, 0x0, 0x8)
rt_sigtimedwait(&(0x7f0000000040)={0xfffffffffffffffd}, 0xfffffffffffffffe, 0x0, 0x8)
open(&(0x7f0000001500)='./file0\x00', 0x802, 0x0)
r2 = socket(0x10, 0x3, 0x0)
socket(0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00')
sendfile(r2, r3, 0x0, 0x80000001)

21:49:56 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r2, 0x20000000008912, &(0x7f0000000080)="0a5c2d0240316285717070")
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000080)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

21:49:56 executing program 4:
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x0, 0x0)
r1 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x40000ffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x9208, &(0x7f0000000180))
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000600))
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000640), 0x4)
setsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, &(0x7f0000000440)=0x2, 0x187)
lgetxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000200)=@known='trusted.overlay.upper\x00', &(0x7f0000000240)=""/152, 0x98)
fsetxattr$security_evm(r0, &(0x7f0000000540)='security.evm\x00', &(0x7f0000000680)=@sha1={0x1, "8847909b687e348975a0da974e9501db6d67b5e4"}, 0x15, 0x2)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000300)={@loopback, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x27}, &(0x7f0000000380)=0x20)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0xd85, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffff9c, 0x0, 0x13, &(0x7f0000000140)='/dev/snd/controlC#\x00', 0xffffffffffffffff}, 0x30)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
accept$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, &(0x7f0000000100)=0x1c)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SMI(r5, 0xaeb7)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

21:49:56 executing program 1:
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
listen(r0, 0x4)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r1, &(0x7f0000e33fe0)='X', 0x1, 0x0, 0x0, 0x0)
ioctl$KDSETLED(0xffffffffffffffff, 0x4b32, 0x4)
r2 = accept4(r0, 0x0, &(0x7f00000003c0)=0x149, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000008840)=[{{&(0x7f0000000480)=@vsock={0x28, 0x0, 0x0, @my}, 0x80, &(0x7f0000000600)=[{&(0x7f00000005c0)=""/3, 0x3}], 0x1, &(0x7f0000000640)=""/186, 0xba, 0x4}}, {{&(0x7f00000060c0)=@in6={0xa, 0x0, 0x0, @remote}, 0x80, &(0x7f0000007440)=[{&(0x7f0000007140)=""/185, 0xb9}, {&(0x7f0000007200)=""/151, 0x97}], 0x2, &(0x7f00000074c0)=""/31, 0x1f}}], 0x2, 0x2, 0x0)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000140)=@assoc_value={<r3=>0x0}, &(0x7f0000000180)=0x8)
getsockopt$inet_sctp_SCTP_MAXSEG(r2, 0x84, 0xd, &(0x7f00000001c0)=@assoc_id=r3, &(0x7f0000000200)=0x4)

21:49:56 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000280)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x227, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000fa00000000000000000000000000000000feffffff01000000030000000000000008006966623000000000000000000000000064756d6d79300000000000000000000069705f76746930000000000000000000697036746e6c30000000000000000000aaaaaaaaaabb0000000000000180c20000000000000000000000f000000070010000a801000069700000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000cb5a4715ba9c2e20000000000000000000000000000000000000000000000000002f00000000000000000000000000000000000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa000000000000000000005241544545535400000000000000000000000000000000000000000000000000200000000000000073797a3100000000000000040000000000000000000000000000000000000000736e6174000000000000000000000000000022000000000000000000000000001000000000000000aaaaaaaaaa00000000000000"]}, 0x29f)

[  470.779869] binder: 9363:9368 transaction failed 29189/-22, size 24-8 line 2834
[  470.839181] sctp: failed to load transform for md5: -2
[  470.883506] binder: 9363:9368 IncRefs 0 refcount change on invalid ref 1 ret -22
[  470.893579] kernel msg: ebtables bug: please report to author: entries_size too small
[  470.946541] binder: undelivered TRANSACTION_ERROR: 29189
21:49:57 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0x11, 0x3, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000140)=@ipx={0x4, 0x80000001, 0x0, "0950fe4adba7"}, 0x80, 0x0}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x6}, 0x2c)
setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x2b5)
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000003840)=[{&(0x7f00000004c0)=""/158, 0x9e}, {0x0}, {0x0}, {0x0}, {0x0}], 0x5}, 0x0)
recvmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000600)=""/182, 0xb6}, {&(0x7f00000038c0)=""/4096, 0x1000}], 0x2}, 0x0)
sendmsg$kcm(r0, &(0x7f0000000480)={&(0x7f00000000c0)=@in6={0x31128, 0x0, 0x5, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x329]}}, 0x80, &(0x7f0000000340), 0x72, &(0x7f0000000380)}, 0x0)

21:49:57 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r2, 0x20000000008912, &(0x7f0000000080)="0a5c2d0240316285717070")
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000080)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

21:49:57 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000280)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x227, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000fa00000000000000000000000000000000feffffff01000000030000000000000008006966623000000000000000000000000064756d6d79300000000000000000000069705f76746930000000000000000000697036746e6c30000000000000000000aaaaaaaaaabb0000000000000180c20000000000000000000000f000000070010000a801000069700000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000cb5a4715ba9c2e20000000000000000000000000000000000000000000000000002f00000000000000000000000000000000000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa000000000000000000005241544545535400000000000000000000000000000000000000000000000000200000000000000073797a3100000000000000040000000000000000000000000000000000000000736e6174000000000000000000000000000022000000000000000000000000001000000000000000aaaaaaaaaa00000000000000"]}, 0x29f)

21:49:57 executing program 2:
r0 = openat$uinput(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000180)=0xc)
ioctl$DRM_IOCTL_SET_VERSION(r2, 0xc0106407, &(0x7f00000003c0)={0x0, 0x6220})
r3 = socket$inet6(0xa, 0x1, 0x0)
getsockname(r3, &(0x7f0000000180)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast1}}}, &(0x7f0000000080)=0x80)
socket$inet_udp(0x2, 0x2, 0x0)
pipe(&(0x7f0000000500)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
write$FUSE_NOTIFY_POLL(r5, 0x0, 0x0)
prlimit64(0x0, 0x3, &(0x7f00000017c0), 0x0)
shmctl$IPC_INFO(0x0, 0x3, 0xfffffffffffffffd)
write(r5, &(0x7f0000000340), 0x10000014c)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0)
getsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, &(0x7f0000001700), &(0x7f0000001740)=0x8)
fremovexattr(r0, &(0x7f0000000540)=@known='system.posix_acl_default\x00')
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r6+30000000}, &(0x7f0000000300)={&(0x7f00000002c0), 0x8})
vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
r7 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ptype\x00')
preadv(r7, &(0x7f0000000380)=[{&(0x7f0000000280)=""/233, 0xe9}, {&(0x7f0000000440)=""/164, 0xa4}], 0x2, 0x400000000000)
ioctl$TIOCGWINSZ(r2, 0x5413, &(0x7f0000000400))

21:49:57 executing program 1:
pipe(&(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r3, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070")
listen(r2, 0x0)
sendto$inet6(r1, 0x0, 0x0, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x4e22}, 0x1c)
sendto$inet6(r1, &(0x7f0000000000)="99", 0x1, 0x0, 0x0, 0x0)
r4 = accept4(r2, 0x0, 0x0, 0x0)
splice(r4, 0x0, r0, 0x0, 0x3, 0x0)

[  471.289715] kernel msg: ebtables bug: please report to author: entries_size too small
21:49:57 executing program 4:
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x0, 0x0)
r1 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x40000ffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x9208, &(0x7f0000000180))
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000600))
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000640), 0x4)
setsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, &(0x7f0000000440)=0x2, 0x187)
lgetxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000200)=@known='trusted.overlay.upper\x00', &(0x7f0000000240)=""/152, 0x98)
fsetxattr$security_evm(r0, &(0x7f0000000540)='security.evm\x00', &(0x7f0000000680)=@sha1={0x1, "8847909b687e348975a0da974e9501db6d67b5e4"}, 0x15, 0x2)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000300)={@loopback, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x27}, &(0x7f0000000380)=0x20)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0xd85, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffff9c, 0x0, 0x13, &(0x7f0000000140)='/dev/snd/controlC#\x00', 0xffffffffffffffff}, 0x30)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
accept$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, &(0x7f0000000100)=0x1c)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SMI(r5, 0xaeb7)
ioctl$KVM_SET_SREGS(r5, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x28, 0x0, 0x6500})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

[  471.355503] binder: 9389:9390 transaction failed 29189/-22, size 24-8 line 2834
[  471.383065] binder: undelivered TRANSACTION_ERROR: 29189
[  471.399745] binder: 9389:9390 IncRefs 0 refcount change on invalid ref 1 ret -22
21:49:57 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000280)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x227, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000fa00000000000000000000000000000000feffffff01000000030000000000000008006966623000000000000000000000000064756d6d79300000000000000000000069705f76746930000000000000000000697036746e6c30000000000000000000aaaaaaaaaabb0000000000000180c20000000000000000000000f000000070010000a801000069700000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000cb5a4715ba9c2e20000000000000000000000000000000000000000000000000002f00000000000000000000000000000000000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa000000000000000000005241544545535400000000000000000000000000000000000000000000000000200000000000000073797a3100000000000000040000000000000000000000000000000000000000736e6174000000000000000000000000000022000000000000000000000000001000000000000000aaaaaaaaaa00000000000000"]}, 0x29f)

[  471.462544] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
21:49:57 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r2, 0x20000000008912, &(0x7f0000000080)="0a5c2d0240316285717070")
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000080)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

21:49:57 executing program 3:
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$kcm(0x11, 0x3, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000140)=@ipx={0x4, 0x80000001, 0x0, "0950fe4adba7"}, 0x80, 0x0}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x6}, 0x2c)
setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000000000), 0x2b5)
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000003840)=[{&(0x7f00000004c0)=""/158, 0x9e}, {0x0}, {0x0}, {0x0}, {0x0}], 0x5}, 0x0)
recvmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000600)=""/182, 0xb6}, {&(0x7f00000038c0)=""/4096, 0x1000}], 0x2}, 0x0)
sendmsg$kcm(r1, &(0x7f0000000480)={&(0x7f00000000c0)=@in6={0x31128, 0x0, 0x5, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x329]}}, 0x80, &(0x7f0000000340), 0x72, &(0x7f0000000380)}, 0x0)
ioctl$TUNSETGROUP(0xffffffffffffffff, 0x400454ce, 0x0)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
write$UHID_INPUT2(r0, &(0x7f0000000580)={0xc, 0x1a, "8e64357f9d5f5641c412bb2a374f2a059b523da2ec1e0f588a3b"}, 0x20)
socket$rds(0x15, 0x5, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x1)
sendmsg$rds(0xffffffffffffffff, 0x0, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

[  471.639268] kernel msg: ebtables bug: please report to author: entries_size too small
[  471.776856] binder: 9405:9407 transaction failed 29189/-22, size 24-8 line 2834
[  471.804727] binder: undelivered TRANSACTION_ERROR: 29189
21:49:57 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000280)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x230, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000fa00000000000000000000000000000000feffffff01000000030000000000000008006966623000000000000000000000000064756d6d79300000000000000000000069705f76746930000000000000000000697036746e6c30000000000000000000aaaaaaaaaabb0000000000000180c20000000000000000000000f000000070010000a801000069700000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000cb5a4715ba9c2e20000000000000000000000000000000000000000000000000002f00000000000000000000000000000000000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa000000000000000000005241544545535400000000000000000000000000000000000000000000000000200000000000000073797a3100000000000000040000000000000000000000000000000000000000736e6174000000000000000000000000000022000000000000000000000000001000000000000000aaaaaaaaaa00000000000000000000000000000000"]}, 0x2a8)

21:49:58 executing program 1:
r0 = socket$inet(0x2b, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast2}, 0x10)
connect$inet(r0, &(0x7f00000001c0)={0x2, 0x4e23}, 0x10)
getpeername$inet(r0, 0x0, &(0x7f0000000040))

[  471.905397] binder: 9405:9407 IncRefs 0 refcount change on invalid ref 1 ret -22
21:49:58 executing program 4:
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x0, 0x0)
r1 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x40000ffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x9208, &(0x7f0000000180))
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000600))
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000640), 0x4)
setsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, &(0x7f0000000440)=0x2, 0x187)
lgetxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000200)=@known='trusted.overlay.upper\x00', &(0x7f0000000240)=""/152, 0x98)
fsetxattr$security_evm(r0, &(0x7f0000000540)='security.evm\x00', &(0x7f0000000680)=@sha1={0x1, "8847909b687e348975a0da974e9501db6d67b5e4"}, 0x15, 0x2)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000300)={@loopback, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x27}, &(0x7f0000000380)=0x20)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0xd85, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffff9c, 0x0, 0x13, &(0x7f0000000140)='/dev/snd/controlC#\x00', 0xffffffffffffffff}, 0x30)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
accept$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, &(0x7f0000000100)=0x1c)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_SET_SREGS(r5, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x28, 0x0, 0x6500})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

21:49:58 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r2, 0x20000000008912, &(0x7f0000000080)="0a5c2d0240316285717070")
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000080)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[  472.019945] kernel msg: ebtables bug: please report to author: entries_size too small
21:49:58 executing program 3:
r0 = epoll_create1(0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000180))
epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r1, &(0x7f0000000080)={0x20000300})
epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r1, &(0x7f0000000240)={0x20000000})

21:49:58 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000280)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x230, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000fa00000000000000000000000000000000feffffff01000000030000000000000008006966623000000000000000000000000064756d6d79300000000000000000000069705f76746930000000000000000000697036746e6c30000000000000000000aaaaaaaaaabb0000000000000180c20000000000000000000000f000000070010000a801000069700000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000cb5a4715ba9c2e20000000000000000000000000000000000000000000000000002f00000000000000000000000000000000000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa000000000000000000005241544545535400000000000000000000000000000000000000000000000000200000000000000073797a3100000000000000040000000000000000000000000000000000000000736e6174000000000000000000000000000022000000000000000000000000001000000000000000aaaaaaaaaa00000000000000000000000000000000"]}, 0x2a8)

[  472.198066] binder_alloc: 9419: binder_alloc_buf, no vma
[  472.203842] binder: 9419:9421 transaction failed 29189/-3, size 24-8 line 2973
[  472.277129] binder: undelivered TRANSACTION_ERROR: 29189
[  472.309941] binder: 9419:9421 IncRefs 0 refcount change on invalid ref 1 ret -22
[  472.325422] *** Guest State ***
[  472.329145] CR0: actual=0x000000008005003f, shadow=0x000000008005001f, gh_mask=fffffffffffffff7
[  472.338345] CR4: actual=0x0000000000002068, shadow=0x0000000000000028, gh_mask=ffffffffffffe871
[  472.347508] CR3 = 0x0000000000000000
[  472.349691] kernel msg: ebtables bug: please report to author: entries_size too small
[  472.351549] RSP = 0x0000000000000000  RIP = 0x000000000000fff0
[  472.366010] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  472.372320] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  472.379298] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  472.387552] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  472.395962] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  472.404260] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  472.412557] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  472.420744] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  472.429009] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  472.437286] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  472.445540] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  472.453831] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  472.462227] EFER =     0x0000000000006500  PAT = 0x0007040600070406
[  472.468874] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  472.476663] Interruptibility = 00000000  ActivityState = 00000000
[  472.483167] *** Host State ***
[  472.486568] RIP = 0xffffffff812ce0a8  RSP = 0xffff88812a58f368
[  472.493281] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  472.499912] FSBase=00007f2e97989700 GSBase=ffff88821fc00000 TRBase=fffffe0000003000
[  472.508122] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  472.514313] CR0=0000000080050033 CR3=000000019975f000 CR4=00000000001426f0
[  472.521529] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff8b001260
[  472.528536] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  472.534899] *** Control State ***
[  472.538547] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000c2
[  472.545563] EntryControls=0000d3ff ExitControls=002fefff
[  472.551216] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  472.558499] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  472.565638] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  472.572537]         reason=80000021 qualification=0000000000000000
[  472.579057] IDTVectoring: info=00000000 errcode=00000000
[  472.584855] TSC Offset = 0xfffffefd925d1202
[  472.589391] EPT pointer = 0x000000019436d01e
21:49:58 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000000080)=0x1, 0x4)
setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000040)=0x4, 0x4)
setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000001c0)={@in={{0x2, 0x0, @multicast1}}, 0x0, 0x29, 0x0, "508e03aeaccff1fca018062b71db501d9c31e6669e0045d12a0eeadee2e92e3ca2d4472ea1ac811f2cfb38cd26652682c3bb2d3de6b99227c990f286447d91c3d78b15911590acf2dce5946e059b30c3"}, 0xd8)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0x4000000000014, &(0x7f0000000180)=0x80000000002, 0x224)
r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0xd4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)
socket$inet6(0xa, 0x80001, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendto$inet(r0, &(0x7f0000000500)="a5d30136281503000000da21f9f27b28ea5a8adbdac74e75425ec4f317b6fbac65d2a039844b1b7f3b87332d228ef6c9b913ce2fad4a050073c0e441a758886d1c08c1e85c4a8246a03d55fc84fa7edd27ef3041a8971c08b89c9fba6ae8fbe2da4cbc128db693db7805722ce1fa098e3cf3e1e9e238e7dcbfc00fbfc61d1da207b1447952138edb71978ede467962450947d2452c435b241d298818bf60081c38e69528d0feb7f524747f9af4ef412615cf2a1ef7cfa7602e54c3321a1a72171f1246ca7e90531ecff7b8fe3c3014fd5bd503f06de97b4dbf4ba806cf6bae6111566cebce516d0cf61dd594e9ac27cd59b517fa74319ff6cf26b6fffffffffffffff9e1583b1d112a80f5048ee1375bfc4b34b606f07a371aa4ca18461d03e3e174ad72e16b919fbf7f91466305e3a3d8704025d8e708eca7b8aab022e1951d022458b8e493bdb0438c0f429c4b6b7a27cff6e04e54f99961bfbb0f0018f1133b6e691fe0cfc619e40a12d8f1451834a831607765847ff8014999bf45cff7ef630058952904740acb8dc13f3a94389da35006c37155a39fbdb775df6e72d7d30f7d92f0e3e373cf1231823ad2619d519e1e07e9d926e6249efbbce35b896ccfae861a1fce69184cf9974e7167d9ce52a84f02d6f4a05fd1a1a5bedae40d7cddc07e76f06a17eade0e6d28276455ea831640df60f609c76234ebd5d13955ce24b388b75db59dada08b729328fda0d2b14c8ec394a7aa19356f", 0x219, 0x20000000, 0x0, 0x0)

21:49:58 executing program 1:
r0 = socket$inet(0x2b, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast2}, 0x10)
connect$inet(r0, &(0x7f00000001c0)={0x2, 0x4e23}, 0x10)
getpeername$inet(r0, 0x0, &(0x7f0000000040))

21:49:58 executing program 3:
r0 = syz_open_dev$evdev(&(0x7f0000974fee)='/dev/input/event#\x00', 0x0, 0x101002)
write$binfmt_elf64(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="7f454c460000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000"], 0x36)

21:49:58 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r2, 0x20000000008912, &(0x7f0000000080)="0a5c2d0240316285717070")
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000080)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

21:49:58 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000280)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x230, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000fa00000000000000000000000000000000feffffff01000000030000000000000008006966623000000000000000000000000064756d6d79300000000000000000000069705f76746930000000000000000000697036746e6c30000000000000000000aaaaaaaaaabb0000000000000180c20000000000000000000000f000000070010000a801000069700000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000cb5a4715ba9c2e20000000000000000000000000000000000000000000000000002f00000000000000000000000000000000000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa000000000000000000005241544545535400000000000000000000000000000000000000000000000000200000000000000073797a3100000000000000040000000000000000000000000000000000000000736e6174000000000000000000000000000022000000000000000000000000001000000000000000aaaaaaaaaa00000000000000000000000000000000"]}, 0x2a8)

[  472.736419] kernel msg: ebtables bug: please report to author: entries_size too small
[  472.788784] binder_alloc: 9437: binder_alloc_buf, no vma
[  472.794720] binder: 9437:9441 transaction failed 29189/-3, size 24-8 line 2973
21:49:58 executing program 4:
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x0, 0x0)
r1 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x40000ffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x9208, &(0x7f0000000180))
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000600))
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000640), 0x4)
setsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, &(0x7f0000000440)=0x2, 0x187)
lgetxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000200)=@known='trusted.overlay.upper\x00', &(0x7f0000000240)=""/152, 0x98)
fsetxattr$security_evm(r0, &(0x7f0000000540)='security.evm\x00', &(0x7f0000000680)=@sha1={0x1, "8847909b687e348975a0da974e9501db6d67b5e4"}, 0x15, 0x2)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000300)={@loopback, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x27}, &(0x7f0000000380)=0x20)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0xd85, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffff9c, 0x0, 0x13, &(0x7f0000000140)='/dev/snd/controlC#\x00', 0xffffffffffffffff}, 0x30)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
accept$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, &(0x7f0000000100)=0x1c)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_SET_SREGS(r5, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x28, 0x0, 0x6500})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

[  472.842640] binder: 9437:9441 IncRefs 0 refcount change on invalid ref 1 ret -22
[  472.877828] binder: undelivered TRANSACTION_ERROR: 29189
21:49:58 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000280)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x234, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000fa00000000000000000000000000000000feffffff01000000030000000000000008006966623000000000000000000000000064756d6d79300000000000000000000069705f76746930000000000000000000697036746e6c30000000000000000000aaaaaaaaaabb0000000000000180c20000000000000000000000f000000070010000a801000069700000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000cb5a4715ba9c2e20000000000000000000000000000000000000000000000000002f00000000000000000000000000000000000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa000000000000000000005241544545535400000000000000000000000000000000000000000000000000200000000000000073797a3100000000000000040000000000000000000000000000000000000000736e6174000000000000000000000000000022000000000000000000000000001000000000000000aaaaaaaaaa0000000000000000000000000000000000000000"]}, 0x2ac)

21:49:59 executing program 1:
r0 = socket$inet(0x2b, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast2}, 0x10)
connect$inet(r0, &(0x7f00000001c0)={0x2, 0x4e23}, 0x10)
getpeername$inet(r0, 0x0, &(0x7f0000000040))

21:49:59 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r2, 0x20000000008912, &(0x7f0000000080)="0a5c2d0240316285717070")
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000080)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

21:49:59 executing program 3:
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
listen(r0, 0x4)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r1, &(0x7f0000e33fe0)='X', 0x1, 0x0, 0x0, 0x0)
syz_open_dev$amidi(&(0x7f0000000500)='/dev/amidi#\x00', 0x0, 0x40)
r2 = accept4(r0, 0x0, &(0x7f00000003c0)=0x149, 0x0)
futex(&(0x7f0000003040), 0x4, 0x2, &(0x7f00000030c0), &(0x7f0000005000)=0x1, 0x2)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000140)=@assoc_value={<r3=>0x0}, &(0x7f0000000180)=0x8)
getsockopt$inet_sctp_SCTP_MAXSEG(r2, 0x84, 0xd, &(0x7f00000001c0)=@assoc_id=r3, &(0x7f0000000200)=0x4)

[  473.045201] kernel msg: ebtables bug: please report to author: entries_size too small
21:49:59 executing program 2:

21:49:59 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000280)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x234, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000fa00000000000000000000000000000000feffffff01000000030000000000000008006966623000000000000000000000000064756d6d79300000000000000000000069705f76746930000000000000000000697036746e6c30000000000000000000aaaaaaaaaabb0000000000000180c20000000000000000000000f000000070010000a801000069700000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000cb5a4715ba9c2e20000000000000000000000000000000000000000000000000002f00000000000000000000000000000000000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa000000000000000000005241544545535400000000000000000000000000000000000000000000000000200000000000000073797a3100000000000000040000000000000000000000000000000000000000736e6174000000000000000000000000000022000000000000000000000000001000000000000000aaaaaaaaaa0000000000000000000000000000000000000000"]}, 0x2ac)

[  473.220236] binder_alloc: 9450: binder_alloc_buf, no vma
[  473.226155] binder: 9450:9451 transaction failed 29189/-3, size 24-8 line 2973
[  473.286129] binder: 9450:9454 IncRefs 0 refcount change on invalid ref 1 ret -22
21:49:59 executing program 1:
r0 = socket$inet(0x2b, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast2}, 0x10)
connect$inet(r0, &(0x7f00000001c0)={0x2, 0x4e23}, 0x10)
getpeername$inet(r0, 0x0, &(0x7f0000000040))

[  473.335016] binder: undelivered TRANSACTION_ERROR: 29189
[  473.352661] sctp: failed to load transform for md5: -2
[  473.453774] kernel msg: ebtables bug: please report to author: entries_size too small
21:49:59 executing program 4:
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x0, 0x0)
r1 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x40000ffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x9208, &(0x7f0000000180))
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000600))
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000640), 0x4)
setsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, &(0x7f0000000440)=0x2, 0x187)
lgetxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000200)=@known='trusted.overlay.upper\x00', &(0x7f0000000240)=""/152, 0x98)
fsetxattr$security_evm(r0, &(0x7f0000000540)='security.evm\x00', &(0x7f0000000680)=@sha1={0x1, "8847909b687e348975a0da974e9501db6d67b5e4"}, 0x15, 0x2)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000300)={@loopback, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x27}, &(0x7f0000000380)=0x20)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0xd85, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffff9c, 0x0, 0x13, &(0x7f0000000140)='/dev/snd/controlC#\x00', 0xffffffffffffffff}, 0x30)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
accept$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, &(0x7f0000000100)=0x1c)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_SET_SREGS(r5, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x28, 0x0, 0x6500})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

21:49:59 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r1, 0x20000000008912, &(0x7f0000000080)="0a5c2d0240316285717070")
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000080)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

21:49:59 executing program 2:

21:49:59 executing program 3:

21:49:59 executing program 1:
r0 = socket$inet(0x2b, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast2}, 0x10)
getpeername$inet(r0, 0x0, &(0x7f0000000040))

[  473.734917] binder: 9466:9470 transaction failed 29189/-22, size 24-8 line 2834
[  473.760153] binder: undelivered TRANSACTION_ERROR: 29189
[  473.803151] *** Guest State ***
[  473.806821] CR0: actual=0x000000008005003f, shadow=0x000000008005001f, gh_mask=fffffffffffffff7
[  473.816189] CR4: actual=0x0000000000002068, shadow=0x0000000000000028, gh_mask=ffffffffffffe871
[  473.825385] CR3 = 0x0000000000000000
[  473.829289] RSP = 0x0000000000000000  RIP = 0x000000000000fff0
[  473.835620] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  473.841781] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
21:49:59 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000280)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x234, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000fa00000000000000000000000000000000feffffff01000000030000000000000008006966623000000000000000000000000064756d6d79300000000000000000000069705f76746930000000000000000000697036746e6c30000000000000000000aaaaaaaaaabb0000000000000180c20000000000000000000000f000000070010000a801000069700000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000cb5a4715ba9c2e20000000000000000000000000000000000000000000000000002f00000000000000000000000000000000000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa000000000000000000005241544545535400000000000000000000000000000000000000000000000000200000000000000073797a3100000000000000040000000000000000000000000000000000000000736e6174000000000000000000000000000022000000000000000000000000001000000000000000aaaaaaaaaa0000000000000000000000000000000000000000"]}, 0x2ac)

[  473.848911] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  473.857207] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  473.865628] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  473.873965] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  473.882380] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  473.890572] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  473.898832] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  473.907239] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  473.915613] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  473.923935] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  473.932239] EFER =     0x0000000000006500  PAT = 0x0007040600070406
[  473.938860] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  473.946718] Interruptibility = 00000000  ActivityState = 00000000
[  473.953219] *** Host State ***
[  473.956646] RIP = 0xffffffff812ce0a8  RSP = 0xffff88816957f368
[  473.962974] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  473.969623] FSBase=00007f2e97989700 GSBase=ffff88821fc00000 TRBase=fffffe0000003000
[  473.977781] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  473.984053] CR0=0000000080050033 CR3=000000018e3ce000 CR4=00000000001426f0
[  473.991270] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff8b001260
[  473.998303] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  474.004698] *** Control State ***
[  474.008357] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000c2
[  474.015299] EntryControls=0000d3ff ExitControls=002fefff
[  474.020967] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  474.028255] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  474.035183] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  474.042105]         reason=80000021 qualification=0000000000000000
[  474.048606] IDTVectoring: info=00000000 errcode=00000000
21:50:00 executing program 2:

21:50:00 executing program 3:

[  474.054399] TSC Offset = 0xfffffefcc6123d9c
[  474.058925] EPT pointer = 0x000000019fc2f01e
21:50:00 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r1, 0x20000000008912, &(0x7f0000000080)="0a5c2d0240316285717070")
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000080)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[  474.102645] kernel msg: ebtables bug: please report to author: entries_size too small
21:50:00 executing program 1:
r0 = socket$inet(0x2b, 0x1, 0x0)
connect$inet(r0, &(0x7f00000001c0)={0x2, 0x4e23}, 0x10)
getpeername$inet(r0, 0x0, &(0x7f0000000040))

21:50:00 executing program 2:

[  474.289543] binder: 9478:9479 transaction failed 29189/-22, size 24-8 line 2834
[  474.329872] binder: undelivered TRANSACTION_ERROR: 29189
21:50:00 executing program 3:

21:50:00 executing program 4:
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x0, 0x0)
r1 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x40000ffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x9208, &(0x7f0000000180))
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000600))
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000640), 0x4)
setsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, &(0x7f0000000440)=0x2, 0x187)
lgetxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000200)=@known='trusted.overlay.upper\x00', &(0x7f0000000240)=""/152, 0x98)
fsetxattr$security_evm(r0, &(0x7f0000000540)='security.evm\x00', &(0x7f0000000680)=@sha1={0x1, "8847909b687e348975a0da974e9501db6d67b5e4"}, 0x15, 0x2)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000300)={@loopback, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x27}, &(0x7f0000000380)=0x20)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0xd85, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffff9c, 0x0, 0x13, &(0x7f0000000140)='/dev/snd/controlC#\x00', 0xffffffffffffffff}, 0x30)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
accept$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, &(0x7f0000000100)=0x1c)
ioctl$KVM_SMI(r5, 0xaeb7)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_SET_SREGS(r5, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x28, 0x0, 0x6500})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

21:50:00 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000280)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x236, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000fa00000000000000000000000000000000feffffff01000000030000000000000008006966623000000000000000000000000064756d6d79300000000000000000000069705f76746930000000000000000000697036746e6c30000000000000000000aaaaaaaaaabb0000000000000180c20000000000000000000000f000000070010000a801000069700000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000cb5a4715ba9c2e20000000000000000000000000000000000000000000000000002f00000000000000000000000000000000000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa000000000000000000005241544545535400000000000000000000000000000000000000000000000000200000000000000073797a3100000000000000040000000000000000000000000000000000000000736e6174000000000000000000000000000022000000000000000000000000001000000000000000aaaaaaaaaa00000000000000000000000000000000000000000000"]}, 0x2ae)

21:50:00 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r1, 0x20000000008912, &(0x7f0000000080)="0a5c2d0240316285717070")
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000080)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

21:50:00 executing program 2:

21:50:00 executing program 3:

21:50:00 executing program 1:
bind$inet(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x4e23, @multicast2}, 0x10)
connect$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x4e23}, 0x10)
getpeername$inet(0xffffffffffffffff, 0x0, &(0x7f0000000040))

[  474.613583] kernel msg: ebtables bug: please report to author: entries_size too small
[  474.677879] binder: 9487:9488 transaction failed 29189/-22, size 24-8 line 2834
[  474.716554] binder: undelivered TRANSACTION_ERROR: 29189
21:50:00 executing program 1:
r0 = socket$inet(0x2b, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast2}, 0x10)
connect$inet(r0, &(0x7f00000001c0)={0x2, 0x4e23}, 0x10)
getpeername$inet(r0, 0x0, &(0x7f0000000040))

21:50:00 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000280)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x236, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000fa00000000000000000000000000000000feffffff01000000030000000000000008006966623000000000000000000000000064756d6d79300000000000000000000069705f76746930000000000000000000697036746e6c30000000000000000000aaaaaaaaaabb0000000000000180c20000000000000000000000f000000070010000a801000069700000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000cb5a4715ba9c2e20000000000000000000000000000000000000000000000000002f00000000000000000000000000000000000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa000000000000000000005241544545535400000000000000000000000000000000000000000000000000200000000000000073797a3100000000000000040000000000000000000000000000000000000000736e6174000000000000000000000000000022000000000000000000000000001000000000000000aaaaaaaaaa00000000000000000000000000000000000000000000"]}, 0x2ae)

21:50:00 executing program 2:

21:50:01 executing program 3:

21:50:01 executing program 5:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(0xffffffffffffffff, 0x40046208, 0x0)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r1, 0x20000000008912, &(0x7f0000000080)="0a5c2d0240316285717070")
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000080)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[  474.980459] kernel msg: ebtables bug: please report to author: entries_size too small
[  475.078189] *** Guest State ***
[  475.081979] CR0: actual=0x0000000000050032, shadow=0x0000000000050012, gh_mask=fffffffffffffff7
[  475.090890] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  475.100004] CR3 = 0x0000000000000000
[  475.103932] RSP = 0x0000000000000000  RIP = 0x0000000000008000
[  475.110000] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  475.116301] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  475.123192] CS:   sel=0x3000, attr=0x08093, limit=0xffffffff, base=0x0000000000030000
[  475.131277] DS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  475.139589] SS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  475.148298] ES:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  475.156517] FS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  475.164688] GS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
21:50:01 executing program 2:

[  475.172942] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  475.180984] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  475.189207] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  475.197363] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  475.205616] EFER =     0x0000000000006000  PAT = 0x0007040600070406
[  475.212221] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  475.219721] Interruptibility = 00000008  ActivityState = 00000000
[  475.226247] *** Host State ***
[  475.229507] RIP = 0xffffffff812ce0a8  RSP = 0xffff88816c25f368
[  475.235741] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  475.242366] FSBase=00007f2e97989700 GSBase=ffff88821fc00000 TRBase=fffffe0000003000
[  475.250213] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  475.256339] CR0=0000000080050033 CR3=000000018e3ce000 CR4=00000000001426f0
[  475.263570] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff8b001260
[  475.270282] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  475.276584] *** Control State ***
[  475.280209] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000c2
[  475.287114] EntryControls=0000d1ff ExitControls=002fefff
[  475.292790] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  475.299765] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  475.306662] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  475.313418]         reason=80000021 qualification=0000000000000000
[  475.319779] IDTVectoring: info=00000000 errcode=00000000
[  475.325420] TSC Offset = 0xfffffefc135457e8
[  475.329784] EPT pointer = 0x000000019e87b01e
21:50:01 executing program 3:

21:50:01 executing program 1:
r0 = socket$inet(0x2b, 0x1, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x4e23, @multicast2}, 0x10)
connect$inet(r0, &(0x7f00000001c0)={0x2, 0x4e23}, 0x10)
getpeername$inet(r0, 0x0, &(0x7f0000000040))

21:50:01 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000280)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x236, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000fa00000000000000000000000000000000feffffff01000000030000000000000008006966623000000000000000000000000064756d6d79300000000000000000000069705f76746930000000000000000000697036746e6c30000000000000000000aaaaaaaaaabb0000000000000180c20000000000000000000000f000000070010000a801000069700000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000cb5a4715ba9c2e20000000000000000000000000000000000000000000000000002f00000000000000000000000000000000000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa000000000000000000005241544545535400000000000000000000000000000000000000000000000000200000000000000073797a3100000000000000040000000000000000000000000000000000000000736e6174000000000000000000000000000022000000000000000000000000001000000000000000aaaaaaaaaa00000000000000000000000000000000000000000000"]}, 0x2ae)

21:50:01 executing program 4:
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x0, 0x0)
r1 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x40000ffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x9208, &(0x7f0000000180))
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000600))
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000640), 0x4)
setsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, &(0x7f0000000440)=0x2, 0x187)
lgetxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000200)=@known='trusted.overlay.upper\x00', &(0x7f0000000240)=""/152, 0x98)
fsetxattr$security_evm(r0, &(0x7f0000000540)='security.evm\x00', &(0x7f0000000680)=@sha1={0x1, "8847909b687e348975a0da974e9501db6d67b5e4"}, 0x15, 0x2)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000300)={@loopback, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x27}, &(0x7f0000000380)=0x20)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0xd85, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffff9c, 0x0, 0x13, &(0x7f0000000140)='/dev/snd/controlC#\x00', 0xffffffffffffffff}, 0x30)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SMI(r5, 0xaeb7)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_SET_SREGS(r5, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x28, 0x0, 0x6500})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

21:50:01 executing program 5:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(0xffffffffffffffff, 0x40046208, 0x0)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r1, 0x20000000008912, &(0x7f0000000080)="0a5c2d0240316285717070")
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000080)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

21:50:01 executing program 2:

[  475.594590] kernel msg: ebtables bug: please report to author: entries_size too small
21:50:01 executing program 5:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(0xffffffffffffffff, 0x40046208, 0x0)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r1, 0x20000000008912, &(0x7f0000000080)="0a5c2d0240316285717070")
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000080)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

21:50:01 executing program 2:

21:50:01 executing program 3:

21:50:01 executing program 1:
r0 = socket$inet(0x2b, 0x1, 0x0)
bind$inet(r0, 0x0, 0x0)
connect$inet(r0, &(0x7f00000001c0)={0x2, 0x4e23}, 0x10)
getpeername$inet(r0, 0x0, &(0x7f0000000040))

[  475.806037] *** Guest State ***
[  475.809537] CR0: actual=0x0000000000050032, shadow=0x0000000000050012, gh_mask=fffffffffffffff7
[  475.818643] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  475.827787] CR3 = 0x0000000000000000
[  475.832514] RSP = 0x0000000000000000  RIP = 0x0000000000008000
[  475.838646] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  475.844804] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  475.851525] CS:   sel=0x3000, attr=0x08093, limit=0xffffffff, base=0x0000000000030000
[  475.859720] DS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  475.867935] SS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  475.876218] ES:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  475.884444] FS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  475.892692] GS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  475.900716] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  475.908949] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  475.917092] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  475.925286] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  475.933457] EFER =     0x0000000000006000  PAT = 0x0007040600070406
[  475.939918] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  475.947565] Interruptibility = 00000008  ActivityState = 00000000
[  475.953975] *** Host State ***
[  475.957212] RIP = 0xffffffff812ce0a8  RSP = 0xffff88816a27f368
[  475.963482] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  475.969964] FSBase=00007f2e97989700 GSBase=ffff88821fc00000 TRBase=fffffe0000003000
[  475.977983] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  475.984055] CR0=0000000080050033 CR3=000000016a17a000 CR4=00000000001426f0
[  475.991124] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff8b001260
[  475.998030] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  476.004244] *** Control State ***
[  476.007745] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000c2
[  476.014648] EntryControls=0000d1ff ExitControls=002fefff
[  476.020165] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  476.027351] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  476.034261] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  476.040900]         reason=80000021 qualification=0000000000000000
[  476.047419] IDTVectoring: info=00000000 errcode=00000000
21:50:02 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000280)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x237, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000fa00000000000000000000000000000000feffffff01000000030000000000000008006966623000000000000000000000000064756d6d79300000000000000000000069705f76746930000000000000000000697036746e6c30000000000000000000aaaaaaaaaabb0000000000000180c20000000000000000000000f000000070010000a801000069700000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000cb5a4715ba9c2e20000000000000000000000000000000000000000000000000002f00000000000000000000000000000000000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa000000000000000000005241544545535400000000000000000000000000000000000000000000000000200000000000000073797a3100000000000000040000000000000000000000000000000000000000736e6174000000000000000000000000000022000000000000000000000000001000000000000000aaaaaaaaaa0000000000000000000000000000000000000000000000"]}, 0x2af)

21:50:02 executing program 2:

[  476.053037] TSC Offset = 0xfffffefbaecbd6b5
[  476.057417] EPT pointer = 0x00000001963e801e
21:50:02 executing program 5:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r2, 0x20000000008912, &(0x7f0000000080)="0a5c2d0240316285717070")
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000080)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[  476.199622] kernel msg: ebtables bug: please report to author: entries_size too small
21:50:02 executing program 3:

21:50:02 executing program 3:

21:50:02 executing program 1:
r0 = socket$inet(0x2b, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000280)={0x2, 0x0, @multicast2}, 0x10)
connect$inet(r0, &(0x7f00000001c0)={0x2, 0x4e23}, 0x10)
getpeername$inet(r0, 0x0, &(0x7f0000000040))

21:50:02 executing program 2:

21:50:02 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000280)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x237, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000fa00000000000000000000000000000000feffffff01000000030000000000000008006966623000000000000000000000000064756d6d79300000000000000000000069705f76746930000000000000000000697036746e6c30000000000000000000aaaaaaaaaabb0000000000000180c20000000000000000000000f000000070010000a801000069700000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000cb5a4715ba9c2e20000000000000000000000000000000000000000000000000002f00000000000000000000000000000000000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa000000000000000000005241544545535400000000000000000000000000000000000000000000000000200000000000000073797a3100000000000000040000000000000000000000000000000000000000736e6174000000000000000000000000000022000000000000000000000000001000000000000000aaaaaaaaaa0000000000000000000000000000000000000000000000"]}, 0x2af)

21:50:02 executing program 5:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r2, 0x20000000008912, &(0x7f0000000080)="0a5c2d0240316285717070")
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000080)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

21:50:02 executing program 4:
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x0, 0x0)
r1 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x40000ffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x9208, &(0x7f0000000180))
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000600))
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000640), 0x4)
setsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, &(0x7f0000000440)=0x2, 0x187)
lgetxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000200)=@known='trusted.overlay.upper\x00', &(0x7f0000000240)=""/152, 0x98)
fsetxattr$security_evm(r0, &(0x7f0000000540)='security.evm\x00', &(0x7f0000000680)=@sha1={0x1, "8847909b687e348975a0da974e9501db6d67b5e4"}, 0x15, 0x2)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000300)={@loopback, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x27}, &(0x7f0000000380)=0x20)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0xd85, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffff9c, 0x0, 0x13, &(0x7f0000000140)='/dev/snd/controlC#\x00', 0xffffffffffffffff}, 0x30)
ioctl$KVM_SMI(0xffffffffffffffff, 0xaeb7)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x28, 0x0, 0x6500})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

[  476.626855] kernel msg: ebtables bug: please report to author: entries_size too small
21:50:02 executing program 2:

21:50:02 executing program 3:

21:50:02 executing program 1:
r0 = socket$inet(0x2b, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast2}, 0x10)
connect$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x4e23}, 0x10)
getpeername$inet(r0, 0x0, &(0x7f0000000040))

21:50:02 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000280)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x237, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000fa00000000000000000000000000000000feffffff01000000030000000000000008006966623000000000000000000000000064756d6d79300000000000000000000069705f76746930000000000000000000697036746e6c30000000000000000000aaaaaaaaaabb0000000000000180c20000000000000000000000f000000070010000a801000069700000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000cb5a4715ba9c2e20000000000000000000000000000000000000000000000000002f00000000000000000000000000000000000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa000000000000000000005241544545535400000000000000000000000000000000000000000000000000200000000000000073797a3100000000000000040000000000000000000000000000000000000000736e6174000000000000000000000000000022000000000000000000000000001000000000000000aaaaaaaaaa0000000000000000000000000000000000000000000000"]}, 0x2af)

21:50:03 executing program 5:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r2, 0x20000000008912, &(0x7f0000000080)="0a5c2d0240316285717070")
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000080)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[  476.950633] kernel msg: ebtables bug: please report to author: entries_size too small
21:50:03 executing program 4:
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x0, 0x0)
r1 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x40000ffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x9208, &(0x7f0000000180))
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000600))
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000640), 0x4)
setsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, &(0x7f0000000440)=0x2, 0x187)
lgetxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000200)=@known='trusted.overlay.upper\x00', &(0x7f0000000240)=""/152, 0x98)
fsetxattr$security_evm(r0, &(0x7f0000000540)='security.evm\x00', &(0x7f0000000680)=@sha1={0x1, "8847909b687e348975a0da974e9501db6d67b5e4"}, 0x15, 0x2)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000300)={@loopback, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x27}, &(0x7f0000000380)=0x20)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0xd85, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffff9c, 0x0, 0x13, &(0x7f0000000140)='/dev/snd/controlC#\x00', 0xffffffffffffffff}, 0x30)
ioctl$KVM_SMI(0xffffffffffffffff, 0xaeb7)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x28, 0x0, 0x6500})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

21:50:03 executing program 3:

21:50:03 executing program 1:
r0 = socket$inet(0x2b, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast2}, 0x10)
connect$inet(r0, 0x0, 0x0)
getpeername$inet(r0, 0x0, &(0x7f0000000040))

21:50:03 executing program 2:

21:50:03 executing program 0:

21:50:03 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r2, 0x20000000008912, &(0x7f0000000080)="0a5c2d0240316285717070")
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000080)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

21:50:03 executing program 3:

21:50:03 executing program 1:
r0 = socket$inet(0x2b, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast2}, 0x10)
connect$inet(r0, &(0x7f00000001c0), 0x10)
getpeername$inet(r0, 0x0, &(0x7f0000000040))

21:50:03 executing program 2:

21:50:03 executing program 0:

[  477.559236] binder_alloc: 9555: binder_alloc_buf, no vma
[  477.565074] binder: 9555:9557 transaction failed 29189/-3, size 24-8 line 2973
[  477.587875] binder: undelivered TRANSACTION_ERROR: 29189
[  477.600149] binder: 9555:9557 IncRefs 0 refcount change on invalid ref 1 ret -22
21:50:03 executing program 4:
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x0, 0x0)
r1 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x40000ffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x9208, &(0x7f0000000180))
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000600))
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000640), 0x4)
setsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, &(0x7f0000000440)=0x2, 0x187)
lgetxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000200)=@known='trusted.overlay.upper\x00', &(0x7f0000000240)=""/152, 0x98)
fsetxattr$security_evm(r0, &(0x7f0000000540)='security.evm\x00', &(0x7f0000000680)=@sha1={0x1, "8847909b687e348975a0da974e9501db6d67b5e4"}, 0x15, 0x2)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000300)={@loopback, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x27}, &(0x7f0000000380)=0x20)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0xd85, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffff9c, 0x0, 0x13, &(0x7f0000000140)='/dev/snd/controlC#\x00', 0xffffffffffffffff}, 0x30)
ioctl$KVM_SMI(0xffffffffffffffff, 0xaeb7)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x28, 0x0, 0x6500})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

21:50:03 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r2, 0x20000000008912, &(0x7f0000000080)="0a5c2d0240316285717070")
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000080)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

21:50:03 executing program 3:

21:50:03 executing program 1:
r0 = socket$inet(0x2b, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast2}, 0x10)
connect$inet(r0, &(0x7f00000001c0)={0x2, 0x4e23}, 0x10)
getpeername$inet(0xffffffffffffffff, 0x0, &(0x7f0000000040))

21:50:03 executing program 2:

21:50:04 executing program 0:
r0 = socket$inet6(0xa, 0x3, 0x1)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in=@broadcast, 0x0, 0x0, 0x0, 0x6}}, 0xe8)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c)

[  477.953347] binder_alloc: 9564: binder_alloc_buf, no vma
[  477.959040] binder: 9564:9567 transaction failed 29189/-3, size 24-8 line 2973
[  478.008110] binder: 9564:9571 IncRefs 0 refcount change on invalid ref 1 ret -22
21:50:04 executing program 1:
r0 = socket$inet(0x2b, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast2}, 0x10)
connect$inet(r0, &(0x7f00000001c0)={0x2, 0x4e23}, 0x10)
getpeername$inet(r0, 0x0, 0x0)

[  478.059582] binder: undelivered TRANSACTION_ERROR: 29189
21:50:04 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0)
read(r0, &(0x7f0000000040)=""/11, 0xb)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000))
clone(0x82102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000012c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
dup2(r0, r1)
ioctl$BLKBSZGET(r1, 0x80081270, 0x0)

21:50:04 executing program 4:
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x0, 0x0)
r1 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x40000ffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x9208, &(0x7f0000000180))
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000600))
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000640), 0x4)
setsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, &(0x7f0000000440)=0x2, 0x187)
lgetxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000200)=@known='trusted.overlay.upper\x00', &(0x7f0000000240)=""/152, 0x98)
fsetxattr$security_evm(r0, &(0x7f0000000540)='security.evm\x00', &(0x7f0000000680)=@sha1={0x1, "8847909b687e348975a0da974e9501db6d67b5e4"}, 0x15, 0x2)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000300)={@loopback, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x27}, &(0x7f0000000380)=0x20)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0xd85, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SMI(r5, 0xaeb7)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_SET_SREGS(r5, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x28, 0x0, 0x6500})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

21:50:04 executing program 2:
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000340)='/dev/vga_arbiter\x00', 0x40040400, 0x0)
syz_open_dev$video4linux(&(0x7f0000000280)='/dev/v4l-subdev#\x00', 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mq_open(&(0x7f0000000180)='posix_acl_access\x00', 0x840, 0x0, &(0x7f0000000440)={0x3, 0x0, 0x3f, 0x4})
write(r1, &(0x7f0000000340), 0x10000014c)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r2+30000000}, &(0x7f0000000300)={0x0})
vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

21:50:04 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r2, 0x20000000008912, &(0x7f0000000080)="0a5c2d0240316285717070")
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000080)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

21:50:04 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070")
capset(&(0x7f0000000000)={0x4000019980330}, &(0x7f0000001fe8))
r1 = syz_open_dev$sg(&(0x7f0000000100)='/dev/sg#\x00', 0x0, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f0000000040))

21:50:04 executing program 1:
sched_setaffinity(0x0, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp\x00')
sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[]}, 0x0)
gettid()
fstat(r0, &(0x7f00000006c0))
fstat(r0, &(0x7f0000000740))
fcntl$getown(r0, 0x9)
getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000007c0)={{{@in6=@ipv4={[], [], @broadcast}, @in=@remote}}, {{@in6=@dev}, 0x0, @in6=@loopback}}, &(0x7f0000000640)=0xe8)
getegid()
sendmsg$unix(r1, &(0x7f0000000980)={&(0x7f0000000040)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f00000005c0)=[{&(0x7f0000000480)="f2d6f3a9ed10644399785a6b21cee9fa332917f5360054542cc1b4112ecd891b905ad90feff2a33d2b49dbceebe2ab8fcec7c41d2e720bdc446871cc83eaf9f0f632609179c6c6ec3f39d65f8a195a0cd8e1ce1c2e2c8dde8ee353e9d8dc8dde19073a0c85926fcf7a2c807b957a60a4478d77ff14bb72a48b4ba712b505b3de79a20fa110bd0941511856f71f975165ab6ef9380d3a29886f1ce659a038549b282e0f286a1eb0d4146cad04dd5e0cc065ac02d81f2497f9ca567524f0cdb9c7e584b126510aef57f0939fea325bb33df3", 0xd1}, {0x0}], 0x2, 0x0, 0x0, 0x4040000}, 0x80)
preadv(r1, &(0x7f00000017c0), 0x1fe, 0x400000000000)

[  478.419805] binder_alloc: 9583: binder_alloc_buf, no vma
[  478.425718] binder: 9583:9585 transaction failed 29189/-3, size 24-8 line 2973
[  478.451095] binder: undelivered TRANSACTION_ERROR: 29189
[  478.489520] *** Guest State ***
[  478.493826] CR0: actual=0x0000000000050032, shadow=0x0000000000050012, gh_mask=fffffffffffffff7
[  478.502929] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  478.510427] capability: warning: `syz-executor0' uses 32-bit capabilities (legacy support in use)
[  478.511956] CR3 = 0x0000000000000000
[  478.511981] RSP = 0x0000000000000000  RIP = 0x0000000000008000
[  478.512008] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  478.512042] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  478.512079] CS:   sel=0x3000, attr=0x08093, limit=0xffffffff, base=0x0000000000030000
[  478.512138] DS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  478.560392] SS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  478.568594] ES:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  478.576818] FS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  478.585062] GS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  478.593272] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  478.601331] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  478.609527] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  478.617749] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  478.625927] EFER =     0x0000000000006000  PAT = 0x0007040600070406
[  478.632526] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  478.640045] Interruptibility = 00000008  ActivityState = 00000000
[  478.646477] *** Host State ***
[  478.649724] RIP = 0xffffffff812ce0a8  RSP = 0xffff88816cbff368
[  478.655903] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  478.662584] FSBase=00007f2e97989700 GSBase=ffff88821fd00000 TRBase=fffffe000003d000
[  478.670506] GDTBase=fffffe000003b000 IDTBase=fffffe0000000000
[  478.676600] CR0=0000000080050033 CR3=00000001aa117000 CR4=00000000001426e0
[  478.683804] Sysenter RSP=fffffe000003c200 CS:RIP=0010:ffffffff8b001260
[  478.690516] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  478.696759] *** Control State ***
[  478.700251] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000c2
[  478.707136] EntryControls=0000d1ff ExitControls=002fefff
[  478.712809] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  478.719781] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  478.726638] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  478.733445]         reason=80000021 qualification=0000000000000000
21:50:04 executing program 0:
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0xffffffffffffffff)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x4002, 0x0)
truncate(&(0x7f0000000240)='./file0\x00', 0x90002)
ioctl$BLKREPORTZONE(0xffffffffffffffff, 0xc0101282, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0))
sendfile(r0, r0, 0x0, 0x8800000)

[  478.739793] IDTVectoring: info=00000000 errcode=00000000
[  478.745443] TSC Offset = 0xfffffefa4010d503
[  478.749805] EPT pointer = 0x000000018bc3801e
[  478.767354] binder: 9583:9585 IncRefs 0 refcount change on invalid ref 1 ret -22
21:50:04 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r2, 0x20000000008912, &(0x7f0000000080)="0a5c2d0240316285717070")
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000080)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

21:50:05 executing program 4:
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x0, 0x0)
r1 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x40000ffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x9208, &(0x7f0000000180))
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000600))
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000640), 0x4)
setsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, &(0x7f0000000440)=0x2, 0x187)
lgetxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000200)=@known='trusted.overlay.upper\x00', &(0x7f0000000240)=""/152, 0x98)
fsetxattr$security_evm(r0, &(0x7f0000000540)='security.evm\x00', &(0x7f0000000680)=@sha1={0x1, "8847909b687e348975a0da974e9501db6d67b5e4"}, 0x15, 0x2)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000300)={@loopback, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x27}, &(0x7f0000000380)=0x20)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0xd85, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SMI(r5, 0xaeb7)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_SET_SREGS(r5, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x28, 0x0, 0x6500})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

21:50:05 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, &(0x7f00000000c0)="c4c379146600006543a02d0000000000000064670f01cab8010000000f01d946d8f1e1b066ba400066edb9f60800000f32f2400f0964460f35", 0x39}], 0x335, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000100))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  479.527544] *** Guest State ***
[  479.531111] CR0: actual=0x0000000000050032, shadow=0x0000000000050012, gh_mask=fffffffffffffff7
[  479.540357] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  479.549510] CR3 = 0x0000000000000000
[  479.553432] RSP = 0x0000000000000000  RIP = 0x0000000000008000
[  479.559521] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  479.565754] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  479.572631] CS:   sel=0x3000, attr=0x08093, limit=0xffffffff, base=0x0000000000030000
[  479.580657] DS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  479.588827] SS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  479.597008] ES:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  479.605177] FS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  479.613325] GS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  479.621346] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  479.629557] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  479.637745] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  479.645912] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  479.654049] EFER =     0x0000000000006000  PAT = 0x0007040600070406
[  479.660508] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  479.668105] Interruptibility = 00000008  ActivityState = 00000000
[  479.674543] *** Host State ***
[  479.677784] RIP = 0xffffffff812ce0a8  RSP = 0xffff888126f3f368
[  479.684054] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  479.690603] FSBase=00007f2e97989700 GSBase=ffff88821fc00000 TRBase=fffffe0000003000
[  479.698692] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  479.704738] CR0=0000000080050033 CR3=000000018be4e000 CR4=00000000001426f0
[  479.711924] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff8b001260
[  479.718634] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  479.724842] *** Control State ***
[  479.728349] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000c2
[  479.735184] EntryControls=0000d1ff ExitControls=002fefff
[  479.740681] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  479.747759] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  479.754578] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  479.761191]         reason=80000021 qualification=0000000000000000
[  479.767689] IDTVectoring: info=00000000 errcode=00000000
[  479.773947] TSC Offset = 0xfffffef9b3b2aea5
[  479.778307] EPT pointer = 0x00000001943c201e
21:50:05 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r2, 0x20000000008912, &(0x7f0000000080)="0a5c2d0240316285717070")
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000080)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[  490.435490] binder_alloc: 9616: binder_alloc_buf, no vma
[  490.441123] binder: 9616:9617 transaction failed 29189/-3, size 24-8 line 2973
[  490.638450] binder: 9616:9619 IncRefs 0 refcount change on invalid ref 1 ret -22
21:50:16 executing program 0:
socketpair$unix(0x1, 0x0, 0x0, 0x0)
rt_sigtimedwait(&(0x7f0000000040)={0x1ffffffffffffff}, 0x0, 0x0, 0x8)
clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
rt_sigprocmask(0x0, &(0x7f0000000240)={0xfffffffffffffffe}, 0x0, 0x8)
openat$vcs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000000000)={0x0, 0x7, 0x4, @tid=r0}, &(0x7f0000000080))
timer_settime(0x0, 0x5, &(0x7f0000000180)={{0x0, 0x1}, {0x0, 0x1c9c380}}, 0x0)
rt_sigreturn()

21:50:16 executing program 2:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000001440)={0xa, 0x4e22}, 0x1c)
listen(r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCGSKNS(0xffffffffffffffff, 0x894c, 0x0)
sendto$inet6(r2, 0x0, 0x11a, 0x20000005, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x2, 0x0, 0x0)
ioprio_get$uid(0x0, 0x0)
clock_gettime(0x0, 0x0)
clock_settime(0x0, 0x0)
getpeername$unix(0xffffffffffffffff, 0x0, 0x0)
shutdown(r2, 0x1)
recvfrom$inet6(r2, &(0x7f0000000040)=""/31, 0x1f, 0x40000000, &(0x7f0000000000), 0x1c)
r3 = accept4(r1, 0x0, &(0x7f00000003c0), 0x0)
sendto$inet6(r3, &(0x7f00000000c0)='A', 0x1, 0x0, 0x0, 0x0)
dup2(r0, r2)

21:50:16 executing program 4:
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x0, 0x0)
r1 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x40000ffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x9208, &(0x7f0000000180))
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000600))
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000640), 0x4)
setsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, &(0x7f0000000440)=0x2, 0x187)
lgetxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000200)=@known='trusted.overlay.upper\x00', &(0x7f0000000240)=""/152, 0x98)
fsetxattr$security_evm(r0, &(0x7f0000000540)='security.evm\x00', &(0x7f0000000680)=@sha1={0x1, "8847909b687e348975a0da974e9501db6d67b5e4"}, 0x15, 0x2)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000300)={@loopback, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x27}, &(0x7f0000000380)=0x20)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0xd85, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SMI(r5, 0xaeb7)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_SET_SREGS(r5, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x28, 0x0, 0x6500})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

[  490.719751] binder: undelivered TRANSACTION_ERROR: 29189
21:50:17 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r2, 0x20000000008912, &(0x7f0000000080)="0a5c2d0240316285717070")
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000080)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[  491.077413] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
21:50:17 executing program 3:
r0 = openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000180)=0xc)
ioctl$DRM_IOCTL_SET_VERSION(r2, 0xc0106407, 0x0)
r3 = socket$inet6(0xa, 0x1, 0x0)
getsockname(r3, &(0x7f0000000180)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast1}}}, &(0x7f0000000080)=0x80)
socket$inet_udp(0x2, 0x2, 0x0)
pipe(&(0x7f0000000500)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
write$FUSE_NOTIFY_POLL(r5, &(0x7f0000000040)={0x18}, 0x18)
prlimit64(0x0, 0x3, &(0x7f00000017c0), 0x0)
write(r5, &(0x7f0000000340), 0x10000014c)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r6=>0x0})
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0)
fremovexattr(r0, &(0x7f0000000540)=@known='system.posix_acl_default\x00')
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r6+30000000}, &(0x7f0000000300)={&(0x7f00000002c0), 0x8})
vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000240)='net/ptype\x00')
ioctl$TIOCGWINSZ(r2, 0x5413, &(0x7f0000000400))

21:50:17 executing program 2:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000001440)={0xa, 0x4e22}, 0x1c)
listen(r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCGSKNS(0xffffffffffffffff, 0x894c, 0x0)
sendto$inet6(r2, 0x0, 0x11a, 0x20000005, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x2, 0x0, 0x0)
ioprio_get$uid(0x0, 0x0)
clock_gettime(0x0, 0x0)
clock_settime(0x0, 0x0)
getpeername$unix(0xffffffffffffffff, 0x0, 0x0)
shutdown(r2, 0x1)
recvfrom$inet6(r2, &(0x7f0000000040)=""/31, 0x1f, 0x40000000, &(0x7f0000000000), 0x1c)
r3 = accept4(r1, 0x0, &(0x7f00000003c0), 0x0)
sendto$inet6(r3, &(0x7f00000000c0)='A', 0x1, 0x0, 0x0, 0x0)
dup2(r0, r2)

[  491.325653] binder_alloc: 9636: binder_alloc_buf, no vma
[  491.331222] binder: 9636:9638 transaction failed 29189/-3, size 24-8 line 2973
[  491.359386] binder: undelivered TRANSACTION_ERROR: 29189
[  491.367962] binder: 9636:9638 IncRefs 0 refcount change on invalid ref 1 ret -22
[  491.395364] *** Guest State ***
[  491.398897] CR0: actual=0x0000000000050032, shadow=0x0000000000050012, gh_mask=fffffffffffffff7
[  491.408051] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  491.417209] CR3 = 0x0000000000000000
[  491.420966] RSP = 0x0000000000000000  RIP = 0x0000000000008000
[  491.427342] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  491.433516] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  491.440269] CS:   sel=0x3000, attr=0x08093, limit=0xffffffff, base=0x0000000000030000
[  491.448590] DS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  491.456814] SS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  491.464987] ES:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  491.473152] FS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  491.481210] GS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  491.489474] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  491.497666] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  491.505931] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  491.514126] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  491.522440] EFER =     0x0000000000006000  PAT = 0x0007040600070406
[  491.528920] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  491.536614] Interruptibility = 00000008  ActivityState = 00000000
[  491.543023] *** Host State ***
[  491.546264] RIP = 0xffffffff812ce0a8  RSP = 0xffff888127a8f368
[  491.552432] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  491.558901] FSBase=00007f2e97989700 GSBase=ffff88821fd00000 TRBase=fffffe000003d000
[  491.566906] GDTBase=fffffe000003b000 IDTBase=fffffe0000000000
[  491.573022] CR0=0000000080050033 CR3=000000018c416000 CR4=00000000001426e0
[  491.580116] Sysenter RSP=fffffe000003c200 CS:RIP=0010:ffffffff8b001260
[  491.586985] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  491.593218] *** Control State ***
[  491.596733] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000c2
[  491.603590] EntryControls=0000d1ff ExitControls=002fefff
[  491.609099] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  491.616235] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  491.623098] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  491.629740]         reason=80000021 qualification=0000000000000000
[  491.636260] IDTVectoring: info=00000000 errcode=00000000
[  491.641873] TSC Offset = 0xfffffef359fc4ce4
[  491.646279] EPT pointer = 0x000000016b11601e
[  491.683865] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
21:50:18 executing program 1:
socketpair$unix(0x1, 0x0, 0x0, 0x0)
rt_sigtimedwait(&(0x7f0000000040)={0x1ffffffffffffff}, 0x0, 0x0, 0x8)
clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
rt_sigprocmask(0x0, &(0x7f0000000240)={0xfffffffffffffffe}, 0x0, 0x8)
openat$vcs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000000000)={0x0, 0x7, 0x4, @tid=r0}, &(0x7f0000000080))
timer_settime(0x0, 0x5, &(0x7f0000000180)={{0x0, 0x1}, {0x0, 0x1c9c380}}, 0x0)
rt_sigreturn()

21:50:18 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r2, 0x20000000008912, &(0x7f0000000080)="0a5c2d0240316285717070")
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000080)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

21:50:18 executing program 4:
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x0, 0x0)
r1 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x40000ffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x9208, &(0x7f0000000180))
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000600))
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000640), 0x4)
setsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, &(0x7f0000000440)=0x2, 0x187)
lgetxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000200)=@known='trusted.overlay.upper\x00', &(0x7f0000000240)=""/152, 0x98)
fsetxattr$security_evm(r0, &(0x7f0000000540)='security.evm\x00', &(0x7f0000000680)=@sha1={0x1, "8847909b687e348975a0da974e9501db6d67b5e4"}, 0x15, 0x2)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000300)={@loopback, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x27}, &(0x7f0000000380)=0x20)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SMI(r5, 0xaeb7)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_SET_SREGS(r5, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x28, 0x0, 0x6500})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

21:50:18 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_open_dev$rtc(&(0x7f0000000580)='/dev/rtc#\x00', 0x0, 0x0)
stat(0x0, 0x0)
write$P9_RGETATTR(0xffffffffffffffff, 0x0, 0x0)
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
msgctl$MSG_STAT(0x0, 0xb, 0x0)
sendmsg$IPVS_CMD_GET_CONFIG(0xffffffffffffffff, 0x0, 0x44801)
sendmsg$FOU_CMD_DEL(0xffffffffffffffff, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, 0x0, 0x0)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0)
ioctl$RTC_AIE_ON(r0, 0x7001)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
mknodat(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, 0x0, 0x0)

21:50:18 executing program 0:
socketpair$unix(0x1, 0x0, 0x0, 0x0)
rt_sigtimedwait(&(0x7f0000000040)={0x1ffffffffffffff}, 0x0, 0x0, 0x8)
clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
rt_sigprocmask(0x0, &(0x7f0000000240)={0xfffffffffffffffe}, 0x0, 0x8)
openat$vcs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000000000)={0x0, 0x7, 0x4, @tid=r0}, &(0x7f0000000080))
timer_settime(0x0, 0x5, &(0x7f0000000180)={{0x0, 0x1}, {0x0, 0x1c9c380}}, 0x0)
rt_sigreturn()

[  492.116931] binder: 9653:9655 transaction failed 29189/-22, size 24-8 line 2834
[  492.160427] binder: undelivered TRANSACTION_ERROR: 29189
[  492.210158] binder: 9653:9655 IncRefs 0 refcount change on invalid ref 1 ret -22
[  492.247876] *** Guest State ***
[  492.251434] CR0: actual=0x0000000000050032, shadow=0x0000000000050012, gh_mask=fffffffffffffff7
[  492.260676] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  492.269692] CR3 = 0x0000000000000000
[  492.273784] RSP = 0x0000000000000000  RIP = 0x0000000000008000
[  492.280296] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  492.286513] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  492.293419] CS:   sel=0x3000, attr=0x08093, limit=0xffffffff, base=0x0000000000030000
[  492.301449] DS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  492.309659] SS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  492.317801] ES:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  492.326003] FS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  492.334283] GS:   sel=0x0000, attr=0x08093, limit=0xffffffff, base=0x0000000000000000
[  492.342479] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  492.350500] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  492.358663] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  492.366826] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  492.375005] EFER =     0x0000000000006000  PAT = 0x0007040600070406
[  492.381467] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  492.389161] Interruptibility = 00000008  ActivityState = 00000000
[  492.395572] *** Host State ***
[  492.398810] RIP = 0xffffffff812ce0a8  RSP = 0xffff88816c09f368
[  492.405081] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  492.411535] FSBase=00007f2e97989700 GSBase=ffff88821fd00000 TRBase=fffffe000003d000
[  492.419538] GDTBase=fffffe000003b000 IDTBase=fffffe0000000000
[  492.425639] CR0=0000000080050033 CR3=000000016a0f0000 CR4=00000000001426e0
[  492.432916] Sysenter RSP=fffffe000003c200 CS:RIP=0010:ffffffff8b001260
[  492.439662] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  492.445961] *** Control State ***
[  492.449462] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000c2
[  492.456439] EntryControls=0000d1ff ExitControls=002fefff
21:50:18 executing program 2:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070")
pipe(&(0x7f00000006c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write$binfmt_elf64(r2, &(0x7f00000000c0)=ANY=[@ANYRESDEC], 0x14)
pipe(&(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
poll(&(0x7f0000000040)=[{r3}], 0x1, 0x80000001)
splice(r1, 0x0, r4, 0x0, 0x7, 0x0)

[  492.462120] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  492.469090] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  492.476061] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  492.482900]         reason=80000021 qualification=0000000000000000
[  492.489282] IDTVectoring: info=00000000 errcode=00000000
[  492.494987] TSC Offset = 0xfffffef2e0b6b192
[  492.499390] EPT pointer = 0x00000001943f801e
21:50:18 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r2, 0x20000000008912, &(0x7f0000000080)="0a5c2d0240316285717070")
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000080)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

21:50:18 executing program 4:
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x0, 0x0)
r1 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x40000ffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x9208, &(0x7f0000000180))
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000600))
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000640), 0x4)
setsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, &(0x7f0000000440)=0x2, 0x187)
lgetxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000200)=@known='trusted.overlay.upper\x00', &(0x7f0000000240)=""/152, 0x98)
fsetxattr$security_evm(r0, &(0x7f0000000540)='security.evm\x00', &(0x7f0000000680)=@sha1={0x1, "8847909b687e348975a0da974e9501db6d67b5e4"}, 0x15, 0x2)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000300)={@loopback, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x27}, &(0x7f0000000380)=0x20)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SMI(r3, 0xaeb7)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x28, 0x0, 0x6500})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  492.869132] binder: 9672:9673 transaction failed 29189/-22, size 24-8 line 2834
21:50:18 executing program 3:
socketpair$unix(0x1, 0x10000000000001, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = perf_event_open(&(0x7f0000000200)={0x2000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open$cgroup(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x0, 0x1}}, 0xffffffffffffffff, 0x0, r1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f00000000c0)={0x8, 0x70, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2000000, 0x0, 0x0, 0x0, 0x28c2}, 0xffffffffffffffff, 0x0, r1, 0x0)

[  492.912708] binder: undelivered TRANSACTION_ERROR: 29189
[  492.943596] binder: 9672:9673 IncRefs 0 refcount change on invalid ref 1 ret -22
21:50:19 executing program 1:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070")
r1 = socket$inet(0x2, 0x6000000000000001, 0x0)
setsockopt$inet_mtu(r1, 0x0, 0xa, 0x0, 0x0)
bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @remote}, 0x10)
sendto$inet(r1, 0x0, 0x0, 0x20000802, &(0x7f0000000040)={0x2, 0x404e23, @remote}, 0x10)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000000)="74756e6c3000000000000000e4a100", 0x10)
sendto$inet(r1, &(0x7f00000003c0), 0xfffffdef, 0x0, 0x0, 0x0)

21:50:19 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r2, 0x20000000008912, &(0x7f0000000080)="0a5c2d0240316285717070")
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000080)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

21:50:19 executing program 4:
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x0, 0x0)
r1 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x40000ffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x9208, &(0x7f0000000180))
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000600))
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000640), 0x4)
setsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, &(0x7f0000000440)=0x2, 0x187)
lgetxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000200)=@known='trusted.overlay.upper\x00', &(0x7f0000000240)=""/152, 0x98)
fsetxattr$security_evm(r0, &(0x7f0000000540)='security.evm\x00', &(0x7f0000000680)=@sha1={0x1, "8847909b687e348975a0da974e9501db6d67b5e4"}, 0x15, 0x2)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000300)={@loopback, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x27}, &(0x7f0000000380)=0x20)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SMI(r3, 0xaeb7)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x28, 0x0, 0x6500})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:50:19 executing program 3:
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000080)={0x0, 0x9, 0x30}, 0xc)
bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
listen(r0, 0x7)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = accept4(r0, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f00000000c0), 0x10)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='#'], 0x1)

[  493.256465] binder: 9681:9683 transaction failed 29189/-22, size 24-8 line 2834
[  493.293865] binder: undelivered TRANSACTION_ERROR: 29189
[  493.309802] binder: 9681:9683 IncRefs 0 refcount change on invalid ref 1 ret -22
21:50:19 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r2, 0x20000000008912, &(0x7f0000000080)="0a5c2d0240316285717070")
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000080)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

21:50:19 executing program 2:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070")
pipe(&(0x7f00000006c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write$binfmt_elf64(r2, &(0x7f00000000c0)=ANY=[@ANYRESDEC], 0x14)
pipe(&(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
poll(&(0x7f0000000040)=[{r3}], 0x1, 0x80000001)
splice(r1, 0x0, r4, 0x0, 0x7, 0x0)

[  493.665818] binder: 9701:9702 IncRefs 0 refcount change on invalid ref 1 ret -22
21:50:19 executing program 4:
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x0, 0x0)
r1 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x40000ffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x9208, &(0x7f0000000180))
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000600))
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000640), 0x4)
setsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, &(0x7f0000000440)=0x2, 0x187)
lgetxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000200)=@known='trusted.overlay.upper\x00', &(0x7f0000000240)=""/152, 0x98)
fsetxattr$security_evm(r0, &(0x7f0000000540)='security.evm\x00', &(0x7f0000000680)=@sha1={0x1, "8847909b687e348975a0da974e9501db6d67b5e4"}, 0x15, 0x2)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000300)={@loopback, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x27}, &(0x7f0000000380)=0x20)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SMI(r3, 0xaeb7)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x28, 0x0, 0x6500})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  494.296114] syz-executor1 (9689) used greatest stack depth: 52896 bytes left
[  714.652315] ==================================================================
[  714.659755] BUG: KMSAN: uninit-value in update_stack_state+0x9e5/0xaa0
[  714.661857] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.20.0-rc3+ #104
[  714.661857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  714.661857] Call Trace:
[  714.661857]  <IRQ>
[  714.661857]  dump_stack+0x32d/0x480
[  714.661857]  ? update_stack_state+0x9e5/0xaa0
[  714.661857]  kmsan_report+0x12c/0x290
[  714.661857]  __msan_warning+0x76/0xc0
[  714.661857]  update_stack_state+0x9e5/0xaa0
[  714.661857]  unwind_next_frame+0x64c/0xed0
[  714.661857]  ? reschedule_interrupt+0xf/0x20
[  714.661857]  __save_stack_trace+0x357/0x5d0
[  714.661857]  ? reschedule_interrupt+0xf/0x20
[  714.661857]  save_stack_trace+0xc6/0x110
[  714.661857]  kmsan_internal_chain_origin+0x162/0x260
[  714.661857]  ? INIT_BOOL+0xc/0x30
[  714.661857]  ? kmsan_internal_chain_origin+0x162/0x260
[  714.661857]  ? kmsan_memcpy_memmove_metadata+0x1a9/0xf70
[  714.661857]  ? kmsan_memcpy_metadata+0xb/0x10
[  714.661857]  ? __msan_memcpy+0x61/0x70
[  714.661857]  ? chacha20_block+0x99/0x17d0
[  714.661857]  ? _extract_crng+0x5f3/0x7f0
[  714.661857]  ? crng_reseed+0x169/0x15a0
[  714.661857]  ? _extract_crng+0x1c2/0x7f0
[  714.661857]  ? _get_random_bytes+0x669/0x6f0
[  714.661857]  ? get_random_bytes+0xe2/0x2a0
[  714.661857]  ? __prandom_timer+0x5e/0x610
[  714.661857]  ? call_timer_fn+0x356/0x7c0
[  714.661857]  ? __run_timers+0xe95/0x1300
[  714.661857]  ? run_timer_softirq+0x55/0xa0
[  714.661857]  ? __do_softirq+0x721/0xc7f
[  714.661857]  ? irq_exit+0x305/0x340
[  714.661857]  ? scheduler_ipi+0x172/0x250
[  714.661857]  ? smp_reschedule_interrupt+0x1b8/0x670
[  714.661857]  ? reschedule_interrupt+0xf/0x20
[  714.661857]  ? kmsan_internal_chain_origin+0x203/0x260
[  714.661857]  ? kmsan_internal_chain_origin+0x162/0x260
[  714.661857]  ? __msan_chain_origin+0x6d/0xb0
[  714.661857]  ? crng_reseed+0x986/0x15a0
[  714.661857]  ? _extract_crng+0x1c2/0x7f0
[  714.661857]  ? crng_reseed+0x169/0x15a0
[  714.661857]  ? _extract_crng+0x1c2/0x7f0
[  714.661857]  ? _get_random_bytes+0x669/0x6f0
[  714.661857]  ? get_random_bytes+0xe2/0x2a0
[  714.661857]  ? __prandom_timer+0x5e/0x610
[  714.661857]  ? call_timer_fn+0x356/0x7c0
[  714.661857]  ? __run_timers+0xe95/0x1300
[  714.661857]  ? run_timer_softirq+0x55/0xa0
[  714.661857]  ? __do_softirq+0x721/0xc7f
[  714.661857]  ? irq_exit+0x305/0x340
[  714.661857]  ? scheduler_ipi+0x172/0x250
[  714.661857]  ? smp_reschedule_interrupt+0x1b8/0x670
[  714.661857]  ? reschedule_interrupt+0xf/0x20
[  714.661857]  ? default_idle+0x3f/0x80
[  714.661857]  ? arch_cpu_idle+0x26/0x30
[  714.661857]  ? do_idle+0x3e4/0x9b0
[  714.661857]  ? cpu_startup_entry+0x45/0x50
[  714.661857]  ? start_secondary+0x57b/0x6a0
[  714.661857]  ? secondary_startup_64+0xa4/0xb0
[  714.661857]  kmsan_memcpy_memmove_metadata+0x1a9/0xf70
[  714.661857]  ? __msan_poison_alloca+0x1e0/0x270
[  714.661857]  kmsan_memcpy_metadata+0xb/0x10
[  714.661857]  __msan_memcpy+0x61/0x70
[  714.661857]  chacha20_block+0x99/0x17d0
[  714.661857]  ? kmsan_internal_unpoison_shadow+0x2f/0x40
[  714.661857]  ? __msan_get_context_state+0x9/0x20
[  714.661857]  ? INIT_BOOL+0xc/0x30
[  714.661857]  _extract_crng+0x5f3/0x7f0
[  714.661857]  crng_reseed+0x169/0x15a0
[  714.661857]  ? __msan_poison_alloca+0x1e0/0x270
[  714.661857]  ? _extract_crng+0x61/0x7f0
[  714.661857]  _extract_crng+0x1c2/0x7f0
[  714.661857]  _get_random_bytes+0x669/0x6f0
[  714.661857]  get_random_bytes+0xe2/0x2a0
[  714.661857]  ? __prandom_timer+0x5e/0x610
[  714.661857]  __prandom_timer+0x5e/0x610
[  714.661857]  ? __run_timers+0xe95/0x1300
[  714.661857]  call_timer_fn+0x356/0x7c0
[  714.661857]  ? __extract_hwseed+0x430/0x430
[  714.661857]  __run_timers+0xe95/0x1300
[  714.661857]  ? __extract_hwseed+0x430/0x430
[  714.661857]  ? kmsan_internal_unpoison_shadow+0x2f/0x40
[  714.661857]  run_timer_softirq+0x55/0xa0
[  714.661857]  ? timers_dead_cpu+0xb70/0xb70
[  714.661857]  __do_softirq+0x721/0xc7f
[  714.661857]  ? irq_exit+0x39/0x340
[  714.661857]  irq_exit+0x305/0x340
[  714.661857]  scheduler_ipi+0x172/0x250
[  714.661857]  smp_reschedule_interrupt+0x1b8/0x670
[  714.661857]  reschedule_interrupt+0xf/0x20
[  714.661857]  </IRQ>
[  714.661857] RIP: 0010:default_idle+0x3f/0x80
[  714.661857] Code: 04 00 00 00 e8 32 86 10 f7 65 8b 34 25 20 a1 02 00 c7 03 00 00 00 00 c7 43 08 00 00 00 00 bf 01 00 00 00 e8 f3 84 48 f6 fb f4 <48> c7 c7 20 a1 02 00 be 04 00 00 00 e8 00 86 10 f7 65 8b 34 25 20
[  714.661857] RSP: 0018:ffff8881d0f1fe18 EFLAGS: 00000292 ORIG_RAX: ffffffffffffff02
[  714.661857] RAX: 5c605d83ca6c1300 RBX: ffff8881d0ec8988 RCX: 0000000000000000
[  714.661857] RDX: ffff8881fbb686c8 RSI: 0000160000000000 RDI: 0000000000000000
[  714.661857] RBP: ffff8881d0f1fe20 R08: ffff888000000000 R09: 0000000000000002
[  714.661857] R10: 0000000000000000 R11: ffffffff8af8dc40 R12: ffff8881d0ec8000
[  714.661857] R13: 0000000000000001 R14: ffff8881d0ec8988 R15: ffff8881d0f1fe78
[  714.661857]  ? __cpuidle_text_start+0x8/0x8
[  714.661857]  ? default_idle+0x3d/0x80
[  714.661857]  ? __cpuidle_text_start+0x8/0x8
[  714.661857]  arch_cpu_idle+0x26/0x30
[  714.661857]  do_idle+0x3e4/0x9b0
[  714.661857]  cpu_startup_entry+0x45/0x50
[  714.661857]  ? setup_APIC_timer+0x250/0x250
[  714.661857]  start_secondary+0x57b/0x6a0
[  714.661857]  secondary_startup_64+0xa4/0xb0
[  714.661857] 
[  714.661857] Local variable description: ----v.addr.i.i.i.i@tsc_verify_tsc_adjust
[  714.661857] Variable was created at:
[  714.661857]  tsc_verify_tsc_adjust+0x62/0x5d0
[  714.661857]  arch_cpu_idle_enter+0x13/0x20
[  714.661857] ==================================================================
[  714.661857] Disabling lock debugging due to kernel taint
[  714.661857] Kernel panic - not syncing: panic_on_warn set ...
[  714.661857] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G    B             4.20.0-rc3+ #104
[  714.661857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  714.661857] Call Trace:
[  714.661857]  <IRQ>
[  714.661857]  dump_stack+0x32d/0x480
[  714.661857]  panic+0x624/0xc08
[  714.661857]  kmsan_report+0x28a/0x290
[  714.661857]  __msan_warning+0x76/0xc0
[  714.661857]  update_stack_state+0x9e5/0xaa0
[  714.661857]  unwind_next_frame+0x64c/0xed0
[  714.661857]  ? reschedule_interrupt+0xf/0x20
[  714.661857]  __save_stack_trace+0x357/0x5d0
[  714.661857]  ? reschedule_interrupt+0xf/0x20
[  714.661857]  save_stack_trace+0xc6/0x110
[  714.661857]  kmsan_internal_chain_origin+0x162/0x260
[  714.661857]  ? INIT_BOOL+0xc/0x30
[  714.661857]  ? kmsan_internal_chain_origin+0x162/0x260
[  714.661857]  ? kmsan_memcpy_memmove_metadata+0x1a9/0xf70
[  714.661857]  ? kmsan_memcpy_metadata+0xb/0x10
[  714.661857]  ? __msan_memcpy+0x61/0x70
[  714.661857]  ? chacha20_block+0x99/0x17d0
[  714.661857]  ? _extract_crng+0x5f3/0x7f0
[  714.661857]  ? crng_reseed+0x169/0x15a0
[  714.661857]  ? _extract_crng+0x1c2/0x7f0
[  714.661857]  ? _get_random_bytes+0x669/0x6f0
[  714.661857]  ? get_random_bytes+0xe2/0x2a0
[  714.661857]  ? __prandom_timer+0x5e/0x610
[  714.661857]  ? call_timer_fn+0x356/0x7c0
[  714.661857]  ? __run_timers+0xe95/0x1300
[  714.661857]  ? run_timer_softirq+0x55/0xa0
[  714.661857]  ? __do_softirq+0x721/0xc7f
[  714.661857]  ? irq_exit+0x305/0x340
[  714.661857]  ? scheduler_ipi+0x172/0x250
[  714.661857]  ? smp_reschedule_interrupt+0x1b8/0x670
[  714.661857]  ? reschedule_interrupt+0xf/0x20
[  714.661857]  ? kmsan_internal_chain_origin+0x203/0x260
[  714.661857]  ? kmsan_internal_chain_origin+0x162/0x260
[  714.661857]  ? __msan_chain_origin+0x6d/0xb0
[  714.661857]  ? crng_reseed+0x986/0x15a0
[  714.661857]  ? _extract_crng+0x1c2/0x7f0
[  714.661857]  ? crng_reseed+0x169/0x15a0
[  714.661857]  ? _extract_crng+0x1c2/0x7f0
[  714.661857]  ? _get_random_bytes+0x669/0x6f0
[  714.661857]  ? get_random_bytes+0xe2/0x2a0
[  714.661857]  ? __prandom_timer+0x5e/0x610
[  714.661857]  ? call_timer_fn+0x356/0x7c0
[  714.661857]  ? __run_timers+0xe95/0x1300
[  714.661857]  ? run_timer_softirq+0x55/0xa0
[  714.661857]  ? __do_softirq+0x721/0xc7f
[  714.661857]  ? irq_exit+0x305/0x340
[  714.661857]  ? scheduler_ipi+0x172/0x250
[  714.661857]  ? smp_reschedule_interrupt+0x1b8/0x670
[  714.661857]  ? reschedule_interrupt+0xf/0x20
[  714.661857]  ? default_idle+0x3f/0x80
[  714.661857]  ? arch_cpu_idle+0x26/0x30
[  714.661857]  ? do_idle+0x3e4/0x9b0
[  714.661857]  ? cpu_startup_entry+0x45/0x50
[  714.661857]  ? start_secondary+0x57b/0x6a0
[  714.661857]  ? secondary_startup_64+0xa4/0xb0
[  714.661857]  kmsan_memcpy_memmove_metadata+0x1a9/0xf70
[  714.661857]  ? __msan_poison_alloca+0x1e0/0x270
[  714.661857]  kmsan_memcpy_metadata+0xb/0x10
[  714.661857]  __msan_memcpy+0x61/0x70
[  714.661857]  chacha20_block+0x99/0x17d0
[  714.661857]  ? kmsan_internal_unpoison_shadow+0x2f/0x40
[  714.661857]  ? __msan_get_context_state+0x9/0x20
[  714.661857]  ? INIT_BOOL+0xc/0x30
[  714.661857]  _extract_crng+0x5f3/0x7f0
[  714.661857]  crng_reseed+0x169/0x15a0
[  714.661857]  ? __msan_poison_alloca+0x1e0/0x270
[  714.661857]  ? _extract_crng+0x61/0x7f0
[  714.661857]  _extract_crng+0x1c2/0x7f0
[  714.661857]  _get_random_bytes+0x669/0x6f0
[  714.661857]  get_random_bytes+0xe2/0x2a0
[  714.661857]  ? __prandom_timer+0x5e/0x610
[  714.661857]  __prandom_timer+0x5e/0x610
[  714.661857]  ? __run_timers+0xe95/0x1300
[  714.661857]  call_timer_fn+0x356/0x7c0
[  714.661857]  ? __extract_hwseed+0x430/0x430
[  714.661857]  __run_timers+0xe95/0x1300
[  714.661857]  ? __extract_hwseed+0x430/0x430
[  714.661857]  ? kmsan_internal_unpoison_shadow+0x2f/0x40
[  714.661857]  run_timer_softirq+0x55/0xa0
[  714.661857]  ? timers_dead_cpu+0xb70/0xb70
[  714.661857]  __do_softirq+0x721/0xc7f
[  714.661857]  ? irq_exit+0x39/0x340
[  714.661857]  irq_exit+0x305/0x340
[  714.661857]  scheduler_ipi+0x172/0x250
[  714.661857]  smp_reschedule_interrupt+0x1b8/0x670
[  714.661857]  reschedule_interrupt+0xf/0x20
[  714.661857]  </IRQ>
[  714.661857] RIP: 0010:default_idle+0x3f/0x80
[  714.661857] Code: 04 00 00 00 e8 32 86 10 f7 65 8b 34 25 20 a1 02 00 c7 03 00 00 00 00 c7 43 08 00 00 00 00 bf 01 00 00 00 e8 f3 84 48 f6 fb f4 <48> c7 c7 20 a1 02 00 be 04 00 00 00 e8 00 86 10 f7 65 8b 34 25 20
[  714.661857] RSP: 0018:ffff8881d0f1fe18 EFLAGS: 00000292 ORIG_RAX: ffffffffffffff02
[  714.661857] RAX: 5c605d83ca6c1300 RBX: ffff8881d0ec8988 RCX: 0000000000000000
[  714.661857] RDX: ffff8881fbb686c8 RSI: 0000160000000000 RDI: 0000000000000000
[  714.661857] RBP: ffff8881d0f1fe20 R08: ffff888000000000 R09: 0000000000000002
[  714.661857] R10: 0000000000000000 R11: ffffffff8af8dc40 R12: ffff8881d0ec8000
[  714.661857] R13: 0000000000000001 R14: ffff8881d0ec8988 R15: ffff8881d0f1fe78
[  714.661857]  ? __cpuidle_text_start+0x8/0x8
[  714.661857]  ? default_idle+0x3d/0x80
[  714.661857]  ? __cpuidle_text_start+0x8/0x8
[  714.661857]  arch_cpu_idle+0x26/0x30
[  714.661857]  do_idle+0x3e4/0x9b0
[  714.661857]  cpu_startup_entry+0x45/0x50
[  714.661857]  ? setup_APIC_timer+0x250/0x250
[  714.661857]  start_secondary+0x57b/0x6a0
[  714.661857]  secondary_startup_64+0xa4/0xb0
[  714.661857] Kernel Offset: disabled
[  714.661857] Rebooting in 86400 seconds..