000000140)={0x0, "39c9337e4356f082e399cef942964c6d"})

10:21:55 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0, 0x0, 0x1000000})

10:21:55 executing program 1:
r0 = socket(0x2, 0xa, 0x3)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f00000000}}, 0x0)

10:21:56 executing program 5:
r0 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000180)='.log\x00', 0x0, 0x1)
sendmsg$AUDIT_GET(r0, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x10, 0x3e8, 0x10, 0x70bd2b, 0x25dfdbfc, "", ["", "", "", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x1}, 0x40)
r1 = socket(0x11, 0x3, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
r2 = socket(0x1d, 0x6, 0x7fffffff)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r3)
linkat(r0, &(0x7f00000013c0)='./file0\x00', r3, &(0x7f0000001400)='./file0\x00', 0x1000)
sendmsg$AUDIT_USER_TTY(0xffffffffffffffff, &(0x7f0000001380)={&(0x7f0000001340)={0x10, 0x0, 0x0, 0x12000300}, 0xc, &(0x7f0000001440)={&(0x7f0000000300)={0x1010, 0x464, 0x4, 0x70bd26, 0x25dfdbff, "af9a90349a95dc72e3153b2c9ee563ad333d63959d1692a21b7ee4756743aa2b288e5f8aa2082db2a76c7a08b506d78a9b711bc754b186841c0949a0b0673ce06749628c1f6651d47a20d5781948d784d0966709f71c5420ddc7549f5a6e6da77494e69d07958732a9a81fe619795b4261d290607c549e8179f2fd3f49793fe7dd48bb84f3978bed246f6d02ced0a59b9414789bb6f62c1d6200b8f87e91040b9e3db7c49b1aa524a2252dbb7667c0c8c8dc75346a89454d00b05a58d90452d0cd7aad2bd656b136ff52f159f4c7c4bef9dfb5783563f4d19c77cf4c13d68cec8518fe209ea7c1abadb0908e53b52d22ac45d2b40b870857f7164839a2e1f231ff23f7d91cf2c756a46f223cd822cc27dfeebde46c300ec37e29dbcfaa83b9322b7a8f62b3b735555926f34705f73e8ac221d2d507ac0b386c784ade8fb196704bb7c0eb46338d7d44124c6e3d3f4bc7704983d81f536fee23590ed159f160a2990f9d26178e1baac6885e8f3e5e9af162135f3f381bb613834e5a899d07b7f662ba6b5e1cbe6c9fa99db816b648e489d5e3913f6143d07c2d4f1259b0eec5d33865e631e0c9b365cf7c315e904d6ed2a59db30dac5aab22b7b4da7c630a7edfb567df33a737f4a51fa6aceacead97b047e9303ecbeadb0ba3c23168a4b9f111ddd35f250c52aa4665497b51f4ca11750f496f46afa44d07c179e5dae70a1c233d93a50cddffea80346839d3d32323b43c10376c90f8b931595ae62fcc9a4b3cee3c8409713747987294bfd460df9ec2434705caf237823a8403a94f70ac2259b2a2115cd414bbf2b2b71753f0fb582e2670d1817613de31f73a15ba37fa1afb62017e1e6dfcc652035f86adb7bc9e94dffca53a3ca9303629abfec6d2e889c380c29d014866cd5e80fd560f90749153677d82bf0fa34288a8f23e697df2294cd3376fb1a6b3184a9c03c82ba28773966a9f6edd4e35e9912d241b8ccdfdf5e2678c3abaa3338c55cbd79bf3f6be4cdfb146c75c8745b86e971de5f6640d9574f8026e24d557d7ff7a10c4ff3949548526556e151b38700d471e41f9e2f8d5b0b3c70e0a6054c9ef2dee345c41a8d2e4ffb2c80f96224cea318ec012d725f4f12eea3c0ec3422fb9834ab4dbf69158441ca3b5ba6c6608e31042e1d3aaedcb24db4168a472b3e330ea1491fd049ecece9e84571de4dc6bb209faf0ba35e32c57511d49ee733d6a82a11977eddd0322f9e920e5ea4e7bbf447cde2e313170efc90e6e5e59f171fe895c1cf203be11724ce45298a5ae549e3ad6cadce6c126e4dd0a2869c9f29d20879af5607ba8c9ba9a9557108f0415a13ba4abd4221c022a0ca607c6866b69e0b01a8cb459ea68ef58f6c6cc73d55a4710a4266038faaeb4af9a1ca5e41af3e5620c50339c3e48976b588a42cf67a6d3054f8d6a75eeff1d8deb0c874fdfcf9e3f89797dd24751cb7b4d66d5ba650c7781a4076b9766c087884bdfe66f468bc86c90dd788ec06ed63bda5f2907f89e4dd27cb4b35894e7a335177bc8c10c16ad6d2d8c93d59dbc63db6e4b871749c0bba4a9d0ee790721c20c624391341cce5da01a42cdc4dd58986968898adae72d6fc3dd88494388284011366e295721961432d83bb38f11cf3332111439519074ac828c066c63afe06a24eff6af6cba694751f1ed1ecce11a540b4edca9e0dcd0ce18c1afb09876c2c41d9b14757d8ccb67a59b2b598bdfbb960a084c42032f9c9f095b19538741742b701a94c815d9a3b8c70efb35f0ac8c011c2d1ddcb4875d7c8e544ab9b18e68946aa3c83ce8827ff1700818b80cfd6196872d5ae9d584c960cb64a5054bd03c343207882078edf26143583ffa6256b3a039ce133b6eb5fff95f8a75d3dc9c56e3cf3e4883ff5ed09ec7e341b4eca2e96dc98b8691e4f97d23f58c6f8575ce736c16a37c56e86c13b0e893dd2c3021da05c1be2a52275769b88f2edb55a5ead149c754a4984e1c16e7f30e91633fd5e06d5cb4eb2895be2a792474b90f5e7cddf40e7379b9ac0474a496961e0370017eaf08a946149349261c504ce2a854b00e71a62997ca1d1d47537032389d8d9c98bcae3d81ffc4f94b0fe484c95d8afcce85a57966a534752d26fc264e1c1198b4c110c3b23a766a78dd8e92eae1f716916a0c4596e6ce51a8e41783b5c6617b490229c1b35741fd24bb961bdd3ad50e276d3d8ff4e0553f64797b5818fef0b3c0942af8d4fbf6d335020669b878f5100b623b5673f755629a6105afbe11122433c13c5a8018eba532d5ed544db6a3ecbf7758d613d570b398bcad6e0a41cdc699eeb97d7836bbf4e39454f0fe7593f1a96251a1a59999b320d6496ca7691614c00d24267dab91ec6ae963a8c1e9f827781685d87dad35ac6b98a6b1078fad1ae0b96259fb90026cc0184e6785970a91c38a114c3a7b3062a7c637931aa685ad4878d92fb472b24b8d0b30f87b7c25b5dca9f21c66d9215a0d7de82038596e592f0097bab2b836a922afb30292b2ccf202d9b007721ff4e0b1cace7cb1b7c3116b9cb8e9ef76c39f20c0a5c6334d3c243f669e3e3731e40c65ca57c274691991a5317689d2f80ff2df6ed594ac9f4065df30afbec0e9d5998bfd11019fa9248112278f5832287eb3de28b650686fa07ab89e650496699a6b96a2dd060d59b3058247a4b2bfe85a391463215274551209fbcbf6429ef124ad5627ed94ea60cc4691e23165dc134e98ac7f60bf4084066cf8904b6caa7c0a618b31cda45cae8ce29542a10b6962a7b2cf602416367d5d2086f75cdeafe3fc151ca8ab2c93b6b9e49785493b9f62d39a1a36f512e8c09056f70fcd7ec8028fc9328019c25cbb510622395ede44fc974bd432f1a22f96d64c4e3d7410735fbcaa4db846d20603b34ba10b82f71b06691afc0116b0240567d28311c650b40d940bf390f2de64c1e9d5e0eda41f3dfb2a2f1b494f201fff65e7164aaadd2e076e3c19db9424b0bd37f526f0f462f837534d771a90fbe396c0b6eb1f6d263f007a2697f5ac6c16caeaea7de25f185cd766bf272dbdbb41e368db73c0d799921528beb28fbc39516409d29e25c3cb3d94c459b05c90a60cdf71d7a9cc38a45c3275e8fab22f1ed152a9392e34eacc8596223c3679861a5b009b4c59ed18b4e0d9163f6f7dcf2f570344f60f4074d5156ad8e0aa7199aaa126a76247e927eed43815f37064a39c7bfed450641b364a2a59eff9b29628dbab54e2ca1ca812dc8b7aa803e37be3f931dcb1b605b09670a175cb7cc29c20cc6a109577d5b257bc734c6811e133943157aab2af4b5c417ac26658211624896e5a8a77c67fd30a0af85f5638ac036987798e5894e8ad045d9564b090ecccde26d67db039ced7f76781ed170518469641b2a6a82b53a3085c9c03a09ae73dbce0b953ef2a501b21974940e4cc897eef32245a740d0ce949a991a208072c872468d991cae9034ee484b4132e5057c15d2f4f316183ff38256acddbe55411b002988d72cd62d7933880351f01b8de147f94740f051e93fea0d89d3b132ba390cf4384690d3fc1068313c739182e079705840a6d6d3845784e030223d0c273d023e321826bcde1af88e1c734ba7a2b803b858a3836770cbdb37b3f322d786408911a778efd38ad628f45539e8be8256dc8b38223f52dfd1feef61f46e68348d6457df1e700a9bf18db097c512f8ba130e6e529ac909a00ddb14f0790aa2b6b9ea6991d4fdaa6d15cbe78bc520efe49339fe42a8ac8514450ce136deb0714072ff7bb461a792b3c19f3bd69310e932bda1b21a1a328d018f53b5e93746fff15d89e0e3189428a58b7c777b100de21e2c1abd4261087f0d9f7b0dcbb0861a56ae7bd40c60fe74da36c5e646b47027d49bd1c1963785c4b4437ab95589cdf28e59ccfc077dcea79de6b9733eec5f9c5bb5fca20a88e3cac6585d1c0a78c93c98a983d11637c4516057e1cab36770cca74a2eef536cabb9901cb7c0d77e971f1f3b29a9685258490652572945555719cf53337e91ebb850c782238a4b02b7e3659be176ada2a863c16240ec32e343957e7eb73c17cc63865c4f56305626b4be221ca0c923a0c76ac4212ba3dc9af938ea64e98d775ce06e05767cc5fee88ced19a69ff09f5bf019e049c0d415fd6fce9489b604e65f9c9c4887e93b623c25225b7b44876ab186aa7a422ff34bee9ad1c037f60189c8a1d2a385d155cdb6190cbeec1e88252d64a55c8d15f32c9d30d79eb002970e76f3a3af0abc9fb680be1eaba069dd66c52a3ad6666cef5d53c6869a6d4cff31bebe9f763271529d5f6cc264ddfc8a4b272773ffb490986d4d6dceb8be8c78d42c500444f2ae9ea871ccb1d7b773a7c67042c932c3a4cb12d79a2500672460fa68b43178e05fd0fcf6881142dc476bc532cfb4713fc35ffdec95a86cd5e4322d84762ccb4642810e6fff7ad270bcf9443e79419144cd62a3a1de576625c4f96ca7184836af58df96ff628f89638690f667206b442e6ad20fd7a70f43e621c822debecffbef2922d88465944bf8e19523566a389dd64870f08534df4569d9a72233bb26a85557107c4681518bba9197d687731ee87f6d5d1aeea5fd9fe8da6120c1a288fa696e4cc1dd1e714a8e3bc708a619a7754e468332c779f0dc4d6273e7a9523bba2a1c5616a453c7e4245e3017d5e7641ae2a9ec629b418afe8f9b4efb439625136ab25c58e357c46d249288e9c2a12a3b1ae8f5431899a15da98909df5c34f71cbd8cfa44e0ca187edd533beeb900521832639ecd5c92e3c74f8e51e4a8fd960cce4bddd8b7193e41e0b70a69f1d5e684ad1105f87f3ca6b4f1600065fff8096e491594e13ab0ed928fdf3d5bc4e01eaa9dc89e34fe1931d2bce2187cbeb7f7fd77b8a5e4c7cb0cab356cdf7acb3280323ccb5c162c29d4130334f95196ecb677e4069ea7b53356fbe6230d57e9ae8f57c3f923bb658f6bb6753818e4c6f5888565356c35a7dbbf942fe969bd20eb92c2bb4d844a319bb30b009312169542623f5e79b8cf57f9c57c10c4dd257e43cc7dea2d5834b176140fda25d808c9a89af9ec3867a27ba7f0671d07b06c6ff8e2a2296ddef989cae6847fbb910fdd764034f7aa9f8601274551b786efdf09870b6d79acea5e1b675485cbcc94eaad588684998500ee2a2ef7b1b3d9c9790c1ced4a9d66a91b4685d1ecce698b26c9f62ad9333bb977c531046e38993670b8b93acd1314387c7b5fc144b6f0d9a61ff668ff0a7ec584bd0f5c1e2a28a74b4c732927b0c7a6927a6037d28f679a53e0f7fdc674cdc9cc1596fc54d00c8937cae88e0b4556ba40761c998cc0ef9fa46031e53ea0a390232de508df4d063e70153239b6f0474543dcb72fa5c5f80c387be0d771fbee1618afd5e7abeca5c67870cdd03877df7a3e04374f3f55c7e700e0a4ec21d50a99aeb60301dea1720c6f8bd8910a57495356587937e9417e28821ee8f35c10762fbc180b1574b036b4471984fb9e8b8add66f001f382b42b7e992135413579cfc38ea1e34b88d3fbd46ac20173792e85e79c3fa51d875cf2c51d1f312057fcf9bf9c630af2f67f57535dc7e42135b2287ec211669ebde7427892b5afc5f85a1d59193683de9ea7f2df92a6621e9b62993c2227a0c69bac8c1d4038d28ff7738ea06daba8a2189989d18c39c77caae77ab648f8bc4bedc4d062793fd446d710ea47f50163af296bfe3b54948edc73074ed88e3c6fc7b5b16582ed381d2fa16fa63c0d0ee95265129562d77afc13143d47f", [""]}, 0x468}}, 0x4000)
sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x2c, 0x0, 0x0, 0x70bd26, 0x25dfdbfc, {}, [@BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x1}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x400000}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x20}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x20008006)

10:21:56 executing program 2:
r0 = socket(0x2, 0xa, 0x0)
ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x20044800}, 0x40040c4)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_VLAN(r1, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, r2, 0x0, 0x70bd28, 0x25dfdbfb, {}, [@BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x7fff}]}, 0x1c}}, 0x8000010)

10:21:56 executing program 4:
r0 = openat$incfs(0xffffffffffffffff, &(0x7f0000000000)='.pending_reads\x00', 0x3dbbb4ea3eb07eb5, 0x20)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, 0x0, 0x100, 0x70bd2b, 0x25dfdbfe, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x800}]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x8800)
socket(0x6, 0x6, 0x4)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
socket(0x24, 0x4, 0xc0)

10:21:56 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0, 0x0, 0x2000000})

10:21:56 executing program 3:
r0 = socket(0x11, 0x3, 0x0)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
r2 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r2, 0xc0585609, &(0x7f0000000b40)={0x0, 0x8, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x7, 0x86, 0x0, 0x1}, 0x2, 0x0, @offset=0x7, 0x3})
connect$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)
ioctl$BTRFS_IOC_DEV_INFO(r2, 0xd000941e, &(0x7f0000000140)={0x0, "39c9337e4356f082e399cef942964c6d"})

10:21:56 executing program 1:
ioctl$SNDRV_PCM_IOCTL_CHANNEL_INFO(0xffffffffffffffff, 0x80184132, &(0x7f0000000040))
socket(0x2, 0xa, 0x0)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x202000}, 0xc, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
ioctl$SNDRV_PCM_IOCTL_STATUS64(r1, 0x80984120, &(0x7f00000001c0))

10:21:56 executing program 2:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
ioctl$SNDRV_PCM_IOCTL_XRUN(r0, 0x4148, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r2, 0x1}, 0x14}}, 0x0)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000080)={0x1c, r2, 0x200, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x76d}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4040004}, 0x5)
ioctl$SNDRV_PCM_IOCTL_SYNC_PTR(0xffffffffffffffff, 0xc0884123, &(0x7f0000000140)={0x5, "02fad15d51987fcd93011a32d412c4d79c463f68602954c49faf05527f9dbef52d94c9a3015a22dba16eb2c4606c009d3579d43bb3fff02f29e77c3c6eee706a", {0x1, 0x4}})
r3 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r3, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}}, 0x0)

10:21:56 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r0)
sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x24, r2, 0x100, 0x70bd2a, 0x25dfdbfb, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}]}, 0x24}}, 0x8000)
ioctl$BTRFS_IOC_RESIZE(r1, 0x50009403, &(0x7f0000000000)={{r0}, {@void, @max}})
ioctl$TUNSETVNETBE(r0, 0x400454de, &(0x7f0000000200)=0x1)

10:21:56 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0, 0x0, 0x3000000})

10:21:56 executing program 3:
r0 = socket(0x11, 0x3, 0x0)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
r2 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r2, 0xc0585609, &(0x7f0000000b40)={0x0, 0x8, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x7, 0x86, 0x0, 0x1}, 0x2, 0x0, @offset=0x7, 0x3})
connect$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)

10:21:56 executing program 4:
r0 = openat$incfs(0xffffffffffffffff, &(0x7f0000000000)='.pending_reads\x00', 0x3dbbb4ea3eb07eb5, 0x20)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, 0x0, 0x100, 0x70bd2b, 0x25dfdbfe, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x800}]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x8800)
socket(0x6, 0x6, 0x4)
socket(0x24, 0x4, 0xc0)

10:21:57 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
sendmsg$AUDIT_GET_FEATURE(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x3fb, 0x2, 0x70bd27, 0x25dfdbfc, "", ["", "", ""]}, 0x10}}, 0x8044)
r1 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r1, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f00000000}}, 0x0)

10:21:57 executing program 2:
r0 = socket(0x2, 0xa, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000040))
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x4c000}, 0x440c5)
socketpair(0x1f, 0x2, 0x3, &(0x7f0000000080))

10:21:57 executing program 5:
r0 = socket(0x1f, 0xa, 0x3)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
sendmsg$SEG6_CMD_SETHMAC(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x24, 0x0, 0x300, 0x70bd2b, 0x25dfdbfc, {}, [@SEG6_ATTR_ALGID={0x5, 0x6, 0x7}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x10001}]}, 0x24}}, 0x4000810)

10:21:57 executing program 3:
r0 = socket(0x11, 0x3, 0x0)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
connect$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)

10:21:57 executing program 4:
r0 = openat$incfs(0xffffffffffffffff, &(0x7f0000000000)='.pending_reads\x00', 0x3dbbb4ea3eb07eb5, 0x20)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, 0x0, 0x100, 0x70bd2b, 0x25dfdbfe, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x800}]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x8800)
socket(0x24, 0x4, 0xc0)

10:21:57 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0, 0x0, 0x4000000})

10:21:57 executing program 1:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f00000000}}, 0x0)
syz_genetlink_get_family_id$gtp(&(0x7f0000000040), 0xffffffffffffffff)

10:21:57 executing program 5:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$SEG6_CMD_GET_TUNSRC(0xffffffffffffffff, &(0x7f0000000a40)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000a00)={&(0x7f0000000fc0)=ANY=[@ANYBLOB="cca2622a37d0995af7d8d5607c86cc1d5b84509d8400011d0ebc287aabd9de768ce6772a7c823f135beb8d5353058d88584a7233fc6154001aa0ca44a8c8f61cd6245a15a827a3b20087cb5d8be33ba5a7590e5ae86a0a8fdeacb2ed82256db099aa390c0000000000109651397cdcae8ee477a9e2bdf27ac73c4ca9b308a8869fcc5675e598743ce06ddbb1949f913d3a1a485f00776c3e16113b2da41555d0a80300000000200000e77e3f64c6eb6333d9397d67b90ee9851a", @ANYRES16=r1, @ANYBLOB="00082abd7000ffdbdf2504000000140004000500000001040000a60f00000800000014000100ff02000000000000000000000000000108000300ff000000050006000800000004000400"], 0x50}, 0x1, 0x0, 0x0, 0x40}, 0x0)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f0000000140)={<r2=>0x0, 0x4, 0x0, [0x100000001, 0x6f7, 0x4, 0x230, 0x7], [0x100000001, 0x10001, 0x7fff, 0x7b4, 0x9c, 0x4dec, 0x9, 0x100000001, 0x0, 0xfff, 0x3, 0x7f, 0x8, 0x8, 0x400000, 0x800, 0x80000000, 0xffff, 0xfffffffffffffff7, 0x141, 0x7, 0x7a7, 0x101, 0x4, 0x9, 0x3, 0x100000001, 0x800, 0x6, 0xff, 0x100000000, 0x80, 0x9, 0x4, 0x7, 0x80000000, 0xf1, 0x9, 0x6a2c, 0x9, 0x4, 0x2, 0x2, 0x9, 0x5, 0x8, 0xffffffffffffffe7, 0x6, 0x1, 0x8000, 0x8, 0xf4b, 0x0, 0x101, 0xc8cf, 0x17d, 0x6, 0xfffffffffffffffc, 0x1, 0x9a, 0xfffffffffffff5a9, 0xdd5, 0x8000, 0x9, 0x1, 0x3, 0x9, 0x81, 0x1, 0x4000000000000000, 0x3, 0xd0, 0x5, 0x4, 0x3, 0x8, 0x3, 0x1, 0x4, 0x4, 0x8, 0x2, 0xb5, 0x7, 0x8, 0x2, 0xf354, 0x101, 0x6, 0x0, 0x200, 0x1, 0x4, 0x7fffffff, 0x7, 0x2, 0x79, 0x3, 0x9, 0x4, 0x1, 0x5, 0x8, 0x3, 0x8, 0x2, 0x400, 0x1, 0x400000000, 0x5, 0x0, 0x1ff, 0x3ff, 0x4, 0x100000001, 0x8001, 0x6, 0x5, 0x6, 0x5, 0x6]})
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r0, 0xc400941d, &(0x7f0000000580)={<r3=>r2, 0x20, 0xfffffffffffff731, 0x1})
openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000), 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r0, 0xc400941d, &(0x7f0000000bc0)={r3, 0x8, 0x5, 0x1})
r4 = socket(0x11, 0x3, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)

10:21:57 executing program 2:
r0 = socket(0x2, 0xa, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'})
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}}, 0x0)

10:21:57 executing program 3:
r0 = socket(0x11, 0x3, 0x0)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
connect$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)

10:21:57 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0, 0x0, 0x5000000})

10:21:57 executing program 4:
openat$incfs(0xffffffffffffffff, &(0x7f0000000000)='.pending_reads\x00', 0x3dbbb4ea3eb07eb5, 0x20)
socket(0x24, 0x4, 0xc0)

10:21:58 executing program 3:
r0 = socket(0x11, 0x3, 0x0)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0)
connect$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)

10:21:58 executing program 1:
r0 = socket(0x2, 0xa, 0x0)
r1 = openat$incfs(0xffffffffffffffff, &(0x7f0000000040)='.log\x00', 0x400880, 0x0)
bind$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0xffffffff, @hyper}, 0x10)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f00000000}}, 0x0)

10:21:58 executing program 5:
select(0x40, &(0x7f0000000000)={0x3, 0x3, 0x5, 0x7f, 0x7, 0x10001, 0xff, 0xfe}, &(0x7f0000000040)={0xe, 0x1, 0x100, 0x401, 0x2, 0x4e84, 0x7c, 0x6}, &(0x7f0000000080)={0x7c54, 0x2, 0x9, 0x1, 0x8, 0x81, 0x100000000, 0x3}, &(0x7f0000000140))
r0 = socket(0x1f, 0x1, 0xc00000)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
syz_genetlink_get_family_id$gtp(&(0x7f0000000180), r0)

10:21:58 executing program 4:
socket(0x24, 0x4, 0xc0)

10:21:58 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0, 0x0, 0x6000000})

10:21:58 executing program 2:
r0 = socket(0x2, 0x5, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
ioctl$SIOCGIFHWADDR(r1, 0x8927, &(0x7f0000000080)={'veth1_to_bridge\x00'})
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
ioctl$SNDRV_PCM_IOCTL_REWIND(r1, 0x40084146, &(0x7f0000000040)=0x9)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000000c0)={0x0}}, 0x0)

10:21:58 executing program 3:
r0 = socket(0x11, 0x3, 0x0)
connect$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)

10:21:58 executing program 1:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0}}, 0x810)

10:21:59 executing program 4:
socket(0x0, 0x4, 0xc0)

10:21:59 executing program 5:
socket(0x29, 0x3, 0x40000)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
ioctl$vim2m_VIDIOC_QUERYBUF(0xffffffffffffffff, 0xc0585609, &(0x7f00000001c0)={0x400, 0x3, 0x4, 0x0, 0x80000000, {}, {0x5, 0x0, 0x5, 0x8, 0x7, 0x9a, "2f0612b6"}, 0x7, 0x1, @userptr=0x1, 0x20, 0x0, r0})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r1, &(0x7f0000000100)={0x0, 0xffffffffffffff08, &(0x7f00000000c0)={0x0, 0xfffffffffffffd12}}, 0x0)
openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0)

10:21:59 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0, 0x0, 0x7000000})

10:21:59 executing program 2:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0}}, 0x4000)
ioctl$vim2m_VIDIOC_QUERYBUF(0xffffffffffffffff, 0xc0585609, &(0x7f0000000040)={0x1000, 0x0, 0x4, 0x4, 0xffff0000, {}, {0x6, 0x2, 0x1, 0x0, 0x80, 0x23, "3c5cdc72"}, 0x7fff, 0x3, @userptr=0x8, 0x4d})

10:21:59 executing program 3:
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)

10:21:59 executing program 1:
r0 = socket(0x15, 0xa, 0x0)
sendmsg$AUDIT_GET_FEATURE(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x10, 0x3fb, 0x20, 0x70bd2b, 0x25dfdbfc, "", ["", "", "", ""]}, 0xfe24}, 0x1, 0x0, 0x0, 0x2880}, 0x8800)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00'})

10:21:59 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0, 0x0, 0x8000000})

10:21:59 executing program 5:
socket(0x11, 0x3, 0x0)
r0 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_GET(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000080)={&(0x7f0000000180)={0x10, 0x3e8, 0x100, 0x70bd25, 0x25dfdbff, "", ["", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x10000081}, 0x20008000)

10:21:59 executing program 4:
socket(0x0, 0x4, 0xc0)

10:21:59 executing program 2:
socket(0x1a, 0xd, 0x0)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r0, 0x28, 0x0, &(0x7f0000000000), 0x8)
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r0, 0x28, 0x1, &(0x7f0000000040)=0xffffffffffffffe0, 0x8)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0}}, 0x0)

10:21:59 executing program 3:
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)

10:22:00 executing program 5:
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
r0 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_VLAN(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x1c, r0, 0x20, 0x75, 0x25dfdbfb, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4050}, 0x40844)

10:22:00 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0, 0x0, 0x9000000})

10:22:00 executing program 2:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}}, 0x0)
sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x34, 0x0, 0x400, 0x70bd28, 0x25dfdbfb, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x80}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x20044004}, 0x44804)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000300)={'batadv_slave_1\x00'})
socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r3, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x34, r2, 0x2, 0x70bd2d, 0x25dfdbfc, {}, [@BATADV_ATTR_ISOLATION_MARK={0x8}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_VLANID={0x6}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x4}]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x4000010)
sendmsg$GTP_CMD_DELPDP(r1, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000340)={&(0x7f0000000200)={0x64, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {}, [@GTPA_VERSION={0x8}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_PEER_ADDRESS={0x8, 0x4, @empty}, @GTPA_FLOW={0x6, 0x6, 0x1}, @GTPA_FLOW={0x6, 0x6, 0x4}, @GTPA_PEER_ADDRESS={0x8, 0x4, @remote}, @GTPA_LINK={0x8}, @GTPA_MS_ADDRESS={0x8, 0x5, @private=0xa010100}, @GTPA_O_TEI={0x8}, @GTPA_FLOW={0x6, 0x6, 0x2}]}, 0x64}, 0x1, 0x0, 0x0, 0x8000}, 0x20000000)

10:22:00 executing program 1:
sendmsg$BATADV_CMD_GET_NEIGHBORS(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[@ANYBLOB='<=\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000ffdbdf250900000008002b000000001805003500050000000500370001000000050038000100000008003c002f340000"], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
r0 = socket(0x2, 0xa, 0x0)
socketpair(0xf, 0x2, 0xb, &(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$AUDIT_TRIM(r1, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x10, 0x3f6, 0x8, 0x70bd27, 0x25dfdbfd, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x80}, 0x80000)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f00000000}}, 0x0)

10:22:00 executing program 4:
socket(0x0, 0x4, 0xc0)

10:22:00 executing program 3:
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)

10:22:00 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0, 0x0, 0xa000000})

10:22:00 executing program 5:
r0 = socket(0xf, 0x4, 0x3)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x24004011}, 0x0)

10:22:00 executing program 1:
r0 = socket(0x2, 0x5, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
ioctl$SIOCGIFHWADDR(r1, 0x8927, &(0x7f0000000080)={'veth1_to_bridge\x00'})
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
ioctl$SNDRV_PCM_IOCTL_REWIND(r1, 0x40084146, &(0x7f0000000040)=0x9)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000000c0)={0x0}}, 0x0)

10:22:00 executing program 2:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}}, 0x0)
sendmsg$AUDIT_USER_TTY(r0, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000140)={0xe8, 0x464, 0x8, 0x70bd25, 0x25dfdbfe, "b4d0b3d1cec52b411dd73d8ad84b1be29e6dfd981c202824c96c5ab2154e7dd3617c700ad20eb5f2f4ef0b14d8fe1b2cd23ca14996e1d911838fddb6cece0af792ae8f7a805d68805ddee54874aec0fbb5f021f521006af449e63ae756d386f7d7f4c469cfbc47d85bfb38c8258da26c451d1dd1e8a141fb4897793d313446e3eaa9efe30c08ff6363d5849e0709bc4a142bd20df84e28bf3b0d8a4dac24253929d345b36c442299ccf47f35ca46a979a0fd3b27a497545941feaec1dab09a54f17ff70f490efbee87c0f2140420ef9d9e63d30213db", ["", ""]}, 0xe8}, 0x1, 0x0, 0x0, 0x10}, 0x8004)

10:22:00 executing program 4:
socket(0x24, 0x0, 0xc0)

10:22:01 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0, 0x0, 0xb000000})

10:22:01 executing program 3:
r0 = socket(0x0, 0x3, 0x0)
connect$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)

10:22:01 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x90000, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000280), r1)
sendmsg$BATADV_CMD_GET_NEIGHBORS(r2, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0xc2080200}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x34, r3, 0x1, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x1f}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0xdd}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x3836}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000055}, 0x4000)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r0)
sendmsg$BATADV_CMD_SET_VLAN(r1, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x48, r4, 0x200, 0x70bd28, 0x25dfdbfc, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0xfffffff8}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x3}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x80}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @local}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x3}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0xf187}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)

10:22:01 executing program 1:
r0 = socket(0x2, 0x5, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
ioctl$SIOCGIFHWADDR(r1, 0x8927, &(0x7f0000000080)={'veth1_to_bridge\x00'})
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
ioctl$SNDRV_PCM_IOCTL_REWIND(r1, 0x40084146, &(0x7f0000000040)=0x9)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000000c0)={0x0}}, 0x0)

10:22:01 executing program 2:
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={0x0}}, 0x4000040)

10:22:01 executing program 4:
socket(0x24, 0x0, 0x0)

10:22:01 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0, 0x0, 0xc000000})

10:22:01 executing program 3:
r0 = socket(0x0, 0x3, 0x0)
connect$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)

10:22:01 executing program 1:
r0 = socket(0x2, 0x5, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
ioctl$SIOCGIFHWADDR(r1, 0x8927, &(0x7f0000000080)={'veth1_to_bridge\x00'})
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
ioctl$SNDRV_PCM_IOCTL_REWIND(r1, 0x40084146, &(0x7f0000000040)=0x9)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000000c0)={0x0}}, 0x0)

10:22:01 executing program 2:
r0 = socket(0x2, 0xa, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
ioctl$SNAPSHOT_ATOMIC_RESTORE(r1, 0x3304)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}}, 0x0)

10:22:01 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r0, 0xc400941d, &(0x7f00000001c0)={0x0, 0x63fd, 0x9, 0x1})
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r2)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000640)={'batadv_slave_0\x00', <r4=>0x0})
sendmsg$BATADV_CMD_GET_DAT_CACHE(r2, &(0x7f0000000700)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x34, r3, 0x100, 0x70bd27, 0x25dfdbfd, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0xd333}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0xfffffff9}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r4}]}, 0x34}, 0x1, 0x0, 0x0, 0x2001c003}, 0x0)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="0107000000ffc1d270a2e3eae194"], 0x14}}, 0x0)
sendmsg$BATADV_CMD_GET_VLAN(0xffffffffffffffff, &(0x7f0000000800)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000007c0)={&(0x7f0000000780)={0x34, 0x0, 0x200, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x90}]}, 0x34}, 0x1, 0x0, 0x0, 0x40800}, 0x0)
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r5)
ioctl$SNDRV_PCM_IOCTL_LINK(r5, 0x40044160, &(0x7f00000005c0)=0x7)
r6 = openat$incfs(r1, &(0x7f0000000040)='.log\x00', 0x30800, 0x122)
ioctl$TUNSETTXFILTER(r6, 0x400454d1, &(0x7f0000000080)=ANY=[@ANYBLOB="00000500aaaaaaaaaabaaf71b63717840da0fdb34f51461632263d6015a300000000"])
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x1}, 0x0)
ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f0000000140))

10:22:01 executing program 4:
ioctl$MON_IOCH_MFLUSH(0xffffffffffffffff, 0x9208, 0x6)
socket(0x11, 0x3, 0x0)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f00000000c0)={0x912}, 0x8)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
r1 = socket(0x18, 0x5, 0x2)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xffffffffffffff88}}, 0x0)

10:22:02 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0, 0x0, 0xd000000})

10:22:02 executing program 1:
r0 = socket(0x2, 0x5, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
ioctl$SIOCGIFHWADDR(r1, 0x8927, &(0x7f0000000080)={'veth1_to_bridge\x00'})
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000000c0)={0x0}}, 0x0)

10:22:02 executing program 3:
r0 = socket(0x0, 0x3, 0x0)
connect$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)

10:22:02 executing program 5:
write$tun(0xffffffffffffffff, &(0x7f0000000140)=ANY=[@ANYBLOB="60bb7f45006d21fffe8000000000000000000000000000bbfc0000000000000000000000000000012c0804040310fffe2001000000000000000000000000000000000000000000000000ffff00000000fc000000000000000000000000000001ff0100000000000000000000000000014e234e2104219078a4272c1206eefaafc265f43efda53d0a426a6e95de7a72e749338fe5995c5816eb85f26b9df6b7800bff34b713d42de16ae5e1ca54a074be033c3a14fc57cbdf2ac024ecece1a1f2785f132e0f1f7801fda1253380fd6898f070897193d0f5e9903940e23d9765b50e67833b7d06a3e4aec429d1bd2a340b805313920600000000000000b1dccd1e7b87c7aea151e5286d78b3029720e77334072d9b4ac29d18413e24b4a96ad384d17a5ca1c3"], 0x95)
ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000000)={'macvlan1\x00'})
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x1c)
r0 = socket(0x11, 0x5, 0x9)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)

10:22:02 executing program 4:
ioctl$MON_IOCH_MFLUSH(0xffffffffffffffff, 0x9208, 0x6)
socket(0x11, 0x3, 0x0)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f00000000c0)={0x912}, 0x8)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
r1 = socket(0x18, 0x5, 0x2)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xffffffffffffff88}}, 0x0)

10:22:02 executing program 2:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000040)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0xc010}, 0x840)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
sendmsg$BATADV_CMD_SET_VLAN(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x88}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x24, 0x0, 0x2, 0x70bd25, 0x25dfdbfd, {}, [@BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x4800}, 0x20040000)

10:22:02 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0, 0x0, 0xe000000})

10:22:02 executing program 1:
r0 = socket(0x2, 0x5, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
ioctl$SIOCGIFHWADDR(r1, 0x8927, &(0x7f0000000080)={'veth1_to_bridge\x00'})
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000000c0)={0x0}}, 0x0)

10:22:02 executing program 3:
r0 = socket(0x11, 0x0, 0x0)
connect$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)

10:22:02 executing program 5:
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000140)=[0x4, 0x3ff, 0xf732, 0x0, 0xffffffff, 0xffffffc1], 0x6, 0x41800, 0x0, <r0=>0xffffffffffffffff})
bind$vsock_stream(r0, &(0x7f0000000080)={0x28, 0x0, 0x2711, @my=0x0}, 0x10)
r1 = socket(0x13, 0x80000, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)

10:22:02 executing program 4:
ioctl$MON_IOCH_MFLUSH(0xffffffffffffffff, 0x9208, 0x6)
socket(0x11, 0x3, 0x0)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f00000000c0)={0x912}, 0x8)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
r1 = socket(0x18, 0x5, 0x2)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xffffffffffffff88}}, 0x0)

10:22:03 executing program 2:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}}, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r3, 0x1}, 0x14}}, 0x0)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="590000005a36ce014b558f6e8ccd", @ANYRES16=r3, @ANYBLOB="000825bd7000ffdbdf250c000000050037000100000008003100f8ffffff05002d000000000008000b00070000000800320009000000"], 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x40000)

10:22:03 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0, 0x0, 0x10000000})

10:22:03 executing program 1:
r0 = socket(0x2, 0x5, 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000000c0)={0x0}}, 0x0)

10:22:03 executing program 3:
r0 = socket(0x11, 0x0, 0x0)
connect$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)

10:22:03 executing program 4:
ioctl$MON_IOCH_MFLUSH(0xffffffffffffffff, 0x9208, 0x6)
socket(0x11, 0x3, 0x0)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f00000000c0)={0x912}, 0x8)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
socket(0x18, 0x5, 0x2)

10:22:03 executing program 2:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000000c0)={0x0}}, 0x0)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000040), r0)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x34, 0x0, 0x4, 0x70bd2c, 0x25dfdbfc, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x4}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x814}, 0x8001)

10:22:03 executing program 5:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
ioctl$vim2m_VIDIOC_PREPARE_BUF(r0, 0xc058565d, &(0x7f00000001c0)={0x0, 0x3, 0x4, 0x100000, 0x3203, {}, {0x4, 0x2, 0x8, 0x7, 0x4, 0x40, "31691561"}, 0x3b, 0x1, @fd, 0x5, 0x0, r1})
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(0xffffffffffffffff, 0x40106614, &(0x7f0000000000))
r2 = socket(0x2c, 0x2, 0x0)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r3)
socketpair(0x28, 0x1, 0xfffffffa, &(0x7f0000000240)={<r4=>0xffffffffffffffff})
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r5, 0x28, 0x0, &(0x7f0000000000), 0x8)
ioctl$sock_bt_bnep_BNEPCONNADD(r4, 0x400442c8, &(0x7f0000000280)={r5, 0x2b0, 0x6, "b201d42adbfa476cd9f5993868f7f68ec82d143a65271d8ccffcd957300f9c740e84aab5397687a6ea780bdf0d3372253f4672fd7a86f0b25eed107b99e8dfe0b8e60218cc904c8c9ccbd9d46c8a20c211ce7f8c3bfd53885a4f3a176f82a70aa7d5bf708a3f1100882987148c9f94e7ec1b9a63b7d33595635e78ef39a3c0d021d8f4b66afc0e858e2666db5a83e3edeffed06da381c7f64411b26a0f0d6a7443b43641ebca06a2f963d97554488cb3d8dfbdd9a0a575f57776d21ccac5f7b53d3a0b0a059e3e3a3f0bff5fa80f81708ab4aa33d43e84da94e69c192a0c72a233e543e9e0f85998108880b9eb0f8c29374d48b56dc4bee80bdfae6a0b9428daedb2597064f90229cf054b7c06d215fd06f7c41f7502f87711c8527a32b72434560467d1fe25cfd04e18db1364fdb0cd606ca0b89f25e691a340e028c7b25583b813ad8ac2ff12260bd8e1b3cc2975e1342d9c57a3a065ba8358489d2340d2d25f9108afd4909cd23ff3ce3794dc711afcdbdf8cafbc2aaac32de2019c140466308d586d686d19da26543a00610d21f339593d6309d72a4ce5594a9b996fbd758103e4229baa4c5d922a4d50469efe9fa36131f6440f485e0f2a82e6b775f03c39dd4c6c4ccf4d077179b22a61212ef6f34eeb2326dd9b0f210b393817414ffce1aa0b636105a8dfb8946cad522debf8fe48201dbeaef40499e5aa1a8580051de67548659fb83ecfa86e4bbc52b271e3fd0ae7054447171526681349fabe437247bc8fbb21aa67df4b77a4e5f553f994189a45edc8aa573e1714bbd963d32736501649c670521d1a754cb6bf2cb4425ae523d95b5ac7f27e3e973db915134527e309587752ea0c3eaf1c90b0941ace9aff73cb6ed6f11c6bce184bff4730517f9ea791190236621523ce0cf0350f3a43aca38ad3f3591f77c836cfd3e941eddada3c7109f35663c718be2eb726b931cf44018f2020ee33a6accd42bcd2eea9a67563d1bb355510d188963f0f854b5ddd57d34104408165b165ea69ebce21f24fcfe804551f35632a3688e694bbfb2e3efbb218afe528fbecf06afe7bbbbca12fac358a0ce8c450ee67725bff621134ddfca34ee80b14aeb6457b8b15814968ae1e0915eca48382572026c7bb587c2fcd26f2f064f9a684fbc6e891cff168f52d7a5b8325e6224268c698cda7e8effd5f8398cbb68a2f3a28f924b6c253558e300d3e943e545df1c1848a13448c2b104c1fa729cd7a4b621e070296c268b94f259f6745ca93a6c26b83a92baffdf7feb1eb3f60303fe9c7065604f6d4a28a92f2575a2d4dd2067f2a50a9ea9cfd5e232208769415a95911e620605c51f8f98b91614cb064b0bcc0729a7b05d6994308a58155ef81786000d3fe6b97db2489b28d6ab041a971595c8b059feacbf9f0152ba90c4b0e2c4a81488380247f037970b041dfd5b35931868e173dbb4519ba5c4590dd2bce1b30225f18ea581274524d6dbb480f9bb8591c1f2ff7a6ec37b0405bfc0a2c3cca3f93a3625a5edefda778107832555169a2853c903295e3fddc60f4769b7941d3da26db4d70b25227ed0de3d4ccfe6b6ec9fee39744e10975c5388b3bf444d9866b72172a97d40e02d09d5809ae634a77e12aad96abe78c16624e67bfe4540d74ebe5d97f3f828f83242d4ec73405d1825c043d530dc32388e5e4771631b58815c585bec18e6300af4286062c60eee700b698c102b111f16cc7938b052cbb8755cc288e8ae67b4c07eac3a74d126ef2b7db7624a20b5bcdea5ecd5f30f584350391d124c2d573d30ce6cbef681a163f6490129a07b1384a393549b4b1d1fff5a18dd7335c59fa8d33c360d2a8619961242b01abf557f9de5ed130a541fc4d4f1c1d0a810999e3740e29ff1044015f4c712e69c92c49ef1ad92be674c390e13b7a658e75a78ead51a09f0c0d2900a7620524c98e4ea97014635bca098722b50a7f1d7f435e225a6353dd73579550e1e85c08c3933ef1532c8a329dc44afa135df0fbdcf195277bd8f50c8fc8c343093a30b653ac724de76b7f8183b1e793eb8f00bc85fe6209cf17781615f1b6aa6f0ae506870949d5d2f02bbf8fa5ae552d683262d49fc399737aaabbec32f24af64e2e1738ac38b6967843059caee6ad43aedc7fe1cc2899dffe577c5124b95e43573b82bc21cead7170322f09d366fd30c098767632fa63033043c4c6aa016136b0b262ff72ae612f94d13c69e22798e211c225ffff168d321d68105e9a5682a6bfa978a91021f464dc652355a91c900f8c97f377ed4a50c9f2944adb285398433b6c00f3a6b362d4c70bfde49cea55cfc3922883e279a7bbe467b1c9855297be6e639b3daf3b050f921393397061c28dac28f0ac25ee9dd050d4024315f7a04b7cff76386c232b0b78b5550005633c85dd155792a11d249f0e588c64577de6fe5a59ff9f1c42431344dcb1a251e6fb84f676581eb1a11de3d5c0c9189854119fa5495d106b4bab268adcf922ab1747586a3a14f1b8ecbb46199d715464e3eb7ec50ae0bd35daecbd67e33cf368556fe6581dc0417eaf31ad21b3b836353354e43076303778e30c5570f7d74fcbd6bde98b7ddbf18a582aad377e94e3b6f4968b9aed3949a20b715a1c7c356f8f90dab7a9517a9d6be694c871c33013bec333cf741ca98d7e9e829a0228ddff8cfa538ee5c844334fffaef0088a6bcf8dfe84b7f3ef93d47939738619b597570a829fe7da8c6d1d47481e7a1dbb13a47d71c10effda92b9d86fddb7aa7cbb7706a5d9dbc5e18eebe0fbd07dac17c1622a060b9e8b01dfe5e14a8d39036a2396ec7a33f07e77d842fe3f9da76622500937a1c8e4e0ff39ec5ca3f44a6d075d8d6392676e90a1264ea692c6841b966cc1e5ef208288218dc06305d326c59b20223bf7cf7b7f828fdf1f3ea903357df92eaa13c57acc5fa4ca8b548221d9e0435ee58a61bc17924bd0fa125786ff2be30a4216cd0b18a3b5882941efa3f13d1a43ca643844671acf06713cea70b299ce5a29edd332f32c0e9b6b195705faa0cd0379bcf3f368ea93dc88e2a2b2dec7ef8701ee30044147c8b6e2b12f42c244f44df725e1967918ef93ea076c91ee291432ad8d285f9053357e3e3bacfbdf4011bcc00e814ea5f2517f032838d04bf457e3cb9fe91447c6d4349f42d09888a9fc5e4d7fd5cf31b484c15f880671a0b533a8e88338a1541ab4877e044e2fbafa5bc16afa2f740cd0ab5fdafa73451f704a738503dee36e06da9271d29e3f39719772252274fd98dfb42fdd88a5e17f52ff78a022f629d47e22ac226351eee0e7204a14a597bcf0257d566ca83757e1a2f8dbb2f72a070674a3b61ba538e263f94e8f21896e37462c956d74e587094062917e26b6e3fd4f48d704e05df95154ef8d36b099d42c4fb46d8c4b9dc778b8b3d70237cda0246a98210bc0943812aab616bb5ebed8bc811c38520f0d5e66c05728aa428eb07b83b262919e5c62890d2499a3c28844d1b00af1a164d2031dbf1054d080f3ddf66a4f80d01e86c33bf829f4e4dd1e2ecedd8cfa24334d33d823f479895cd236c9bec588fefbd20f1f26380c3d2b876a132dc137fbcf9d7e6bebcd9ed9332c082e4f9e8a84ceb8b21dc1dae751195edfa4c5fcf2ba8e424f4a56fbd3c17831c100ff77c5957a6ac1a84ca2e8ecf3d31274a1adc121ecbf0ab81031f158ecdd8978bb2a11daf961f3a55f3f305b6e1966bba82cc24949e2295478cfbb347e420cf759d3ecf973470b4da46085cd76f6316280df27f7438a612ecf4d1d37497613a08bf47ff8e0cebfa059fb11bc8d988ab7b6b5691c1e181b383e8dc058d12bcaf05f36a46293feb050a4db9af30f7ad3189552b8d3cd89cc1422dc7fc39096ba38fdbea65cbabcd8febe8c14cd8c73e746e0fd2b09b3c039a202e7b0f5d30d236f16a543dcd56390f51d174171ae3d68afe1ad5872056763fe493b6ab9ca53e6fb67634075377c985dacfd895fe8b47aae21a11e8ead0788fe1219bdb2f00272276a9a3192fd5edbd8f4525921404e00f2b48339241e80dc615e7f4bd06f2b75668f55343f253aefc5b26cf25c521c5196486789ecd56ca61215a9b2b55f4dfdd4c283bf341be72163c51042e056f340a4d60d03ca8118298ba0a4d926ef6c1f06e1a38b495a95784116f09832dde13204c5094aeba11825a04252d7c3b4b89f912c5a6c84c256fa7e318c1de2e23f62101df5a419471a08f0b3365ac1a9f27823616d569931c6da2003b0132f5c65c209ec6b4bf2fa823490b2968f4b9b2c9851de0209eb9eebd2e35918a20eb4abcaa48c4ff752e934c9514c46c284005fb9ec62433ff7cf67f07122e3de2d410f2597055805a4483b9a576e00cd0953c5aae5fda2723c147142812706fd9bd11ed150b365be64e03036fecc6ddcb6f37617beb73c8234f72d9f039a6abc7658da3fa328c65104dca3a6db92514625885b4ba134d3eb57a4878a68ecfdfbcc133ff2c2d1b43d4e776b32785f98d1bb1217f33f1c9ca37d3442c1752d8890ccfa02e1c0b3a3c47709654d89720748850f6659ed2ed7e4434c94bd85e072ae46dd1a7448bdefa3b567ecaa734eecc09c24ef36bce40aef17605368ac513904d1b7da55f9028964992392f5aa6e21e75da570064efd6b642cc0b9228e8cc3531de426e44f06481f2803b9231071197174397e9c29db30b28b519a856e2de639d1ffd3784f3e1b170d809b7c134da1a66fc4fc482255acb5c060203958e482ce597d3a0c8be329ac25fc4e144569d8fcd1a9f48ee8f5f64194c7702554150ede8af45c26f96c10af879b5a2be93e052487c93fd5a707683c8880750152d81cb02eda03096c425361985f2c859c81a9afebce86665d5c02473aac524326cbb9ba1209120aa8c355c1c2fd11a41ff4785900f86f697016e7e2e9b2f82a00f665639aa161fca254b7c3b9b0f3a7d22f93270e94daee36cb7d23bf9d884f6f8390cd178f64940dcae7d4702f8ade08502a5ff43dd7e0369c8dd3be2e9bd30c9a0753c53ed774cc5747570644e65965e1648707d584b711a973cce17efe38549d8efb54b49c8fba1f7f49faa6598a38a487a7e2c377f6d9bc95b448d45bbc80c360d103d48705348ea09eaf4295b1ebef73cd6986158bea8eed154a11cf316d5e0be7b17c73981a37ec492bc991c1719ad792dfeaad48893dac087eef8ccb4ecc1c336697eed7db000c0d85c41acd6f52a52603f485e8070fb58f760aa2adada37f44810aa0d61ac21b67276ae3510f93a76fae8920d1c2e4458ab8f09d143f89b1eeb2da3713913768ecbf8d58d3bc513c8aecf5ec023175400f67403a5b93d02a5f3b4d869dbfeb09cb9b2acf01af08554bdf2f83a4b0aa6d6509b3f0ff0c91e0f759f61f9794d96005dc237c254614e28c622b97c5a3a33b8ba39a016b3ad88fab64214acc75004c2933cd297186415d2a2043eb5873c40e97aa4d0e06dc71a8585fbd1970f862202fd7daca052ba1abbd7674dad503a0f2cd5f6864233eaf4290b28f6a659233ad15190435dfa286d080202f199c744bea779bc54e00ee58d3a991b262fc87a454b9891a6c9f19f0738bf762df112c87b5cc6da5fd73b1f220fea33e0010cb30bbdb8cc41ee71685a050ed769988cb1103af2f978f37661d7232630bb01a3ed394cd25121b875244ad39b8f2afdf1afa73f16c358eaaacd9026b64efff594584d7d96e93c6d6dd3d80162ec1b4e3f9c2324378ed6df5cd68c36754f2392b67066b2f631a5810f484ebe1efc9"})
renameat2(r3, &(0x7f0000000040)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)

10:22:03 executing program 1:
r0 = socket(0x2, 0x5, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000000c0)={0x0}}, 0x0)

10:22:03 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0, 0x0, 0x11000000})

10:22:03 executing program 3:
r0 = socket(0x11, 0x0, 0x0)
connect$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)

10:22:04 executing program 4:
ioctl$MON_IOCH_MFLUSH(0xffffffffffffffff, 0x9208, 0x6)
socket(0x11, 0x3, 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f00000000c0)={0x912}, 0x8)
socket(0x18, 0x5, 0x2)

10:22:04 executing program 2:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000040), 0xc, &(0x7f00000000c0)={0x0, 0x742a5668}, 0x1, 0x0, 0x0, 0x20004010}, 0x0)

10:22:04 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r1, 0xc400941d, &(0x7f0000000140)={0x0, 0x6, 0x7, 0x1})
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)

10:22:04 executing program 1:
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000000c0)={0x0}}, 0x0)

10:22:04 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0, 0x0, 0x12000000})

10:22:04 executing program 3:
socket(0x11, 0x3, 0x0)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)

10:22:04 executing program 2:
r0 = socket(0x23, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}}, 0x0)

10:22:04 executing program 4:
ioctl$MON_IOCH_MFLUSH(0xffffffffffffffff, 0x9208, 0x6)
socket(0x11, 0x3, 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
socket(0x18, 0x5, 0x2)

10:22:04 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
syz_genetlink_get_family_id$gtp(&(0x7f0000000000), r0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r0, 0x84009422, &(0x7f0000000140)={0x0, 0x0, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}})

10:22:04 executing program 1:
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000000c0)={0x0}}, 0x0)

10:22:04 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0, 0x0, 0x25000000})

10:22:04 executing program 3:
socket(0x11, 0x3, 0x0)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)

10:22:05 executing program 4:
ioctl$MON_IOCH_MFLUSH(0xffffffffffffffff, 0x9208, 0x6)
socket(0x11, 0x3, 0x0)
socket(0x18, 0x5, 0x2)

10:22:05 executing program 2:
r0 = socket(0x5, 0xa, 0x0)
ioctl$sock_bt_bnep_BNEPCONNADD(r0, 0x400442c8, &(0x7f0000000080)={r0, 0x4, 0x7, "f781b483e01a02da6a76fb58b867c9e6a7ad2ed6190189fdeaa8926a39097e0bce2ee7a607bcb9060ae31f531a6f6e80599ece"})
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f00000000c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000000)={0x0}}, 0x0)

10:22:05 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
socket(0x2b, 0x5, 0x8001)

10:22:05 executing program 1:
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000000c0)={0x0}}, 0x0)

10:22:05 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0, 0x0, 0x5c000000})

10:22:05 executing program 3:
socket(0x11, 0x3, 0x0)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)

10:22:05 executing program 4:
ioctl$MON_IOCH_MFLUSH(0xffffffffffffffff, 0x9208, 0x6)
socket(0x18, 0x5, 0x2)

10:22:05 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(0xffffffffffffffff, 0xc00464c9, &(0x7f0000000000))
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000140)={0x18, 0x1, {0x1, @struct={0x2, 0x9}, 0x0, 0x3, 0x1ea5, 0x8, 0xfffffffffffffffd, 0x2, 0x440, @struct={0x1ff, 0x1}, 0x9, 0x9, [0x6, 0x10000, 0xfff, 0x800, 0x1f, 0x90]}, {0x3, @usage=0x8, 0x0, 0xa5, 0xfffffffffffffffc, 0x2, 0x118, 0x3, 0x1, @usage=0x1000, 0x7, 0x8000, [0x6, 0x0, 0xd69, 0x800, 0x0, 0x80]}, {0x4f55, @struct={0x6, 0x5}, 0x0, 0x40, 0x1, 0x3, 0x9, 0x7, 0x2, @struct={0x4, 0x1f}, 0x400004, 0x33c, [0x4, 0x6, 0x101, 0x3, 0x7, 0x1]}, {0x7f, 0x8, 0x4}})
openat$incfs(0xffffffffffffff9c, &(0x7f0000000080)='.pending_reads\x00', 0x420000, 0x81)
ioctl$BTRFS_IOC_DEV_INFO(0xffffffffffffffff, 0xd000941e, &(0x7f0000000540)={0x0, "9db973af7dd3719a5bb54471ddab3b1e"})

10:22:05 executing program 3:
r0 = socket(0x11, 0x3, 0x0)
connect$vsock_stream(r0, 0x0, 0x0)

10:22:05 executing program 1:
r0 = socket(0x0, 0x5, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000000c0)={0x0}}, 0x0)

10:22:05 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0, 0x0, 0xfdfdffff})

10:22:05 executing program 2:
write$snddsp(0xffffffffffffffff, &(0x7f0000000140)="696053d4024ee5c355c2cc6efa2bd936753f27b9012ae472278a434a2b08e7405d54052b20e792ef5ad6d2d05cc3e051bfd86a210e0c14e50d90d991421d180f9a83d8c5e465049baf84f666dbca006dd7aad209adec158cff384d74bb24cc580abcb288b8a6f24edefa5aa403cb93cff590eaeedf9263e9a016f94f543492324a37afd92586d953ff0c11f18e", 0x8d)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}}, 0x0)

10:22:06 executing program 5:
r0 = openat$incfs(0xffffffffffffffff, &(0x7f0000000000)='.log\x00', 0x408280, 0x90)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x24, 0x0, 0x2, 0x70bd2a, 0x25dfdbfc, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x2}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x92e}]}, 0x24}, 0x1, 0x0, 0x0, 0x801}, 0x20000084)
r1 = socket(0x11, 0x3, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
mmap$snddsp_control(&(0x7f0000ffd000/0x3000)=nil, 0x1000, 0x2000000, 0x20010, r0, 0x83000000)

10:22:06 executing program 4:
socket(0x18, 0x5, 0x2)

10:22:06 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0, 0x0, 0xfffffdfd})

10:22:06 executing program 3:
r0 = socket(0x2, 0x6, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x80, 0x0)
ioctl$SIOCGIFHWADDR(r2, 0x8927, &(0x7f0000000280)={'veth0_to_bond\x00'})
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000100), r1)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000240)={'batadv_slave_1\x00', <r4=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r5=>0x0})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r7, 0x1}, 0x14}}, 0x0)
sendmsg$BATADV_CMD_GET_ORIGINATORS(r0, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB="2400b6fb", @ANYRES16=r7, @ANYBLOB="100026bd7000fddbdf2508000000080034009aaf00000500330000000000"], 0x24}, 0x1, 0x0, 0x0, 0x4004001}, 0x20000891)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='\"\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000128bd7000fcdbdf250c00000008000600", @ANYRES32=r4, @ANYBLOB="0a000900bbbbbbbbbbbb000008000300", @ANYRES32=0x0, @ANYBLOB="08000300", @ANYRES32=r5, @ANYBLOB], 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x4008010)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000000), r0)
ioctl$SNAPSHOT_SET_SWAP_AREA(r1, 0x400c330d, &(0x7f00000003c0)={0xb29, 0x7f})
shmget$private(0x0, 0x1000, 0x10, &(0x7f0000ffc000/0x1000)=nil)

10:22:06 executing program 2:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}}, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
sendmsg$BATADV_CMD_GET_NEIGHBORS(r1, &(0x7f0000000180)={&(0x7f0000000040), 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x1c, 0x0, 0x2, 0x70bd28, 0x25dfdbff, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x200400c0)

10:22:06 executing program 1:
r0 = socket(0x0, 0x5, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000000c0)={0x0}}, 0x0)

10:22:06 executing program 4:
socket(0x0, 0x5, 0x2)

10:22:06 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
renameat2(r1, &(0x7f0000000040)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x2)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)

10:22:06 executing program 3:
r0 = socket(0x2, 0x6, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x80, 0x0)
ioctl$SIOCGIFHWADDR(r2, 0x8927, &(0x7f0000000280)={'veth0_to_bond\x00'})
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000100), r1)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000240)={'batadv_slave_1\x00', <r4=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r5=>0x0})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r7, 0x1}, 0x14}}, 0x0)
sendmsg$BATADV_CMD_GET_ORIGINATORS(r0, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB="2400b6fb", @ANYRES16=r7, @ANYBLOB="100026bd7000fddbdf2508000000080034009aaf00000500330000000000"], 0x24}, 0x1, 0x0, 0x0, 0x4004001}, 0x20000891)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='\"\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000128bd7000fcdbdf250c00000008000600", @ANYRES32=r4, @ANYBLOB="0a000900bbbbbbbbbbbb000008000300", @ANYRES32=0x0, @ANYBLOB="08000300", @ANYRES32=r5, @ANYBLOB], 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x4008010)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000000), r0)
ioctl$SNAPSHOT_SET_SWAP_AREA(r1, 0x400c330d, &(0x7f00000003c0)={0xb29, 0x7f})
shmget$private(0x0, 0x1000, 0x10, &(0x7f0000ffc000/0x1000)=nil)

10:22:06 executing program 0:
ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0, 0x0, 0x0, <r0=>0xffffffffffffffff})
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r2)
ioctl$VIDIOC_DQBUF(r1, 0xc0585611, &(0x7f0000000000)={0xfffffffe, 0xe1f9a5648ab80a13, 0x4, 0x2000, 0x5, {0x77359400}, {0x4, 0x2, 0x7, 0x3, 0xc4, 0x5, "02000600"}, 0x1, 0x3, @fd, 0x4, 0x0, r0})
r3 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r3, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
ioctl$BTRFS_IOC_DEV_REPLACE(r3, 0xca289435, &(0x7f0000000900)={0x0, 0x8, @start={0x0, 0x0, "14cc8441219a7a0dbba957df9b8c275c58f4e0c6b3efda1878e12b498cb449ad7179d08adfcb5c624a17a08a529362dc6139c9973ddd366878b44b88c69625e4468ddb8d6562e2bd781acb510b9c6e7368faf37ad75efea21005d476b7312b39a7615d1b03e81a6358136342763a5f0aa53682a83bedc85ae5aa39bd6e56b9665f00ddcabf6141ff9b58bc5952bef22f23a58f2deb5ca767a5c3097b6f0319deedc04044a4e3f41b1b004413616adb122f71cbe7e30f077c25c37464a3e671e2a871ec54137a0bd5b1a33522347a32e308b2f5ec5867c155f752897b8a3fc7db6ea19d26c3b41e3c17ac715b68601e9241fed8e610a9f24e22b75f32194257d7b42d54e01f7c5b5bbf52c64c12ce28c1e6482471442c3e922e0d905b39a77a159b4392ea06e68b9c4a9d187fdda3a5675278ed3a8a0be6509fd9bd5333ddfbd129a195d48d417dbf2610a6e9d8aec2088a3a7b0eba7ae5d9dc3450c8a43e701395838f3651004ec2d7f9341801f3545e1705663f9816c52b8fb54ba1aca38a5c6afcc5e3ca9da8416197cfd515636e6b139ce3ef0efc05f0aae2968170100607de4e558907f8a33cda33ef5c09912dd1230bffad722631cb01db2be31293fc869d334fcd2dd0aed40fe419d02740b7f224752343789b03d5d01aaa80bbdc6c95146a0fd9073003d88bc05963fa48e5171f461a2dee2ac83150789715bc46412f495c9d5d45218e2d3347853470b4f4f886fe9ed49e1124900e5044ed9c1167f7f17f74ede063966b6c3228bbc331528ecdd2c6566ac7c3cb5a83601db6d0c10f2de172e7d00c64eee6a374d6f6df460f2a0bccd714a0dfadc0b51815f185b3d7d40e7b9da93587a0823413eb54cb9ac908754942252b18c6a30242c0cc4ba0c5d8e88f460bf4780f422f409d340f80eb95349403c1010521f6ac20956b3b47b5f8ee2a4952f0b97d0b7534a21edf846e01d2c92de8059bb341aea9a68e34cbd432802602968d8989df651ea21d719da1bc20dc8abbf62b937f49a28726e0a716f20240e3a4b99b9e2e8c74fc3fad0c903aa398fa35ae97a99c953cc9671327d3d8608bbf10e246e431948bf980975871a11444816d4c9eb3f0a8ab281ae2969c6a7253b14fa9e7d53443727868cef570aae76ccd54a2b88ebef5adb3fb8b0dc1306bf98a0a8903db78ccdec97dd562030e05c88291c25b86a546d58e184db6fb3d7eecec5470fc9eff86022ae419479920f980c0cae8c8b6ae128f4d93cfe1350c9a605029b1c86364bb82206472b3f33ec5231a52f24417e9ff83747b30e1aa8c2b0921453ec02c319d96f8442e43d2ef74fde5c437ca95b25b3ed8e08ef319f291081a2d36c772ac75c6ab99e293e2da99c0be185bb8183f2a06cb46a7ce089e8203a62864378d2b4e1eb7eb954cbab3d6f24edfaaaa4581c50ee50d45b5eadf", "f3d8ea71dc8bf2465b94e54aded70dfde541ae48c05d779d8c7d1ef6a5f0e272521b21ae980979d269d2d4bb118eb6cb4d537fb7f0dec42e54d46409dab9c073fd587b434f1859a8fce1a32d074a98e7b5d3ba53530fe29a0fbf04ac5fab630da41ff08fcd2a7b46420c463df9dc538bfe78010aef43749e3c4b11391995e66023615435e9d7ce527fe65dae08d2f1cb18ed7d23e6c5d939f12682e0d5b0adf327b6e02bba5ed67a53c13f0bb659031dc124eb80e249b2877ef70518e16b12a71b4bd84ccac64792a37b57fb8f3cd42e4646fd6b75ef3693f63aa76ccb6ae0ccb2916bfb487fc73bdbc793643d3285c4a72e852d394be48af3334a45a9de20443f9927b5bbb5672cc592b4b6bca8bd16a48e8c2c208632807a266918cb04d9a38b6ecb8daddfff940f2a1fda16817b9d687dafa0f83b91a0b310e8c7bd52715b85e8f2ae4465db03dc60659eac72b4f521940217d98ce2c0bc23b47b8d9209a9cafbb8ebe7de0862326830a5c1a42cd05a42d3e03779539528d8a9b0b04c8da235e54e354e62bbdc6d31bbbb2085623a03dcef132a978acade8ca78d19015dfb541bc8f5efc48e560e532990e69d333eb6833c867290eceec70abd7d89a245578ebdc3ea07e47496a1c5902611612bdd90e302865f5913da6284b16396f08cfddf0ea96127f8109b05a92ee632ee8532bff7a954fbccf3436bbc71208f4653cb02685ab7cbd04328b836053abaa6c3e47c092fd911f98d48bab8aca648c5c3eb4d6c0139a1e731cc620e0944b28cc2f2fe44870bb7b4aa463cde32bd5c1a28a302a00adaef16f37c3500cb9c9eb0a151052f2e7373524ae948914a442fda12a8ce0c06dfa3cbd23d55a26e92529a90efeb794378495f7c95e0505ed596a3167fec7bf06ceab14cbc67fd94bb3f6618dbf6b49c3e13139010b1d13a9675e0f95f937e203e2c843f87ab81baafd8b2e912ce0e6f1b04d15f9d161200893b49abd75da6120ab1edd72efb0e47b659dc2d43cf8fc8b22d7b83b0e2b3feaabbf7c24f3ee418eb5e2eac93c0c033b93687bba4eb5c318f26003101c1878a0397dfe2ace89f2364b2d1464705abc72879926415efede83d017d58c120be4ee6a6cc4ede305456f99f588c30c311b43ce21cf309314ad77728d87a28060a7ad4ae925875836a40d08a7fef860dd0426fefe2ded0d287ce4425d3a1e6af8045747abef4e0eb2de4e928da7e0f7bfc4807ededf1b6375a382665d54b4d63beba39972c3d1c5eb606f15848f38cbfff2b745711417efc9b1ce8a77b5100cd50c4510db0c19dc3e863e0a3ef166d701770e7092ad51bf49595f9ca0e44fcab60fc4742e25bb40d86f957fa0d34920547b8c12d681a051a31874a8404830007a5bef703e77f62291ec51715e958f1e29e6f1f2f1e32c52b2ef84382e9f88a20684e4dbb93820fc0"}, [0x0, 0x6, 0x1000, 0x401, 0x3f, 0x8, 0x9, 0x100, 0x2, 0x0, 0x9, 0x100000001, 0xda2, 0x55, 0x1, 0x52f75235, 0x4, 0x4, 0x63b, 0x3, 0x20, 0x20, 0x1ff, 0x401, 0x1add, 0x5, 0x2, 0x1f, 0x9, 0x8, 0x4, 0x6bc, 0x4, 0x6, 0x2, 0x1, 0x1, 0xffffffffffff0a31, 0x3, 0xa25, 0xffffffff, 0x5, 0x82, 0x2, 0x1, 0x3, 0x3ff, 0x20000000, 0x5, 0x1, 0x2, 0x8, 0x0, 0x3ff, 0xfffffffffffff366, 0xffff, 0x7fffffff, 0x8000, 0x1000, 0xfff, 0x3ff, 0x8001, 0xffff, 0x1]})
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r2)

10:22:07 executing program 2:
r0 = socket(0x2, 0x80000, 0x0)
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
ioctl$BTRFS_IOC_DEV_INFO(r1, 0xd000941e, &(0x7f0000000140)={0x0, "2fc4ec8a09c1cee03db7c5d23ee6dfc8"})
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}}, 0x0)

10:22:07 executing program 1:
r0 = socket(0x0, 0x5, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000000c0)={0x0}}, 0x0)

10:22:07 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x100488d0}, 0x0)

10:22:07 executing program 4:
socket(0x0, 0x5, 0x2)

10:22:07 executing program 3:
r0 = socket(0x2, 0x6, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x80, 0x0)
ioctl$SIOCGIFHWADDR(r2, 0x8927, &(0x7f0000000280)={'veth0_to_bond\x00'})
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000100), r1)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000240)={'batadv_slave_1\x00', <r4=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r5=>0x0})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r7, 0x1}, 0x14}}, 0x0)
sendmsg$BATADV_CMD_GET_ORIGINATORS(r0, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB="2400b6fb", @ANYRES16=r7, @ANYBLOB="100026bd7000fddbdf2508000000080034009aaf00000500330000000000"], 0x24}, 0x1, 0x0, 0x0, 0x4004001}, 0x20000891)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='\"\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000128bd7000fcdbdf250c00000008000600", @ANYRES32=r4, @ANYBLOB="0a000900bbbbbbbbbbbb000008000300", @ANYRES32=0x0, @ANYBLOB="08000300", @ANYRES32=r5, @ANYBLOB], 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x4008010)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000000), r0)
ioctl$SNAPSHOT_SET_SWAP_AREA(r1, 0x400c330d, &(0x7f00000003c0)={0xb29, 0x7f})
shmget$private(0x0, 0x1000, 0x10, &(0x7f0000ffc000/0x1000)=nil)

10:22:07 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='jbd2_run_stats\x00'}, 0x10)

10:22:07 executing program 5:
r0 = socket(0x2c, 0x3, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)

10:22:07 executing program 1:
r0 = socket(0x2, 0x0, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000000c0)={0x0}}, 0x0)

10:22:07 executing program 2:
r0 = socket(0x2, 0xa, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_GET_ORIGINATORS(r1, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x2c, 0x0, 0x8, 0x70bd25, 0x25dfdbfb, {}, [@BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x8}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0xc4}, 0x20000004)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={0x0}}, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r0, 0x28, 0x0, &(0x7f0000000080)=0xcee, 0x8)

10:22:08 executing program 3:
r0 = socket(0x2, 0x6, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x80, 0x0)
ioctl$SIOCGIFHWADDR(r2, 0x8927, &(0x7f0000000280)={'veth0_to_bond\x00'})
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000100), r1)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000240)={'batadv_slave_1\x00', <r4=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r5=>0x0})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r7, 0x1}, 0x14}}, 0x0)
sendmsg$BATADV_CMD_GET_ORIGINATORS(r0, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB="2400b6fb", @ANYRES16=r7, @ANYBLOB="100026bd7000fddbdf2508000000080034009aaf00000500330000000000"], 0x24}, 0x1, 0x0, 0x0, 0x4004001}, 0x20000891)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='\"\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000128bd7000fcdbdf250c00000008000600", @ANYRES32=r4, @ANYBLOB="0a000900bbbbbbbbbbbb000008000300", @ANYRES32=0x0, @ANYBLOB="08000300", @ANYRES32=r5, @ANYBLOB], 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x4008010)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000000), r0)
ioctl$SNAPSHOT_SET_SWAP_AREA(r1, 0x400c330d, &(0x7f00000003c0)={0xb29, 0x7f})

10:22:08 executing program 4:
socket(0x0, 0x5, 0x2)

10:22:08 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r1 = openat$incfs(0xffffffffffffffff, &(0x7f0000000000)='.pending_reads\x00', 0x250000, 0x8)
ioctl$TUNDETACHFILTER(r1, 0x401054d6, 0x0)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0, 0x0, 0x0, <r2=>0xffffffffffffffff})
r3 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r3, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
r4 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r4, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$VIDIOC_EXPBUF(r4, 0xc0405610, &(0x7f0000000040)={0x5, 0xa5, 0x169a29e5, 0x800})
r5 = openat$incfs(0xffffffffffffffff, &(0x7f0000000440)='.pending_reads\x00', 0x40, 0x80)
shmctl$SHM_STAT_ANY(0x0, 0xf, &(0x7f0000000bc0)=""/4096)
shmget$private(0x0, 0x3000, 0x40, &(0x7f0000ffd000/0x3000)=nil)
ioctl$MON_IOCH_MFLUSH(r5, 0x9208, 0xce)
ioctl$VIDIOC_EXPBUF(r4, 0xc0405610, &(0x7f0000000100)={0x2, 0x1, 0x1729, 0x4000, r5})
ioctl$BTRFS_IOC_RESIZE(r3, 0x50009403, &(0x7f00000001c0)=ANY=[@ANYRES32=r2, @ANYBLOB='\x00\x00\x00\x00', @ANYRESDEC=0x0, @ANYBLOB="7697bbd9c4716b3e8492d9283a1bd9fe9fdc4cbf38ad3845695587dd39b2d49a32f77cd41b951ecdf0356014f433274f7c6fb6cbd48ce20131ed8ae5d9d942379d24606c2c7fcc54d24917bd1cb370b863075c98f2d1eda51654ffbb6e1717ea372c2cc1410d6679fba605a19edc41471b51b4c034fcdb8ae61590cd7f7338ac563d72e1621987b4d36a6307aa42447ad9719be067fe3c96659962a901cd71e3b29b6f8a1a71425fb6e63bc7f3bcb022c47575"])

10:22:08 executing program 5:
r0 = socket(0x2c, 0x3, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)

10:22:08 executing program 2:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000040)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x20000080}, 0x1)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2, @ANYBLOB="010000000000000000000000000003854ca583bb4757370a9d624d4b9aaaf8afe1befa9df633b006d06ddb658403bbaf723e05cd0b7dd795b20a729cead513369cb9ab48652249389a4f0658481fcb2b196099cf3f3a9ad4ccb3496a4ec01a054af2b62a8da0a72e81dac901bee0fec04a1bba431794ec97a61a40d29fdd8f7f904e995aea24"], 0x14}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_GET_MESH(r0, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x10000802}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x34, r2, 0x400, 0x70bd28, 0x25dfdbff, {}, [@BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x2}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x40880}, 0x40091)
sendmsg$BATADV_CMD_GET_VLAN(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x2c, r2, 0x400, 0x70bd28, 0x25dfdbfe, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r3}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000041}, 0x20000085)

10:22:08 executing program 3:
r0 = socket(0x2, 0x6, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x80, 0x0)
ioctl$SIOCGIFHWADDR(r2, 0x8927, &(0x7f0000000280)={'veth0_to_bond\x00'})
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000100), r1)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000240)={'batadv_slave_1\x00', <r4=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r5=>0x0})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r7, 0x1}, 0x14}}, 0x0)
sendmsg$BATADV_CMD_GET_ORIGINATORS(r0, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB="2400b6fb", @ANYRES16=r7, @ANYBLOB="100026bd7000fddbdf2508000000080034009aaf00000500330000000000"], 0x24}, 0x1, 0x0, 0x0, 0x4004001}, 0x20000891)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='\"\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000128bd7000fcdbdf250c00000008000600", @ANYRES32=r4, @ANYBLOB="0a000900bbbbbbbbbbbb000008000300", @ANYRES32=0x0, @ANYBLOB="08000300", @ANYRES32=r5, @ANYBLOB], 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x4008010)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000000), r0)

10:22:08 executing program 1:
r0 = socket(0x2, 0x0, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000000c0)={0x0}}, 0x0)

10:22:08 executing program 4:
socket(0x18, 0x0, 0x2)

10:22:08 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0, 0x0, 0x0, <r1=>0xffffffffffffffff})
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r2)
ioctl$vim2m_VIDIOC_PREPARE_BUF(0xffffffffffffffff, 0xc058565d, &(0x7f0000000000)={0x4, 0x0, 0x4, 0x4000, 0xfffffd7b, {0x77359400}, {0x2, 0x0, 0xe2, 0xe1, 0x3, 0x1, "fbb3ea2c"}, 0x0, 0x1, @fd=r2, 0x1, 0x0, r1})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f00000000c0)={'batadv0\x00', <r4=>0x0})
ioctl$VIDIOC_DQBUF(r0, 0xc0585611, &(0x7f0000000100)={0x6, 0x8, 0x4, 0x40, 0xc, {0x77359400}, {0x3, 0xc, 0x80, 0xe9, 0x7, 0x2, '*\n5p'}, 0x1000, 0x2, @userptr=0x8, 0x4230efb7, 0x0, r2})
sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r2, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="040026bd7000fedbdf2506000000060028000300000005002f000000000008000300", @ANYRES32=r4, @ANYBLOB="050038000100000008002b0045000000050030000100000005002f0001000000080034000800e400fac16375f9923d0000"], 0x54}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)

10:22:08 executing program 5:
r0 = socket(0x2c, 0x3, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)

10:22:08 executing program 2:
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0xf6, 0x10001, 0x1, 0x1f, 0xd8, 0x4], 0x6, 0x80000, 0x0, <r0=>0xffffffffffffffff})
ioctl$NS_GET_PARENT(r0, 0xb702, 0x0)
r1 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r1, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}}, 0x0)

10:22:09 executing program 3:
r0 = socket(0x2, 0x6, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x80, 0x0)
ioctl$SIOCGIFHWADDR(r2, 0x8927, &(0x7f0000000280)={'veth0_to_bond\x00'})
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000100), r1)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000240)={'batadv_slave_1\x00', <r4=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r5=>0x0})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r7, 0x1}, 0x14}}, 0x0)
sendmsg$BATADV_CMD_GET_ORIGINATORS(r0, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB="2400b6fb", @ANYRES16=r7, @ANYBLOB="100026bd7000fddbdf2508000000080034009aaf00000500330000000000"], 0x24}, 0x1, 0x0, 0x0, 0x4004001}, 0x20000891)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='\"\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000128bd7000fcdbdf250c00000008000600", @ANYRES32=r4, @ANYBLOB="0a000900bbbbbbbbbbbb000008000300", @ANYRES32=0x0, @ANYBLOB="08000300", @ANYRES32=r5, @ANYBLOB], 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x4008010)

10:22:09 executing program 4:
socket(0x18, 0x0, 0x0)

10:22:09 executing program 5:
r0 = socket(0x2c, 0x3, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)

10:22:09 executing program 1:
r0 = socket(0x2, 0x0, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000000c0)={0x0}}, 0x0)

10:22:09 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000040), 0x2, 0x2)
syz_open_dev$dri(&(0x7f00000000c0), 0x1f, 0x20c002)
clock_gettime(0x0, &(0x7f0000000080)={<r1=>0x0, <r2=>0x0})
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r3)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {r1, r2/1000+10000}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x2, @planes=0x0, 0x0, 0x0, r3})
clock_gettime(0x4, &(0x7f0000000100))
bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x0, 0x2710, @hyper}, 0x10)
r4 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r5 = socket$bt_bnep(0x1f, 0x3, 0x4)
ioctl$VIDIOC_QUERYBUF(r4, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
ioctl$BTRFS_IOC_GET_DEV_STATS(r5, 0xc4089434, &(0x7f00000001c0)={0x0, 0x9, 0x0, [0xfffffffffffffbff, 0x4, 0x3, 0x1, 0x8], [0x8, 0xedfc, 0xfffffffffffffc00, 0x0, 0x5, 0x3ff, 0x1, 0x10, 0x5, 0xecd, 0x200, 0x7, 0x3299, 0x8, 0x7, 0xfffffffffffffffa, 0x7, 0xf720, 0x0, 0x2, 0x3, 0x1, 0x6, 0x1c8d, 0xf800000000000, 0x8, 0x99, 0xffff, 0x6, 0x7, 0x6, 0xa64d, 0xfffffffffffffffb, 0x5, 0x1, 0x0, 0x2, 0x5, 0xb3, 0x98b, 0x5, 0x6, 0xd4, 0x6124, 0x0, 0xfffffffffffff50b, 0x0, 0x9, 0x10000, 0xa8, 0x400, 0x100, 0x4, 0x3, 0x5, 0x6, 0x0, 0x7, 0x4, 0x5, 0x1, 0x401, 0x2, 0x7fff, 0xb43a, 0x7ff, 0x81, 0x200, 0x5, 0x64, 0x4, 0x2, 0x7fff, 0x1, 0x2, 0x6, 0x100, 0x8001, 0x1e5, 0x1, 0x1, 0xffffffffffff3706, 0xfffffffffffff801, 0xfffffffffffffffb, 0x3, 0xffffffff, 0x39, 0x4a, 0xfffffffffffeffff, 0x5, 0x5, 0x1, 0x1, 0x9, 0x43, 0x4, 0x20, 0xffffffffffff63af, 0x0, 0x1, 0x10, 0x1000, 0x3, 0x6d1d, 0x2, 0x3d, 0x4, 0x5, 0xfff, 0x8000, 0x9c63, 0x1, 0x10001, 0x4, 0x7ff, 0x9, 0x8, 0x5, 0x9, 0x9, 0x5]})
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r6)
ioctl$VIDIOC_EXPBUF(r4, 0xc0405610, &(0x7f0000000140)={0x6, 0x1000, 0x470, 0x80800, r6})

10:22:09 executing program 2:
socket(0x2, 0xa, 0x0)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x24000000}, 0x800)

10:22:09 executing program 4:
socket(0x18, 0x0, 0x0)

10:22:09 executing program 3:
r0 = socket(0x2, 0x6, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x80, 0x0)
ioctl$SIOCGIFHWADDR(r2, 0x8927, &(0x7f0000000280)={'veth0_to_bond\x00'})
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
syz_genetlink_get_family_id$batadv(&(0x7f0000000100), r1)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000240)={'batadv_slave_1\x00'})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140))
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r4, 0x1}, 0x14}}, 0x0)
sendmsg$BATADV_CMD_GET_ORIGINATORS(r0, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB="2400b6fb", @ANYRES16=r4, @ANYBLOB="100026bd7000fddbdf2508000000080034009aaf00000500330000000000"], 0x24}, 0x1, 0x0, 0x0, 0x4004001}, 0x20000891)

[ 3213.215232][ T1265] ieee802154 phy0 wpan0: encryption failed: -22
[ 3213.221934][ T1265] ieee802154 phy1 wpan1: encryption failed: -22
10:22:09 executing program 5:
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)

10:22:10 executing program 2:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}}, 0x0)
ioctl$SNDRV_PCM_IOCTL_DELAY(0xffffffffffffffff, 0x80084121, &(0x7f0000000040))

10:22:10 executing program 0:
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000000c0)={'syztnl1\x00', &(0x7f0000000040)={'syztnl2\x00', <r0=>0x0, 0x2f, 0xe9, 0x7f, 0x1f, 0x12, @loopback, @private0, 0x20, 0x7800, 0x4, 0xc9}})
sendmsg$GTP_CMD_DELPDP(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x2c, 0x0, 0x4, 0x70bd2c, 0x25dfdbfb, {}, [@GTPA_MS_ADDRESS={0x8, 0x5, @multicast1}, @GTPA_VERSION={0x8}, @GTPA_LINK={0x8, 0x1, r0}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40084}, 0x4080)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r2, 0x1}, 0x14}}, 0x0)
sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x14, r2, 0x100, 0x70bd26, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x50}, 0x0)
r3 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r3, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})

10:22:10 executing program 4:
socket(0x18, 0x0, 0x0)

10:22:10 executing program 1:
socket(0x2, 0x5, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000000c0)={0x0}}, 0x0)

10:22:10 executing program 3:
r0 = socket(0x2, 0x6, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x80, 0x0)
ioctl$SIOCGIFHWADDR(r2, 0x8927, &(0x7f0000000280)={'veth0_to_bond\x00'})
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
syz_genetlink_get_family_id$batadv(&(0x7f0000000100), r1)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000240)={'batadv_slave_1\x00'})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140))
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r4, 0x1}, 0x14}}, 0x0)

10:22:10 executing program 5:
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)

10:22:10 executing program 2:
r0 = socket(0x2, 0xa, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}}, 0x0)
r1 = syz_open_dev$sndpcmp(&(0x7f0000000040), 0x80, 0x80000)
ioctl$SNDRV_PCM_IOCTL_DRAIN(r1, 0x4144, 0x0)

10:22:10 executing program 4:
r0 = socket(0x0, 0x5, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000000c0)={0x0}}, 0x0)

10:22:10 executing program 0:
r0 = socket(0x2a, 0x800, 0x3)
r1 = syz_genetlink_get_family_id$gtp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$GTP_CMD_GETPDP(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x30, r1, 0x8, 0x70bd2a, 0x25dfdbfe, {}, [@GTPA_VERSION={0x8}, @GTPA_O_TEI={0x8, 0x9, 0x1}, @GTPA_TID={0xc, 0x3, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0xf560341084ded694}, 0x4008000)
r2 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r2, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})

10:22:10 executing program 1:
socket(0x2, 0x5, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000000c0)={0x0}}, 0x0)

10:22:10 executing program 5:
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)

10:22:10 executing program 3:
r0 = socket(0x2, 0x6, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x80, 0x0)
ioctl$SIOCGIFHWADDR(r2, 0x8927, &(0x7f0000000280)={'veth0_to_bond\x00'})
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
syz_genetlink_get_family_id$batadv(&(0x7f0000000100), r1)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000240)={'batadv_slave_1\x00'})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140))
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)

10:22:11 executing program 2:
r0 = socket(0x2c, 0x3, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)

10:22:11 executing program 5:
r0 = socket(0x0, 0x3, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)

10:22:11 executing program 1:
socket(0x2, 0x5, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000000c0)={0x0}}, 0x0)

10:22:11 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0, 0x0, 0x0, <r1=>0xffffffffffffffff})
r2 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000000)='.pending_reads\x00', 0x400, 0x8)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r4 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000140), 0x2)
ioctl$UDMABUF_CREATE(r4, 0x40187542, &(0x7f0000000240)={r3, 0x0, 0x8000, 0x1000000})
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r3)
ioctl$VIDIOC_DQBUF(r2, 0xc0585611, &(0x7f0000000040)={0xfffffff9, 0x1, 0x4, 0x70000, 0xfff, {0x0, 0xea60}, {0x1, 0x1, 0x1, 0x2, 0x40, 0x7f, "35e24aa8"}, 0x91f, 0x2, @offset=0x81e, 0x7, 0x0, r3})
r5 = openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0), 0xb50ce7e5cbc9e132, 0x0)
mmap$snddsp_status(&(0x7f0000ffc000/0x3000)=nil, 0x1000, 0xe, 0x810, r2, 0x82000000)
clock_gettime(0x0, &(0x7f0000000100)={<r6=>0x0, <r7=>0x0})
ioctl$VIDIOC_DQBUF(r5, 0xc0585611, &(0x7f00000001c0)={0xfff, 0x1, 0x4, 0x400, 0xb3df, {r6, r7/1000+10000}, {0x4, 0x2, 0xda, 0x2, 0x4b, 0x7f, "cecb450b"}, 0xfff, 0x4, @offset=0x7c0927e9, 0x5, 0x0, r1})

10:22:11 executing program 4:
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff)
ioctl$TUNSETFILTEREBPF(0xffffffffffffffff, 0x800454e1, &(0x7f0000000000))
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_genetlink_get_family_id$gtp(&(0x7f0000000080), r0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r2=>0x0})
sendmsg$GTP_CMD_NEWPDP(r0, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x40, r1, 0x100, 0x70bd27, 0x25dfdbff, {}, [@GTPA_VERSION={0x8, 0x2, 0x1}, @GTPA_I_TEI={0x8, 0x8, 0x2}, @GTPA_MS_ADDRESS={0x8, 0x5, @rand_addr=0x64010101}, @GTPA_LINK={0x8, 0x1, r2}, @GTPA_TID={0xc, 0x3, 0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000000}, 0x1)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)

10:22:11 executing program 3:
r0 = socket(0x2, 0x6, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x80, 0x0)
ioctl$SIOCGIFHWADDR(r2, 0x8927, &(0x7f0000000280)={'veth0_to_bond\x00'})
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
syz_genetlink_get_family_id$batadv(&(0x7f0000000100), r1)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000240)={'batadv_slave_1\x00'})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140))
socket$nl_generic(0x10, 0x3, 0x10)

10:22:11 executing program 2:
r0 = socket(0x2c, 0x3, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)

10:22:11 executing program 1:
r0 = socket(0x2, 0x5, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, 0x0, 0x0)

10:22:11 executing program 5:
r0 = socket(0x0, 0x3, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)

10:22:11 executing program 4:
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff)
ioctl$TUNSETFILTEREBPF(0xffffffffffffffff, 0x800454e1, &(0x7f0000000000))
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_genetlink_get_family_id$gtp(&(0x7f0000000080), r0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r2=>0x0})
sendmsg$GTP_CMD_NEWPDP(r0, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x40, r1, 0x100, 0x70bd27, 0x25dfdbff, {}, [@GTPA_VERSION={0x8, 0x2, 0x1}, @GTPA_I_TEI={0x8, 0x8, 0x2}, @GTPA_MS_ADDRESS={0x8, 0x5, @rand_addr=0x64010101}, @GTPA_LINK={0x8, 0x1, r2}, @GTPA_TID={0xc, 0x3, 0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000000}, 0x1)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)

10:22:11 executing program 0:
fchmodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x100)
r0 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x100)
ioctl$SNDRV_PCM_IOCTL_PAUSE(r0, 0x40044145, &(0x7f0000000040)=0x2)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000140), r1)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r4, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x40, r2, 0x100, 0x70bd2d, 0x25dfdbfe, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x3}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x1f}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @broadcast}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}]}, 0x40}}, 0x8081)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r1, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x44, r3, 0x4, 0x70bd29, 0x25dfdbfe, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x2}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x6}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}]}, 0x44}, 0x1, 0x0, 0x0, 0x800}, 0x4008094)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000080)='highspeed\x00', 0xa)
r5 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r6)
ioctl$SNDRV_PCM_IOCTL_DRAIN(r6, 0x4144, 0x0)
ioctl$VIDIOC_DQBUF(r5, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})

10:22:12 executing program 3:
r0 = socket(0x2, 0x6, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x80, 0x0)
ioctl$SIOCGIFHWADDR(r2, 0x8927, &(0x7f0000000280)={'veth0_to_bond\x00'})
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
syz_genetlink_get_family_id$batadv(&(0x7f0000000100), r1)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000240)={'batadv_slave_1\x00'})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140))

10:22:12 executing program 1:
r0 = socket(0x2, 0x5, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, 0x0, 0x0)

10:22:12 executing program 5:
r0 = socket(0x0, 0x3, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)

10:22:12 executing program 2:
r0 = socket(0x2c, 0x3, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)

10:22:12 executing program 4:
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff)
ioctl$TUNSETFILTEREBPF(0xffffffffffffffff, 0x800454e1, &(0x7f0000000000))
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_genetlink_get_family_id$gtp(&(0x7f0000000080), r0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r2=>0x0})
sendmsg$GTP_CMD_NEWPDP(r0, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x40, r1, 0x100, 0x70bd27, 0x25dfdbff, {}, [@GTPA_VERSION={0x8, 0x2, 0x1}, @GTPA_I_TEI={0x8, 0x8, 0x2}, @GTPA_MS_ADDRESS={0x8, 0x5, @rand_addr=0x64010101}, @GTPA_LINK={0x8, 0x1, r2}, @GTPA_TID={0xc, 0x3, 0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000000}, 0x1)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)

10:22:12 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x9, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0xc5356c4f0bee0a5e, @planes=0x0})
syz_open_dev$vivid(&(0x7f0000000000), 0x0, 0x2)
ioctl$SNDRV_PCM_IOCTL_RESET(0xffffffffffffffff, 0x4141, 0x0)
pipe2$9p(&(0x7f0000000040), 0x84000)

10:22:12 executing program 3:
r0 = socket(0x2, 0x6, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x80, 0x0)
ioctl$SIOCGIFHWADDR(r2, 0x8927, &(0x7f0000000280)={'veth0_to_bond\x00'})
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
syz_genetlink_get_family_id$batadv(&(0x7f0000000100), r1)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000240)={'batadv_slave_1\x00'})

10:22:12 executing program 1:
r0 = socket(0x2, 0x5, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, 0x0, 0x0)

10:22:12 executing program 2:
socket(0x2c, 0x3, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)

10:22:12 executing program 5:
r0 = socket(0x2c, 0x0, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)

10:22:13 executing program 4:
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff)
ioctl$TUNSETFILTEREBPF(0xffffffffffffffff, 0x800454e1, &(0x7f0000000000))
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_genetlink_get_family_id$gtp(&(0x7f0000000080), r0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r2=>0x0})
sendmsg$GTP_CMD_NEWPDP(r0, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x40, r1, 0x100, 0x70bd27, 0x25dfdbff, {}, [@GTPA_VERSION={0x8, 0x2, 0x1}, @GTPA_I_TEI={0x8, 0x8, 0x2}, @GTPA_MS_ADDRESS={0x8, 0x5, @rand_addr=0x64010101}, @GTPA_LINK={0x8, 0x1, r2}, @GTPA_TID={0xc, 0x3, 0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000000}, 0x1)

10:22:13 executing program 3:
r0 = socket(0x2, 0x6, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x80, 0x0)
ioctl$SIOCGIFHWADDR(r2, 0x8927, &(0x7f0000000280)={'veth0_to_bond\x00'})
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000240)={'batadv_slave_1\x00'})

10:22:13 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
r2 = ioctl$NS_GET_PARENT(r1, 0xb702, 0x0)
ioctl$NS_GET_NSTYPE(r2, 0xb703, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, 0xffffffffffffffff)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})

10:22:13 executing program 2:
socket(0x2c, 0x3, 0x0)

10:22:13 executing program 5:
r0 = socket(0x2c, 0x0, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)

10:22:13 executing program 1:
r0 = socket(0x2, 0x5, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)

10:22:13 executing program 4:
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff)
ioctl$TUNSETFILTEREBPF(0xffffffffffffffff, 0x800454e1, &(0x7f0000000000))
r0 = socket(0x11, 0x3, 0x0)
syz_genetlink_get_family_id$gtp(&(0x7f0000000080), r0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140))

10:22:13 executing program 3:
r0 = socket(0x2, 0x6, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x80, 0x0)
ioctl$SIOCGIFHWADDR(r1, 0x8927, &(0x7f0000000280)={'veth0_to_bond\x00'})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000240)={'batadv_slave_1\x00'})

10:22:13 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(0xffffffffffffffff, 0x28, 0x1, &(0x7f0000000000), 0x8)
ioctl$VIDIOC_DQBUF(r0, 0xc0585611, &(0x7f0000000040)={0x1, 0x2, 0x4, 0x1, 0x7fffffff, {}, {0x3, 0x1, 0x1, 0x74, 0x1, 0x0, "519df5a0"}, 0x8001, 0x2, @offset=0x7ff, 0x5, 0x0, <r1=>0xffffffffffffffff})
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x4, 0x0, 0x4, 0x800, 0x0, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0, 0x0, 0x0, r1})
syz_open_dev$vivid(&(0x7f00000000c0), 0x2, 0x2)

10:22:13 executing program 5:
r0 = socket(0x2c, 0x0, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)

10:22:13 executing program 2:
socket(0x0, 0x3, 0x0)

10:22:13 executing program 1:
r0 = socket(0x2, 0x5, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)

10:22:14 executing program 4:
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff)
ioctl$TUNSETFILTEREBPF(0xffffffffffffffff, 0x800454e1, &(0x7f0000000000))
r0 = socket(0x11, 0x3, 0x0)
syz_genetlink_get_family_id$gtp(&(0x7f0000000080), r0)

10:22:14 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
ioctl$VIDIOC_QUERYBUF(0xffffffffffffffff, 0xc0585609, &(0x7f0000000000)={0x200, 0x4, 0x4, 0x0, 0xf, {0x0, 0xea60}, {0x5, 0x2, 0x1f, 0x4, 0x79, 0x2, '<5i\b'}, 0x5, 0x3, @fd=r1, 0x5})
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x8, 0x0, {0x0, 0x2710}, {0x0, 0xc, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})

10:22:14 executing program 5:
socket(0x2c, 0x3, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)

10:22:14 executing program 3:
r0 = socket(0x2, 0x6, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x80, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000240)={'batadv_slave_1\x00'})

10:22:14 executing program 1:
r0 = socket(0x2, 0x5, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)

10:22:14 executing program 2:
socket(0x0, 0x3, 0x0)

10:22:14 executing program 4:
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff)
ioctl$TUNSETFILTEREBPF(0xffffffffffffffff, 0x800454e1, &(0x7f0000000000))
syz_genetlink_get_family_id$gtp(&(0x7f0000000080), 0xffffffffffffffff)

10:22:14 executing program 5:
socket(0x2c, 0x3, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)

10:22:14 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$BATADV_CMD_TP_METER(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00042abd7000ffdbdf2502000000080034000900000008000600", @ANYRES32=0x0, @ANYBLOB="61225b668bf31aed983eeb9b082a54cf6bdefdee53fa080a543362382da43481525641c3c22abd4c80820c2efe2e20d9ef9a2ab9bc8d46d1e1b76066944378c49067ff7aed44166005283dde4bff470f74cb38501499f6cf"], 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x40044)
r2 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r2, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})

10:22:14 executing program 1:
r0 = socket(0x2, 0x5, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)

10:22:15 executing program 3:
r0 = socket(0x2, 0x6, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000240)={'batadv_slave_1\x00'})

10:22:15 executing program 4:
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff)
ioctl$TUNSETFILTEREBPF(0xffffffffffffffff, 0x800454e1, &(0x7f0000000000))
syz_genetlink_get_family_id$gtp(&(0x7f0000000080), 0xffffffffffffffff)

10:22:15 executing program 2:
socket(0x0, 0x3, 0x0)

10:22:15 executing program 5:
socket(0x2c, 0x3, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)

10:22:15 executing program 1:
fchmodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x100)
r0 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x100)
ioctl$SNDRV_PCM_IOCTL_PAUSE(r0, 0x40044145, &(0x7f0000000040)=0x2)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000140), r1)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r4, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x40, r2, 0x100, 0x70bd2d, 0x25dfdbfe, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x3}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x1f}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @broadcast}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}]}, 0x40}}, 0x8081)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r1, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x44, r3, 0x4, 0x70bd29, 0x25dfdbfe, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x2}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x6}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}]}, 0x44}, 0x1, 0x0, 0x0, 0x800}, 0x4008094)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000080)='highspeed\x00', 0xa)
r5 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r6)
ioctl$SNDRV_PCM_IOCTL_DRAIN(r6, 0x4144, 0x0)
ioctl$VIDIOC_DQBUF(r5, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})

10:22:15 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x6, 0x4, 0x8, 0x0, {0x0, 0x2710}, {0x0, 0xc, 0x0, 0x0, 0x5, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})

10:22:15 executing program 3:
r0 = socket(0x2, 0x6, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000240)={'batadv_slave_1\x00'})

10:22:15 executing program 4:
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff)
ioctl$TUNSETFILTEREBPF(0xffffffffffffffff, 0x800454e1, &(0x7f0000000000))
syz_genetlink_get_family_id$gtp(&(0x7f0000000080), 0xffffffffffffffff)

10:22:15 executing program 2:
socket(0x2c, 0x0, 0x0)

10:22:15 executing program 5:
r0 = socket(0x2c, 0x3, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, 0x0, 0x0)

10:22:16 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
socket$nl_rdma(0x10, 0x3, 0x14)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})
r1 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000000)='.pending_reads\x00', 0x8102, 0x4)
clock_gettime(0x0, &(0x7f0000000040)={<r2=>0x0, <r3=>0x0})
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r4)
sendmsg$AUDIT_GET(r4, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)={0x10, 0x3e8, 0x1, 0x70bd25, 0x25dfdbfe, "", ["", "", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x10000800}, 0x841)
ioctl$VIDIOC_DQBUF(r1, 0xc0585611, &(0x7f00000000c0)={0x8, 0x9, 0x4, 0x100, 0x6, {r2, r3/1000+10000}, {0x6, 0x8, 0xea, 0x8, 0xff, 0x0, "5145df02"}, 0x7ff, 0x2, @planes=&(0x7f0000000080)={0x2, 0x3, @mem_offset=0x8001, 0x7}, 0x4, 0x0, r4})

10:22:16 executing program 3:
r0 = socket(0x2, 0x6, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000240)={'batadv_slave_1\x00'})

10:22:16 executing program 1:
fchmodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x100)
r0 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x100)
ioctl$SNDRV_PCM_IOCTL_PAUSE(r0, 0x40044145, &(0x7f0000000040)=0x2)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000140), r1)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r4, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x40, r2, 0x100, 0x70bd2d, 0x25dfdbfe, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x3}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x1f}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @broadcast}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}]}, 0x40}}, 0x8081)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r1, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x44, r3, 0x4, 0x70bd29, 0x25dfdbfe, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x2}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x6}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}]}, 0x44}, 0x1, 0x0, 0x0, 0x800}, 0x4008094)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000080)='highspeed\x00', 0xa)
r5 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r6)
ioctl$SNDRV_PCM_IOCTL_DRAIN(r6, 0x4144, 0x0)
ioctl$VIDIOC_DQBUF(r5, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})

10:22:16 executing program 2:
socket(0x2c, 0x0, 0x0)

10:22:16 executing program 4:
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff)
r0 = socket(0x11, 0x3, 0x0)
syz_genetlink_get_family_id$gtp(&(0x7f0000000080), r0)

10:22:16 executing program 5:
r0 = socket(0x2c, 0x3, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, 0x0, 0x0)

10:22:16 executing program 3:
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'batadv_slave_1\x00'})

10:22:16 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
socketpair(0x2b, 0x4, 0x9, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r2)
ioctl$VIDIOC_DQBUF(r1, 0xc0585611, &(0x7f0000000000)={0x401, 0x4, 0x4, 0x10000, 0x0, {0x0, 0xea60}, {0x3, 0x8, 0xcf, 0x1f, 0x1, 0x74, "43b8a663"}, 0x5666000, 0x1, @userptr=0x5, 0x44e7})
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})

10:22:16 executing program 1:
fchmodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x100)
r0 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x100)
ioctl$SNDRV_PCM_IOCTL_PAUSE(r0, 0x40044145, &(0x7f0000000040)=0x2)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000140), r1)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r4, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x40, r2, 0x100, 0x70bd2d, 0x25dfdbfe, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x3}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x1f}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @broadcast}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}]}, 0x40}}, 0x8081)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r1, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x44, r3, 0x4, 0x70bd29, 0x25dfdbfe, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x2}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x6}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}]}, 0x44}, 0x1, 0x0, 0x0, 0x800}, 0x4008094)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000080)='highspeed\x00', 0xa)
r5 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r6)
ioctl$SNDRV_PCM_IOCTL_DRAIN(r6, 0x4144, 0x0)
ioctl$VIDIOC_DQBUF(r5, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})

10:22:16 executing program 2:
socket(0x2c, 0x0, 0x0)

10:22:16 executing program 4:
r0 = socket(0x11, 0x3, 0x0)
syz_genetlink_get_family_id$gtp(&(0x7f0000000080), r0)

10:22:16 executing program 5:
r0 = socket(0x2c, 0x3, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, 0x0, 0x0)

10:22:17 executing program 3:
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'batadv_slave_1\x00'})

10:22:17 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})
r1 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
shmctl$IPC_RMID(r1, 0x0)
shmctl$SHM_STAT(r1, 0xd, &(0x7f0000000000)=""/250)

10:22:17 executing program 1:
fchmodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x100)
r0 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x100)
ioctl$SNDRV_PCM_IOCTL_PAUSE(r0, 0x40044145, &(0x7f0000000040)=0x2)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000140), r1)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r4, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x40, r2, 0x100, 0x70bd2d, 0x25dfdbfe, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x3}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x1f}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @broadcast}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}]}, 0x40}}, 0x8081)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r1, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x44, r3, 0x4, 0x70bd29, 0x25dfdbfe, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x2}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x6}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}]}, 0x44}, 0x1, 0x0, 0x0, 0x800}, 0x4008094)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000080)='highspeed\x00', 0xa)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r5)
ioctl$SNDRV_PCM_IOCTL_DRAIN(r5, 0x4144, 0x0)

10:22:17 executing program 2:
r0 = socket(0x17, 0x5, 0x80)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
sendmsg$BATADV_CMD_GET_NEIGHBORS(r1, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00022abd7000fcdbdf2509000000050035000900000008003200050000000800390003000000085a470034000900000008002b000200000008002b00020000000500380000000000b948d3ef673536d60be65bac8c7461ee8ed4e3b3b1f313cef4267fcc45c9720b3617a768160b4292e5cea0b74c7d2b9014e91460516847325e33e1a4acf5760db149a1de01cd9ed3dc1baf606040494142dcfd23fa1faf"], 0x4c}, 0x1, 0x0, 0x0, 0x4844}, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000000), 0x40, 0x1)

10:22:17 executing program 4:
r0 = socket(0x0, 0x3, 0x0)
syz_genetlink_get_family_id$gtp(&(0x7f0000000080), r0)

10:22:17 executing program 3:
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'batadv_slave_1\x00'})

10:22:17 executing program 5:
r0 = socket(0x2c, 0x3, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)

10:22:17 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='cachefiles_mark_active\x00'}, 0x10)

10:22:17 executing program 1:
fchmodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x100)
r0 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x100)
ioctl$SNDRV_PCM_IOCTL_PAUSE(r0, 0x40044145, &(0x7f0000000040)=0x2)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000140), r1)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r4, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x40, r2, 0x100, 0x70bd2d, 0x25dfdbfe, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x3}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x1f}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @broadcast}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}]}, 0x40}}, 0x8081)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r1, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x44, r3, 0x4, 0x70bd29, 0x25dfdbfe, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x2}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x6}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}]}, 0x44}, 0x1, 0x0, 0x0, 0x800}, 0x4008094)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000080)='highspeed\x00', 0xa)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r5)

10:22:17 executing program 4:
r0 = socket(0x0, 0x3, 0x0)
syz_genetlink_get_family_id$gtp(&(0x7f0000000080), r0)

10:22:17 executing program 3:
r0 = socket(0x0, 0x6, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000240)={'batadv_slave_1\x00'})

10:22:18 executing program 5:
r0 = socket(0x2c, 0x3, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)

10:22:18 executing program 2:
r0 = socket(0x2, 0x6, 0x0)
sendmsg$BATADV_CMD_GET_MESH(r0, 0x0, 0x40441c5)

10:22:18 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0, 0x0, 0x0, <r1=>0xffffffffffffffff})
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r2)
r3 = openat$incfs(0xffffffffffffffff, &(0x7f00000000c0)='.log\x00', 0xcc000, 0x4c)
ioctl$vim2m_VIDIOC_QUERYBUF(0xffffffffffffffff, 0xc0585609, &(0x7f0000000140)={0x2, 0x1, 0x4, 0x10000, 0x8, {0x77359400}, {0x5, 0xc, 0x7, 0x0, 0x8, 0x8, "49ae682c"}, 0x80, 0x1, @fd, 0xfffffff9, 0x0, <r4=>r1})
ioctl$vim2m_VIDIOC_QUERYBUF(r2, 0xc0585609, &(0x7f00000001c0)={0x40, 0x1, 0x4, 0x2000, 0x1, {0x0, 0xea60}, {0x3, 0x8, 0x5, 0x9, 0x6, 0x4, "4e81a6ff"}, 0x2, 0x1, @planes=&(0x7f0000000100)={0x9, 0x8, @fd=r3, 0x4}, 0x3, 0x0, r4})

10:22:18 executing program 1:
fchmodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x100)
r0 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x100)
ioctl$SNDRV_PCM_IOCTL_PAUSE(r0, 0x40044145, &(0x7f0000000040)=0x2)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000140), r1)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r4, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x40, r2, 0x100, 0x70bd2d, 0x25dfdbfe, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x3}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x1f}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @broadcast}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}]}, 0x40}}, 0x8081)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r1, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x44, r3, 0x4, 0x70bd29, 0x25dfdbfe, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x2}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x6}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}]}, 0x44}, 0x1, 0x0, 0x0, 0x800}, 0x4008094)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000080)='highspeed\x00', 0xa)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)

10:22:18 executing program 5:
r0 = socket(0x2c, 0x3, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)

10:22:18 executing program 4:
r0 = socket(0x0, 0x3, 0x0)
syz_genetlink_get_family_id$gtp(&(0x7f0000000080), r0)

10:22:18 executing program 2:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x8}, 0x0)

10:22:18 executing program 3:
r0 = socket(0x0, 0x6, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000240)={'batadv_slave_1\x00'})

10:22:18 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
clock_gettime(0x0, &(0x7f0000000080)={<r1=>0x0, <r2=>0x0})
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x4000, 0x0, {r1, r2/1000+60000}, {0x0, 0x2, 0x6, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})

10:22:18 executing program 1:
fchmodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x100)
r0 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x100)
ioctl$SNDRV_PCM_IOCTL_PAUSE(r0, 0x40044145, &(0x7f0000000040)=0x2)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000140), r1)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r4, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x40, r2, 0x100, 0x70bd2d, 0x25dfdbfe, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x3}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x1f}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @broadcast}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}]}, 0x40}}, 0x8081)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r1, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x44, r3, 0x4, 0x70bd29, 0x25dfdbfe, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x2}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x6}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}]}, 0x44}, 0x1, 0x0, 0x0, 0x800}, 0x4008094)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000080)='highspeed\x00', 0xa)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)

10:22:19 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:22:19 executing program 2:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x8}, 0x0)

10:22:19 executing program 4:
r0 = socket(0x11, 0x0, 0x0)
syz_genetlink_get_family_id$gtp(&(0x7f0000000080), r0)

10:22:19 executing program 3:
r0 = socket(0x0, 0x6, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000240)={'batadv_slave_1\x00'})

10:22:19 executing program 0:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='westwood\x00', 0x9)
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r1, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})

10:22:19 executing program 1:
fchmodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x100)
r0 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x100)
ioctl$SNDRV_PCM_IOCTL_PAUSE(r0, 0x40044145, &(0x7f0000000040)=0x2)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000140), r1)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r4, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x40, r2, 0x100, 0x70bd2d, 0x25dfdbfe, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x3}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x1f}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @broadcast}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}]}, 0x40}}, 0x8081)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r1, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x44, r3, 0x4, 0x70bd29, 0x25dfdbfe, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x2}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x6}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}]}, 0x44}, 0x1, 0x0, 0x0, 0x800}, 0x4008094)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000080)='highspeed\x00', 0xa)

10:22:19 executing program 2:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x8}, 0x0)

10:22:19 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:22:19 executing program 3:
r0 = socket(0x2, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000240)={'batadv_slave_1\x00'})

10:22:19 executing program 4:
r0 = socket(0x11, 0x0, 0x0)
syz_genetlink_get_family_id$gtp(&(0x7f0000000080), r0)

10:22:19 executing program 1:
fchmodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x100)
r0 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x100)
ioctl$SNDRV_PCM_IOCTL_PAUSE(r0, 0x40044145, &(0x7f0000000040)=0x2)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000140), r1)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r4, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x40, r2, 0x100, 0x70bd2d, 0x25dfdbfe, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x3}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x1f}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @broadcast}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}]}, 0x40}}, 0x8081)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r1, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x44, r3, 0x4, 0x70bd29, 0x25dfdbfe, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x2}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x6}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}]}, 0x44}, 0x1, 0x0, 0x0, 0x800}, 0x4008094)

10:22:19 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r1 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000280)={0x28, 0x0, 0xffffffff, @host}, 0x10, 0x800)
ioctl$BTRFS_IOC_DEV_INFO(r1, 0xd000941e, &(0x7f0000000ac0)={0x0, "a77b62f204da754cf05f5eecc1b3d00b"})
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="54010000", @ANYRES16=r2, @ANYBLOB="00002cbd7000fbdbdf250700000005002f00010000000500290000000000050038000100000008000b000600000005002d000000000008000300", @ANYRES32=0x0, @ANYBLOB="08002c000700000008000b0001010000"], 0x54}, 0x1, 0x0, 0x0, 0x20000000}, 0x834)
sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x28000010}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x34, r2, 0x10, 0x70bd26, 0x25dfdbff, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x200}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x5}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20040000}, 0x4000001)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x1000, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})

10:22:20 executing program 2:
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x8}, 0x0)

10:22:20 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:22:20 executing program 1:
fchmodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x100)
r0 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x100)
ioctl$SNDRV_PCM_IOCTL_PAUSE(r0, 0x40044145, &(0x7f0000000040)=0x2)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
syz_genetlink_get_family_id$batadv(&(0x7f0000000140), r1)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r3, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x40, r2, 0x100, 0x70bd2d, 0x25dfdbfe, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x3}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x1f}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @broadcast}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}]}, 0x40}}, 0x8081)

10:22:20 executing program 4:
r0 = socket(0x11, 0x0, 0x0)
syz_genetlink_get_family_id$gtp(&(0x7f0000000080), r0)

10:22:20 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$SNDRV_PCM_IOCTL_DRAIN(0xffffffffffffffff, 0x4144, 0x0)

10:22:20 executing program 3:
r0 = socket(0x2, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000240)={'batadv_slave_1\x00'})

10:22:20 executing program 5:
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:22:20 executing program 2:
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x8}, 0x0)

10:22:20 executing program 4:
r0 = socket(0x11, 0x3, 0x0)
syz_genetlink_get_family_id$gtp(0x0, r0)

10:22:21 executing program 1:
fchmodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x100)
r0 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x100)
ioctl$SNDRV_PCM_IOCTL_PAUSE(r0, 0x40044145, &(0x7f0000000040)=0x2)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
syz_genetlink_get_family_id$batadv(&(0x7f0000000140), r1)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)

10:22:21 executing program 0:
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000000)=[0x80000000], 0x1, 0x80800, 0x0, <r0=>0xffffffffffffffff})
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000080)=<r1=>0x0)
ioctl$TUNSETOWNER(r0, 0x400454cc, r1)
r2 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r2, 0x5452, &(0x7f0000000880)={0x0, 0x6, 0x4, 0x2000, 0x0, {0x0, 0x2710}, {0x0, 0x1, 0x0, 0x0, 0x0, 0x0, "00ff4000"}, 0x0, 0x3, @userptr=0xdf5f})

10:22:21 executing program 2:
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x8}, 0x0)

10:22:21 executing program 5:
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:22:21 executing program 3:
r0 = socket(0x2, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000240)={'batadv_slave_1\x00'})

10:22:21 executing program 4:
r0 = socket(0x11, 0x3, 0x0)
syz_genetlink_get_family_id$gtp(0x0, r0)

10:22:21 executing program 1:
fchmodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x100)
r0 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x100)
ioctl$SNDRV_PCM_IOCTL_PAUSE(r0, 0x40044145, &(0x7f0000000040)=0x2)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
syz_genetlink_get_family_id$batadv(&(0x7f0000000140), r1)

10:22:21 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
clock_gettime(0x0, &(0x7f0000000040))
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})
ioctl$VIDIOC_EXPBUF(r0, 0xc0405610, &(0x7f0000000000)={0x9, 0x1, 0x8, 0x4000})
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT32(0xffffffffffffffff, 0xc06c4124, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2})
openat$vcs(0xffffffffffffff9c, &(0x7f0000000140), 0x46401, 0x0)
r1 = ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
sendmsg$GTP_CMD_GETPDP(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x44, 0x0, 0x200, 0x70bd2b, 0x25dfdbff, {}, [@GTPA_PEER_ADDRESS={0x8, 0x4, @dev={0xac, 0x14, 0x14, 0x17}}, @GTPA_FLOW={0x6}, @GTPA_I_TEI={0x8, 0x8, 0x1}, @GTPA_O_TEI={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}, @GTPA_PEER_ADDRESS={0x8, 0x4, @dev={0xac, 0x14, 0x14, 0xe}}]}, 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x85)

10:22:21 executing program 5:
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:22:21 executing program 2:
r0 = socket(0x0, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x8}, 0x0)

10:22:21 executing program 4:
r0 = socket(0x11, 0x3, 0x0)
syz_genetlink_get_family_id$gtp(0x0, r0)

10:22:22 executing program 3:
socket(0x2, 0x6, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'batadv_slave_1\x00'})

10:22:22 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0, 0x0, 0x0, <r1=>0xffffffffffffffff})
r2 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000000)='.log\x00', 0x40200, 0x103)
ioctl$VIDIOC_QUERYBUF(r2, 0xc0585609, &(0x7f0000000040)={0x9, 0x2, 0x4, 0x40, 0x3f, {}, {0x4, 0x1, 0x0, 0x80, 0x1, 0x9, "cbaa40f2"}, 0x0, 0x4, @userptr=0x9, 0x610, 0x0, r1})

10:22:22 executing program 1:
fchmodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x100)
r0 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x100)
ioctl$SNDRV_PCM_IOCTL_PAUSE(r0, 0x40044145, &(0x7f0000000040)=0x2)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)

10:22:22 executing program 5:
r0 = socket(0x0, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:22:22 executing program 2:
r0 = socket(0x0, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x8}, 0x0)

10:22:22 executing program 4:
socket(0x11, 0x3, 0x0)
syz_genetlink_get_family_id$gtp(&(0x7f0000000080), 0xffffffffffffffff)

10:22:22 executing program 3:
socket(0x2, 0x6, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'batadv_slave_1\x00'})

10:22:22 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000000)={0x4, 0x1, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, "403b9598"}, 0x0, 0x1, @userptr})
ioctl$MON_IOCH_MFLUSH(0xffffffffffffffff, 0x9208, 0xffffffff)

10:22:22 executing program 1:
fchmodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x100)
r0 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x100)
ioctl$SNDRV_PCM_IOCTL_PAUSE(r0, 0x40044145, &(0x7f0000000040)=0x2)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)

10:22:22 executing program 5:
r0 = socket(0x0, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:22:23 executing program 3:
socket(0x2, 0x6, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'batadv_slave_1\x00'})

10:22:23 executing program 4:
socket(0x11, 0x3, 0x0)
syz_genetlink_get_family_id$gtp(&(0x7f0000000080), 0xffffffffffffffff)

10:22:23 executing program 2:
r0 = socket(0x0, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x8}, 0x0)

10:22:23 executing program 1:
fchmodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x100)
r0 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x100)
ioctl$SNDRV_PCM_IOCTL_PAUSE(r0, 0x40044145, &(0x7f0000000040)=0x2)

10:22:23 executing program 0:
ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x20, 0x0, {0x0, 0x2710}, {0x3, 0x2, 0x0, 0x0, 0x8, 0x0, "40c15b9d"}, 0x400000, 0x0, @planes=0x0, 0xfffe, 0x0, <r0=>0xffffffffffffffff})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000180)={0x2, 0x5, {0x9, @usage=0x1, <r1=>0x0, 0x3, 0x413, 0x4, 0x8, 0x10001, 0x42, @struct={0x3, 0x1f}, 0x80000001, 0x7, [0x8000, 0x200, 0x5, 0x800, 0xfe3c, 0x9]}, {0x0, @usage=0x8001, 0x0, 0x40000000000000, 0x1, 0x6, 0x4, 0xfffffffffffffffa, 0xb3, @struct={0x8, 0x7f}, 0x6f0, 0x4, [0x4, 0xde000000, 0x6, 0x4, 0x4, 0x5]}, {0x4, @usage=0x20, 0x0, 0x0, 0x9, 0x0, 0x2c45, 0x9, 0x40, @struct={0x7, 0x6}, 0x6, 0x55, [0x6, 0x3, 0x4, 0x0, 0x10000, 0x3]}, {0x6ed, 0x100, 0x880}})
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r0, 0xc400941d, &(0x7f0000000900)={r1, 0x1, 0x7, 0x1})
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r2, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x14, 0x0, 0x300, 0x70b526, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0xc0}, 0x20000000)

10:22:23 executing program 5:
r0 = socket(0x0, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:22:23 executing program 3:
r0 = socket(0x2, 0x6, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, 0x0)

10:22:23 executing program 4:
socket(0x11, 0x3, 0x0)
syz_genetlink_get_family_id$gtp(&(0x7f0000000080), 0xffffffffffffffff)

10:22:23 executing program 1:
fchmodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x100)
ioctl$SNDRV_PCM_IOCTL_PAUSE(0xffffffffffffffff, 0x40044145, &(0x7f0000000040)=0x2)

10:22:23 executing program 2:
r0 = socket(0x2, 0x0, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x8}, 0x0)

10:22:23 executing program 0:
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x40100, 0x0)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
ioctl$SNAPSHOT_SET_SWAP_AREA(r1, 0x400c330d, &(0x7f0000000040)={0x6, 0x7fff})

10:22:24 executing program 3:
r0 = socket(0x2, 0x6, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, 0x0)

10:22:24 executing program 4:
ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x20, 0x0, {0x0, 0x2710}, {0x3, 0x2, 0x0, 0x0, 0x8, 0x0, "40c15b9d"}, 0x400000, 0x0, @planes=0x0, 0xfffe, 0x0, <r0=>0xffffffffffffffff})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000180)={0x2, 0x5, {0x9, @usage=0x1, <r1=>0x0, 0x3, 0x413, 0x4, 0x8, 0x10001, 0x42, @struct={0x3, 0x1f}, 0x80000001, 0x7, [0x8000, 0x200, 0x5, 0x800, 0xfe3c, 0x9]}, {0x0, @usage=0x8001, 0x0, 0x40000000000000, 0x1, 0x6, 0x4, 0xfffffffffffffffa, 0xb3, @struct={0x8, 0x7f}, 0x6f0, 0x4, [0x4, 0xde000000, 0x6, 0x4, 0x4, 0x5]}, {0x4, @usage=0x20, 0x0, 0x0, 0x9, 0x0, 0x2c45, 0x9, 0x40, @struct={0x7, 0x6}, 0x6, 0x55, [0x6, 0x3, 0x4, 0x0, 0x10000, 0x3]}, {0x6ed, 0x100, 0x880}})
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r0, 0xc400941d, &(0x7f0000000900)={r1, 0x1, 0x7, 0x1})
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r2, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x14, 0x0, 0x300, 0x70b526, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0xc0}, 0x20000000)

10:22:24 executing program 5:
r0 = socket(0x2, 0x0, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:22:24 executing program 1:
fchmodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x100)
ioctl$SNDRV_PCM_IOCTL_PAUSE(0xffffffffffffffff, 0x40044145, &(0x7f0000000040)=0x2)

10:22:24 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})
ioctl$SNDRV_PCM_IOCTL_HWSYNC(0xffffffffffffffff, 0x4122, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000000)=[0x2], 0x1, 0x800, 0x0, <r1=>0xffffffffffffffff})
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
ioctl$vim2m_VIDIOC_PREPARE_BUF(r1, 0xc058565d, &(0x7f00000000c0)={0x3, 0x1, 0x4, 0x100, 0x1, {0x0, 0x2710}, {0x1, 0xc, 0x6, 0x7, 0x9f, 0x1, "8f90a217"}, 0xfffffffd, 0x3, @offset=0x1, 0x8001, 0x0, r2})

10:22:24 executing program 2:
r0 = socket(0x2, 0x0, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x8}, 0x0)

10:22:24 executing program 3:
r0 = socket(0x2, 0x6, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, 0x0)

10:22:24 executing program 4:
ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x20, 0x0, {0x0, 0x2710}, {0x3, 0x2, 0x0, 0x0, 0x8, 0x0, "40c15b9d"}, 0x400000, 0x0, @planes=0x0, 0xfffe, 0x0, <r0=>0xffffffffffffffff})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000180)={0x2, 0x5, {0x9, @usage=0x1, <r1=>0x0, 0x3, 0x413, 0x4, 0x8, 0x10001, 0x42, @struct={0x3, 0x1f}, 0x80000001, 0x7, [0x8000, 0x200, 0x5, 0x800, 0xfe3c, 0x9]}, {0x0, @usage=0x8001, 0x0, 0x40000000000000, 0x1, 0x6, 0x4, 0xfffffffffffffffa, 0xb3, @struct={0x8, 0x7f}, 0x6f0, 0x4, [0x4, 0xde000000, 0x6, 0x4, 0x4, 0x5]}, {0x4, @usage=0x20, 0x0, 0x0, 0x9, 0x0, 0x2c45, 0x9, 0x40, @struct={0x7, 0x6}, 0x6, 0x55, [0x6, 0x3, 0x4, 0x0, 0x10000, 0x3]}, {0x6ed, 0x100, 0x880}})
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r0, 0xc400941d, &(0x7f0000000900)={r1, 0x1, 0x7, 0x1})
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r2, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x14, 0x0, 0x300, 0x70b526, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0xc0}, 0x20000000)

10:22:24 executing program 5:
r0 = socket(0x2, 0x0, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:22:24 executing program 1:
fchmodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x100)
ioctl$SNDRV_PCM_IOCTL_PAUSE(0xffffffffffffffff, 0x40044145, &(0x7f0000000040)=0x2)

10:22:25 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0xc0585611, &(0x7f0000000100)={0x401, 0x2, 0x4, 0x1, 0x7, {}, {0x5, 0x2, 0x2, 0x9, 0x1, 0x8, "e7a7e4ff"}, 0x7f, 0x4, @planes=&(0x7f00000000c0)={0x0, 0x2, @fd, 0x400}, 0x200, 0x0, <r1=>0xffffffffffffffff})
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x2, 0x0, 0x10, 0x81, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0, 0x0, 0x0, r1})
r2 = socket$inet6(0xa, 0x7, 0x9)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, &(0x7f0000000080)={'ip6tnl0\x00', &(0x7f0000000000)={'ip6tnl0\x00', 0x0, 0x29, 0x40, 0x6, 0xffffffff, 0x10, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private0, 0x700, 0x700, 0xfffffffd, 0x4}})

10:22:25 executing program 4:
ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x20, 0x0, {0x0, 0x2710}, {0x3, 0x2, 0x0, 0x0, 0x8, 0x0, "40c15b9d"}, 0x400000, 0x0, @planes=0x0, 0xfffe, 0x0, <r0=>0xffffffffffffffff})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000180)={0x2, 0x5, {0x9, @usage=0x1, <r1=>0x0, 0x3, 0x413, 0x4, 0x8, 0x10001, 0x42, @struct={0x3, 0x1f}, 0x80000001, 0x7, [0x8000, 0x200, 0x5, 0x800, 0xfe3c, 0x9]}, {0x0, @usage=0x8001, 0x0, 0x40000000000000, 0x1, 0x6, 0x4, 0xfffffffffffffffa, 0xb3, @struct={0x8, 0x7f}, 0x6f0, 0x4, [0x4, 0xde000000, 0x6, 0x4, 0x4, 0x5]}, {0x4, @usage=0x20, 0x0, 0x0, 0x9, 0x0, 0x2c45, 0x9, 0x40, @struct={0x7, 0x6}, 0x6, 0x55, [0x6, 0x3, 0x4, 0x0, 0x10000, 0x3]}, {0x6ed, 0x100, 0x880}})
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r0, 0xc400941d, &(0x7f0000000900)={r1, 0x1, 0x7, 0x1})
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r2, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x14, 0x0, 0x300, 0x70b526, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0xc0}, 0x20000000)

10:22:25 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYRES32=0x0], 0x3b)
r0 = socket(0x0, 0x6, 0x5f9)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
ioctl$TUNSETTXFILTER(r1, 0x400454d1, &(0x7f00000000c0)={0x0, 0x7, [@local, @broadcast, @multicast, @multicast, @remote, @broadcast, @remote]})

10:22:25 executing program 2:
r0 = socket(0x2, 0x0, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x8}, 0x0)

10:22:25 executing program 5:
r0 = socket(0x2, 0x0, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:22:25 executing program 1:
r0 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x100)
ioctl$SNDRV_PCM_IOCTL_PAUSE(r0, 0x40044145, &(0x7f0000000040)=0x2)

10:22:25 executing program 4:
ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x20, 0x0, {0x0, 0x2710}, {0x3, 0x2, 0x0, 0x0, 0x8, 0x0, "40c15b9d"}, 0x400000, 0x0, @planes=0x0, 0xfffe, 0x0, <r0=>0xffffffffffffffff})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000180)={0x2, 0x5, {0x9, @usage=0x1, <r1=>0x0, 0x3, 0x413, 0x4, 0x8, 0x10001, 0x42, @struct={0x3, 0x1f}, 0x80000001, 0x7, [0x8000, 0x200, 0x5, 0x800, 0xfe3c, 0x9]}, {0x0, @usage=0x8001, 0x0, 0x40000000000000, 0x1, 0x6, 0x4, 0xfffffffffffffffa, 0xb3, @struct={0x8, 0x7f}, 0x6f0, 0x4, [0x4, 0xde000000, 0x6, 0x4, 0x4, 0x5]}, {0x4, @usage=0x20, 0x0, 0x0, 0x9, 0x0, 0x2c45, 0x9, 0x40, @struct={0x7, 0x6}, 0x6, 0x55, [0x6, 0x3, 0x4, 0x0, 0x10000, 0x3]}, {0x6ed, 0x100, 0x880}})
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r0, 0xc400941d, &(0x7f0000000900)={r1, 0x1, 0x7, 0x1})
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000))

10:22:25 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYRES32=0x0], 0x3b)
r0 = socket(0x0, 0x6, 0x5f9)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
ioctl$TUNSETTXFILTER(r1, 0x400454d1, &(0x7f00000000c0)={0x0, 0x7, [@local, @broadcast, @multicast, @multicast, @remote, @broadcast, @remote]})

10:22:25 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_EXPBUF(r0, 0xc0405610, &(0x7f0000000000)={0x7, 0x9, 0x7fffffff, 0x0, <r1=>0xffffffffffffffff})
ioctl$VIDIOC_EXPBUF(r0, 0xc0405610, &(0x7f0000000040)={0xb, 0x7, 0x2, 0x80000, r1})
ioctl$SNDRV_PCM_IOCTL_LINK(0xffffffffffffffff, 0x40044160, &(0x7f0000000080)=0x200)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}})
r2 = openat$incfs(0xffffffffffffffff, &(0x7f00000000c0)='.log\x00', 0x200, 0x13a)
r3 = syz_open_dev$sndpcmp(&(0x7f0000000380), 0x7, 0x101802)
ioctl$SNDRV_PCM_IOCTL_WRITEI_FRAMES(r3, 0x40184150, &(0x7f00000004c0)={0x0, &(0x7f00000003c0)="33c3ae1fdfe34ac5908d75db1e93ad3c641be2a1ef764ed32f2d30413abfd6498bcd30dee103f34b3c708b287bbda9962dc6e639d6bc4478d4495416f6fea790a48d2d641f7fb8fefa93793f3d05279e22b96060636e003aef4be94e75de9e4ecf787b6fb91720c01235bed0a0db0a8237ffd69e9872590957dbdaeb5a366687af3aa71f529007bfe1bf4da9ee6a93508e7bb0e08030358c279fdc5554d95c60fb2a3b497e9f64ba6a7956bbeca570db3fbb8c6fef4790ea89c72f75cee89c7594de00ef7523b41252c883231262c8ed36d1c42eb6e966896a54eaab4b445c8e5bf54a9bf8fa1d6b200930337f2851de31f417cc68a481cfd8", 0xf9})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000000540)={&(0x7f0000000500)=[0x5da1, 0xf3f8, 0x7fffffff, 0x8, 0xa5, 0xffffffff, 0x7c, 0x8, 0x9], 0x9, 0x80000, 0x0, <r4=>0xffffffffffffffff})
ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r4, 0xc2604110, &(0x7f0000000100)={0x6, [[0x81, 0x4, 0x2, 0x800, 0x34, 0xffff, 0x1, 0xffffff7d], [0xffffffff, 0x3bc1c540, 0x6, 0x8, 0x41e, 0x8, 0xfff, 0x8000], [0x0, 0x3, 0x2, 0x9, 0x1, 0x10000, 0x80, 0x6]], '\x00', [{0x8, 0x375da8f5, 0x0, 0x0, 0x0, 0x1}, {0x81, 0x9, 0x0, 0x0, 0x1, 0x1}, {0x101, 0x9, 0x1, 0x1, 0x1}, {0x7, 0x3f, 0x1}, {0xffffff0f, 0x6, 0x1, 0x1, 0x1}, {0x0, 0xaa, 0x0, 0x1, 0x1}, {0x1, 0x5, 0x0, 0x0, 0x1, 0x1}, {0xefa, 0x40, 0x1, 0x1, 0x1, 0x1}, {0xd35, 0x0, 0x1, 0x1, 0x0, 0x1}, {0x7, 0x3ff, 0x1, 0x1, 0x1}, {0x1, 0x2, 0x1, 0x1, 0x1, 0x1}, {0x1f, 0x9, 0x1, 0x1, 0x1, 0x1}], '\x00', 0x4})

10:22:26 executing program 2:
socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x8}, 0x0)

10:22:26 executing program 1:
r0 = syz_open_dev$sndpcmp(0x0, 0x0, 0x100)
ioctl$SNDRV_PCM_IOCTL_PAUSE(r0, 0x40044145, &(0x7f0000000040)=0x2)

10:22:26 executing program 5:
socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:22:26 executing program 4:
ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x20, 0x0, {0x0, 0x2710}, {0x3, 0x2, 0x0, 0x0, 0x8, 0x0, "40c15b9d"}, 0x400000, 0x0, @planes=0x0, 0xfffe})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000180)={0x2, 0x5, {0x9, @usage=0x1, 0x0, 0x3, 0x413, 0x4, 0x8, 0x10001, 0x42, @struct={0x3, 0x1f}, 0x80000001, 0x7, [0x8000, 0x200, 0x5, 0x800, 0xfe3c, 0x9]}, {0x0, @usage=0x8001, 0x0, 0x40000000000000, 0x1, 0x6, 0x4, 0xfffffffffffffffa, 0xb3, @struct={0x8, 0x7f}, 0x6f0, 0x4, [0x4, 0xde000000, 0x6, 0x4, 0x4, 0x5]}, {0x4, @usage=0x20, 0x0, 0x0, 0x9, 0x0, 0x2c45, 0x9, 0x40, @struct={0x7, 0x6}, 0x6, 0x55, [0x6, 0x3, 0x4, 0x0, 0x10000, 0x3]}, {0x6ed, 0x100, 0x880}})
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000))

10:22:26 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYRES32=0x0], 0x3b)
r0 = socket(0x0, 0x6, 0x5f9)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
ioctl$TUNSETTXFILTER(r1, 0x400454d1, &(0x7f00000000c0)={0x0, 0x7, [@local, @broadcast, @multicast, @multicast, @remote, @broadcast, @remote]})

10:22:26 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r1, 0x80083313, &(0x7f0000000000))
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r2)
ioctl$UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x40087543, &(0x7f0000000040)={0x1, 0x3, [{r1, 0x0, 0x10000, 0x8000}, {r1, 0x0, 0x0, 0xfffffffffffff000}, {r2, 0x0, 0x2000}]})

10:22:26 executing program 2:
socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x8}, 0x0)

10:22:26 executing program 1:
r0 = syz_open_dev$sndpcmp(0x0, 0x0, 0x100)
ioctl$SNDRV_PCM_IOCTL_PAUSE(r0, 0x40044145, &(0x7f0000000040)=0x2)

10:22:26 executing program 5:
socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:22:26 executing program 4:
ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x20, 0x0, {0x0, 0x2710}, {0x3, 0x2, 0x0, 0x0, 0x8, 0x0, "40c15b9d"}, 0x400000, 0x0, @planes=0x0, 0xfffe})
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000))

10:22:27 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYRES32=0x0], 0x3b)
r0 = socket(0x0, 0x6, 0x5f9)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)

10:22:27 executing program 1:
r0 = syz_open_dev$sndpcmp(0x0, 0x0, 0x100)
ioctl$SNDRV_PCM_IOCTL_PAUSE(r0, 0x40044145, &(0x7f0000000040)=0x2)

10:22:27 executing program 2:
socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x8}, 0x0)

10:22:27 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
clock_gettime(0x0, &(0x7f0000000000)={<r1=>0x0, <r2=>0x0})
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {r1, r2/1000+10000}, {0x0, 0x0, 0x0, 0x0, 0x2, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})

10:22:27 executing program 5:
socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:22:27 executing program 4:
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000))

10:22:27 executing program 1:
r0 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_PAUSE(r0, 0x40044145, &(0x7f0000000040)=0x2)

10:22:27 executing program 2:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, 0x0, 0x0)

10:22:27 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, 0x0, 0x0)

10:22:27 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
socketpair(0x1f, 0x1, 0x7, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$AUDIT_GET(r1, &(0x7f0000000100)={&(0x7f0000000040), 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x10, 0x3e8, 0x800, 0x70bd25, 0x25dfdbfd, "", ["", "", "", ""]}, 0x10}}, 0x0)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})

10:22:27 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYRES32=0x0], 0x3b)
r0 = socket(0x0, 0x6, 0x5f9)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)

10:22:27 executing program 4:
socketpair(0x0, 0x3, 0x0, &(0x7f0000000000))

10:22:28 executing program 1:
syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_PAUSE(0xffffffffffffffff, 0x40044145, &(0x7f0000000040)=0x2)

10:22:28 executing program 2:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, 0x0, 0x0)

10:22:28 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, 0x0, 0x0)

10:22:28 executing program 0:
r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x0)
ioctl$MON_IOCX_GET(r0, 0x40189206, &(0x7f00000000c0)={0x0, 0x0})
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r1, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})

10:22:28 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYRES32=0x0], 0x3b)
r0 = socket(0x0, 0x6, 0x5f9)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0)

10:22:28 executing program 1:
syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_PAUSE(0xffffffffffffffff, 0x40044145, &(0x7f0000000040)=0x2)

10:22:28 executing program 4:
socketpair(0x0, 0x3, 0x0, &(0x7f0000000000))

10:22:28 executing program 2:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, 0x0, 0x0)

10:22:28 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, 0x0, 0x0)

10:22:29 executing program 1:
syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_PAUSE(0xffffffffffffffff, 0x40044145, &(0x7f0000000040)=0x2)

10:22:29 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYRES32=0x0], 0x3b)
socket(0x0, 0x6, 0x5f9)

10:22:29 executing program 2:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x8}, 0x0)

10:22:29 executing program 4:
socketpair(0x0, 0x3, 0x0, &(0x7f0000000000))

10:22:29 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x2}, 0x0)

10:22:29 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
socket(0x22, 0x5, 0xffffffff)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})
sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x34, 0x0, 0x100, 0x70bd27, 0x25dfdbfc, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x704}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000004}, 0x11)

10:22:29 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYRES32=0x0], 0x3b)

10:22:29 executing program 2:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x8}, 0x0)

10:22:29 executing program 1:
r0 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_PAUSE(r0, 0x40044145, 0x0)

10:22:29 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x2}, 0x0)

10:22:29 executing program 4:
socketpair(0xf, 0x0, 0x0, &(0x7f0000000000))

10:22:30 executing program 0:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_VLAN(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x3c, r1, 0x400, 0x70bd2a, 0x25dfdbfc, {}, [@BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0xb32b}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0xffffffff}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x3}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}]}, 0x3c}}, 0x800)
r2 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r2, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})
read$snddsp(0xffffffffffffffff, &(0x7f0000000000)=""/123, 0x7b)

10:22:30 executing program 2:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x8}, 0x0)

10:22:30 executing program 3:
syz_emit_vhci(0x0, 0x3b)

10:22:30 executing program 1:
r0 = socket(0x2, 0x6, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0)
ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(r0, 0x800442d4, &(0x7f0000000000)=0xa3)

10:22:30 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x2}, 0x0)

10:22:30 executing program 4:
socketpair(0xf, 0x0, 0x0, &(0x7f0000000000))

10:22:30 executing program 2:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, 0x0, 0x8}, 0x0)

10:22:30 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x4, 0x1, 0x0, 0x0, 0x0, 0x0, "1bf6a000"}, 0xfffffffc, 0x0, @planes=0x0, 0x4})

10:22:30 executing program 3:
syz_emit_vhci(0x0, 0x3b)

10:22:30 executing program 1:
r0 = socket(0x2, 0x6, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0)
ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(r0, 0x800442d4, &(0x7f0000000000)=0xa3)

10:22:30 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, 0x0, 0x2}, 0x0)

10:22:30 executing program 4:
socketpair(0xf, 0x0, 0x0, &(0x7f0000000000))

10:22:31 executing program 2:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, 0x0, 0x8}, 0x0)

10:22:31 executing program 1:
r0 = socket(0x2, 0x6, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0)
ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(r0, 0x800442d4, &(0x7f0000000000)=0xa3)

10:22:31 executing program 3:
syz_emit_vhci(0x0, 0x3b)

10:22:31 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})

10:22:31 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, 0x0, 0x2}, 0x0)

10:22:31 executing program 4:
socketpair(0xf, 0x3, 0x0, 0x0)

10:22:31 executing program 2:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, 0x0, 0x8}, 0x0)

10:22:31 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)

10:22:31 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, 0x0, 0x2}, 0x0)

10:22:31 executing program 1:
r0 = socket(0x2, 0x6, 0x0)
ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(r0, 0x800442d4, &(0x7f0000000000)=0xa3)

10:22:31 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000000)={0x0, 0x3, 0x4, 0x4000, 0x10001, {0x0, 0xea60}, {0x1, 0x8, 0xca, 0x1, 0x81, 0x51, "8fc8e08d"}, 0x10000, 0x2, @userptr=0x40, 0x8, 0x0, r1})
ioctl$SNDRV_PCM_IOCTL_XRUN(r1, 0x4148, 0x0)

10:22:31 executing program 4:
socketpair(0xf, 0x3, 0x0, 0x0)

10:22:32 executing program 2:
syz_emit_vhci(0x0, 0x3b)

10:22:32 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)

10:22:32 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0) (fail_nth: 1)

10:22:32 executing program 1:
ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(0xffffffffffffffff, 0x800442d4, &(0x7f0000000000)=0xa3)

10:22:32 executing program 4:
socketpair(0xf, 0x3, 0x0, 0x0)

10:22:32 executing program 0:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x21, 0x0, 0x0)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x5, 0xffff0001, 0x9, 0x27, 0x1008, 0xffffffffffffffff, 0xffffffff, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x1, 0x4}, 0x40)
r3 = openat$incfs(0xffffffffffffffff, &(0x7f0000000140)='.pending_reads\x00', 0x9716566de55305ed, 0x40)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x18, 0xd, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x5}, [@map_val={0x18, 0x8, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x5}, @map={0x18, 0xb, 0x1, 0x0, r2}, @jmp={0x5, 0x0, 0x0, 0x4, 0xa, 0x0, 0x4}, @call={0x85, 0x0, 0x0, 0x60}, @alu={0x4, 0x0, 0x6, 0x7, 0x0, 0xfffffffffffffff0, 0xffffffffffffffff}, @map_val={0x18, 0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x6}, @generic={0x5, 0x8, 0x7, 0x7, 0x6}]}, &(0x7f00000000c0)='syzkaller\x00', 0x7, 0x34, &(0x7f0000000100)=""/52, 0x40f00, 0x7, '\x00', 0x0, 0x18, r3, 0x8, &(0x7f0000000180)={0x4, 0x1}, 0x8, 0x10, &(0x7f00000001c0)={0x1, 0x10, 0x4, 0x400000}, 0x10}, 0x78)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})

[ 3236.046122][T23902] FAULT_INJECTION: forcing a failure.
[ 3236.046122][T23902] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 3236.059668][T23902] CPU: 1 PID: 23902 Comm: syz-executor.5 Not tainted 5.15.0-rc2-syzkaller #0
[ 3236.068609][T23902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3236.078796][T23902] Call Trace:
[ 3236.082161][T23902]  dump_stack_lvl+0x1ff/0x28e
[ 3236.087011][T23902]  dump_stack+0x25/0x28
[ 3236.091343][T23902]  should_fail+0x8bc/0x9c0
[ 3236.095929][T23902]  should_fail_usercopy+0x39/0x40
[ 3236.101113][T23902]  _copy_from_user+0x5f/0x310
[ 3236.105986][T23902]  ? __msan_poison_alloca+0x131/0x170
[ 3236.111566][T23902]  __copy_msghdr_from_user+0x109/0xc00
[ 3236.117221][T23902]  ? kmsan_get_metadata+0x11b/0x180
[ 3236.122588][T23902]  ? __msan_poison_alloca+0x131/0x170
[ 3236.128169][T23902]  __sys_sendmsg+0x422/0x840
[ 3236.132964][T23902]  ? kmsan_get_metadata+0x11b/0x180
[ 3236.138321][T23902]  ? kmsan_get_metadata+0x11b/0x180
[ 3236.143685][T23902]  ? kmsan_internal_set_shadow_origin+0x52/0xc0
[ 3236.150144][T23902]  ? kmsan_internal_unpoison_memory+0x10/0x20
[ 3236.156418][T23902]  ? __msan_instrument_asm_store+0x131/0x170
[ 3236.162605][T23902]  ? fput+0x82/0x320
[ 3236.166655][T23902]  ? ksys_write+0x47c/0x520
[ 3236.171331][T23902]  ? kmsan_get_metadata+0x11b/0x180
[ 3236.176676][T23902]  ? kmsan_get_shadow_origin_ptr+0x90/0xc0
[ 3236.182637][T23902]  __x64_sys_sendmsg+0xe2/0x120
[ 3236.187669][T23902]  do_syscall_64+0x54/0xd0
[ 3236.192217][T23902]  ? exc_page_fault+0x76/0x120
[ 3236.197130][T23902]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3236.203204][T23902] RIP: 0033:0x7ff7a2920a39
[ 3236.207720][T23902] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3236.227467][T23902] RSP: 002b:00007ff79fe96188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 3236.236059][T23902] RAX: ffffffffffffffda RBX: 00007ff7a2a23f60 RCX: 00007ff7a2920a39
10:22:32 executing program 2:
syz_emit_vhci(0x0, 0x3b)

[ 3236.244143][T23902] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003
[ 3236.252223][T23902] RBP: 00007ff79fe961d0 R08: 0000000000000000 R09: 0000000000000000
[ 3236.260295][T23902] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3236.268366][T23902] R13: 00007ff7a2f57b2f R14: 00007ff79fe96300 R15: 0000000000022000
10:22:32 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)

10:22:32 executing program 1:
ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(0xffffffffffffffff, 0x800442d4, &(0x7f0000000000)=0xa3)

10:22:33 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})
sendmsg$AUDIT_TRIM(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x3f6, 0x100, 0x70bd2d, 0x25dfdbff, "", ["", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x100}, 0x20004000)

10:22:33 executing program 4:
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000)) (fail_nth: 1)

10:22:33 executing program 2:
syz_emit_vhci(0x0, 0x3b)

10:22:33 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)

[ 3236.900100][T23919] FAULT_INJECTION: forcing a failure.
[ 3236.900100][T23919] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 3236.913938][T23919] CPU: 1 PID: 23919 Comm: syz-executor.4 Not tainted 5.15.0-rc2-syzkaller #0
[ 3236.922870][T23919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3236.933048][T23919] Call Trace:
[ 3236.936418][T23919]  dump_stack_lvl+0x1ff/0x28e
[ 3236.941257][T23919]  dump_stack+0x25/0x28
[ 3236.945534][T23919]  should_fail+0x8bc/0x9c0
[ 3236.950097][T23919]  should_fail_alloc_page+0x20c/0x260
[ 3236.955628][T23919]  __alloc_pages+0x397/0xfb0
[ 3236.960386][T23919]  alloc_pages+0xa39/0xde0
[ 3236.964979][T23919]  __pmd_alloc+0xbc/0x8b0
[ 3236.969475][T23919]  ? kmsan_get_metadata+0x110/0x180
[ 3236.974811][T23919]  ? kmsan_get_metadata+0x11b/0x180
[ 3236.980153][T23919]  handle_mm_fault+0x1ac8/0x4740
[ 3236.985333][T23919]  do_user_addr_fault+0xf85/0x1f00
[ 3236.990639][T23919]  exc_page_fault+0x69/0x120
[ 3236.995382][T23919]  asm_exc_page_fault+0x1e/0x30
[ 3237.000405][T23919] RIP: 0010:__put_user_nocheck_4+0x3/0x11
[ 3237.006325][T23919] Code: 00 00 48 39 d9 73 54 0f 01 cb 66 89 01 31 c9 0f 01 ca c3 0f 1f 44 00 00 48 bb fd ef ff ff ff 7f 00 00 48 39 d9 73 34 0f 01 cb <89> 01 31 c9 0f 01 ca c3 66 0f 1f 44 00 00 48 bb f9 ef ff ff ff 7f
[ 3237.026092][T23919] RSP: 0018:ffff88813232fde0 EFLAGS: 00050297
[ 3237.032297][T23919] RAX: 0000000000000004 RBX: 00007fffffffeffd RCX: 0000000020000000
[ 3237.040385][T23919] RDX: ffff88810d7cdf40 RSI: 0000000000000005 RDI: 0000000000000000
[ 3237.048462][T23919] RBP: ffff88813232fea0 R08: ffffffff8c705499 R09: ffff88813fffa000
[ 3237.056548][T23919] R10: 00000000901a2ff0 R11: 0000000071bb2bf4 R12: 0000000000000000
[ 3237.064627][T23919] R13: 0000000000000000 R14: ffff88810d7ce9f8 R15: 0000000020000000
[ 3237.072711][T23919]  ? __sys_socketpair+0x1e9/0xdb0
[ 3237.077898][T23919]  ? __sys_socketpair+0x236/0xdb0
[ 3237.083089][T23919]  __x64_sys_socketpair+0x117/0x170
[ 3237.088441][T23919]  do_syscall_64+0x54/0xd0
[ 3237.092993][T23919]  ? exc_page_fault+0x76/0x120
[ 3237.097913][T23919]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3237.103995][T23919] RIP: 0033:0x7fc8f45cea39
[ 3237.108510][T23919] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3237.128260][T23919] RSP: 002b:00007fc8f1b44188 EFLAGS: 00000246 ORIG_RAX: 0000000000000035
[ 3237.136808][T23919] RAX: ffffffffffffffda RBX: 00007fc8f46d1f60 RCX: 00007fc8f45cea39
10:22:33 executing program 1:
ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(0xffffffffffffffff, 0x800442d4, &(0x7f0000000000)=0xa3)

[ 3237.144890][T23919] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 000000000000000f
[ 3237.153128][T23919] RBP: 00007fc8f1b441d0 R08: 0000000000000000 R09: 0000000000000000
[ 3237.161199][T23919] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000001
[ 3237.169271][T23919] R13: 00007fc8f4c05b2f R14: 00007fc8f1b44300 R15: 0000000000022000
10:22:33 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:22:33 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x1, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})

10:22:33 executing program 2:
syz_emit_vhci(0x0, 0x3b) (fail_nth: 1)

[ 3237.667658][T23934] FAULT_INJECTION: forcing a failure.
[ 3237.667658][T23934] name failslab, interval 1, probability 0, space 0, times 0
[ 3237.680589][T23934] CPU: 1 PID: 23934 Comm: syz-executor.2 Not tainted 5.15.0-rc2-syzkaller #0
[ 3237.689525][T23934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3237.699715][T23934] Call Trace:
[ 3237.703085][T23934]  dump_stack_lvl+0x1ff/0x28e
[ 3237.707935][T23934]  dump_stack+0x25/0x28
[ 3237.712233][T23934]  should_fail+0x8bc/0x9c0
[ 3237.716813][T23934]  __should_failslab+0x223/0x2b0
[ 3237.721925][T23934]  should_failslab+0x29/0x70
[ 3237.726720][T23934]  kmem_cache_alloc_node+0x106/0x1180
[ 3237.732271][T23934]  ? rcu_read_unlock_strict+0x9/0x10
[ 3237.737735][T23934]  ? aa_file_perm+0x587/0x34f0
[ 3237.742743][T23934]  ? should_fail+0x75/0x9c0
[ 3237.747387][T23934]  ? kmsan_get_metadata+0x11b/0x180
[ 3237.752739][T23934]  ? __alloc_skb+0x330/0xe40
[ 3237.757495][T23934]  ? kmsan_get_shadow_origin_ptr+0x90/0xc0
[ 3237.763476][T23934]  ? kstrtoull+0x9d6/0xa40
10:22:34 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

[ 3237.768104][T23934]  __alloc_skb+0x330/0xe40
[ 3237.772706][T23934]  vhci_write+0x182/0x8f0
[ 3237.777280][T23934]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[ 3237.783675][T23934]  ? kmsan_get_metadata+0x11b/0x180
[ 3237.789044][T23934]  ? vhci_read+0xb50/0xb50
[ 3237.793645][T23934]  vfs_write+0x1295/0x1f20
[ 3237.798312][T23934]  ksys_write+0x28c/0x520
[ 3237.802842][T23934]  __x64_sys_write+0xdb/0x120
[ 3237.807717][T23934]  do_syscall_64+0x54/0xd0
[ 3237.812291][T23934]  ? exc_page_fault+0x76/0x120
[ 3237.817231][T23934]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3237.823322][T23934] RIP: 0033:0x7fd54919a54f
[ 3237.827854][T23934] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48
[ 3237.847652][T23934] RSP: 002b:00007fd54675d150 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 3237.856217][T23934] RAX: ffffffffffffffda RBX: 00007fd5492eaf60 RCX: 00007fd54919a54f
10:22:34 executing program 3:
syz_emit_vhci(0x0, 0x3b)

[ 3237.864307][T23934] RDX: 000000000000003b RSI: 0000000000000000 RDI: 00000000000000f1
[ 3237.872379][T23934] RBP: 00007fd54675d1d0 R08: 0000000000000000 R09: 0000000000000000
[ 3237.880454][T23934] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 3237.888516][T23934] R13: 00007fd54981eb2f R14: 00007fd54675d300 R15: 0000000000022000
10:22:34 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0x1d, 0xd, &(0x7f0000000000)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0x26c, 0x0, 0x0, 0x0, 0xdd0}, @generic={0x4, 0x1, 0x5, 0x1, 0x8000}, @ldst={0x0, 0x1, 0x6, 0x6, 0xb, 0x8, 0xfffffffffffffff0}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffa}, @ldst={0x0, 0x1, 0x2, 0x9, 0x1, 0xfffffffffffffff4}, @exit, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff8}, @func={0x85, 0x0, 0x1, 0x0, 0x7}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffff8001, 0x0, 0x0, 0x0, 0x6}, @map={0x18, 0x1, 0x1, 0x0, r1}], &(0x7f0000000080)='syzkaller\x00', 0x9, 0xe4, &(0x7f00000000c0)=""/228, 0x40f00, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f00000001c0)={0x5, 0x1}, 0x8, 0x10, &(0x7f0000000200)={0x2, 0x0, 0x3, 0x400}, 0x10}, 0x78)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000300)={&(0x7f00000002c0), 0x0, 0x80800, 0x0, <r2=>0xffffffffffffffff})
write$khugepaged_scan(r2, &(0x7f0000000340), 0x8)

10:22:34 executing program 1:
r0 = socket(0x0, 0x6, 0x0)
ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(r0, 0x800442d4, &(0x7f0000000000)=0xa3)

10:22:34 executing program 3:
syz_emit_vhci(0x0, 0x3b)

10:22:35 executing program 4:
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000))

10:22:35 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0xffffff7f}, 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:22:35 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x9, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=&(0x7f0000000680)={0x202, 0x3700, @mem_offset=0x5, 0x4}, 0x0, 0x0, <r2=>0xffffffffffffffff})
r3 = openat$incfs(0xffffffffffffffff, &(0x7f0000000000)='.pending_reads\x00', 0x30240, 0x8)
ioctl$vim2m_VIDIOC_PREPARE_BUF(r3, 0xc058565d, &(0x7f0000000240)={0x7, 0x1, 0x4, 0x100000, 0x3, {0x77359400}, {0x1, 0x2, 0x3, 0x9, 0x6e, 0x9, "8ee11e03"}, 0x4, 0x3, @offset=0x7, 0x2, 0x0, <r4=>r2})
statx(r3, &(0x7f0000000340)='./file0\x00', 0x1000, 0x400, &(0x7f0000000380))
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f00000002c0)={0x10001, 0xb, 0x4, 0x8, 0x9, {}, {0x5, 0x1d, 0xb6, 0x1, 0xaf, 0x40, "9c2f9b61"}, 0xc8ed, 0x3, @offset=0x55d, 0x3f, 0x0, r4})
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$AUDIT_USER_AVC(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f00000004c0), 0xc, &(0x7f0000000600)={&(0x7f0000000500)=ANY=[@ANYBLOB="dc000000530400042bbd7000fbdbdf25873330c515567963bc4e29e48e0adf729a23e76d09e846d92f7e9861b335af488d221c3ba4c08344a12f1f5af3840f835daee21f57e83d99b22b67cfc5a84450d70d4fb148e44c034b1db6c9c84122f559c3f87abd1f37026c54b13c457eddba718162df1c021620c3b5ccb08bc7d66921b8d2519b2c297ec83f97a2539e3ab2e7cb57f6ffe0c1a77766b403b765f88fd7cfb7126a5370054cff93168c902e09a1c41a6a4e20ff0f00001e53792f7f003d28461bd7a2b51fea449d549a0000"], 0xdc}, 0x1, 0x0, 0x0, 0x8800}, 0x80)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
socketpair(0x18, 0x6, 0x80, &(0x7f00000000c0)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$vsock_stream(r7, &(0x7f0000000200)={0x28, 0x0, 0x2711, @my=0x0}, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r6)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r6, 0xc01864c6, &(0x7f0000000100)={&(0x7f00000006c0)=[0xffff2eba, 0x44, 0x10001, 0x4, 0x1000007, 0x0, 0x7f, 0x40], 0x8, 0x800, 0x0, <r8=>0xffffffffffffffff})
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r8, 0x28, 0x6, &(0x7f0000000140)={0x0, 0xea60}, 0x10)
syz_open_dev$vivid(&(0x7f0000000080), 0x3, 0x2)
syz_open_dev$vivid(&(0x7f0000000480), 0x3, 0x2)
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r5, 0x28, 0x1, &(0x7f0000000040)=0x7fff, 0x8)
ioctl$VIDIOC_DQBUF(r3, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})

10:22:35 executing program 1:
r0 = socket(0x0, 0x6, 0x0)
ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(r0, 0x800442d4, &(0x7f0000000000)=0xa3)

10:22:35 executing program 2:
syz_emit_vhci(0x0, 0x3b)

10:22:35 executing program 3:
syz_emit_vhci(0x0, 0x3b)

10:22:35 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:22:35 executing program 4:
socketpair(0x2, 0x3, 0x0, &(0x7f0000000000))

10:22:35 executing program 2:
syz_emit_vhci(0x0, 0x7ffff000)

10:22:35 executing program 1:
r0 = socket(0x0, 0x6, 0x0)
ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(r0, 0x800442d4, &(0x7f0000000000)=0xa3)

10:22:35 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})
r1 = memfd_create(&(0x7f0000000000)='\x00', 0x0)
ioctl$UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x40087543, &(0x7f0000000040)={0x0, 0x1, [{r1, 0x0, 0x4000, 0x1000000000000}]})
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r2)
clock_gettime(0x0, &(0x7f0000000080)={<r3=>0x0, <r4=>0x0})
ioctl$vim2m_VIDIOC_QUERYBUF(r2, 0xc0585609, &(0x7f00000000c0)={0x3, 0x0, 0x4, 0xe000, 0x101, {r3, r4/1000+10000}, {0x2, 0x8, 0x6, 0x37, 0x77, 0x40, "5be86220"}, 0x9, 0x5, @fd, 0x6})

10:22:35 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b) (fail_nth: 1)

10:22:36 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xffffff7f}, 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

[ 3239.545665][T23981] FAULT_INJECTION: forcing a failure.
[ 3239.545665][T23981] name failslab, interval 1, probability 0, space 0, times 0
[ 3239.560677][T23981] CPU: 0 PID: 23981 Comm: syz-executor.3 Not tainted 5.15.0-rc2-syzkaller #0
[ 3239.569621][T23981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3239.579799][T23981] Call Trace:
[ 3239.583166][T23981]  dump_stack_lvl+0x1ff/0x28e
[ 3239.588015][T23981]  dump_stack+0x25/0x28
[ 3239.592323][T23981]  should_fail+0x8bc/0x9c0
[ 3239.597032][T23981]  __should_failslab+0x223/0x2b0
[ 3239.602150][T23981]  should_failslab+0x29/0x70
[ 3239.607649][T23981]  kmem_cache_alloc_node+0x106/0x1180
[ 3239.613216][T23981]  ? rcu_read_unlock_strict+0x9/0x10
[ 3239.618690][T23981]  ? aa_file_perm+0x587/0x34f0
[ 3239.623620][T23981]  ? should_fail+0x75/0x9c0
[ 3239.628273][T23981]  ? kmsan_get_metadata+0x11b/0x180
[ 3239.633638][T23981]  ? __alloc_skb+0x330/0xe40
[ 3239.638394][T23981]  ? kmsan_get_shadow_origin_ptr+0x90/0xc0
10:22:36 executing program 2:
syz_emit_vhci(0x0, 0x7ffffffff000)

[ 3239.644381][T23981]  ? kstrtoull+0x9d6/0xa40
[ 3239.649010][T23981]  __alloc_skb+0x330/0xe40
[ 3239.653609][T23981]  vhci_write+0x182/0x8f0
[ 3239.658117][T23981]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[ 3239.664487][T23981]  ? kmsan_get_metadata+0x11b/0x180
[ 3239.669855][T23981]  ? vhci_read+0xb50/0xb50
[ 3239.674446][T23981]  vfs_write+0x1295/0x1f20
[ 3239.679215][T23981]  ksys_write+0x28c/0x520
[ 3239.683746][T23981]  __x64_sys_write+0xdb/0x120
[ 3239.688620][T23981]  do_syscall_64+0x54/0xd0
[ 3239.693191][T23981]  ? exc_page_fault+0x76/0x120
[ 3239.698131][T23981]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3239.704583][T23981] RIP: 0033:0x7fae02e3b54f
[ 3239.709115][T23981] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48
[ 3239.728867][T23981] RSP: 002b:00007fae003fe150 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 3239.737425][T23981] RAX: ffffffffffffffda RBX: 00007fae02f8bf60 RCX: 00007fae02e3b54f
[ 3239.745516][T23981] RDX: 000000000000003b RSI: 0000000020000080 RDI: 00000000000000f1
[ 3239.753636][T23981] RBP: 00007fae003fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 3239.761716][T23981] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 3239.769807][T23981] R13: 00007fae034bfb2f R14: 00007fae003fe300 R15: 0000000000022000
10:22:36 executing program 0:
r0 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000080)='.pending_reads\x00', 0x2000, 0x81)
ioctl$SNDRV_PCM_IOCTL_UNLINK(r0, 0x4161, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
fchmodat(r1, &(0x7f0000000040)='./file0\x00', 0x40)
r2 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r2, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})

10:22:36 executing program 1:
r0 = socket(0x2, 0x0, 0x0)
ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(r0, 0x800442d4, &(0x7f0000000000)=0xa3)

10:22:36 executing program 4:
socketpair(0x2d, 0x3, 0x0, &(0x7f0000000000))

10:22:36 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b) (fail_nth: 2)

10:22:36 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0x10, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:22:37 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x3, 0x4, 0x70000, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c26e9d"}, 0x0, 0x3, @planes=0x0})

10:22:37 executing program 2:
fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x2)

[ 3240.633287][T24005] FAULT_INJECTION: forcing a failure.
[ 3240.633287][T24005] name failslab, interval 1, probability 0, space 0, times 0
[ 3240.646488][T24005] CPU: 0 PID: 24005 Comm: syz-executor.3 Not tainted 5.15.0-rc2-syzkaller #0
[ 3240.655424][T24005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3240.665605][T24005] Call Trace:
[ 3240.668962][T24005]  dump_stack_lvl+0x1ff/0x28e
[ 3240.673808][T24005]  dump_stack+0x25/0x28
[ 3240.678093][T24005]  should_fail+0x8bc/0x9c0
[ 3240.682683][T24005]  __should_failslab+0x223/0x2b0
[ 3240.687780][T24005]  should_failslab+0x29/0x70
[ 3240.692552][T24005]  __kmalloc_node_track_caller+0x1c8/0x1340
[ 3240.699052][T24005]  ? kmem_cache_alloc_node+0xb3c/0x1180
[ 3240.704760][T24005]  ? __alloc_skb+0x330/0xe40
[ 3240.709487][T24005]  ? vhci_write+0x182/0x8f0
[ 3240.714176][T24005]  ? vhci_write+0x182/0x8f0
[ 3240.718832][T24005]  __alloc_skb+0x4db/0xe40
[ 3240.723385][T24005]  ? vhci_write+0x182/0x8f0
[ 3240.728071][T24005]  vhci_write+0x182/0x8f0
[ 3240.732550][T24005]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[ 3240.738899][T24005]  ? kmsan_get_metadata+0x11b/0x180
[ 3240.744246][T24005]  ? vhci_read+0xb50/0xb50
[ 3240.748808][T24005]  vfs_write+0x1295/0x1f20
[ 3240.753430][T24005]  ksys_write+0x28c/0x520
[ 3240.757938][T24005]  __x64_sys_write+0xdb/0x120
[ 3240.762870][T24005]  do_syscall_64+0x54/0xd0
[ 3240.767419][T24005]  ? exc_page_fault+0x76/0x120
[ 3240.772337][T24005]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3240.778407][T24005] RIP: 0033:0x7fae02e3b54f
[ 3240.782930][T24005] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48
[ 3240.802770][T24005] RSP: 002b:00007fae003fe150 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 3240.811321][T24005] RAX: ffffffffffffffda RBX: 00007fae02f8bf60 RCX: 00007fae02e3b54f
[ 3240.819419][T24005] RDX: 000000000000003b RSI: 0000000020000080 RDI: 00000000000000f1
10:22:37 executing program 1:
r0 = socket(0x2, 0x0, 0x0)
ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(r0, 0x800442d4, &(0x7f0000000000)=0xa3)

[ 3240.827490][T24005] RBP: 00007fae003fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 3240.835667][T24005] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 3240.843839][T24005] R13: 00007fae034bfb2f R14: 00007fae003fe300 R15: 0000000000022000
10:22:37 executing program 4:
socketpair(0xffffffffffffffff, 0x3, 0x0, &(0x7f0000000000))

10:22:37 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0x2000000c, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:22:37 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b) (fail_nth: 3)

10:22:37 executing program 2:
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT32(0xffffffffffffffff, 0xc06c4124, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2})
syz_emit_vhci(0x0, 0x3b)

10:22:38 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0x7ffff000}, 0x2}, 0x0)

10:22:38 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r3)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r3, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, r2, 0x200, 0x70bd2c, 0x25dfdbfc, {}, [@BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x8004}, 0x8000)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r5, 0x1}, 0x14}}, 0x0)
ioctl$VIDIOC_QUERYBUF(r3, 0xc0585609, &(0x7f0000000700)={0x4, 0x4, 0x4, 0x10, 0x7, {}, {0x3, 0xc, 0x3, 0x4, 0x7, 0x9, "09ec03d2"}, 0x1, 0x6, @planes=&(0x7f00000006c0)={0x2, 0x254, @mem_offset=0x7ff, 0x8}, 0x7fff, 0x0, <r6=>r1})
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r6, 0xc400941d, &(0x7f0000000bc0)={0x0, 0x0, 0x10c})
sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r1, &(0x7f0000000680)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x24, r5, 0x800, 0x70bd2b, 0x25dfdbfb, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x40080}, 0x4)
ioctl$TUNSETVNETBE(r1, 0x400454de, &(0x7f0000000000)=0x1)
r7 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r7, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
ioctl$BTRFS_IOC_GET_DEV_STATS(r1, 0xc4089434, &(0x7f00000001c0)={<r8=>0x0, 0x7, 0x1, [0x5, 0xfffffffffffffffc, 0x10001, 0xfffffffffffff35d, 0xffffffffffffa535], [0x6, 0x5, 0x4, 0x2, 0x946, 0x1, 0x3, 0x2, 0xea0, 0x0, 0x1, 0x2, 0x7, 0x1f46, 0x7d1d, 0x2, 0x101, 0x1, 0xc2f, 0xffffffff, 0x101, 0x7, 0x6, 0x3b91, 0x10001, 0x0, 0x101, 0x101, 0x8001, 0x0, 0x4, 0xe0d, 0x1, 0x200, 0x9, 0xffffffffffff0001, 0x0, 0x3, 0x7, 0x80000001, 0x5, 0x7, 0xc4e, 0xfffffffffffffff9, 0xff, 0xcf2, 0x0, 0x8, 0x2, 0x5, 0x5, 0x81, 0x6, 0x3, 0x7f, 0xf6, 0x5, 0x92db, 0xfffffffffffffffe, 0x1000, 0x0, 0x7ff, 0xfffffffffffffff8, 0x7, 0x6, 0x6, 0x2, 0x7f, 0x0, 0x800, 0x10000, 0x7f, 0x3, 0x8, 0x1, 0x7, 0x2000000000000, 0x101, 0xffffffff00000000, 0x10001, 0x7, 0x1, 0xffff, 0xfc, 0x9, 0x5, 0x2, 0x4, 0x9, 0x1, 0x6, 0x4, 0xffffffff, 0x0, 0x4, 0xbfa3, 0x7, 0x8, 0x3, 0x9, 0x8, 0x6d, 0x101, 0x820, 0x4bbf, 0x4b, 0x30, 0x39fa, 0xb93, 0x6, 0x5, 0x7, 0x1, 0x8, 0x42aa, 0x20, 0x7, 0x6, 0x2, 0x6, 0xa25]})
ioctl$BTRFS_IOC_BALANCE_V2(r7, 0xc4009420, &(0x7f0000001500)={0x5, 0x5, {0x6, @struct={0xc0c6, 0x3}, r8, 0x4, 0x4, 0x7, 0x80, 0x2, 0x50, @usage=0x4, 0x4, 0x71, [0xffffffffffffff7f, 0x5, 0x3ff, 0x1f, 0x1ff, 0x3]}, {0x7, @usage=0x8, 0x0, 0x4, 0x24fd, 0x1, 0x5e82, 0x2, 0x400, @struct={0xffffff81, 0x4}, 0x4, 0x1, [0x8, 0xffff, 0x401, 0x5, 0x101, 0x7fff]}, {0x6, @usage=0x585bba57, 0x0, 0x10001, 0x3, 0x2, 0x9, 0x0, 0x482, @struct={0x5000000, 0x8}, 0x800, 0x6, [0x101, 0x6, 0x3, 0x5, 0x1f, 0xfffffffffffffffa]}, {0xfff, 0x8831, 0x7}})
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})

10:22:38 executing program 4:
socketpair(0xf, 0x4, 0x0, &(0x7f0000000000))

[ 3241.615220][T24023] FAULT_INJECTION: forcing a failure.
[ 3241.615220][T24023] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 3241.628964][T24023] CPU: 0 PID: 24023 Comm: syz-executor.3 Not tainted 5.15.0-rc2-syzkaller #0
[ 3241.637900][T24023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3241.648149][T24023] Call Trace:
[ 3241.651493][T24023]  dump_stack_lvl+0x1ff/0x28e
[ 3241.656343][T24023]  dump_stack+0x25/0x28
[ 3241.660623][T24023]  should_fail+0x8bc/0x9c0
[ 3241.665203][T24023]  should_fail_usercopy+0x39/0x40
[ 3241.670386][T24023]  _copy_from_iter+0x488/0x2510
[ 3241.675384][T24023]  ? kmsan_internal_set_shadow_origin+0x52/0xc0
[ 3241.681847][T24023]  vhci_write+0x30c/0x8f0
[ 3241.686339][T24023]  ? vhci_read+0xb50/0xb50
[ 3241.690899][T24023]  vfs_write+0x1295/0x1f20
[ 3241.695515][T24023]  ksys_write+0x28c/0x520
[ 3241.700019][T24023]  __x64_sys_write+0xdb/0x120
[ 3241.704865][T24023]  do_syscall_64+0x54/0xd0
[ 3241.709412][T24023]  ? exc_page_fault+0x76/0x120
[ 3241.714335][T24023]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3241.720407][T24023] RIP: 0033:0x7fae02e3b54f
[ 3241.724922][T24023] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48
[ 3241.744672][T24023] RSP: 002b:00007fae003fe150 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 3241.753222][T24023] RAX: ffffffffffffffda RBX: 00007fae02f8bf60 RCX: 00007fae02e3b54f
[ 3241.761315][T24023] RDX: 000000000000003b RSI: 0000000020000080 RDI: 00000000000000f1
[ 3241.769386][T24023] RBP: 00007fae003fe1d0 R08: 0000000000000000 R09: 0000000000000000
[ 3241.777478][T24023] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 3241.785563][T24023] R13: 00007fae034bfb2f R14: 00007fae003fe300 R15: 0000000000022000
10:22:38 executing program 1:
r0 = socket(0x2, 0x0, 0x0)
ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(r0, 0x800442d4, &(0x7f0000000000)=0xa3)

10:22:38 executing program 2:
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4)
syz_emit_vhci(0x0, 0x3b)

10:22:38 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0x7ffffffff000}, 0x2}, 0x0)

10:22:38 executing program 0:
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000080)=@mangle={'mangle\x00', 0x1f, 0x6, 0x738, 0x0, 0xe8, 0x0, 0x0, 0x0, 0x668, 0x668, 0x668, 0x668, 0x668, 0x6, &(0x7f0000000000), {[{{@ipv6={@dev={0xfe, 0x80, '\x00', 0x1a}, @ipv4={'\x00', '\xff\xff', @private=0xa010100}, [0xffffff00, 0xffffff00, 0xff000000, 0xffffff00], [0xff000000], 'wg2\x00', 'ip6gretap0\x00', {}, {0xff}, 0xff, 0x40, 0x1}, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x2, 0xfffffffb, @ipv4=@empty, 0x4e23}}}, {{@uncond, 0x0, 0xf8, 0x140, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x6}}, @inet=@rpfilter={{0x28}, {0x1}}]}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4=@local, @ipv4=@multicast2, 0x3a, 0x2d, 0x1}}}, {{@ipv6={@loopback, @loopback, [0xffffffff, 0xffffff00, 0xff, 0xffffff00], [0xffffff00, 0xffffff00, 0xffffffff, 0xffffff00], 'ip6tnl0\x00', 'virt_wifi0\x00', {}, {0xff}, 0x1}, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x4}}]}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@remote, @ipv6=@loopback, 0x23, 0x2a, 0x1}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}, {0xe}}]}, @unspec=@CHECKSUM={0x28}}, {{@ipv6={@mcast1, @empty, [0x0, 0x0, 0xff000000, 0xffffff], [0xffffffff, 0x0, 0xffffff00], 'macvlan0\x00', 'bond0\x00', {0xff}, {}, 0x16, 0x7, 0x3, 0x65}, 0x0, 0x208, 0x230, 0x0, {}, [@common=@rt={{0x138}, {0x280, [0x8], 0x8000, 0x0, 0x2, [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, @local, @dev={0xfe, 0x80, '\x00', 0x41}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @remote, @mcast1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @mcast1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @private2={0xfc, 0x2, '\x00', 0x1}, @remote, @ipv4={'\x00', '\xff\xff', @private=0xa010102}, @private2={0xfc, 0x2, '\x00', 0x1}, @empty, @empty], 0x6}}, @inet=@rpfilter={{0x28}}]}, @HL={0x28, 'HL\x00', 0x0, {0x2, 0x1}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x798)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000900), 0x80, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r1, 0xc2604110, &(0x7f0000000ac0)={0x0, [[0x1, 0x7, 0x7, 0x3, 0xf07f7e8, 0x5, 0x3db, 0x8], [0x0, 0x6, 0x0, 0xfff, 0x0, 0x9, 0xd8cb, 0x3], [0x9, 0x800, 0x3, 0x7, 0x6, 0x2, 0x0, 0x8]], '\x00', [{0x1, 0x10000, 0x0, 0x1, 0x1, 0x1}, {0x3d8, 0x0, 0x0, 0x0, 0x0, 0x1}, {0xc52a, 0x3, 0x1, 0x0, 0x0, 0x1}, {0xee, 0x7fffffff}, {0x7fffffff, 0x1, 0x1}, {0x7, 0x40, 0x0, 0x0, 0x1, 0x1}, {0x3fc, 0xc5}, {0x1, 0x8, 0x1}, {0x2, 0x99f0, 0x1, 0x0, 0x1, 0x1}, {0x4, 0x6, 0x0, 0x1, 0x1, 0x1}, {0x4a, 0x5, 0x1, 0x0, 0x1}, {0x8000, 0x10001, 0x1, 0x1, 0x1, 0x1}], '\x00', 0x4})
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})
ioctl$TUNSETTXFILTER(0xffffffffffffffff, 0x400454d1, &(0x7f0000000840)={0x1, 0x5, [@broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x15}, @remote, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2b}]})

10:22:38 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x8}, 0x0)

10:22:38 executing program 4:
socketpair(0xf, 0xa, 0x0, &(0x7f0000000000))

10:22:39 executing program 2:
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000006c0)={&(0x7f0000000640)={0x44, 0x0, 0x100, 0x70bd2a, 0x25dfdbfe, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x8679}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0xd02c}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xffffffff}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000011}, 0x1e965eacab571b20)
syz_emit_vhci(0x0, 0xfffffffffffffdfc)
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x3, 0xff, 0x10, 0x1, 0x0, 0x9, 0x88, 0x6, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x38, 0x0, 0x1, 0x70bd28, 0x25dfdbff, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0xea}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_ORIG_ADDRESS={0xa}]}, 0x38}, 0x1, 0x0, 0x0, 0x4008895}, 0x0)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
ioctl$BTRFS_IOC_GET_DEV_STATS(r1, 0xc4089434, &(0x7f00000001c0)={0x0, 0x400, 0x1, [0x3, 0x7f, 0x4, 0x2, 0x400], [0x80000001, 0x2, 0x100000000, 0xef52, 0x0, 0x0, 0x4, 0x20, 0x80000000, 0x8, 0x9, 0x8001, 0x39, 0x9, 0x3, 0x2e, 0x2, 0x5, 0x5, 0x0, 0x887d, 0x9, 0x6, 0x7fffffff, 0xec2, 0x20, 0x7, 0x0, 0x0, 0x7fffffff, 0x4, 0x4d1, 0x1ff, 0x5, 0x77cf, 0x2, 0x2ec, 0x2, 0x7, 0x5, 0x5, 0xff, 0x1, 0x5, 0x4, 0x2, 0x10001, 0x1, 0x3f, 0x4, 0x3ff, 0x5, 0x8, 0x6, 0x4, 0x9, 0x0, 0x3, 0x5e5f8297, 0xbd, 0x6, 0x2, 0x0, 0x1, 0x3f, 0x4, 0x1, 0x2bb2, 0x8, 0x4, 0x8000, 0x10001, 0xadc2, 0xf97, 0x1ff, 0x7, 0x7fff, 0x0, 0xaaff, 0x4863, 0xc19b, 0xffffffff, 0xffff, 0x6ca2c6b1, 0x1, 0x6, 0x2, 0x6, 0x5, 0xbe74, 0x0, 0x7fff, 0x6, 0x7, 0x80000000, 0x3, 0x9, 0x12e3, 0x8, 0x0, 0x9, 0x80, 0x4, 0x7, 0x80000000, 0x600, 0xb7, 0x2, 0x61d31692, 0x100000000, 0x8, 0x101, 0x3ff, 0x9, 0x50c1, 0x1, 0x5, 0x9, 0x800, 0x3ff, 0x10001]})

10:22:39 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)

10:22:39 executing program 0:
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000080)=@nat={'nat\x00', 0x1b, 0x5, 0x6f0, 0x3e8, 0x4d8, 0xffffffff, 0x4d8, 0x4d8, 0x620, 0x620, 0xffffffff, 0x620, 0x620, 0x5, &(0x7f0000000000), {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x25}}, @rand_addr=' \x01\x00', [0xff, 0xffffff00, 0xff000000, 0xff000000], [0xff000000, 0x0, 0xff000000, 0xff], 'ip6gretap0\x00', 'vlan0\x00', {}, {0xff}, 0x73, 0x7f, 0x2}, 0x0, 0xd8, 0x120, 0x0, {}, [@common=@unspec=@mac={{0x30}, {@multicast}}]}, @NETMAP={0x48, 'NETMAP\x00', 0x0, {0x1, @ipv4=@multicast1, @ipv6=@empty, @port=0x4e22, @gre_key}}}, {{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @empty, [0xff, 0xffffffff, 0xffffff00, 0x7f8000ff], [0xffffffff], 'virt_wifi0\x00', 'wg0\x00', {0xff}, {0xff}, 0x32, 0x2, 0x4, 0x44}, 0x0, 0x2a0, 0x2c8, 0x0, {}, [@common=@unspec=@conntrack2={{0xc0}, {{@ipv4=@local, [0xffffff00, 0xffffff00, 0xff, 0xff000000], @ipv6=@mcast2, [0xff000000, 0xffffff00, 0xffffff00, 0xffffffff], @ipv4=@local, [0xff000000, 0xff, 0x0, 0xffffff00], @ipv6=@dev={0xfe, 0x80, '\x00', 0x1e}, [0xffffffff, 0x0, 0xff000000, 0xffffffff], 0x537, 0x7, 0x1d, 0x4e22, 0x4e21, 0x4e20, 0x4e22, 0x200c, 0x10}, 0x1, 0x800}}, @common=@rt={{0x138}, {0x1000, [0x6, 0x3], 0x8, 0x8, 0x4, [@dev={0xfe, 0x80, '\x00', 0x40}, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, @remote, @mcast1, @private2, @dev={0xfe, 0x80, '\x00', 0x1a}, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x23}}, @mcast2, @private0={0xfc, 0x0, '\x00', 0x1}, @remote, @private2={0xfc, 0x2, '\x00', 0x1}, @mcast1, @ipv4={'\x00', '\xff\xff', @private=0xa010101}, @mcast2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'], 0xd}}]}, @common=@inet=@SYNPROXY={0x28, 'SYNPROXY\x00', 0x0, {0x2, 0x0, 0x1}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x12, @ipv6=@mcast2, @ipv6=@dev={0xfe, 0x80, '\x00', 0xd}, @icmp_id=0x64, @gre_key=0x3}}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @remote, [0xff000000, 0xff, 0xff, 0xff000000], [0x0, 0x0, 0xffffff00, 0xffffff00], 'veth0\x00', 'veth0_to_bond\x00', {0xff}, {}, 0x4f, 0x0, 0x0, 0x50}, 0x0, 0x100, 0x148, 0x0, {}, [@common=@srh={{0x30}, {0x2e, 0x5, 0x1, 0x8, 0xfffa, 0x900, 0x8}}, @common=@icmp6={{0x28}, {0xc, '\x00j'}}]}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0xa, @ipv6=@private0={0xfc, 0x0, '\x00', 0x1}, @ipv4=@rand_addr=0x64010101, @icmp_id=0x65, @icmp_id=0x64}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x750)
r0 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000800)='.pending_reads\x00', 0x380, 0x10)
ioctl$TUNGETFILTER(r0, 0x801054db, &(0x7f0000000940)=""/57)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
ioctl$SNAPSHOT_SET_SWAP_AREA(r0, 0x400c330d, &(0x7f0000000b40)={0x9, 0x2d43})
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r2, 0x800454e0, &(0x7f0000000c00)=r1)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r2)
ioctl$TUNDETACHFILTER(r2, 0x401054d6, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0xb, 0xf, &(0x7f0000000980)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x2}, [@generic={0xa8, 0xf, 0x7, 0x7, 0x8e}, @exit, @exit, @initr0={0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xcdc6}, @initr0={0x18, 0x0, 0x0, 0x0, 0x967, 0x0, 0x0, 0x0, 0x3}, @generic={0x0, 0xf, 0x7, 0x5, 0x30d}, @jmp={0x5, 0x1, 0xb, 0x7, 0x1, 0xfffffffffffffff4, 0x10}, @initr0={0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x3}, @alu={0x4, 0x1, 0x0, 0x3, 0x3, 0xffffffffffffffe0, 0x4}]}, &(0x7f0000000840)='GPL\x00', 0xfffffffb, 0x31, &(0x7f0000000a00)=""/49, 0x40f00, 0x2, '\x00', 0x0, 0x1a, r0, 0x8, &(0x7f0000000a40)={0x4, 0x5}, 0x8, 0x10, &(0x7f0000000a80)={0x4, 0x1, 0x3, 0xd72}, 0x10, 0xffffffffffffffff, r1}, 0x78)
ioctl$SNDRV_PCM_IOCTL_CHANNEL_INFO(r0, 0x80184132, &(0x7f0000000900))
r3 = syz_open_dev$sndpcmp(&(0x7f0000000b80), 0xf5d1, 0x20440)
ioctl$SNDRV_PCM_IOCTL_REWIND(r3, 0x40084146, &(0x7f0000000bc0)=0xbec6)
ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})

10:22:39 executing program 1:
socket(0x2, 0x6, 0x0)
ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(0xffffffffffffffff, 0x800442d4, &(0x7f0000000000)=0xa3)

10:22:39 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2, 0xffffff7f}, 0x0)

10:22:39 executing program 4:
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000))

10:22:39 executing program 2:
syz_emit_vhci(0x0, 0x49480bf590a4653)

10:22:39 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2, 0x7ffffffff000}, 0x0)

10:22:39 executing program 1:
socket(0x2, 0x6, 0x0)
ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(0xffffffffffffffff, 0x800442d4, &(0x7f0000000000)=0xa3)

10:22:39 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x200000bb)

10:22:39 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x40, 0x0, 0x300, 0x70bd25, 0x25dfdbfc, {}, [@SEG6_ATTR_DST={0x14, 0x1, @private2}, @SEG6_ATTR_SECRETLEN={0x5}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0xe4}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x2}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000805}, 0x4000)
syz_open_dev$vivid(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c17b9d"}, 0x0, 0x0, @userptr=0x41d})
r1 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000040)='.log\x00', 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'batadv0\x00', <r2=>0x0})
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r3)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_ext={0x1c, 0x8, &(0x7f0000000080)=@raw=[@alu={0x7, 0x1, 0x8, 0x4, 0x9, 0x10, 0x10}, @btf_id={0x18, 0x0, 0x3, 0x0, 0x4}, @map_val={0x18, 0x0, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x1000}, @generic={0x5, 0x8, 0x0, 0x1000, 0x401}, @generic={0x6, 0xa, 0xe, 0x5, 0x9}, @call={0x85, 0x0, 0x0, 0x2b}], &(0x7f00000000c0)='syzkaller\x00', 0xfffffff7, 0x94, &(0x7f0000000100)=""/148, 0x41000, 0x0, '\x00', r2, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x2, 0x3}, 0x8, 0x10, &(0x7f0000000240)={0x5, 0x9, 0x1c1, 0x8}, 0x10, 0x20ad8, r3}, 0x78)
sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r1, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x34, r4, 0x400, 0x70bd28, 0x25dfdbfe, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x3}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x3ff}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x7ff}]}, 0x34}}, 0x20000005)

10:22:39 executing program 4:
socketpair(0xf, 0x3, 0x2, &(0x7f0000000000))

10:22:40 executing program 2:
syz_emit_vhci(0x0, 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x2, &(0x7f0000fff000/0x1000)=nil)
shmctl$IPC_INFO(r0, 0x3, &(0x7f0000000000)=""/38)

10:22:40 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2, 0xf0ffffff7f0000}, 0x0)

10:22:40 executing program 1:
socket(0x2, 0x6, 0x0)
ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(0xffffffffffffffff, 0x800442d4, &(0x7f0000000000)=0xa3)

10:22:40 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x7ffff000)

10:22:40 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000100), 0x80, 0x0)
r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x4200, 0x80)
renameat2(r1, &(0x7f0000000040)='./file0\x00', r2, &(0x7f00000000c0)='./file0\x00', 0x4)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0, 0x40})

10:22:40 executing program 4:
socketpair(0xf, 0x3, 0x3, &(0x7f0000000000))

10:22:40 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2, 0xffffff7f00000000}, 0x0)

10:22:40 executing program 2:
syz_emit_vhci(0x0, 0x3b)
syz_emit_vhci(&(0x7f0000000000)=@HCI_SCODATA_PKT={0x3, {0xc9, 0xa4}, "0f0a7d3ea12e8285f6c07ec8436509771a0ad89e3f2f8b6d5973f7ad9f22295c0720fa6d8cf57b056930b36195c142787037b4457a9719f7675770b8c8faaa460ef10823f09002d2aa513a8e7d70732dd3bf1d76a9d321b9ef8aebfcbdc44ddfd820bfc043d44b713ee96b47a3d3772ca16b4094d74b5413c2791f94ae7ceeeac6749a6792c6ffcc3f35aecd95fe6e4f1e5f5518fddc3524994f880cada1bea76a1181ad"}, 0xa8)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000180), 0x26f02, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0x1d, 0x6, &(0x7f00000000c0)=@raw=[@generic={0x5, 0x3, 0xe, 0x8, 0x401}, @alu={0x7, 0x0, 0x8, 0x0, 0x7, 0xfffffffffffffff4, 0x10}, @initr0={0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x5}, @map_val={0x18, 0x9, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x1ff}], &(0x7f0000000100)='syzkaller\x00', 0x5, 0xf, &(0x7f0000000140)=""/15, 0x40f00, 0x14, '\x00', 0x0, 0x1b, r1, 0x8, &(0x7f00000001c0)={0x1, 0x1}, 0x8, 0x10, &(0x7f0000000200)={0x4, 0x6, 0x7fffffff, 0x80000000}, 0x10, 0xffffffffffffffff}, 0x78)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r2)
ioctl$SNAPSHOT_ATOMIC_RESTORE(r2, 0x3304)

10:22:40 executing program 1:
r0 = socket(0x2, 0x6, 0x0)
ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(r0, 0x800442d4, 0x0)

10:22:41 executing program 4:
socketpair(0xf, 0x3, 0x4, &(0x7f0000000000))

10:22:41 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000000)={0x0, 0x4, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})

10:22:41 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2)
socket$nl_rdma(0x10, 0x3, 0x14)

10:22:41 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2, 0xffffffff00000000}, 0x0)

10:22:41 executing program 2:
syz_emit_vhci(0x0, 0x3b)
ioctl$SNAPSHOT_S2RAM(0xffffffffffffffff, 0x330b)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
sendmsg$BATADV_CMD_TP_METER(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x54, r1, 0x200, 0x70bd2c, 0x25dfdbfd, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @remote}, @BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_ORIG_ADDRESS={0xa}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x5}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x7}]}, 0x54}, 0x1, 0x0, 0x0, 0x8000}, 0x4810)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r2)
ioctl$SNAPSHOT_S2RAM(r2, 0x330b)

10:22:41 executing program 1:
socketpair(0xf, 0x3, 0x2, &(0x7f0000000000))

10:22:41 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x400000, 0x0)
ioctl$VIDIOC_EXPBUF(r1, 0xc0405610, &(0x7f0000000040)={0x1, 0x4, 0x5, 0x4400})

10:22:41 executing program 4:
socketpair(0xf, 0x3, 0x7, &(0x7f0000000000))

10:22:41 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2, 0x0, 0xffffff7f}, 0x0)

10:22:41 executing program 3:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0xfffffffffffffec8)

10:22:41 executing program 1:
socketpair(0xf, 0x3, 0x2, &(0x7f0000000000))

10:22:41 executing program 2:
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x408400, 0x0)
ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0xfffffffffffff000, 0xfffff000})
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$SNAPSHOT_FREE_SWAP_PAGES(r0, 0x3309)
setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r1, 0x28, 0x0, &(0x7f0000000000), 0x8)
setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r0, 0x28, 0x0, &(0x7f00000000c0)=0x20, 0x8)

10:22:42 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r1 = syz_open_dev$vivid(0x0, 0x2, 0x2)
sendmsg$AUDIT_USER_AVC(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0x40840}, 0x48000)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r1, 0xc400941d, &(0x7f0000000140)={<r2=>0x0, 0x3, 0x7fffffff, 0x1})
ioctl$BTRFS_IOC_GET_DEV_STATS(r0, 0xc4089434, &(0x7f0000000ac0)={<r3=>0x0, 0x70, 0x1, [0xe451, 0x1, 0x0, 0x1, 0x7], [0xf09, 0x101, 0x10000, 0x401, 0x50, 0x7, 0x6, 0x4, 0x8, 0x6, 0x401, 0x1, 0x3, 0x9, 0xcf6, 0x8, 0xffffffff, 0xffffffffffff7fff, 0x4, 0x0, 0x10000, 0x9, 0x8, 0xfffffffffffffc01, 0x4, 0x401, 0x1000, 0x9, 0x2, 0x7, 0x81, 0x0, 0x6, 0xc538, 0x100, 0x1, 0x9, 0x8, 0x1, 0x7ff, 0x6, 0x40, 0x9, 0xf99, 0x7fffffff, 0x3, 0x1, 0x8, 0x0, 0x0, 0x9, 0x8000, 0x0, 0x0, 0x200, 0x8001, 0x10001, 0x81, 0x3f, 0x130, 0x29b, 0xfffffffffffff42a, 0x180000000000000, 0x8, 0xf64, 0x6, 0x0, 0x8, 0x59, 0x9, 0x5, 0x5, 0x8, 0x6, 0x0, 0x4, 0x7, 0x80000000, 0x965, 0xdb71, 0x3, 0xe614, 0x5, 0x2, 0x3, 0xf78, 0xffffffffffffff8f, 0x9f13, 0x6, 0x6, 0x1000, 0x3462, 0x951, 0x7, 0x4, 0xab4, 0x0, 0xffffffff, 0x10000, 0x6, 0x4, 0x5, 0x57, 0x1, 0x7, 0x1, 0x2, 0x70, 0x7, 0x7fffffff, 0xeb28, 0x80, 0x7, 0x2, 0x3ff, 0xfff, 0x52, 0xff, 0x7, 0x6, 0x37]})
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r4)
sendmsg$AUDIT_USER_AVC(r4, &(0x7f0000000600)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000005c0)={&(0x7f0000001300)={0x1010, 0x453, 0x200, 0x70bd2a, 0x25dfdbff, "771197885c00103a5e5260dcd11dbc42c45bc56d19f613071d3b9b7bd8137cfdfd53af1c6e47006ed3fdc9a3c5ef7ff8a8c7590350495ff8bc34e928e64ebb0e392b61def388a13c91d325c096e4a0f6b324032fd12d24bb4eb00ab7b2131b6886ca738875822eecb46fdeb0c94df7ffe5dac04b2771359df13198e5c20f4c0f32a4d32a160ab57f2af23eb383324c502638e3618437fe4a9de0cc06c77d1fdeec3857968830c49185bbb6b298798a82a3cec5b088053e1ba23769a4c865afd4ec5b8d4fe59d27f2057d9bb7d5788cb35535d74093c59635395d851cad08da1b01479029a64a7363cb9ecf93fdd461ef4b9c50a3cd0e19dd4633479b44b4ad30f4fec1eb392f48b02e7b8bfea9ec39c79bd2a041688da3c938cc3102ab12c1b85327db8863cd3c62319f7299cbb1a0c74331fd00c581521e1d1b8052142b5bc788b778edf56585344244b8fd4d53569c481177d88f62eec32936fe75ef27af21c62fccb30800b6abed1ccc8a760fab3d94d4ccf65bf8e1e6d89bb3a8c87aa299a89a99ec14d15d8ab5f968960cabd9fdcd993844213d8e91a76aeaf7b8660060ebe5f65fbaba6a70af40e3b5ab0f60d551588051699847098902b2b5bf5b2fef8ceb899c4adfd3f15057297b3d26de836ab1f0a8926c5b3a4fd9a550efc0a7c0ec79288c1729959a57d2f75b9360524c73a110b629e9fd794704cdac08ecc1ddd3991acafeab60883366b7a0306951e472cb9d0ee92e4724905c46f8004aa0119eb1b1abd7c3a1e9f47619300095abc67ff24a3aea88c2bca2a38275c9fc23d3b3f55db599c49d6e37d151f93b45ec4247af8c0f0995e97e150e1f7979259ecdaddf99d3d8a09d4c168912cf92ab69747d8c9ce6a91b08d3e78998a49df30da99044f13b3d5b66b4e4a13f789747734b60019ee93673c919bf9f214ee5c8b913282e772cccc37a1f64cc2b80dc585cb385ef14c78dde75b821baf796c9c677e79fc5e0f6d39785fc7868b37c02b65a14ca4c36b10e807cc522e93dec8a8a3510273ddb06b348eb862d8d8c28823b11cef9cfdaacc41673327a24d8bfd8b33f3e85cb3799e6ed7b8335feb66626936f65ab984aa3cf3cc702c09c0b7f05df3e3e40ff1a83ac11214da12b141c708dfdf54676f245716ef8da467993c739dab1ad0e0f1bf0855deb8d5b7236804a2aeb6f7003982ac4b2a2e4a27f6d96aee876e041099bc63f524518faa10dc966b3ed3a9f4e2102607c6ad518478cbde15364bc9b581400b3e67e3973592364553dba50da8d45b7bd907983d065f453a4f30efb03d9ee934fbca80c5d779d6fa23b6502249f07078eba86a35663411aa88c7a23e352a21dc8438a63d5ed446ea674030cbb6cbb3beeb47e5d982c107bf7a55003af64394b826b0a32be8b804998648703aa6081fc4442d993f11785458f839cfdb4f02f95662e8723725ed983ce39889197061ca0312ef70486e8b375c15583fb5035359482a32e175aea1848a6e462a9ef30a8adef074b7126477b03dc184eea6e6e02096e06084fad3ed526278b27254e1ec544da82d73291291e3f6d0b07bf088ace97d6243bd54a5a209d0000cde8acde1884f58676d675419a0d1406c48ceb51faf9c602655e4b32788c538d1ae3aee593fe8876a321ddf5cfec6079116d453743de7c5afeb155225e2f99903656ab8fe9f828393abe1b7df01695400913e2bd72e0a72b079c2d6832d4c61100f7af7f384c39d01672ed6e91e161b31d9451ada7f996556963ffd7a4a8c36af1b1044d4d70be4c84cad1e0da65125277af32218c4ebfbe613e5f1c98619eec3621edc9b7bc74dbe6a8dd6af5a24a4620275677fcef38b72a706d3964b62c1c6a4e4887e64315ff69500197d7a3d3dcf58ae6ca375bf5db8e78ffb370fe3feee747ba491ac720e238837385fdadd967caacf086b7ac3255060d30488f45d3dc71b357522d9ed49d27fb7255da267c3f3e0de7c661c49516d41701895d0a9b11fb0b02dd966b67bedcacd8def9b167043b28f2c9d6185c7303fe93137619174ce88170de6208911e3ea131c2b80c180f7177604656284b6e513560294656ca827ba96203c0d35c110020e4b92514272acd9b50c380ec33b70a89cc10d2e71f1c03f8229764648910d83ac8f32b499bd265f48af3e09d2c6759e1416e507ca177549b4e39291b094662b7a1a03740ee180f19738fe68000ff3fbb9621d99b174d52dc9412b2eba4b614c39c7db45c5c7d1f19b281d269ae203227dc82e16f075adf9fea68c77b9ece6e7f8f84f8ff81dbeb9b37eade81f5a805abe24d09cbe762f861b30d27e9da295a8cf5e4bd519a56d7c1e88de7b04102b582e68b9e800adfe82d3d907351cce187fb5e7d8c3a23e9fc6a7905e70571700e89eaae05213d8e298a47b80eb09b34a69527b253e3251e0cf00c3f76382cccf488fb5160b90ce5f71d5578ca4bafc144c676fa365a5c8f0e66fa5cfc86d5c2704c535c4678a2420d7c81e3c20862d6d9e77f9bfd3360318949306575e1be88c12e5c2723c4d9d128108473ec09d66725755f3185e5bdab8b3659c119d04611e28f20d475fd51ee0fbe99acdc1f5116712c2927033b4e35e2a4893b0c49410e1a139a412677c64d2e2366fff291b533ea0308b6e7f3c17f0a11c077b78639ff0cce9c28e696ebb7fdd864efa6525ddb51e216d7ef5412078a4fd9b0fc5fa10599c7c55a9bea6d04a41f48cfd0fcafaa53b619bd2f715cff6acff874ec692c5a5986aece7bcc280a31b6b394cc07e7aaf3820fe75cdf89073b1a10fe654006a142d7ddb6f826bf96d2644239dd4ad554c867ded578dcf84bf3dfe4b73c606183d9464fd405d26c589a114391c76345b26e492a4c0eae7ddd6a004657fc1f7c66d46cfbf5b5148049b3fa28926d07fffd29f3f015333cd44a488857da9b3778279d859ea58850683854ed3a1a9476e24731c64945e99d281f895f8219980fd65ba03d3dfc0e2357522d043bee9f96591948e207c68ac1492c42b917479d1ef80f152b725832896b151a594be992c1cc9bb7ad6fd368d4aefbd171684a70a7529c97e704f07207a265e41e618b9ca116b5c835457ab6f7678c1e56a11b387e1ce1d22f38fb2c37cc3b9e5438bff08a379bdae90ba7cefda713a568a09215c1b0ec56d5cf19b343418169ee2737e83f69602e38bc9b07927c9658baf129e91f4c8bd7aef27c5582bce179317057080941e97e38c3dc0e28bb68c214162a9638d4533c59f72f6e4b3da768b1b95408985422fbfb1f4ed8da338c39bf399ecb9ad3f386244550cf4021cc689e0021254bf8bced1380d500e5df779e4f4936a069385393842390be8bdf369b0b434421fae5b04320d83a2f6f54e09b5e6ab1cf5e1e1b48a5092a8b6393723dc62d035173861e84745df73ef034f74c731b65bad8d2af2bd881e4d1b9c3beb96a1d4469c1bdc3c9c10f072bc13c84096d596ed5ddaf30c963766bf27d4596b0855693aceeb206e5dbe520eeeeb6d74d5fccef46298a44697611f23db9b4a5ec0a5847e5729d01cf6cadbe6dc54acbd1429e249789450328f4925786759721b6a08ac12699caa042f06c22eeb28126b071a65cc135639b702c073fa83632ec1f76a9e2327ee2c7d54b41540ff75378c178b01e940e3996f9d9b21775987105f07cf917e8a1ef9c5a64fabd2dc78b15ab4c563d8287ced2023de885a76d3d7a88e2e0109ae61ca79dbdd1323e3b694937e16340649d60ba1c3f168e4fb0b808dbc4f1d8b8ce5c480e38ba3d665faedcfb94a0c93ac99b23a4221ae647a72989e4868dafdb9d200476741d6a81fad94c1e3c83b554401d5e0006bd1e2b82146a89445cf9042ef7f713d02a012d3ca98750c7ccf3b2a5fec732573318aa5a04d13098495eb113c542f2d84a7ac6ecb586165454c8ee370f35e9d45c20c50f2b2fe933ce3ac6ae3f0e386d6e494fee02b57858bcc340427b9ccf7aeb9959baed207be83196e6f9d13e857bd4d53c504ad855bf09bfa4e26b389da465f4975079bc67e9b0995efe6f68ceb674baaaf12ec9c0e1a6e236352cc64b4de14f40eaa905461ba45f46c3714d0ac519f6ad62d6008f9e0c77496e39580195ed407d7be2d1fbf1366bd8b8c05cb53c8eef68823cf2c71562bc738cc2e26d54898a7e882c177bfcb6c6143386883724f71acb271ec8d82dbc2e1914f0b3899a05dcf6603074586280a5b039f0607fd940ed8d7f63b0c8f3f52b58234a3f9c1cfbb564c1aee74d7dca1e6739c4823b904f7209df5150444bfd043783c3f11a73bc1b3389ab6ef03399be8aacfad8f6f8db88e10293349c43a1a31875df0972afd860c69484b23bceec69b2f2496077b59bda870f913a7f47d878c0713d3ab4976d128ff1f536e2ae07ee3142e43aa54a63d2bae21b4aff060e4723a401975c600dfa2f4213e56a4ba3cc7c00d56eb7b86fd001c2105976ec786595aa5fe17a1105c22de04ff57738813ef52c360fa442e9fc37d0f4a44aac0fca7a124eba3568540387da882c6ec02c4a5d62281d476711b7520a9ed863d139384de20588c620a99f8709a2a6aab83e571535bc8e715acc431760aa6856bba2e44311f40da09567909d45883e74b9cbaefab46c5878575a6215139daa7cee4605e7025d69a555769619326836d6d2fbd8a15788396638de3d150cd6c9aa74e9edffa70afbdeb316060af56c1d78f83da5d20f6df2d99cb0069d701bd57a08c29f0fb0b97bb7abce46358ce1c2d3c9a6898b85b32f13ff1134ff44770c8b3777f5264177cd0f026a29e2e511057dcd41d4f663b23a04caaa5de832f78b3d260ee30ef79da5e9a351c88aefe28b42a8835f5e66e8e45c4ee7411378b9a5b580f726206065d3b40936804db18d5c8efa456ec8ea7a1c70aa22fff5b6a3490e14a362808a29746b28b751a1fb0fe4f4073080fcbe30104edf1657025d0a3145b63087c54e8ebd235f9a49bffa32a6598c277b9d036da94a2e85d013d9374f53d6753f3abd96d9ac01e2d8eb412b18a633b45b396d8b958d9d7042be37fb4064930115ed920b11d36b14d59e46812f2c2b1a9927f00889d51fa0a3866da534106e2495c91c4e0a0fd55215c74b58695245262ad8d332f50b071ed72587dc260ed0cddd0d4e76cea3cf1b45beaab3683f24f501a121196dc5eb8a4c2b761aad491e70594ad56c25eadd2b70f16de5335a2a8fc0d65857145b857ed9d81c2a62d31b2043d09ba19d7bca60763208af9b53bc6f2968049b0a1e17dcf16269fb8c629d426913ca81d67d7ea55241089b0e94b1e01f6256f8e12cdaf8b913b15485d16c6dc62a5ba0aa2153a244375253816ac6f526b4fc5e32ff0c5cd21ab39f7c526957a28debbea3129f310caa9b06a6107f21d3a263dade41beb934e2891a8eeadf6c023e3ef651b5373cf74c61dea5f9a2eb164ba9207c6ba0ae2c3549aed8eace105dab1bfea81f3daf3ee90eac19eddc1c1e4a3575c6626938682965f6d457994b0e2c363dd74a829e370a8ebdb3f909a96e359588dc06820d315295745edc2912f5a8ac1df821dbf29542979393a686c44368b7c846c29ae4c8e10d425f3b1dc99f7090d40fc029cbb465b9dffd2b79a5abc884cbb49c8dff5fbaa9153ad3cab2966adfd2ab0d8841bed7736e795aa47238ccc60486a128db8e843894d934a295ef17fffbe2847da383a8f63d962d54cbcb2c123ffcf80894b5bdf1f7080262ec168619cf123b368ca983a70f2e7798d8208c08082e4d359e26c34ee514bbb4", ["", "", "", ""]}, 0x1010}, 0x1, 0x0, 0x0, 0x800}, 0x4000)
ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000540)={0x2, 0x5878ca10ed98da43, 0x4, 0x10000, 0x40, {0x77359400}, {0x4, 0x1, 0x1, 0x0, 0xff, 0x6, "e26c99ee"}, 0x5, 0x1, @planes=&(0x7f0000000040)={0x100, 0x6, @mem_offset=0x4e, 0x4}, 0x0, 0x0, r4})
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000f00)={0x10, 0x5, {0x5, @struct={0xff, 0x4000000}, r2, 0x81, 0x2, 0x2, 0x3f, 0x10000, 0x40, @struct={0x8001, 0xb5}, 0x8001, 0xfffffffc, [0x400, 0x1, 0x80000000, 0x5, 0x163, 0x2]}, {0x5aa4d729, @struct={0x6631, 0x1}, r3, 0xff, 0x4ccb, 0x351c, 0x401, 0x100, 0x20, @usage=0xff, 0x6, 0x8, [0x100000001, 0x0, 0xff, 0x5, 0x0, 0x80]}, {0x40, @struct={0xffff, 0xcc9}, 0x0, 0x4380, 0xa2da, 0x6, 0x3f, 0x5, 0x44, @usage=0x2, 0xff, 0x8001, [0xffffffffffffff81, 0xff, 0x6, 0x6, 0xed26, 0x1]}, {0x9, 0x800, 0x100000001}})
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0xc, 0x4, 0x0, 0x0, {}, {0x0, 0x8, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})
ioctl$TUNSETOWNER(0xffffffffffffffff, 0x400454cc, 0xffffffffffffffff)

10:22:42 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2, 0x0, 0x7ffffffff000}, 0x0)

10:22:42 executing program 4:
socketpair(0xf, 0x3, 0x10, &(0x7f0000000000))

10:22:42 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT, 0x2)
syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT, 0x2)
socket$nl_audit(0x10, 0x3, 0x9)

10:22:42 executing program 2:
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x2711, @host}, 0x10)
setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r0, 0x28, 0x0, &(0x7f0000000000), 0x8)
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r0, 0x28, 0x1, &(0x7f0000000000)=0x3e574b68, 0x8)
syz_emit_vhci(0x0, 0x3b)

10:22:42 executing program 1:
socketpair(0xf, 0x3, 0x2, &(0x7f0000000000))

10:22:42 executing program 4:
socketpair(0xf, 0x3, 0x300, &(0x7f0000000000))

10:22:42 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2, 0x0, 0xf0ffffff7f0000}, 0x0)

10:22:42 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})
syz_open_dev$vivid(&(0x7f0000000400), 0x1, 0x2)
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r1, 0xc400941d, &(0x7f0000000440)={0x0, 0x1f, 0x7})

10:22:42 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
socket$inet6(0xa, 0x2, 0xffff)

10:22:42 executing program 4:
socketpair(0xf, 0x3, 0x700, &(0x7f0000000000))

10:22:42 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2, 0x0, 0xffffff7f00000000}, 0x0)

10:22:43 executing program 1:
socketpair(0x0, 0x3, 0x2, &(0x7f0000000000))

10:22:43 executing program 2:
shmctl$IPC_STAT(0x0, 0x2, &(0x7f00000002c0)=""/108)
syz_emit_vhci(0x0, 0x3b)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f00000000c0)={&(0x7f0000000080)=[0xfffffc00, 0x10000, 0x7, 0x8001, 0x408, 0x8001, 0x7, 0x4], 0x8, 0x80000, 0x0, <r0=>0xffffffffffffffff})
shmctl$SHM_LOCK(0x0, 0xb)
syz_genetlink_get_family_id$devlink(&(0x7f0000000340), r0)
sendmsg$AUDIT_USER_AVC(r0, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x84200000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={0xbc, 0x453, 0x800, 0x70bd25, 0x25dfdbfb, "e959dbfbf00c30ff2d8d3b6bc8247f7b75cf8ffd475ec097fdfebb23a47d3bb4c281aa090ce5690fd562d13ca3c73b35ff80c5e9c579da4bb0186a746e4936509fb344df7bed10590367b6588b33b10d0edefbcec84095b6037a7feb581da0d9b494b9a6e22416f8dc69cf267ee45909bd691d591a466dda39add9c56198aacfe234c0c75c28bdd3c6f774c7ce397fda70de4a3c9f4ed4c31cbc483678b0831bdd7f403bdc28aa52a0", ["", "", ""]}, 0xbc}, 0x1, 0x0, 0x0, 0x64000040}, 0x800)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(r1, 0x80083314, &(0x7f0000000000))
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000380)={'batadv_slave_1\x00'})

10:22:43 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x0, 0x2)
r1 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000000)='.log\x00', 0x8e000, 0x20)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r2)
renameat2(r1, &(0x7f0000000040)='./file0\x00', r2, &(0x7f0000000080)='./file0\x00', 0x0)
r3 = openat$incfs(r2, &(0x7f00000000c0)='.pending_reads\x00', 0x40001, 0x10)
ioctl$VIDIOC_EXPBUF(r3, 0xc0405610, &(0x7f0000000100)={0x1, 0xffff9c89, 0x9, 0x80000, r1})
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})

10:22:43 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x8, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))

10:22:43 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2, 0x0, 0xffffffff00000000}, 0x0)

10:22:43 executing program 4:
socketpair(0xf, 0x3, 0x2000, &(0x7f0000000000))

10:22:43 executing program 1:
socketpair(0x0, 0x3, 0x2, &(0x7f0000000000))

10:22:43 executing program 2:
syz_emit_vhci(0x0, 0x3b)
sendmsg$AUDIT_GET_FEATURE(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x120200}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x3fb, 0x100, 0x70bd2c, 0x25dfdbfd, "", ["", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000080}, 0x48000)
socketpair(0x18, 0x6, 0x8, &(0x7f0000000280)={<r0=>0xffffffffffffffff})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'batadv_slave_0\x00', <r1=>0x0})
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000100)={'syztnl0\x00', &(0x7f00000002c0)={'syztnl2\x00', <r2=>r1, 0x2f, 0x3, 0xe0, 0x10000, 0x8, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, 0x8, 0x8, 0xffffff62, 0xc}})
sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000200)={&(0x7f0000000340)={0x5c, 0x0, 0x100, 0x70bd2b, 0x25dfdbfd, {}, [@BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x8}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0xee35}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_VLANID={0x6}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x2}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r2}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000)

10:22:43 executing program 3:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0, 0x0, 0x0, <r1=>0xffffffffffffffff})
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r2)
ioctl$MON_IOCQ_RING_SIZE(r2, 0x9205)
ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f00000001c0)={<r3=>0x0, 0x7, 0x1})
ioctl$BTRFS_IOC_DEV_INFO(r2, 0xd000941e, &(0x7f0000001600)={r3, "fa62bde32581cc6a2517ea7f15389c80"})

10:22:43 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r1 = shmget$private(0x0, 0x2000, 0x881, &(0x7f0000ffd000/0x2000)=nil)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
r2 = openat$incfs(r0, &(0x7f0000000080)='.log\x00', 0x4000, 0xe)
shmctl$SHM_LOCK(r1, 0xb)
ioctl$VIDIOC_DQBUF(r2, 0x5452, &(0x7f0000000880)={0xfffffffd, 0x0, 0x4, 0x8, 0x0, {0x0, 0xea60}, {0x1, 0x0, 0x0, 0x3f, 0xff, 0x0, "40c15b9d"}, 0x0, 0x0, @offset=0x1, 0x0, 0x0, r0})

10:22:43 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:22:44 executing program 4:
socketpair(0xf, 0x3, 0x4000, &(0x7f0000000000))

10:22:44 executing program 2:
syz_emit_vhci(0x0, 0x3b)
socket$nl_audit(0x10, 0x3, 0x9)

10:22:44 executing program 1:
socketpair(0x0, 0x3, 0x2, &(0x7f0000000000))

10:22:44 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x442000, 0x0)
ioctl$SIOCGIFHWADDR(r1, 0x8927, &(0x7f0000000040)={'bridge_slave_0\x00'})
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r2)
ioctl$TUNSETVNETHDRSZ(r2, 0x400454d8, &(0x7f0000000080)=0xde)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x3, @planes=0x0})

10:22:44 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1d}, {0x7, [{0xc9, 0x1}, {0xc9, 0x400}, {0xa514373a2a07f2b3, 0x1ff}, {0x0, 0x82d6}, {0xc8, 0x7}, {0xc8, 0x200}, {0xc8, 0x7}]}}}, 0x20)

10:22:44 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2, 0x0, 0x0, 0xffffff7f}, 0x0)

10:22:44 executing program 4:
socketpair(0xf, 0x3, 0x18100, &(0x7f0000000000))

10:22:44 executing program 2:
ioctl$sock_bt_bnep_BNEPGETCONNLIST(0xffffffffffffffff, 0x800442d2, &(0x7f0000000080)={0x4, &(0x7f0000000000)=[{0x0, 0x0, 0x0, @link_local}, {0x0, 0x0, 0x0, @link_local}, {0x0, 0x0, 0x0, @random}, {0x0, 0x0, 0x0, @link_local}]})
r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000100), 0x2)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r3, 0x1}, 0x14}}, 0x0)
sendmsg$BATADV_CMD_GET_MESH(r1, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x38, r3, 0x10, 0x70bd25, 0x25dfdbfd, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_ORIG_ADDRESS={0xa}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}]}, 0x38}, 0x1, 0x0, 0x0, 0x4004009}, 0x4000)
write$P9_RRENAMEAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x4b, 0x2}, 0x7)
r4 = syz_open_dev$sndpcmp(&(0x7f0000000300), 0x2, 0x480002)
ioctl$SNDRV_PCM_IOCTL_USER_PVERSION(r4, 0x40044104, &(0x7f0000000340)=0x1)
ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f0000000140)=ANY=[])
syz_emit_vhci(0x0, 0x3b)
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
read$snddsp(r5, &(0x7f0000000180)=""/59, 0x3b)

10:22:44 executing program 1:
socketpair(0xf, 0x0, 0x2, &(0x7f0000000000))

10:22:44 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
sendmsg$AUDIT_GET_FEATURE(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x3fb, 0x100, 0x70bd27, 0x25dfdbfd, "", ["", "", "", "", "", "", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x4}, 0x200080c0)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x1c, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0, 0x2a82, 0x0, <r1=>0xffffffffffffffff})
ioctl$BTRFS_IOC_DEV_INFO(r1, 0xd000941e, &(0x7f0000000ac0)={<r2=>0x0, "df10ebfab8d46a04047e59c4a86736b7"})
ioctl$BTRFS_IOC_DEV_INFO(r0, 0xd000941e, &(0x7f0000001ac0)={r2, "a8845fd439b98174e2dd035f62cb5002"})

10:22:44 executing program 3:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
ioctl$SNDRV_PCM_IOCTL_HWSYNC(r0, 0x4122, 0x0)
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)

10:22:45 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0xffffff7f)

10:22:45 executing program 4:
socketpair(0xf, 0x3, 0x20000, &(0x7f0000000000))

10:22:45 executing program 2:
syz_emit_vhci(0x0, 0x6d)

10:22:45 executing program 1:
socketpair(0xf, 0x0, 0x2, &(0x7f0000000000))

10:22:45 executing program 3:
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="1207e77b65479f80259b41414c49c1eaad7c1357860adc424065bd4bb7c250050e0b7ac3ab5eac3777de560ae6adabea50485bb48a669eb59b11506e59181306f13f3558bdf8e4dd81efa91216c16da009738760c07ca447390887208eae4baaf15118554ac6e93ad58c0eb4d44ec2f691b3cdf0cd27e74e849c7657c88634dd05cceb0b2f27be8b33d4656f3fcc7a9c90fd507ca4f38df413acf7d2912420fd442b84abebb286c55cad523478d4aa26acf205e12616a2536fbb531ef487ab715b957200cbe215"], 0x3b)

10:22:45 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x7ffffffff000)

10:22:45 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000140), r1)
sendmsg$GTP_CMD_GETPDP(r1, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x400, 0xfffffffd, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x20000000)

10:22:45 executing program 4:
socketpair(0xf, 0x3, 0x200000, &(0x7f0000000000))

10:22:45 executing program 2:
openat$incfs(0xffffffffffffffff, &(0x7f0000000080)='.log\x00', 0x301000, 0x80)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
ioctl$SNDRV_PCM_IOCTL_USER_PVERSION(r0, 0x40044104, &(0x7f00000000c0)=0x4f02)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x466000, 0x0)
ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f0000000140)={'sit0\x00'})
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
ioctl$SIOCGIFHWADDR(r2, 0x8927, &(0x7f0000000000)={'veth0_to_bridge\x00'})
syz_emit_vhci(0x0, 0xfffffffffffffe60)

10:22:45 executing program 1:
socketpair(0xf, 0x0, 0x2, &(0x7f0000000000))

10:22:45 executing program 3:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {0x0, <r1=>0x0}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0, 0x0, 0x0, <r2=>0xffffffffffffffff})
r3 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r3, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000180), r2)
sendmsg$SEG6_CMD_SETHMAC(r4, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r5, @ANYBLOB="202501000000000018787151a8c2"], 0x14}, 0x1, 0x0, 0x0, 0x30}, 0x20040000)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(0xffffffffffffffff, 0x28, 0x2, &(0x7f00000003c0)=0x80000000, 0x8)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="87c38481c26c9f63cbf007b707a6f16442f6600d73c65ad3e9bc6f4502284a19a8f463327a2f5f39a54a7367df2b66aa443cbf83550d31ab5828267287e2bed7bf9a3d7c2eea04337aea80a08f0801eae98e56d8f7040dc1b9c38dbad703368063aec263e1b971021a0444e2b6ed0ef4e8b5943e9b75d3678bf51f4b84a47a24fa4fe5d3205bc69e6ace289d91399c568db101172b45b0790480d2a8f12198aa5059ed40787a797eb241d40a67", @ANYRESOCT, @ANYRESOCT=r0, @ANYRESDEC=r2, @ANYRES64=r0, @ANYRES64=r3, @ANYRES64=r1], 0x3b)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r6)
sendmsg$BATADV_CMD_GET_VLAN(r6, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x44, 0x0, 0x1, 0x70bd26, 0x25dfdbfe, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x9}, @BATADV_ATTR_VLANID={0x6}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x6}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x8}]}, 0x44}, 0x1, 0x0, 0x0, 0x20040010}, 0x8000)

10:22:46 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0xf0ffffff7f0000)

10:22:46 executing program 4:
socketpair(0xf, 0x3, 0x810100, &(0x7f0000000000))

10:22:46 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$BTRFS_IOC_GET_DEV_STATS(r0, 0xc4089434, &(0x7f0000000000)={0x0, 0xfffffffffffffe01, 0x1, [0x0, 0x8, 0x9, 0xff, 0x5180], [0xfff, 0x200, 0x1f, 0x8, 0x1, 0xfffffffffffffffc, 0xfff, 0x5, 0x1, 0xfff, 0x800, 0x3, 0x7fff, 0x2, 0x2, 0x800, 0x0, 0x1, 0x6, 0xfffffffffffffffb, 0x80, 0x800, 0x7, 0xd3, 0x5, 0x6, 0x7f, 0x101, 0xdfe, 0xff, 0x10000, 0x4, 0x8000000, 0x1, 0x7f1d, 0x7, 0xf7c, 0xbed, 0x1, 0xff2, 0x0, 0xfff, 0x9, 0x3, 0x6, 0x9, 0x4, 0x2, 0x2, 0x1, 0xbd, 0x3f, 0x643f639, 0x0, 0x2, 0x1, 0x0, 0x2, 0x10001, 0x2, 0x7, 0x1, 0xc6, 0xdb, 0x9, 0x68, 0x6267, 0x3, 0x200, 0x0, 0x5e92, 0x8, 0x233, 0xfffffffffffffffc, 0x20, 0x5, 0x100000000, 0xffffffffffffff01, 0x3, 0x10001, 0x9, 0x88fe, 0x1, 0x200, 0x1, 0x100000001, 0x3, 0x1, 0x49f2, 0x1, 0x8, 0x100, 0x8000, 0xffffffffffffffff, 0x1, 0xffff, 0x80, 0x7, 0x40, 0x9, 0xc3d, 0x0, 0x14, 0x9, 0x1, 0x10001, 0x40, 0x1, 0x6, 0x9, 0x7, 0x7b0, 0xd277, 0x100, 0x9, 0x10000, 0xc85, 0x7, 0x3, 0x8, 0x4]})
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0, 0x0, 0x0, <r1=>0xffffffffffffffff})
ioctl$BTRFS_IOC_DEV_INFO(r1, 0xd000941e, &(0x7f0000000ac0)={0x0, "c0a05b9d82159022cb7953f0dee2d27b"})
r2 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r2, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
ioctl$VIDIOC_EXPBUF(r2, 0xc0405610, &(0x7f0000000440)={0xb, 0x5, 0x160, 0x84800})

10:22:46 executing program 1:
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000))

10:22:46 executing program 2:
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x30c40, 0x0)
write$snapshot(r0, &(0x7f0000000040)="ca52abd18d496ec60cc0e3ffe27f84918906daae9608269248214be9cea095186b3c894abf5a7713b1f0be0af06ed687154b66aec6e59450808e8a5d1cf8da4f35118dd1746e9de9d79b72cf2c3a1b5a0b351e1e97c1d2dff30970bfb3a81ff473ed7b0011d5f530e9a1a0ae5eea64c4271a8b15f08b655ddbaab145a18c41d774a8fd0ec9759e2665634775d995b7c93b76c39bfe2c3ee649f7bcc35150973907a973de03bcc8f3086af422ba6d224ed63315f5e8035f21cfff9e2f2a038750606c9ca065cfaec641710a699a92f2b908b954837d083de6d02eecf9fbce6c0670a3af5bc53e6ec094140e97b312e33ea53b59ff928884a251497fd808853d", 0xff)
syz_emit_vhci(0x0, 0xffffffffffffffc1)

10:22:46 executing program 3:
syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x3b)
mmap$snddsp_status(&(0x7f0000ffa000/0x4000)=nil, 0x1000, 0x6, 0x13, 0xffffffffffffffff, 0x82000000)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
socketpair(0x0, 0x2, 0x6, &(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r3)
write$P9_RRENAMEAT(r2, &(0x7f0000000000)={0x7, 0x4b, 0x1}, 0x7)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000100), r1)
sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x1c, r4, 0x100, 0x70bd27, 0x25dfdbfe, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x888}, 0x4008080)
syz_emit_vhci(&(0x7f0000000280)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2)

10:22:46 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0xffffff7f00000000)

10:22:46 executing program 4:
socketpair(0xf, 0x3, 0x1000000, &(0x7f0000000000))

10:22:46 executing program 2:
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000001140)={'syztnl1\x00', &(0x7f00000010c0)={'syztnl1\x00', <r0=>0x0, 0x4, 0x2, 0x3f, 0x7, 0x57, @local, @private1={0xfc, 0x1, '\x00', 0x2}, 0x8, 0x20, 0xffc0000, 0x3f}})
ioctl$sock_bt_bnep_BNEPGETCONNINFO(0xffffffffffffffff, 0x800442d3, &(0x7f00000012c0)={0x4, 0x7ff, 0xbb, @broadcast, 'macvlan1\x00'})
r1 = openat$incfs(0xffffffffffffffff, &(0x7f0000001180)='.log\x00', 0x444200, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000001240)={0xb0ec8c50dd9d0776, 0x2, &(0x7f0000000040)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @exit], &(0x7f0000000080)='syzkaller\x00', 0xfffffffc, 0x1000, &(0x7f00000000c0)=""/4096, 0x40f00, 0x18, '\x00', r0, 0x20, r1, 0x8, &(0x7f00000011c0)={0x3, 0x3}, 0x8, 0x10, &(0x7f0000001200)={0x3, 0x8, 0x2, 0xb1}, 0x10}, 0x78)
syz_emit_vhci(0x0, 0x3b)
syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2)

10:22:46 executing program 1:
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000))

10:22:46 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r0, 0xc00464c9, &(0x7f00000000c0))
r2 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r2, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
ioctl$BTRFS_IOC_SCRUB(r0, 0xc400941b, &(0x7f0000000100)={<r3=>0x0, 0x7fffffff, 0x2})
ioctl$BTRFS_IOC_BALANCE_V2(r2, 0xc4009420, &(0x7f0000000500)={0xf, 0x5, {0x10001, @struct={0x1ff, 0xffff7dfd}, 0x0, 0x3, 0x100, 0x9, 0x0, 0x800, 0x0, @usage=0x2, 0x7454, 0x6, [0x5, 0x2, 0x4, 0x3, 0x5, 0xcf99]}, {0xfa36, @usage=0x3b2f, r3, 0x81, 0xdf00, 0x25c, 0xffffffff, 0x7, 0x4, @usage=0x3, 0x3ff, 0x6, [0x1, 0x8, 0x9, 0xe, 0x3f]}, {0x3, @usage=0x8001, 0x0, 0xb8f, 0x9, 0x81, 0x4c3c, 0xa8, 0x418, @usage=0x3, 0x72b, 0xc6, [0x4, 0xffffffffffffffff, 0x18ac, 0x3f82, 0x84, 0x8]}, {0x1, 0x6, 0x6}})
ioctl$VIDIOC_QUERYBUF(0xffffffffffffffff, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x6b, 0x1, 'U]N8'}, 0x0, 0x0, @fd})
ioctl$VIDIOC_EXPBUF(r1, 0xc0405610, &(0x7f0000000000)={0x9, 0x8, 0x4, 0x4000})
syz_open_dev$vivid(&(0x7f0000000080), 0x2, 0x2)
r4 = socket$bt_bnep(0x1f, 0x3, 0x4)
ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(r4, 0x800442d4, &(0x7f0000000040)=0x700000)

10:22:46 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0xffffffff00000000)

10:22:47 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
syz_genetlink_get_family_id$batadv(&(0x7f0000000000), 0xffffffffffffffff)

10:22:47 executing program 4:
socketpair(0xf, 0x3, 0x2000000, &(0x7f0000000000))

10:22:47 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f00000001c0))
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={0x1, &(0x7f0000000000)="d5f0e0f12a6b0de506d70e8782b1987fd2188ec95d87412db60fcbd72a5b8c559dfafb0f8c09c4a8c8850b36d3571ca9f91e275e3c6b145205ed633d74c54add034955561a2e33ec1097e9f52e7ddf8034ff645518bed3e7bf6b0cf4eeda03c4863ed366420592100d168caee071", &(0x7f0000000080)=@buf="4d40964cb4f2be1f230887e05c823242f4d76cef150756dc1b5c21c44e51fe547a9b182320e813c53a9060c17328a31aa47ff956a699c88ebb19f7c9bc21765776cb6caaf3f5cc2f04c2681140704aaaa4d28bbeebf5f6e2dfdf871d4a1d70b928eefbbc600bcfe0a01e39dda5ea37027e29d9f7d44f31c806d3776a0797293773c46af074a8006aa034874d8718fb676de5ef4c26a2af42432bc9438d721a1480dee5078773faabb95f450432f77d801f863971c93f847e7fbbb20144b2f3a6f2556f064a6c57f45f9399271886403e5a62a0ccfa5bf1261b7fa1354708bd19055dcba0", 0x2}, 0x20)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={0x1, &(0x7f0000000200)="31af932c502bc110f3b7115ee2aca1c5717077d65f2d185c9be24549ea1206b839e9395d2b9f099688dd00a61eb15e1cb1ee12280a55314481e99dce5760e8f4a2d892de0cc854834a0ffd3855b62214aab05fd33a4ee4e5483d75738ed477b85ff11df7b34b56", &(0x7f0000000280)=@udp6, 0x1}, 0x20)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})

10:22:47 executing program 1:
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000))

10:22:47 executing program 2:
syz_emit_vhci(0x0, 0x3b)
mknodat$loop(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x100, 0x1)
open$dir(&(0x7f0000000040)='./file1\x00', 0x0, 0xc)

10:22:47 executing program 5:
ioctl$SNDRV_PCM_IOCTL_HW_PARAMS_OLD(0xffffffffffffffff, 0xc1004111, &(0x7f0000000140)={0x9, [0xf9, 0x20, 0x4], [{0x2, 0x40, 0x0, 0x0, 0x1}, {0x101, 0x984}, {0x4, 0x8, 0x0, 0x0, 0x0, 0x1}, {0x5, 0x9, 0x0, 0x1, 0x0, 0x1}, {0xa2, 0x4}, {0xf56b, 0x4000000, 0x1, 0x0, 0x0, 0x1}, {0x200, 0x800, 0x0, 0x1, 0x1, 0x1}, {0xffff7fff, 0xec}, {0x80, 0xbc1c, 0x1, 0x1, 0x1}, {0x9, 0x6, 0x0, 0x1, 0x0, 0x1}, {0x0, 0x8, 0x0, 0x0, 0x1}, {0x7, 0x7, 0x0, 0x1, 0x1}], 0x10001})
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:22:47 executing program 4:
socketpair(0xf, 0x3, 0x3000000, &(0x7f0000000000))

10:22:47 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
shmctl$IPC_RMID(r0, 0x0)
shmctl$IPC_INFO(r0, 0x3, &(0x7f0000000000)=""/3)
r1 = shmget$private(0x0, 0x1000, 0x800, &(0x7f0000ffc000/0x1000)=nil)
shmat(r1, &(0x7f0000ffc000/0x1000)=nil, 0x2000)

10:22:47 executing program 1:
socketpair(0xf, 0x3, 0x2, 0x0)

10:22:47 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f0000000000)={'ip6gretap0\x00'})
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})

10:22:48 executing program 2:
syz_emit_vhci(0x0, 0x3b)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$AUDIT_GET_FEATURE(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x3fb, 0x10, 0x70bd2a, 0x25dfdbfd, "", ["", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x55}, 0x90)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
r1 = syz_genetlink_get_family_id$gtp(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'batadv_slave_0\x00', <r2=>0x0})
sendmsg$GTP_CMD_NEWPDP(r0, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x24, r1, 0x100, 0x70bd2a, 0x25dfdbfe, {}, [@GTPA_LINK={0x8, 0x1, r2}, @GTPA_LINK={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x94}, 0x20000801)

10:22:48 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000000c0)={0x0, 0xffffffd9}, 0x2}, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r1, 0x28, 0x0, &(0x7f0000000000), 0x8)
ioctl$sock_bt_bnep_BNEPCONNADD(r0, 0x400442c8, &(0x7f0000000140)={0xffffffffffffffff, 0x0, 0xffff, "e3fc45cbe46c3106917d2c4784052d2a8d58331c9ddae17e4147ec1e47a60e77463b7c40ea209c7679f409e4495a9842d4c9"})

10:22:48 executing program 3:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0xffffffffffffff1f)

10:22:48 executing program 4:
socketpair(0xf, 0x3, 0x4000000, &(0x7f0000000000))

10:22:48 executing program 1:
socketpair(0xf, 0x3, 0x2, 0x0)

10:22:48 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
syz_open_dev$vivid(&(0x7f0000000380), 0x0, 0x2)
ioctl$vim2m_VIDIOC_PREPARE_BUF(0xffffffffffffffff, 0xc058565d, &(0x7f0000000040)={0x7, 0x0, 0x4, 0x10, 0x6, {}, {0x5, 0x1, 0x2, 0xe, 0x9a, 0x40, "959b7237"}, 0x2, 0x4, @planes=&(0x7f00000005c0)={0x7, 0x10, @fd, 0x5f}, 0xffff8000})
write$khugepaged_scan(0xffffffffffffffff, &(0x7f0000000500), 0x8)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_UNLINK(r2, 0x4161, 0x0)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r2)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_DEV_INFO(r1, 0xd000941e, &(0x7f0000000bc0)={0x0, "9d44d96b0d5062ae3e308ae08797aede"})
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r4)
ioctl$SNDRV_PCM_IOCTL_HW_FREE(r1, 0x4112, 0x0)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r4, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB, @ANYRES16=r3, @ANYBLOB="000025bd7000fcdbdf250d0000000500300000000000050029000000000008002b0001040000"], 0x2c}, 0x1, 0x0, 0x0, 0x8840}, 0x8000)
ioctl$VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f00000000c0)={0xffffffff, 0xb, 0x4, 0x800, 0x7fff, {0x77359400}, {0x2, 0x8, 0xff, 0x7, 0x1, 0x1f, "50806d7b"}, 0x8001, 0x1, @fd, 0x8, 0x0, r2})
r5 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000280)='.log\x00', 0x402081, 0x1df)
ioctl$SNDRV_PCM_IOCTL_STATUS64(r5, 0x80984120, &(0x7f00000002c0))
r6 = openat$incfs(r4, &(0x7f00000003c0)='.pending_reads\x00', 0x400200, 0x41)
sendmsg$SEG6_CMD_DUMPHMAC(r6, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x34, 0x0, 0x200, 0x70bd28, 0x25dfdbfc, {}, [@SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x1}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x7f}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x9}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x81}]}, 0x34}}, 0x20000000)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})

10:22:48 executing program 2:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x4c, 0x0, 0x400, 0x70bd2a, 0x25dfdbff, {}, [@BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x3}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x7}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x5c96}, @BATADV_ATTR_GW_SEL_CLASS={0x8}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000801}, 0x4000)
syz_emit_vhci(0x0, 0x3b)

10:22:48 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
r1 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_USER_TTY(r1, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000080)={&(0x7f0000000140)={0xb0, 0x464, 0x800, 0x70bd2a, 0x25dfdbff, "8cb8be22769b4458fc1e2c9dff3c7b7fa874d1148c010f81b97b70c629ead1fbdfec26989025e0925190d7d204e95c4360c83c67e94a8c5f9d623dbbcd46d251dd30351f15926fe97140a008421b67165edc816b826cd760c6d9068db69ffe7c83d04755ac450a38ce20c469aa2e6bfb1f1b5fa2afd819f01e682d59988f9bf27ec1c87583d15a44db07875d01ca79b7923ec3f4bf95bfd929f8731a708c", ["", "", "", "", ""]}, 0xb0}, 0x1, 0x0, 0x0, 0x8000}, 0x4008095)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:22:48 executing program 3:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0, 0x0, 0x0, <r1=>0xffffffffffffffff})
r2 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$vim2m_VIDIOC_PREPARE_BUF(0xffffffffffffffff, 0xc058565d, &(0x7f00000000c0)={0x8001, 0x0, 0x4, 0x4, 0xfff, {}, {0x4, 0x8, 0x80, 0xa5, 0x7, 0x0, "44b47d94"}, 0xd6, 0x4, @offset, 0x173})
ioctl$VIDIOC_QUERYBUF(r2, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {0x0, <r3=>0x0}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0, 0x0, 0x0, <r4=>0xffffffffffffffff})
r5 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r5, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {0x0, <r6=>0x0}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRESHEX, @ANYRES64=r4, @ANYRESHEX=r6, @ANYRES64=r2, @ANYRESHEX, @ANYRESDEC=r3, @ANYRESDEC=r1, @ANYRES64=r5, @ANYRESOCT, @ANYRESOCT], 0x3b)

10:22:48 executing program 1:
socketpair(0xf, 0x3, 0x2, 0x0)

10:22:48 executing program 4:
socketpair(0xf, 0x3, 0x7000000, &(0x7f0000000000))

10:22:49 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
socket(0x1a, 0x5, 0xc83b)
socket$inet6(0xa, 0x5, 0x200)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={0x0}, 0x2}, 0x0)

10:22:49 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)={0x18, 0x6, 0x8, 0x80, 0x20, r1, 0x10000, '\x00', 0x0, r1, 0x2, 0x2, 0x3}, 0x40)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x7, &(0x7f00000001c0)=@raw=[@ldst={0x2, 0x1, 0x0, 0xa, 0x4, 0xffffffffffffffff, 0x4}, @call={0x85, 0x0, 0x0, 0x89}, @map={0x18, 0x0, 0x1, 0x0, r2}, @jmp={0x5, 0x0, 0x3, 0xa, 0x9, 0x7c4c671e53e655b2, 0xffffffffffffffe8}, @map_val={0x18, 0x9, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x8}], &(0x7f0000000200)='GPL\x00', 0x3, 0x3d, &(0x7f0000000380)=""/61, 0x41100, 0x16, '\x00', 0x0, 0x0, r1, 0x8, &(0x7f0000000280)={0x3, 0x4}, 0x8, 0x10, &(0x7f00000002c0)={0x1, 0x8, 0xffff7fff, 0x5}, 0x10}, 0x78)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$gtp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$GTP_CMD_DELPDP(r3, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r4, 0x1}, 0x14}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv0\x00', <r5=>0x0})
sendmsg$GTP_CMD_DELPDP(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x34, r4, 0x200, 0x70bd26, 0x25dfdbfe, {}, [@GTPA_FLOW={0x6, 0x6, 0x2}, @GTPA_I_TEI={0x8}, @GTPA_LINK={0x8, 0x1, r5}, @GTPA_VERSION={0x8, 0x2, 0x1}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x60000020)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f00000003c0)={&(0x7f0000000240)=[0x7], 0x1, 0x80800, 0x0, <r6=>0xffffffffffffffff})
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000400)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)={0xa, 0x8, 0x1ff, 0x0, 0x1000, r6, 0x6, '\x00', r5, r7, 0x1, 0x7, 0x1}, 0x40)

10:22:49 executing program 2:
syz_emit_vhci(0x0, 0x3b)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
ioctl$SNDRV_PCM_IOCTL_STATUS32(r0, 0x806c4120, &(0x7f0000000000))
syz_genetlink_get_family_id$SEG6(&(0x7f00000000c0), r0)
r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000200), r0)
sendmsg$SEG6_CMD_DUMPHMAC(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x2c, r1, 0x2, 0x70bd2f, 0x25dfdbfe, {}, [@SEG6_ATTR_ALGID={0x5, 0x6, 0x51}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0xfffffffe}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x2}]}, 0x2c}}, 0x20040051)

10:22:49 executing program 3:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
r2 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r2, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYRESOCT=r0, @ANYRESDEC=r0, @ANYRES64=r1, @ANYRES16=r2], 0x3b)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000000)=[0xfff, 0xdd9, 0x5, 0x1, 0xfa, 0xe95, 0x8, 0x1, 0xe0, 0x2], 0xa, 0x80000, 0x0, <r3=>0xffffffffffffffff})
r4 = geteuid()
r5 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r5, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
clock_gettime(0x0, &(0x7f00000000c0)={<r6=>0x0, <r7=>0x0})
ioctl$VIDIOC_QUERYBUF(r5, 0xc0585609, &(0x7f0000000100)={0x800, 0xb, 0x4, 0x10, 0x81, {r6, r7/1000+60000}, {0x3, 0x0, 0x81, 0xff, 0x4, 0x0, "b14962fb"}, 0xc4, 0x4, @offset=0x1000, 0x1})
ioctl$BTRFS_IOC_DEV_REPLACE(0xffffffffffffffff, 0xca289435, &(0x7f0000000bc0)={0x1, 0x6, @start={0x0, 0x0, "87084fea5c5e8c3c26cf6575c684b04f3ba2827dc59188bb291331e170b57d64e2024ed175cbbe5b4398cf94f06e817613355ee737e7550d645f0820e0acba9fcf577ba9c3db89ed0ca72b784af1f39295b9d1e283e0bdc436ec74efd7422c7be206ca7aa29bcbdc20524e83e4ac249077fb6480646b4f57c9191989c802d9048630238edc9fd4bcf98393365847d3dcc566d1633e546f95fb2781af4b655eca5140660edc9b6ecb1176e0f01019aa67ee6bd027304700e1712382696b02b9ea5b5c1e08c7bf989a8900d1b771346f2bb00fc90874a2236f76151f6fb2d32d0613e60befeff4606f991a7f28ea689eb2f7e01052047f8017f3422a440dd035ba0a271a5da444e7af1c1d48946ecbe8654d403dccac13de84296942ceb55df3eb14872900a96fff2db911976e54874f4f9738efe2e90a0e6d754fc8374642231f9fdc1d468c05848465ee094c94886dce57d5f9823da7e98b9c400debe7b0b1b6c48f5fc59925a7f93f0c82312cbbbb94b3c1409879e1c43664175dba738f103681c2a8928c81686fd50cc3d922ba5407b244b038f47aadd975522354a707620909ec263327a0fb80dd76af02a2dd6907ced46a7d21a962aa448b7a78daf1aa6940bdb58b0e2826e4ca31f3b9fd0fb0c941c2626b292a6cf81034a87f099ce1f7a38f80421a4f9311d785ebcd85164de37389d3e0d9ae2112263acae9ef072128be52c1e4f603b396d1c399341b29da026a5837fab9e0984ae0c0ce91f76999ba31ae653988b828e230c9ec4e2e3957934b1092db770e1342ca2acbd3ccae3b4f1956a8df54e041d47a766edfa883f7a36986c275b5da2e24489a6ff1e74730f5d7a7c056e0cae4105b01b5d3709700ed59470c245622e1d10c71eef2e6aa209e960292b664373c07ce34ac4e29f506236bdfa9e07ae18fcccfdd2ca486dd59245e2eed73147d68ba80a1cb6d459b99f8c2dacea914e564326d52668745ce594c0d994f0d19ed8582fd920f5f25fe812164a43d19f65d7ff0fee3bbbcbbd71437fa64503f0bfde6657ca46b01c6dd79a75e75f2bf9689e58f3958343732e3e19f24d998af7c48793289072ada02996f10948e7af12bf7e424b9542c0536d414365e8860ffb9517a224bb1773fc6669449c9fbb7d9dbac289ff750399e225b3f6a7957ff81cfd87ead5d4a52b53b6b61323029a8ad5ed5f83516a5ba7cafde3e02ca83e367b99d8a4a41912fddbdcfad7e3515736c69be4e0e7a9dcf6b31638314748248b593564f9ae2a4e0427a35f9b7d686e57bc072a4b157976bf3914c15a600882536e5fe66f4bad929c12cf4acb1fa58b02b1bfd0904fb8d8cb31df7525e8722a068cfbbdea43fef83934200630c0d4d31c8eedd23ea9a5b4c82ee353502e30d37c99b5ecd55fcc1bdde7610dec77baa9d45bab9d65cb89ff8120829e68294", "5f920ac306e85bd6159ceaaf738f57b958def3bdbe047f05ccad02afcd4919891952dcaf55ad0d2a14e79e56f8c1f38a29264a8b56f33180dba85e38d94a3dd1296fbdff24e31dbeb56f3fb3f44c38d92ff1eba4e7273341bd5d931f85f10d9fb0116bc9f9b0d9d5a689e0a85a027e9d4752e76b0a10222647578adf2c9a4efb2592a17fd866ecfea588f6cf25065dc0c4a7981ac4ae77acf1b585120d7f65395c02471f27c576137788ef7e2cc3fddb101323af8e29cb11095de98358baae91f6000e6406b161fc4a1de4aba69447f68bb08cea152de2693d629efa0fa00395002ae5f21e47a97677f459a0e28dedb1ab2a2a9d32296643bbd0353df5691eb1c2227357fe830c3eaea221a95d632ebdffc4c577156c6fa0a56ee8f848c39c70a7de61f04fce63a5044ecf67540a6310e79942da921069c902291e98bb4900ff88108bc62fc2f4f85e554fbcadcc09d35b0ffff658591a50a1960f648c8cfcb422a92475ab120235db2c6d27ae00e239969535241d25b50faabbbf3e30bb0138efc274321c814fe98ddca153dae3742aa84d3299cf11050e5ae5f3702724882d984354f6641764b31752e8b53bb52cc30e54385dc4e24125f1b58bba01102ab7789b5e6540be0788e1b6db1e98cc271850440e8802d61d9260ce32582dee4ada4cda4a6f8ff5705d9f361a7580f41cc408a4dc3c898a3a3ac28c9a592808c4d2b0121ee5765ceb923768813095a6953aafcc276fe48b362a350000a9cbfdccfd79dd68046799ffb2a1097bf6467a8b8a4dcbc9fc4b9c5052da3950b2748bd4fe6fb4ee3f9c4feee0dae1f09a43588ebab85e6d446528d4fd2244d8e34156e6696665d305dfb4302fed8c4682f4e34654921567e37a2b17cee3dedc3b70c889fc8c73448bd22b50caf74811b8ff24462b5e3a4ecb264e022b91eb147a9e18b59d99654d567cedcfbb7e9a98e7bc5ffeb71f84e73c1d97592111aa726ea74955ddd5791e310d9db8e7afd25de6bc7fae72096006687563e54fe06b9608b8e7c84caaf1c4e6eeeed4c21b569d575e8bae0f82e5f50f1d07a26112244927f5e62d78c64fc30401009db1c3b10ac71c26e3d4e6d4c2ad0f416ef4f020ecdaea44388c3abd312d204587814719aca63d12f457ad05c87e3149033d1540038a964a108bb533bde743f512c84733d93340623d80299a5121680293aab00f1ee604610951dc2cb56bc87266839f43ee35476f13e52d2bdce9724f54d69ed5858f459054ee33f406b6b1ddd01b1cb2453046d4d87196cf4dd69b3cf452f315e1cc010023ce3cea017e8d1b476180e1a8c146a7eb10ad995ca6af963d71528dfe2574b813216143fa934e20cd354e7fd2206e8983eb720a9e3c56c3ad62a26e108ea1beb79d347d9323eac44d722b81bf70ec2c11709adc8a93f7f4fd2ea70ec6c47ce6b94752"}, [0x2b60, 0x0, 0xffffffff, 0x2, 0x200, 0x5c8bf63f, 0x8000, 0xefc, 0x2, 0x7, 0xfff0000000000000, 0x0, 0x8, 0xa979, 0x100000000, 0xdf6, 0x4d29, 0x40, 0x7e2, 0x3, 0xfff, 0x2, 0x3, 0x4, 0x401, 0x4, 0xacc1, 0x0, 0x40, 0xffffffff, 0xffff, 0x1, 0x6, 0x0, 0x3, 0x3, 0x1, 0x0, 0x2, 0x2, 0x1, 0x338, 0x2, 0x40000000000, 0x3f, 0x5, 0xe, 0x5, 0x3f, 0x3, 0x7, 0x4, 0x80000001, 0xeb4f, 0x0, 0x5, 0xe259, 0xf3, 0x400000, 0x800, 0x80, 0x2, 0xb2e, 0x2]})
ioctl$TUNSETOWNER(r3, 0x400454cc, r4)

10:22:49 executing program 1:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
shmctl$IPC_RMID(r0, 0x0)
shmctl$IPC_INFO(r0, 0x3, &(0x7f0000000000)=""/3)
r1 = shmget$private(0x0, 0x1000, 0x800, &(0x7f0000ffc000/0x1000)=nil)
shmat(r1, &(0x7f0000ffc000/0x1000)=nil, 0x2000)

10:22:49 executing program 4:
socketpair(0xf, 0x3, 0x10000000, &(0x7f0000000000))

10:22:49 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000000c0)={0x0}, 0x2}, 0x0)

10:22:49 executing program 2:
syz_emit_vhci(0x0, 0x3b)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
ioctl$SNDRV_PCM_IOCTL_RESUME(r0, 0x4147, 0x0)

10:22:49 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})
r1 = socket$bt_bnep(0x1f, 0x3, 0x4)
ioctl$sock_bt_bnep_BNEPCONNADD(r1, 0x400442c8, &(0x7f0000000000)={0xffffffffffffffff, 0x9dd9, 0x3, "d24e01b5fd9a43e0886b39bb386aa0ebb028a2a634dc7937a863a606afba7a5eaea8e36ec448709917526205ed693c277455245daa23a054dbbd9f6fbc37a4a55959f923e8e6d9a07a56140c195f1ec483b3e3c7db961e712e9bc6b85c59ac3a9e94d55cc8aa7b3207624c8d7e89c1fe937b1bf2cfc6abbf0cb6d1bac5e6ebfb34e8d722996b294388f87b234827c9ba86e6e37860a7af7ccf257f9ecd7882e1e4ec3495a5520360a990f70f523da2d4839327de36ce3094e55b36ffd5131b5675f8d7208d516181cb0b"})

10:22:49 executing program 1:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
shmctl$IPC_RMID(r0, 0x0)
shmctl$IPC_INFO(r0, 0x3, &(0x7f0000000000)=""/3)
r1 = shmget$private(0x0, 0x1000, 0x800, &(0x7f0000ffc000/0x1000)=nil)
shmat(r1, &(0x7f0000ffc000/0x1000)=nil, 0x2000)

10:22:49 executing program 3:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {0x0, <r1=>0x0}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
r2 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r2, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRES16, @ANYRES64, @ANYRESOCT=0x0, @ANYRES64, @ANYRESHEX=0x0, @ANYRES16=r0, @ANYBLOB="b708f594deca33ca05a01af60f581d8d9c3590237cfdcb4f2fbf6b0e3b1757f59ee9a64d5f8d56c98a161bbccfe8c89cda19ecdaf6763e5f525757be0e525f75bc53bb8810eb", @ANYRESOCT=r1, @ANYRESDEC=0x0, @ANYRESOCT=r2], 0x3b)

10:22:50 executing program 4:
socketpair(0xf, 0x3, 0x40000000, &(0x7f0000000000))

10:22:50 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[], 0x2c}}, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0}, 0x2}, 0x4c001)

10:22:50 executing program 2:
syz_emit_vhci(0x0, 0x3b)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40106614, &(0x7f0000000000))

10:22:50 executing program 1:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
shmctl$IPC_RMID(r0, 0x0)
shmctl$IPC_INFO(r0, 0x3, &(0x7f0000000000)=""/3)
r1 = shmget$private(0x0, 0x1000, 0x800, &(0x7f0000ffc000/0x1000)=nil)
shmat(r1, &(0x7f0000ffc000/0x1000)=nil, 0x2000)

10:22:50 executing program 0:
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x24800, 0x0)
r1 = openat$incfs(r0, &(0x7f0000000040)='.pending_reads\x00', 0x240000, 0x154)
clock_gettime(0x0, &(0x7f0000000080)={<r2=>0x0, <r3=>0x0})
clock_gettime(0x5, &(0x7f0000000140))
ioctl$vim2m_VIDIOC_PREPARE_BUF(r1, 0xc058565d, &(0x7f00000000c0)={0x8, 0x0, 0x4, 0x800, 0x0, {r2, r3/1000+10000}, {0x4, 0x2, 0x1, 0x81, 0x49, 0x0, "ad38c118"}, 0x6, 0x1, @fd=<r4=>r0, 0x3ff, 0x0, r1})
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r5)
r6 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r6, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
ioctl$VIDIOC_DQBUF(r6, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @fd=r4, 0x0, 0x0, r5})

10:22:50 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
syz_open_dev$sndpcmp(&(0x7f0000000000), 0x400, 0x200000)

10:22:50 executing program 4:
socketpair(0xf, 0x3, 0xfeffffff, &(0x7f0000000000))

10:22:50 executing program 5:
ioctl$sock_bt_bnep_BNEPGETCONNLIST(0xffffffffffffffff, 0x800442d2, &(0x7f0000000140)={0x3, &(0x7f0000000040)=[{0x0, 0x0, 0x0, @local}, {0x0, 0x0, 0x0, @random}, {0x0, 0x0, 0x0, @dev}]})
r0 = socket(0x2, 0xa, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r3, 0x1}, 0x14}}, 0x0)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r1, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x44, r3, 0x100, 0x70bd28, 0x25dfdbfc, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0xfffffffe}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0xfffffffb}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_VLANID={0x6}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x6}]}, 0x44}, 0x1, 0x0, 0x0, 0x20000040}, 0x20008000)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:22:50 executing program 1:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
shmctl$IPC_RMID(r0, 0x0)
shmctl$IPC_INFO(r0, 0x3, &(0x7f0000000000)=""/3)
shmget$private(0x0, 0x1000, 0x800, &(0x7f0000ffc000/0x1000)=nil)

10:22:50 executing program 2:
syz_emit_vhci(0x0, 0x3b)
syz_emit_vhci(&(0x7f0000000000)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x43}, "8c6fa254c77118651253896c9ede0fea9b8be8a15f2054bcfe829e33f0216884c5fdbd75b81c7bec425e5225dafb49116143315bf41a51271b2d8266400e9ef3631438"}, 0x47)

10:22:50 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r0)

10:22:51 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})
openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0)

10:22:51 executing program 4:
socketpair(0xf, 0x3, 0xfffffffe, &(0x7f0000000000))

10:22:51 executing program 5:
r0 = socket(0x2b, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:22:51 executing program 1:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
shmctl$IPC_RMID(r0, 0x0)
shmctl$IPC_INFO(r0, 0x3, &(0x7f0000000000)=""/3)

10:22:51 executing program 2:
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000000c0)={'ip6gre0\x00', &(0x7f0000000040)={'syztnl1\x00', <r1=>0x0, 0x2f, 0x6, 0x1, 0x0, 0x1, @mcast1, @remote, 0x7800, 0x700, 0x8001, 0x6}})
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000180)={'syztnl0\x00', &(0x7f0000000100)={'syztnl1\x00', r1, 0x2f, 0x0, 0x8, 0x3f, 0x0, @mcast2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x80, 0x700, 0x6, 0x1}})

10:22:51 executing program 3:
ioctl$TUNSETPERSIST(0xffffffffffffffff, 0x400454cb, 0x1)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRESOCT, @ANYRESOCT, @ANYBLOB="ac8986416f0b4fe9fd049b7a2eef3ff2c0b3912be7b125d05e21568e894c29acabd66a75100d2d65da4d5dafb91971dd4c5eb64bc89cde7f0e9afc2e03ef733494ece5d30f2dfe6d598a996426a7fd2c6e535dbdd91f2a4aa7f6edc52f6b5ceda881476114bed36ab9746759d9502a61d94e7b1a3b8f72e98f625612b347d76c7b3cf20dfb682e40aee3037171a8c8e70bf7eab0f3be2102fb851a12e6f1c809b132a132b666be71ba1da24c8761cd1393f5c7aa65e50f83", @ANYRESDEC, @ANYRESHEX, @ANYRES16=0x0, @ANYRES64, @ANYRESDEC=0x0], 0x3b)

10:22:51 executing program 0:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
mmap$snddsp_status(&(0x7f0000ffd000/0x3000)=nil, 0x1000, 0x2000003, 0x4000011, r0, 0x82000000)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
ioctl$TUNDETACHFILTER(r0, 0x401054d6, 0x0)
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000240)={&(0x7f0000000140)=[0x8], 0x1, 0x80000, 0x0, <r2=>0xffffffffffffffff})
ioctl$VIDIOC_DQBUF(r1, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x2, 0x0, @fd=r2})

10:22:51 executing program 4:
socketpair(0xf, 0x3, 0x0, &(0x7f0000000040))

10:22:51 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)
ioctl$BTRFS_IOC_DEV_REPLACE(r0, 0xca289435, &(0x7f0000000140)={0x1, 0x5, @start={0x0, 0x1, "16eaaf3e90fed28c93a562f8e8c5d7a19a8014c63368385c7e11fcbe522200f3054b832e03a74412086832d2bcd7631a910a4ed3608b79a1c5420ca76751ff8247e7a760a37bded4dd975ba6dbb8d76dacc6dc8f34a182462136b66b87949d3a5a5bea9e99a1c294cb69856a89aa6cfa041e9d1e3ee21d6275f76aea708d00d83fdb5fbc00fd191dd02a694199c681904d09aa20f1de2906a4b01ab1cba0ad87f465d567ea63b93e27d67653bdf21cb0acec179a73b22a046b52c5f1c1d56e83d8cf277f1d70be7014523a5458bac700e8909bdd337ee17550b55693321d905ffecd5bd11430ba3ecfe6b15e9623675e69a763893b7e84f82e8e84843936a0074a64896293bb20c2cab92557d89c4c43520a0fe12f6124459b27f5f43a8f3fb238e9adec8f1d14d35cf165fd79dc474648bd96dbc7cb284fd0bf2d9d76491ad87065e2333e1748db49b107735ca8282dfda6655020d51a4b36ca58d342865d024f2953ac1d0bfbe9bfdfc632dd0ea2c4bfe4b09b5eb01ee2de518c6f2f572aa831ff90a7478f21247d3f146fb7a008f927720e41eb67caf55d9a671eb21b561460cb020824348f4b90da0db9c68622f027d6965c1f008d5badcc224816aaa3b4191c975a7a6ead0585e02c652e3bcde8e0c63dc8d56058a472b30c4243c9f4c0c68a1ae959e0f48f5f2f35f4905a428ed54669012d74f76d2a5dff174ab2eac0914018e1cf5c249efd179543a1fa107a0856c03bfc6695dfcddce412185371cfffd3433d605ba8cfaf4ccb599ccd489f721b6159557764dc9e7d0162dec842e73a91cc9c46cec6af3b64b5a13266cc2a6148f0a53a2a8087cf5241b0b2ea073e18ace4f64ef361adf199c341981a27f78263f0861556677afbbc9e1855de02a8104213b443a2c2264a102448469271bcb380d2f032c030e76789e67bc1b62250e0ced2b2bcc93ba88cb94042d68a8802db3d5b37aaa77bb0814646954d63c07c4b11742ffee29458c43337abf282a5a8d2b63bd63c98d023fdf0cb9cf22e130cc43f823ec5ee7d28cfdbf5a608c55941ca70aa0cc882e7993f79e100943de237f4abad5365e6b21e44a1b1bd09676296aca8db8b94fa6090f0c30957190f7de84a2fd6deabbad7aa3208313ccddf53595f9ab077bb42d1f88406dffd772d2d476cceec768a10b634c24fdc98864626ab8f9d1a071bcac7f43ebfe9eed7d26e168febab83605aec4b40f4a9194dff2d5949278d14577338fdd5e68dfdd0d8cc5fe1305080a42929c36b60b917f59c244b66a61edb7f6bf292e678ad9a91606be22195b411077b9b79986efd4324e9e420f6461ff387d7147272e58c83c8348cd82c2eea7942a5913a90477924a3f0288061fcadd2df1cc472aa51a266031c2bd7a7625e82655dbc4e621160823dfb283b7fd2816da590e4dbc336faa7c15fdaba0d", "4158ce77744d33a787b72e090d8a08cd53f24160eb67e9c868ac1b7bb2440256f941ffe6711d293792e7f75eae88f8ab3f045f495e3f4a7406c1a01ae37a840a57b0d13028bafa7058b9bb038ed6cf19ea817ee091c266264b7006b8eca77fe9644068c50bd3038ae8e74d766c5026a7eaf63aba272506c26cbecf2d2c8c64ee6f0043e749a0402acb19773f7b438aa5f70906c7416dc398df37845edc334364aa451b2ef79b19e0005d8bcc2b113bee3b88036acbd91fb02d2b28fccddb3c6de6e984060b3527259def2c0f3b1db5ffd0aa1f8cf62e60ce02a59838c375b0f075a2430e83ce99e9f974d8de587a529042964523d8498d2139604b080952853e37e03971940378d1324a62b5f869042376bc0950bdbae2800b4733791a81b906afe84b06932213db4a0d55ed32ee1b3feeca65fcd63cb91b66a6f3bc9e31c6be9abc2d2e2453e5533a60036a8b8e864d8d3f4a11aa09bb8fae3af0afaf3c2a35009da0c381437f6f8dad07b361c73213e4c4d15988142a1d9a66cf98a6422fd262c1a16dc35962d3a1c0172fc7dd03203040f8c8ee299eb857f861e40d67ba14b6ae3dc9161d064ade06e213fcf73b5e2f713a59ede189f1b36e741ab8d6959c4928d3435f75f26caf5b8471245af094e11ee659ec9933f8fd694e0d3f8c9d5929f96d8bedb046556b26f0ffdfe151305b6735298731692a4a6457fa740c8b5a0cdd0fdd91d68cb20b1e80424f29450d154c53ab5621864005be228fe4e2e347c807f7999737de867133c89576c7549922745bf557358816f876e5fc4f9070809daa18c70e37bff6178ee1738f1f9f6c4e7e97f0641efba7b3141a1137045dc8a55bb6be5fdeb04246dc43fe39b7097e2742fd8b2a6b0be71ca929baf7631d2c55e3ab4277b14cbd0492c47e209fee6ed6c10affac0dcd689542dafba94ce75bd102712183e99af67112fcefbadd81a596348ecf8c7c4351bbe5bfceba7ce19f9f9837452cf16c72d900e5e16bde7e809384e3fb6866375f2a7e88b1fe88495f94240630fa2dc3fe1275a9ca51c932956230c1aef8b148268def85cd322246fb7676952cc4a0116a88d531820caffac7e20f48dbb7b086bade331a4d1e8b972cf699525ee17e46242f31ce5eac99e2b3f1e894eec8f806e12c0a6c8b0b26b8ca3c6582dec4f11f828bd1543d77a221b217e2cef0119c58f8566397ebc5145dd64d87ef2cf3ddef2df115ca127a3c27d384aeab7479415fbc8a7a565e7ff3beb966724891ad3d4756f571965ca812a30cf6bae0827e30cdb264f84e62b0e75d892a03ef2f52926108c898ac66893099749a1b131c2a3e78483062c2ab2be412824337f710120cecd1ffc2982096ed8fc56470f2bf5a570e06d9a9998c249ab1e04134f1a654cb3ad92042ad508e02a979a08dedf55a99e51bf7735ab7320cdee843"}, [0x2, 0x76, 0x100000001, 0x7, 0x8, 0x1ff, 0x100000001, 0x4, 0x9, 0xd49, 0x81, 0x3f, 0x101, 0x7fffffff, 0x1, 0x5, 0x0, 0x9, 0x1, 0x81, 0x93, 0x7, 0x7, 0x80000000, 0x40, 0x2, 0x1ff, 0x7c, 0x4, 0x7b6, 0xfffffffffffffff9, 0x7, 0x1, 0x9, 0x8, 0xfffffffffffff23c, 0x7, 0x7, 0x8, 0x7, 0x8, 0x1, 0x2, 0x8, 0x5, 0x5, 0x7, 0xfffffffffffffffd, 0x4, 0x81, 0x3, 0x80, 0x5, 0x1, 0xfffffffffffffffd, 0xffffffffffffff7f, 0x1, 0x10001, 0x7, 0x9, 0x0, 0x3, 0xffffffffffff7fff, 0x400]})

10:22:51 executing program 1:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
shmctl$IPC_INFO(r0, 0x3, &(0x7f0000000000)=""/3)

10:22:51 executing program 2:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040), 0x0, 0x800})
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r2)
ioctl$SNDRV_PCM_IOCTL_HW_FREE(r0, 0x4112, 0x0)
sendmsg$BATADV_CMD_TP_METER(r1, &(0x7f0000000340)={&(0x7f0000000280), 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x2c, r3, 0x8, 0x70bd27, 0x25dfdbff, {}, [@BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8000}, 0x4000080)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="02c9500a00060005001a5e02000900b4ecdac89b76d35be48388aa5900730772ed6d4588543099730538daf8989d955033db6d493b1dc548d62f36a4af35a51ee65d7cdd44779aacb8fe50ec8a86d82685845b5c9b38a40de5f1767da0766f13cf75f1671865a4143b1ce663afa8ae"], 0xf)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r4, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, r3, 0x10, 0x70bd2b, 0x25dfdbfc, {}, [@BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x789}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x4000000)
ioctl$SNAPSHOT_S2RAM(r1, 0x330b)

10:22:52 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
ioctl$NS_GET_USERNS(r0, 0xb701, 0x0)

10:22:52 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {}, 0x0, 0x0, @planes=0x0})

10:22:52 executing program 4:
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000))
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
ioctl$VIDIOC_EXPBUF(0xffffffffffffffff, 0xc0405610, &(0x7f0000000040)={0x3, 0x8, 0x5, 0x84000, r0})

10:22:52 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r1, 0xc0884113, &(0x7f0000000140)={0x1, 0x4f47, 0x5, 0x10001, 0x4, 0x20000000000000, 0x1, 0x0, 0x8001, 0x2, 0x4, 0x4})
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:22:52 executing program 1:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
shmctl$IPC_INFO(0x0, 0x3, &(0x7f0000000000)=""/3)

10:22:52 executing program 2:
ioctl$TUNSETGROUP(0xffffffffffffffff, 0x400454ce, 0xffffffffffffffff)
syz_emit_vhci(0x0, 0x3b)

10:22:52 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
socketpair(0x6, 0x5, 0x6, &(0x7f0000000000))
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
openat$incfs(r0, &(0x7f0000000080)='.pending_reads\x00', 0x2200, 0x10)
ioctl$NS_GET_USERNS(r0, 0xb701, 0x0)
syz_emit_vhci(&(0x7f00000000c0)=@HCI_SCODATA_PKT={0x3, {0xc8, 0xd1}, "c6f2952f7304b8f8f3637ed0211942444bc58ef6c08b98d6cff0727cd5e9ee430aebe647e4641b74995a780996d2b036a205090a0310225714d78d09e92e01e3edb08ac337986cb1a3bc3123d2a7d0dea327e398a9c471862419e6f021581d344f4a2b366964ce17e3592faa217c52bb80595fea86771fffa9898c5a692ba4ed2aeec710be24a8e5173b4c70e827414b001a37d7869adb8322394533ca181143ab035afd68c4114f9850a92cd4fcbac4717d84a13e798a216cb2fa4e94c67409dc409eb992d5f342c5560c1f0f82775fc2"}, 0xd5)
geteuid()

10:22:52 executing program 0:
ioctl$BTRFS_IOC_DEV_REPLACE(0xffffffffffffffff, 0xca289435, &(0x7f0000000ac0)={0x1, 0x7f, @status={[0xffffffffffffffff, 0x42, 0x4, 0x2, 0x0, 0x101]}, [0x6c9, 0x11, 0x7, 0x9, 0x1, 0x6, 0x5, 0x100, 0x1, 0x87, 0x7, 0x6, 0x1, 0x0, 0x5, 0xae00, 0x4, 0x3, 0x4, 0xfffffffffffffffe, 0x1, 0x80, 0xffffffffffffff80, 0x9, 0x7, 0x3, 0x80000001, 0x8, 0x8, 0x5, 0x400, 0x8000, 0xffffffff, 0x6, 0x8, 0x1, 0xffff, 0x8001, 0x8, 0x80, 0x7fff, 0x6, 0x1, 0x8001, 0x7, 0x3, 0xbe8, 0x7fffffff, 0x8, 0x80000001, 0x7, 0x7ff, 0x9, 0x2a9, 0xc1, 0x5, 0x1d, 0x3, 0x7, 0x2, 0x9, 0x1, 0x5, 0x7]})
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x0, 0x1, 0x4, 0x0, 0x1ff, {}, {0x7, 0x854f25d7aca363fd, 0x7, 0x0, 0xc0, 0x20, "02b8f25c"}, 0xffff, 0x2, @fd, 0x5})
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})

10:22:52 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)

10:22:52 executing program 4:
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$MON_IOCH_MFLUSH(0xffffffffffffffff, 0x9208, 0x100000001)
sendmsg$GTP_CMD_GETPDP(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000825bd7000fedbdf250200000008000700", @ANYRES32, @ANYRESOCT=r0], 0x24}, 0x1, 0x0, 0x0, 0x810}, 0x4020004)
r2 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_GET(r2, &(0x7f0000000440)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x10, 0x3e8, 0x300, 0x70bd2d, 0x25dfdbfb, "", ["", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x800}, 0x20040084)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="f3010000a0e20acf66d56a59f829f5125bc9a2c4fdee80d73ea0d41eb3b192d93c9d3cfc5f707299f47f10298168a3aa5bce172a54ad8b1a1c93814e860393932c989ef644df7eb382cab78420c76a99347ce9bee56034d08f892ecbfef8ce39fdaac0eca6face99d0f9693672880778130efa0e290255e392ae74244f1fe81b753137053d895f959f5944c7c586adb43c97bbfa2a7b0be52b7be136479e0cd659a3218b10ae82d53d0591ba1e0565ee0c188716cb846581e939f4215878aa60da", @ANYRES16=r4, @ANYBLOB="010000000000000000000c000000"], 0x14}}, 0x0)
sendmsg$BATADV_CMD_GET_ORIGINATORS(r1, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r4, 0x10, 0x70bd26, 0x25dfdbfb, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000041}, 0x0)

10:22:52 executing program 1:
shmctl$IPC_INFO(0x0, 0x3, &(0x7f0000000000)=""/3)

10:22:53 executing program 3:
sendmsg$SEG6_CMD_DUMPHMAC(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x18, 0x0, 0x300, 0x70bd28, 0x25dfdbfe, {}, [@SEG6_ATTR_SECRET={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0xc080}, 0x4084)
syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYRESHEX, @ANYRES32, @ANYRESHEX, @ANYRESOCT, @ANYRESDEC=0x0, @ANYRES16, @ANYRES32], 0xfffffffffffffe3b)

10:22:53 executing program 2:
syz_emit_vhci(0x0, 0xfffffd06)
ioctl$MON_IOCQ_RING_SIZE(0xffffffffffffffff, 0x9205)

10:22:53 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})
r1 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
shmctl$IPC_RMID(r1, 0x0)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r2)
ioctl$SNAPSHOT_FREE(r2, 0x3305)
shmat(r1, &(0x7f0000ffb000/0x3000)=nil, 0x4000)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000000)=[0x2, 0x400, 0xfffffbff, 0x6d, 0xfffffffc], 0x5, 0x0, 0x0, <r3=>0xffffffffffffffff})
ioctl$vim2m_VIDIOC_QUERYBUF(0xffffffffffffffff, 0xc0585609, &(0x7f0000000080)={0x0, 0x2, 0x4, 0x10, 0x8, {0x0, 0xea60}, {0x1, 0x8, 0x2, 0x20, 0x0, 0x6, "84204a41"}, 0x21c00, 0x2, @userptr=0x9dd, 0x2, 0x0, r3})

10:22:53 executing program 5:
r0 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x2710, @hyper}, 0x10, 0x80800)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000080)={'batadv_slave_0\x00'})
linkat(0xffffffffffffffff, &(0x7f0000000dc0)='./file0\x00', 0xffffffffffffffff, 0x0, 0x0)
r1 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r1, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:22:53 executing program 4:
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000))
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={0xffffffffffffffff, &(0x7f0000000040)="8c879643cf430fd7bca6366509bf29bb596e424a5752816cb3bb21f75ae4adab58f44aef289cfba18aae5539da7ea6452d5c64aec2e742b578c4d149e39e08c17d45a1433555b0f1c12f339bee1a9c3c513874bf2c42a571182da5eb5773c91180be5b085938cc4e479eadb8ac4d2eb520420d8866209ffa63ebb1870a45540eca91e740af5a46a43d753eb607af7d67ccbb71b7418bc3e3b6b9f49f7d9bf497ba7d1f9d085fbaf6d48bf03d10626a43000ff032bd9c7dad66ccf4abe66f37a864b1a8a9b9f8f3c135a5992ded9b1f9f03ee9b5e6faa555949386c8ce55608b2882e58bcfdd944cc55", &(0x7f0000000140)=@tcp6=r0, 0x2}, 0x20)

10:22:53 executing program 1:
shmctl$IPC_INFO(0x0, 0x3, &(0x7f0000000000)=""/3)

10:22:53 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="02c80502000054d3d11593aaccac778d9892901d7d88dd732a61008b04efab45c66c0000000000008d5f4f4c888047cc943ab6c396deb28ba9df14ae0347faef182d4fc37e517a377443d86c2daa26300022b2633dca6eaf0706b5bd98fb898e93b11fed5e72d7e61d225feae9a6706fffea384003d5f62028aedfe8baf6f7853fbd0000000094f01639cda18d1fe1f3538eae4e8364612891ad544e667ff85e9fea182d935b33834049ed58d2cd517f350b3456864d9cbebbeeaffb72c378f7c6ae94804e76b5e05d29e8"], 0xf)

10:22:53 executing program 2:
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r0, 0x28, 0x0, &(0x7f0000000000), 0x8)
setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r0, 0x28, 0x0, &(0x7f0000000000)=0xffff, 0x8)
syz_emit_vhci(0x0, 0x3b)

10:22:53 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x34, r1, 0x400, 0x70bd25, 0x25dfdbfd, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x4}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x4}, @BATADV_ATTR_BONDING_ENABLED={0x5}]}, 0x34}}, 0x1)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x10000, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})

10:22:53 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0}, 0x2, 0x0, 0x0, 0x40804}, 0x0)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x4040, 0x0)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r1, 0x84009422, &(0x7f0000000140)={0x0, 0x0, {}, {0x0, @usage, <r3=>0x0}, {0x0, @struct}})
ioctl$BTRFS_IOC_SCRUB(r2, 0xc400941b, &(0x7f0000000540)={r3, 0x8, 0x1})

[ 3257.367917][ T6375] Bluetooth: hci3: ACL packet for unknown connection handle 1480
10:22:53 executing program 4:
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x8402, 0x0)
ioctl$SNDRV_PCM_IOCTL_CHANNEL_INFO(r0, 0x80184132, &(0x7f0000000080))
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f00000000c0)={0x10, 0x1ae0a10d4fb213e1, {0x80000000, @usage=0x1ff, 0x0, 0x100, 0x2bd, 0x5, 0x800, 0x4, 0x6c, @usage=0x5c6a, 0xffffff4d, 0x3, [0x8, 0x101, 0x90, 0xffffffffffffff00, 0xffff, 0x8]}, {0x8000, @usage=0x8, 0x0, 0xffffffffffffffa8, 0x7f, 0x1, 0xb0, 0x8, 0x4b1, @usage=0xffff, 0xffffffe0, 0x2, [0x8, 0x0, 0xffc000000000000, 0xffffffff, 0x64, 0x7f]}, {0x80000000, @usage=0x5, <r2=>0x0, 0x1, 0x0, 0x3, 0x1, 0x5, 0x2, @usage=0x9, 0x666, 0x3ff, [0x4, 0x7, 0x6, 0x1, 0x3f, 0x298d6ca]}, {0x8, 0x7, 0x80000001}})
ioctl$BTRFS_IOC_DEV_INFO(r0, 0xd000941e, &(0x7f00000004c0)={<r3=>0x0, "bb4abdb479f9adb1e6bd42f9151fce86"})
ioctl$BTRFS_IOC_BALANCE_V2(r1, 0xc4009420, &(0x7f00000014c0)={0x1, 0x0, {0x80000001, @usage=0x8, 0x0, 0x40, 0x735, 0x9, 0x8, 0x1, 0x4, @struct={0x4, 0x1}, 0xff, 0xce3, [0x1000000000, 0x20, 0x58f1, 0x3ff, 0x0, 0x80000001]}, {0xb9, @usage=0x100000001, r2, 0x3, 0x10001, 0xffff, 0xec, 0x101, 0x420, @struct={0xffffffc6, 0xb30d}, 0x1, 0xffff02de, [0x9, 0xfffffffffffffff7, 0x8001, 0x3, 0x2]}, {0x592, @usage=0x800, r3, 0x2, 0x1000, 0x2, 0x0, 0x8, 0x0, @usage=0x3, 0x34, 0x0, [0xffff, 0x7, 0x3, 0x8, 0x80000001, 0x100000000]}, {0x7, 0x8001, 0x2c}})
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000))

10:22:54 executing program 1:
shmctl$IPC_INFO(0x0, 0x3, &(0x7f0000000000)=""/3)

10:22:54 executing program 5:
r0 = openat$incfs(0xffffffffffffffff, &(0x7f0000000040)='.log\x00', 0x20100, 0x48)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
sendmsg$AUDIT_TTY_GET(r1, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x10, 0x3f8, 0x200, 0x70bd27, 0x25dfdbfe, "", ["", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x4000080}, 0x0)
ioctl$MON_IOCH_MFLUSH(r0, 0x9208, 0x7c62)
r2 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r2, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)
ioctl$SNDRV_PCM_IOCTL_REWIND(r0, 0x40084146, &(0x7f0000000300)=0x10001)
sendmsg$AUDIT_TRIM(r2, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x10, 0x3f6, 0xa, 0x70bd27, 0x25dfdbfe, "", ["", "", "", ""]}, 0x10}}, 0x4c080)

10:22:54 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2)

10:22:54 executing program 2:
syz_emit_vhci(0x0, 0x3b)
memfd_create(&(0x7f00000001c0)='*\x00', 0x2)
r0 = ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
ioctl$NS_GET_PARENT(r0, 0xb702, 0x0)
sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x3e8, 0x100, 0x70bd28, 0x25dfdbfd, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x4000000}, 0x14)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r1, 0x28, 0x0, &(0x7f0000000000), 0x8)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
ioctl$NS_GET_PARENT(r0, 0xb702, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r2)
write$snapshot(r2, &(0x7f0000000140)="3e54f2827cb76c1d1fe76d4011b8bad718e40fc68793507070bb863f8661534fa991a721efdd15d271bab65bd62dc521ef2c431c293629eb7f27c1af98662763b00ba2d471ffcdab61dca9e7e0f54e64817218e8c93dec65d9da40f9836e7baefd7c6f6ad095739cfe79ff567dc73da79e55d5e1fe8ab2de9344df", 0x7b)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00'})

10:22:54 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x1, 0x0, 0x0, 0x4, 0x0, 0x0, "0400ffff"}, 0x0, 0x0, @planes=0x0})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f00000001c0)={&(0x7f0000000080)=[0x4, 0x0], 0x2, 0x800, 0x0, <r1=>0xffffffffffffffff})
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0xd, 0x5, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1}, [@map={0x18, 0x2, 0x1, 0x0, r1}]}, &(0x7f0000000040)='GPL\x00', 0x5, 0x19000, &(0x7f0000001500)=""/102400, 0x40f00, 0x2, '\x00', 0x0, 0x6, 0xffffffffffffffff, 0x8, &(0x7f00000000c0)={0x4, 0x3}, 0x8, 0x10, &(0x7f0000000100)={0x1, 0xc, 0x9, 0x2}, 0x10}, 0x78)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r3)
ioctl$vim2m_VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f0000000200)={0x8, 0x3, 0x4, 0x4, 0xd, {0x0, 0xea60}, {0x0, 0xc, 0xc3, 0x8, 0x3f, 0xc5, "03bc25bb"}, 0x5, 0x3, @fd=r1, 0x3ff, 0x0, r3})
ioctl$BTRFS_IOC_DEV_REPLACE(r2, 0xca289435, &(0x7f0000000ac0)={0x0, 0xc583, @status={[0x5, 0x40, 0x7, 0xea, 0x5, 0xf2]}, [0x8, 0xff, 0x7, 0x1, 0x7, 0x6, 0x9, 0x2, 0xf66, 0xffffffffffffffff, 0xfff, 0x3, 0x44, 0x8, 0x10000000000000, 0x0, 0x9, 0xff, 0x2, 0xfff, 0x8, 0x78, 0x1, 0xcfc, 0x98, 0xfffffffffffffffe, 0xfff000, 0x0, 0x3, 0x100, 0x6b6f, 0x1, 0x101, 0x9, 0x5e, 0x2, 0x4, 0x0, 0x80000000, 0x7f, 0x100, 0x3ff, 0x5, 0x9, 0x4, 0xfffffffffffffff7, 0x6, 0x1c98000000000, 0x3, 0x100000000, 0x401, 0x1ff, 0x9, 0x1, 0x8001, 0x7, 0x904, 0x3, 0x400, 0x6, 0x0, 0x20, 0x1, 0x8]})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r3, 0xc01864c6, &(0x7f00000002c0)={&(0x7f0000000280)=[0x5, 0x9, 0x7, 0x1000, 0x9, 0x200, 0x5, 0x7282, 0x7], 0x9, 0x800, 0x0, <r4=>0xffffffffffffffff})
clock_gettime(0x0, &(0x7f0000000300)={<r5=>0x0, <r6=>0x0})
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r7)
ioctl$vim2m_VIDIOC_PREPARE_BUF(r4, 0xc058565d, &(0x7f0000000340)={0x1f, 0x2, 0x4, 0x2, 0x7ff, {r5, r6/1000+10000}, {0x4, 0x8, 0x40, 0xc2, 0x4, 0x3, "993b451b"}, 0x1, 0x2, @userptr=0x8, 0xfffffffd, 0x0, r7})

10:22:54 executing program 4:
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000000c0)=@mangle={'mangle\x00', 0x1f, 0x6, 0x798, 0x0, 0x338, 0x338, 0x338, 0x458, 0x6c8, 0x6c8, 0x6c8, 0x6c8, 0x6c8, 0x6, &(0x7f0000000040), {[{{@ipv6={@private0, @local, [0xffffff, 0xff, 0xff, 0xff], [0xff000000, 0xff000000, 0xff], 'macvtap0\x00', 'geneve1\x00', {}, {}, 0x3a, 0x4, 0x3, 0x1b}, 0x0, 0x100, 0x148, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x5}}, @common=@frag={{0x30}, {[0x800, 0xffffff7f], 0x101, 0x0, 0x2}}]}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv4=@multicast2, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x39, 0x3b, 0x8}}}, {{@uncond, 0x0, 0xf8, 0x120, 0x0, {}, [@common=@hl={{0x28}, {0x3, 0x2}}, @inet=@rpfilter={{0x28}, {0x6}}]}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0xc384, 0xff, 0x2}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0xf8, 0x120, 0x0, {}, [@common=@ipv6header={{0x28}, {0x0, 0x14, 0x1}}, @inet=@rpfilter={{0x28}}]}, @common=@unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x1, {0x8, 0x3}}}, {{@uncond, 0x0, 0x228, 0x270, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x5}}, @common=@inet=@policy={{0x158}, {[{@ipv4=@loopback, [0x0, 0xff, 0xff, 0xffffffff], @ipv6=@ipv4={'\x00', '\xff\xff', @private=0xa010102}, [0xffffff00, 0xff, 0xff, 0xffffff00], 0x4d6, 0x0, 0x32, 0x0, 0x19, 0x1}, {@ipv4=@rand_addr=0x64010102, [0xff, 0xffffff00, 0xff000000], @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [0xffffff00, 0xff, 0xffffffff, 0xffffffff], 0x4d4, 0x3503, 0x3a, 0x1, 0x1}, {@ipv4=@remote, [0xffffffff, 0xff000000, 0xffffffff], @ipv4=@broadcast, [0xffffff00, 0xffffffff, 0x0, 0xff000000], 0x4d6, 0x0, 0x2, 0x1, 0xe, 0x10}, {@ipv6=@dev={0xfe, 0x80, '\x00', 0x2c}, [0xff000000, 0xffffffff, 0xffffffff, 0xffffffff], @ipv4=@private=0xa010101, [0xff, 0xffffff00, 0xffffffff, 0xffffff00], 0x4d5, 0x0, 0x11, 0x0, 0x6}], 0xa, 0x4}}]}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv4=@private=0xa010100, @ipv4=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x16, 0x1, 0x8}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x7f8)

10:22:54 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
write$P9_RRENAMEAT(r0, &(0x7f0000000000)={0x7, 0x4b, 0x1}, 0x7)

10:22:54 executing program 1:
syz_emit_vhci(0x0, 0x3b)
shmctl$IPC_INFO(0x0, 0x3, &(0x7f0000000000)=""/3)

10:22:54 executing program 5:
r0 = socket(0xa, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:22:54 executing program 2:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
sendmsg$BATADV_CMD_TP_METER(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="200027bd7000fcdbdf2502000000"], 0x14}}, 0x80)
sendmsg$AUDIT_GET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000240)={0x10, 0x3e8, 0x4, 0x70bd2b, 0x25dfdbfd, "", ["", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x48001}, 0x24004090)
syz_emit_vhci(0x0, 0x3b)

10:22:55 executing program 3:
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0), 0x600100, 0x0)
perf_event_open(&(0x7f0000000040)={0x3, 0x80, 0x7f, 0x2, 0x81, 0x8, 0x0, 0x1f22, 0x20, 0x3, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x4, 0x2, @perf_bp, 0x841, 0xa4, 0xffffffe7, 0x5, 0xf714, 0x87f, 0x7f, 0x0, 0x7f, 0x0, 0x2}, 0xffffffffffffffff, 0x9, r0, 0x4)
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)

10:22:55 executing program 0:
open$dir(&(0x7f0000000000)='./file0\x00', 0x40000, 0x20)
ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})

10:22:55 executing program 4:
socketpair(0x27, 0x1, 0x2, &(0x7f0000000040))
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
ioctl$SNDRV_PCM_IOCTL_DRAIN(r0, 0x4144, 0x0)

10:22:55 executing program 1:
syz_emit_vhci(0x0, 0x3b)
shmctl$IPC_INFO(0x0, 0x3, &(0x7f0000000000)=""/3)

10:22:55 executing program 2:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
sendmsg$BATADV_CMD_GET_ORIGINATORS(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000100)={0x5c, r1, 0x400, 0x70bd2b, 0x25dfdbfe, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x7f}, @BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x200}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0xdb4}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x9}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40001d0}, 0x8000)
ioctl$sock_bt_bnep_BNEPGETCONNLIST(r0, 0x800442d2, &(0x7f00000000c0)={0x0, &(0x7f0000000040)})

10:22:55 executing program 5:
ioctl$MON_IOCX_GET(0xffffffffffffffff, 0x40189206, &(0x7f0000000080)={&(0x7f0000000200), &(0x7f0000000140)=""/136, 0x88})
r0 = socket(0x2, 0xa, 0x0)
r1 = syz_open_dev$vivid(&(0x7f0000000040), 0x0, 0x2)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r2)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r3)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r4)
ioctl$SNDRV_PCM_IOCTL_PREPARE(r4, 0x4140, 0x0)
r5 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0), 0x28082, 0x0)
mmap$usbmon(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1, 0x810, r5, 0x3)
shmctl$SHM_LOCK(0xffffffffffffffff, 0xb)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r6)
sendmsg$SEG6_CMD_SETHMAC(r6, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000440)={&(0x7f0000000340)={0x44, 0x0, 0x20, 0x70bd27, 0x25dfdbfe, {}, [@SEG6_ATTR_SECRET={0x18, 0x4, [0x8, 0x8, 0x100, 0x1ff, 0x20]}, @SEG6_ATTR_DSTLEN={0x8}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x8}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x1}]}, 0x44}, 0x1, 0x0, 0x0, 0x4010}, 0x44)
ioctl$VIDIOC_DQBUF(r1, 0xc0585611, &(0x7f0000000240)={0x5, 0x3, 0x4, 0x70020, 0x337, {}, {0x4, 0xc, 0x4, 0xfd, 0x7, 0x81, "e23ce272"}, 0x557b, 0x1, @fd=r2, 0x1, 0x0, r3})
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:22:55 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
sendmsg$SEG6_CMD_GET_TUNSRC(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="000125bd7000fddbdf250400000014000400030000000080000040000000b00f0000080002000100000014000100fc02000000000000000000000000000108000200af296d74"], 0x4c}, 0x1, 0x0, 0x0, 0x20024804}, 0x1)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x4, 0x4, 0x100, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0, 0x0, 0x0, r1})

10:22:55 executing program 3:
ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x312)
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
ioctl$NS_GET_PARENT(r1, 0xb702, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
read$snddsp(r0, &(0x7f0000000000)=""/7, 0x7)
sendmsg$BATADV_CMD_GET_VLAN(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2008800}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="00002cbd70db11005a3e12aa611becb500c70d002bec07000000050038000000000005003300000000000500290000000000"], 0x3c}}, 0x80000)

10:22:55 executing program 4:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000200)={&(0x7f0000000340)={0x34, 0x0, 0x200, 0x70bd26, 0x25dfdbfd, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x8001}]}, 0x34}, 0x1, 0x0, 0x0, 0x24000000}, 0x20000000)
sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c, r1, 0x100, 0x70bd28, 0x25dfdbff, {}, [@BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x4000845)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(0xffffffffffffffff, 0xc0884113, &(0x7f0000000000)={0x1, 0x8, 0x9, 0x400, 0x1ff, 0x8, 0x400, 0x64c00, 0x73a2, 0xf2, 0x1, 0x3})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_bt_bnep_BNEPCONNADD(0xffffffffffffffff, 0x400442c8, &(0x7f0000000140)=ANY=[@ANYRES32=r2, @ANYBLOB="070500000700df1337fe8d4900045827affa48e80de4cb32bd5157efc6f0e4e6fd42246231f072b8d63c3983c8b810f36453cc5e62095bc32987997cd504e053b53a5db8205cf499da18db116572432b74"])

10:22:55 executing program 1:
syz_emit_vhci(0x0, 0x3b)
shmctl$IPC_INFO(0x0, 0x3, &(0x7f0000000000)=""/3)

10:22:55 executing program 2:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_GET_DEV_STATS(r1, 0xc4089434, &(0x7f00000001c0)={0x0, 0x7, 0x1, [0x6, 0x1, 0x6b, 0x9, 0xfffffffffffff160], [0xffffffff80000001, 0x5, 0x7fff, 0x0, 0x0, 0xc3, 0x2, 0x6, 0x1ff, 0x5, 0x1000, 0xffffffffffffffff, 0x3, 0xc0, 0x7, 0x7f, 0x3f, 0x7, 0x8, 0x7, 0x7204, 0x200, 0x7, 0x9, 0x6, 0xfffffffffffff135, 0x6, 0x5, 0x1, 0x8, 0x10001, 0x1ff, 0x1ff, 0xed, 0xffffffffffffff7f, 0x1ff, 0x81, 0xe00000000000, 0x9, 0x8, 0x6, 0x4dc, 0x1, 0x0, 0x9, 0x1f, 0x4, 0x8, 0x7, 0x6, 0x3, 0x9, 0x2, 0x400, 0x1, 0x1, 0x8, 0xffffffff, 0x8, 0x105e0102, 0x1, 0x2, 0x8, 0x6, 0x3, 0x9, 0x4, 0xfff, 0x9, 0x3, 0x81, 0x80000001, 0x20, 0x6ea5, 0x1000, 0x96fa, 0x200, 0x0, 0x6, 0x3d2fe4e8, 0x8, 0x6, 0x8, 0x8, 0x7, 0x8, 0x3, 0x0, 0xffffffffffffff4c, 0x3, 0xc00000000, 0x1, 0x0, 0x6, 0x800, 0x25b0, 0x0, 0x532, 0xcc8, 0x5, 0x2, 0x8, 0x6, 0x0, 0x2, 0x0, 0xffffffffffffffe1, 0x4, 0x8, 0x20, 0x200, 0x101, 0x6, 0x38, 0x4, 0x5, 0x4, 0xa449, 0x8, 0x4, 0xfffffffffffffffa]})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x81, 0x21a8], 0x2, 0x800, 0x0, <r2=>0xffffffffffffffff})
ioctl$SNAPSHOT_FREE_SWAP_PAGES(r2, 0x3309)
r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x2903c2, 0x0)
ioctl$SNAPSHOT_S2RAM(r3, 0x330b)
syz_emit_vhci(0x0, 0x3b)

10:22:56 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000040)={{r1}, {@void, @actul_num={@void, 0x4, 0x70}}})
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000000c0)={0x0}, 0x2}, 0x10)

10:22:56 executing program 0:
r0 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x420c00)
ioctl$SNDRV_PCM_IOCTL_REWIND(r0, 0x40084146, &(0x7f0000000040)=0x1)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000100)={'syztnl0\x00', &(0x7f0000000200)={'syztnl2\x00', <r3=>0x0, 0x2f, 0xb4, 0x3f, 0x2, 0x1, @private2={0xfc, 0x2, '\x00', 0x1}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x8000, 0x1, 0x5, 0x80000000}})
sendmsg$BATADV_CMD_GET_DAT_CACHE(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={0x3c, r2, 0x4, 0x70bd26, 0x25dfdbfc, {}, [@BATADV_ATTR_VLANID={0x6}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x80000001}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}]}, 0x3c}, 0x1, 0x0, 0x0, 0xa00c}, 0xc8d4)
r4 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r4, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "fcff003f"}, 0x0, 0x0, @planes=0x0})

10:22:56 executing program 3:
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', <r0=>0x0})
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000), 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x54, 0x0, 0x0, 0x70bd26, 0x25dfdbfc, {}, [@BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x7f}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x80}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r0}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x6}]}, 0x54}}, 0x11)

10:22:56 executing program 4:
r0 = syz_genetlink_get_family_id$gtp(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r0, 0x1, 0x70bd28, 0x25dfdbfd, {}, [@GTPA_VERSION={0x8}, @GTPA_I_TEI={0x8}, @GTPA_VERSION={0x8, 0x2, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x804}, 0x40080a1)
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000))
r1 = socket(0x2b, 0x80000, 0x9)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000200)={'ip6_vti0\x00', &(0x7f0000000180)={'ip6tnl0\x00', 0x0, 0x2f, 0x2c, 0x1, 0x33, 0x80, @dev={0xfe, 0x80, '\x00', 0x13}, @private2, 0x20, 0x700, 0x3, 0x5}})

10:22:56 executing program 1:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
shmctl$IPC_INFO(0x0, 0x3, 0x0)

10:22:56 executing program 5:
socket(0x2, 0xa, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0}, 0x2}, 0x0)

10:22:56 executing program 2:
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20000014}, 0x10)
ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)

10:22:56 executing program 3:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0, 0x0, 0x0, <r1=>0xffffffffffffffff})
r2 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r2, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {0x0, <r3=>0x0}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYRESOCT=r3, @ANYRES64=r0, @ANYRES32=r1, @ANYRESOCT=r2, @ANYRESDEC], 0x3b)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)

10:22:56 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x8, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
fchmodat(r1, &(0x7f0000000000)='./file0\x00', 0x31)

10:22:57 executing program 1:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
shmctl$IPC_INFO(0x0, 0x3, 0x0)

10:22:57 executing program 4:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
ioctl$SNDRV_PCM_IOCTL_USER_PVERSION(r0, 0x40044104, &(0x7f0000000040)=0xfffffffa)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000340), r1)
sendmsg$SEG6_CMD_SETHMAC(r1, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000427bd7000ffdbdf250100000014000100fc01000000000000000000000000000014000100fe88000000000000000000000000010108000200f8ffffff05000500f6000000"], 0x4c}, 0x1, 0x0, 0x0, 0xc1}, 0x0)
r2 = socket(0xc, 0x80004, 0x7fffffff)
r3 = socket(0x28, 0x4, 0x3)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$BATADV_CMD_TP_METER(r3, &(0x7f00000004c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x48, r4, 0x4, 0x70bd2d, 0x25dfdbff, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @random="8034cd55421a"}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x8}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000000)
sendmsg$SEG6_CMD_DUMPHMAC(r2, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f0000000280)={0x78, 0x0, 0x200, 0x70bd25, 0x25dfdbfb, {}, [@SEG6_ATTR_ALGID={0x5, 0x6, 0x21}, @SEG6_ATTR_DST={0x14, 0x1, @empty}, @SEG6_ATTR_ALGID={0x5, 0x6, 0xf0}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x8000}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x10000}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x4}, @SEG6_ATTR_DST={0x14, 0x1, @private2={0xfc, 0x2, '\x00', 0x1}}, @SEG6_ATTR_DST={0x14, 0x1, @mcast2}]}, 0x78}, 0x1, 0x0, 0x0, 0x400c041}, 0x0)
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000))
r5 = syz_open_dev$sndpcmp(&(0x7f0000000500), 0x0, 0x10000)
r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000640), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x24, r6, 0x200, 0x70bd2b, 0x25dfdbfd, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x3ff}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x8}, 0x4011)
ioctl$SNDRV_PCM_IOCTL_STATUS64(r5, 0x80984120, &(0x7f0000000540))

10:22:57 executing program 2:
syz_emit_vhci(0x0, 0x3b)
openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000), 0x2)

10:22:57 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
ioctl$SIOCGIFHWADDR(0xffffffffffffffff, 0x8927, 0xfffffffffffffffe)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:22:57 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})
ioctl$VIDIOC_DQBUF(r0, 0xc0585611, &(0x7f0000000000)={0x7fffffff, 0x9, 0x4, 0x40, 0x1, {0x77359400}, {0x5, 0x0, 0x1b, 0x40, 0x1, 0x98, "be4ce728"}, 0x5, 0x2, @offset=0x7, 0x7})

10:22:57 executing program 1:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
shmctl$IPC_INFO(0x0, 0x3, 0x0)

10:22:57 executing program 2:
syz_emit_vhci(0x0, 0x32)

10:22:57 executing program 4:
socketpair(0xf, 0x3, 0x8003, &(0x7f0000000000))

10:22:57 executing program 5:
ioctl$TUNSETSTEERINGEBPF(0xffffffffffffffff, 0x800454e0, &(0x7f0000000040))
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:22:58 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r1)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x10001, 0x0)

10:22:58 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_version={{0xc, 0x8}, {0x20, 0xc8, 0x4, 0x5, 0xe2d}}}, 0xb)
ioctl$SNDRV_PCM_IOCTL_HW_FREE(0xffffffffffffffff, 0x4112, 0x0)

10:22:58 executing program 1:
socket(0x2, 0xa, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0}, 0x2}, 0x0)

10:22:58 executing program 4:
socketpair(0x9, 0x6, 0x0, &(0x7f0000000000))
r0 = openat$incfs(0xffffffffffffffff, &(0x7f0000000040)='.pending_reads\x00', 0x400000, 0x50)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40106614, &(0x7f0000000080))

10:22:58 executing program 2:
r0 = shmget$private(0x0, 0x1000, 0x80, &(0x7f0000ffc000/0x1000)=nil)
shmctl$IPC_RMID(r0, 0x0)
shmctl$SHM_STAT(r0, 0xd, &(0x7f0000000040)=""/49)
syz_emit_vhci(0x0, 0x3b)
syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
mmap$snddsp(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x5, 0x10, r1, 0x2000)

10:22:58 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$SNDRV_PCM_IOCTL_LINK(0xffffffffffffffff, 0x40044160, &(0x7f0000000000)=0xfffffffa)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x1, 0x0, 0x4, 0x1000, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0, 0x0, 0x0, <r1=>0xffffffffffffffff})
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r2)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r2, 0x40106614, &(0x7f0000000100))
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
ioctl$VIDIOC_DQBUF(r3, 0xc0585611, &(0x7f0000000080)={0x7f, 0x7, 0x4, 0x3828, 0x3ff, {0x77359400}, {0x0, 0x8, 0x5, 0xff, 0xe7, 0x2, "26c66212"}, 0x7, 0x2, @fd, 0x1, 0x0, r1})

10:22:58 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r2, 0x1}, 0x14}}, 0x0)
sendmsg$BATADV_CMD_SET_VLAN(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x34, r2, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x4}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x40008d0)
r3 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
syz_genetlink_get_family_id$gtp(&(0x7f0000000280), r3)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000040)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000000c0)={0x0}, 0x2}, 0x0)

10:22:58 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_EXPBUF(r0, 0xc0405610, &(0x7f0000000000)={0x4, 0x3, 0x3, 0x4800})
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})

10:22:58 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f00000002c0)={&(0x7f0000000280)=[0x1, 0x21, 0x5, 0x661, 0x6, 0x5, 0x0], 0x7, 0x40000, 0x0, <r1=>0xffffffffffffffff})
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r1, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f0000000300)={0x0}, 0x2}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r3, 0x1}, 0x14}}, 0x0)
sendmsg$BATADV_CMD_GET_ORIGINATORS(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x2c, r3, 0xa, 0x70bd2b, 0x25dfdbff, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x8000}, @BATADV_ATTR_HOP_PENALTY={0x5}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x56f2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x8045)

10:22:58 executing program 1:
socket(0x2, 0xa, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0}, 0x2}, 0x0)

10:22:58 executing program 4:
bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000080)={0xa63d, <r0=>0x0}, 0x8)
ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000100)={'wg1\x00'})
ioctl$SNDRV_PCM_IOCTL_WRITEI_FRAMES(0xffffffffffffffff, 0x40184150, &(0x7f00000001c0)={0x0, &(0x7f0000000140)="04739d04d9c3fa48ddcadcd9bd0d7037d5ea3fb8613b2ee270fac02190025934a774d8839becbbf8e1b4c8e84f8cc3c6c78585ac544b392a7dc4fae9c0c5f875130d3593bb06ad09d242f2e326fd9b74a0cfcf0b9c81738c2440254a08c624f83be625fd6d1effb9d578c38f3efdfdb3017469c4dd75c0cf5cda2a3a", 0x7c})
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000040)={r0}, 0x4)
socketpair(0x1a, 0x3, 0x0, &(0x7f0000000000))
bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f00000000c0), 0x8)

10:22:59 executing program 2:
ioctl$SNDRV_PCM_IOCTL_SYNC_PTR(0xffffffffffffffff, 0xc0884123, &(0x7f0000000000)={0x924b8a955d5a8c11, "bad403a799c0eb2dd11ba22a60d2ce4e4bcb5896ba5fc8090ebcd341e481962cd8e3458718764d52607a4e46b469732000077eea5a70e5189b70f4b00b7b0cdd", {0x5, 0x9}})
r0 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000180)='.pending_reads\x00', 0x4a083, 0x0)
ioctl$SNDRV_PCM_IOCTL_LINK(r0, 0x40044160, &(0x7f0000000100)=0x81)
ioctl$SNDRV_PCM_IOCTL_USER_PVERSION(r0, 0x40044104, &(0x7f00000000c0)=0x6)
ioctl$SNDRV_PCM_IOCTL_DELAY(r0, 0x80084121, &(0x7f0000000140))
write$snapshot(r0, &(0x7f00000001c0)="31e2b8c300a1c073cfbe51941a9c612fc4791ea86c0a2b857b00c81a5bf870a8928a965c08b40263f0de303e0f09137800494c30eba7e1bcc81cf9f04ee8e0482b29f6a5560a77e6bf46d9c1650a925afc3541a930a230aa8b96e8d73e9ba7668f62494b3398bcd7418a7a951b62d56f03f734ad70463fe8801dd5f0a2c9e232b719999cbe7539b907bc499443fe4adca6a2f5ae2e7408218c1905d3a883b771513efa2c83de96889e8d3c330fe27a77393866b4feb3ce51b9c35e82c45aa2e91e30b9de8e6ca31caca67e98f7657c0ad7080a79bc82b851ca25114b94405ad52161c4b7e2971b9ad6e4c200c810254685bd175b1e366d2bc8cd8967ffb63e06ae6986b4a586c1fb13950b44d90733b8dcc3d2b418f5b3b18c2a61aec0455b5df98ab1d42b422b998b2d13a4f4d198b62ed5e0990e34497d00c244eb1212b0ac38eb771d4b8ed2428f966b45bca77e9aa7f4320562294c5b675672b1a5ab91abd04a88a1237ea6ab36cba7da328e8502d7757b05bb2848c7524d6872a9c201d50d26116e0c09458f91c4bf9d9c0cc641eb044f24c3dc76098599811fb77d89e1e978a8f0357c7beb907a6b66e03b172cb491d877dc6c1b6d7d5edab9509ff2d047ee2a72f7136aa8fe639e433bdea641abf7f5c00d598c8e43945b20b7ef31808240afe00f9a048b27233db1c869e36b1c38c56b7faa3cc4acca6c83658d6dbea7b0f55217bf66260deda1bdb9ead3cf20652481726f573bc22354d5a47ea92d8d192156a07e258915954e985673c6318342b1cabb65670038f194658a9da231b24e058b3845f9a3909ed22137816ad10f960203f4188c1c0ec551385b6faab07d60b733a6239d1c1ab9ea8d4e06da5525eff2f4ac4f0421abffe602d2a236188d6ed183b9be8c38a6838c777bbd3a011f5956fd16eec60dac8ab50e857c54f16be1aaa62f3ac2364f5e5be7294ad786172a21d993652606827952aa0188a1a68efedc0b0f98445cf7f7f3f61c250ff6c77b9c9ab936fceac5d354410c1e115d5b4494b4354613934a8d299e1f02cbd82278efdd5417bc90a52cf6e5357fdb34aa176448491532db52e9fe7c66df05a7f60e64f306e51120ea6c7066175bd4f100da43b2ee168b03e140bc4c3b208881369793ded858cfefaf26e1e3d8b049e79347fa9362d6003ee5fbf25d76b0e328eecaa924c1a570c1701a05d1d87688193b964aa78ab513a0b119092a3f8e2787744f14d0285ad429467b67aad2a964d4e0d6c41d36d7e98f4fbfa3dad46b5864ed6d07dfb7033b8dfbea6e9f8a2c6a72ed9677a18be93156a417cf71b50417fce69ee60dcf7c96298cc1100092bbf5a8d1a0cc455839115dd229538538878b781b0a039834586096a95f6a9db81dfb1d1dd9eaa8a4ffc68dae8570f14dd25ffd61aa695790ac50992cccace11ca9e4b551ca682459cf034d0b1193d6204dab8fc6828f40b56582af392ca24e1b59af4d9620805c07708d0f8389afac45bd9d7fe8f69a510b7aa4ce983d61733b6ca00bc1e678a278dde4f712ecd8a94cbc1c652059b37a3e9f9bac08517e57eae46e8bd8e31dc0e327cc7eaf11d7bfbcac46a97e5f17bd17e1f1d5c306efada8e8bcb5a195a5b54e4de3e9bf9514bd1e99dbe71791a17f839ed72281e4252e78779c0bb2f3f93f24b0a7cc2bcd0ca621f4fe7a09f09a6cba17053f1bf54f2be160b4955c9dd18d306c98b1e3774e5f066d111a98c39478955c5bbc5db82c25276e9f18e6ed8dbd56c091071936d7e55bf21f1a7673d701976b0d72176394f56ea2c4cbde0c50999252e39ff888b3d62bf330fbe072a4fc8a80d686c65ebb945fc2f43a8da38e9fd9f9c17aa72d23be742b4f77c932bb3a93035a53e2d8cabcca561af8c47caad0981f0eee5cc1dc80750745c383b0c3ccba356e892409d10d2928f1c67d84a1fd8f717aed9507cde437ef8c64993dd723a6f547b6ea1f78ef1b919d4683c21106d3a2e5d31680532ace316af34d34737e0e1e3d9210a078ed6e67816e2e1125035583ddbc1d73419bde5b9f8bd55c17bae4947217e7319fe51ca90d3a1054982422cdb8b75825208fb909e728e4716dfae80596de2c4b2121086a41f1f15ce1cb4f7eecab7b0193009180d28d86eecc45c1924d8cf188d56112c6650cb1ee1562ebc8c1b18ae7d54afa869eaa6ac5192015287c6f6108884691219c019cacb8fc359bdda8af19e3f31cea3b1044913bc2f83a906bda11cbdbdc70486c50b4db5f39599009d852c9188e2a537ca22ed43a7ce8b93bba08a3f8295abd968eecd51d9bbe82799ab7dff25ad5b8b7490dc557621221b31a3856e93ee63d22841a99df943404cb3f9acbbdacb810863d1d141d8177717d1077f48f976f3c2cd9c5d6ec5bf215507fe84ac5a98bcda1c7e28b63a2f030e50e9bcb2c804de6786ef21cfbe2b1122129bef05b9163528c992711af0613a37cbe48d3c97876be88be8a26bb47cbef5574410840bae452588392db656a27a06d8fa1300b782e8b84817f2df0f6685e795afd2ef65610406ffd4b5acf7af007dda6d912b7aaae1bfb483b534a8dadd95fe7b0678eb4a23c34c430244d5891573b61db3f0a61bc0322fdd24f92838941aaa1b1f726cefb8abfe028b672cb46cca86d6d4837ba53f53288f3c7668c5f88b1c36ddfceec59559d0932e85f9d714448d7554c3fb54e0f465bd7ad9f51248cc8e13df6ca148d5d06553f542ce2ef87e6a309569514c7b0d502e7eeac3d8f65cd3fedf76a97dd33c0dd9d919022c97b3a5951f573ed9b514b2569df1bd51cdec6eddc80021c0cb17fb54516c3f02a67fd40a1ad0cec2faad64fab2de451ebe6b9fc1173a1fae26a0bbc320835da845efff6ec2e77a73c52806aa89531e847e4bee1d13c0f6617b961e0993a1285688046abf9e24b9f644b50c496707d9d33a86003c769ccc092d7006cb6353b4f238c06aa08d270f9f5942d90a6fc73cc453cd33cf4dcd08b33498a10c9171025d0153232771309ec34083baef68ba13b8df8568f43b743bd59fe5ff8a214dc8f09cfeab94cb471ef885af149c12e1efa7b1af362bb48682af05e54d89799a5d9e18f66daac19d23a5dfaaeba309f8e8673f960396d21e5c067435303d7226a95f6cb1fd6e2e521c45473c1acb2ba2d4ea44316f139435048a6539a58ebc1412df6d0f8fe43c5bee9592f369a4f24abf7f5f6a6970c5f5ac4fdb5e7f463c9ae5cc369f730f0a10a11360e44d0931e6427efd5dde740b1d80275dd1a62f60c3821192df25aadfdbd5c4d8f2754fd951cc3978aaa049c5573aff2f0e477d645769040af66a9d690e1427e1a958a93727d073e790048b3498d544b4e17bf6c0b669b6cb3cc756c0054ff17b8cb0a3db90d79844a6f30616d691a2ca4058709c60692436a9e30a1fa61f1d954469b4beca1896968b69a21db68142cbc1f226d0f87b052b67bcfa1c5a9242e125c27272a1c2e1b8b3118d1d2e7cec51cdbd770a36ad5521c66cd82a4dc38b59acc47ca3dafca1da78f8db5b1d17b1af17df49511589e93ed1b6b3e78f89f58ecae72058a1265babeb136f50dda4c475f8476ee7b079b7edc99b0eda2732274d3b8cfe210063ec190a9e4285a38e744f6ebe16124402da32a2e2eddb39f7354c002844212e15400df1acedab019ca0ecd456d6ac186472a95ca4cb2a842a259c94090a5ba976277f9ab781c788ac3ad8ad7c793c84c02653d6fec762af0c9a7ccb9bf559df4ae7f2b959eb17b666cb8789964444f3e76f9caf56912ac0dcd657c689cf78663393aa36e66996ebbf3c8d9c0fcd1873bc5156f12bf6c91d45ea8594dc51ee1dbcded26f26fab7251dd6eb822253e384fed444ebea82cdabf1cd601cad16211def7cda8abaa84c562353615926e5ba7ccb8990861db4226a159d60b3a3f23b40cd3b98650d6b3a6a3e8feadc4460bab63f4f521995d4fc8483747f61ab5167d027b94df1606d2d362db65c8d78ff14ca5fc0ae1668cca491e8c5b06a39d9c8f73e570b91c67712dfc45c7ef19ee45833fd725f8de5d94999972f94467949216b87b3dd12cd7ab0d6c405841bda35954175acc6e2a9c192689c1d1f15a6be6f7f03cd74225b09e4f2d66a6c22fb0cb8ebf0ddb7285429b6fd7b4fce0cc96f96113d600a3cf91be865b00be4af43ee16e16a4e8a14d44f67ab13a0e5e64546e4e8e7a3e15b8c508fae620adbf19b9d1857c4880b99b5f6f0071689539c25fdf4cb1d337b47e1f1595f5ecc0dc88d39868a422626cd94da5e6b73b897db0de5bfd30352050a282b6ab3acd16f52ea84eaa645e893456f19c5dcbd1fb5ad4ec7028da7f8026396a3037960d5422cd8a5980525497fbad98abae0b1875320fa1cda117c3a4996f1c3d9bc5387ed9fa39aff42e06d38b245ae06acd543276611f7858e9fa96d62fd36b6fe6e0d27ebb56109ab13757d7811a791e2fe11310109fb45f93d8eb755352f6520eceb8bdd3bc8f27259366057002643dc38226a94671c2ace3bfedf6405ff2b539e582414e37587fa83d6bcbef813a0029b5c9feda9af979d08d9d941a69bd813e5ec4e625f81dba50f3b8ae022ff0f9c38ded667f6f56c533fc7315574ddad66c2ae12e9d07af1ec3aa9e2d1d91cc23635b6829788059fba1dfc6d0d272bc60da80154a7a816596c346a5330f0f138b09e32663bb4d89297752857ca40264ed3a3a8a1d7f1324bf151ecd3ecf6645f0536d0e1ff42f9c387820fd43a5325e0de4422d08a16b499959b1cb0574b243dff59b44b8181dedbbc8e78c2362d8018453cb02f7bc6dcadc4cde1b2f347e9cb3a72dd6ec34d1d4121545166dde53eedcf995a9eaa002ec595c9dba51021d9c15de6ad45c5b704b020c964c826de23060838a713f978cf5028408b8cb53d5f98c28332aead6e14d10fae50f98a29b8ea74081f686a234ee10d39dfcc8303390464310501e510bf00df72736dd5fa07e1e5f694f1d174afd16d20f6ef858f3bcb28b690badc59768c2f4c44e6dbfdc17282322a55d675aee709f8a801315c8ed6d9ae9de799ee9d0f411015b5df9180afaacb7a2401c8cd20671f80c20db1402d656d0734d7d5e60d5934dd34b5ee5fb3adc144a97f28c98405adb8cd6914a1816496dc0dee6fc6879cf7a016e872b5d7eac0c91736166c8521a521be315fe35cc564e25d6e32c95a45bcc05559965b633c0fb50a3778d522766ad40c4068902f9f46fc7b98c6da3041c00372a6e3fb9614e5d43cf950a657908e02271dc4d4dfdb5b600d35e0fe5defc1adee79fbe44e06cfab1e540e67bff4752bc90b31cb9be8854920726569382e9be12501a27859e15fbcd24dbe03315a05d2da7e0c3de42a08612968fd9f7e0d5c005af584ba9f6970daa59e51d161000608f3eeff9dc41deec2180f761d3bffe3d1e9a7cd24a2bcb5ecf0371bca421e8c9b05e8dea11cd87991d21af73520602e40e636eb6eb6f0137fe11542c7d2480327af0dd2b085f96453dc3174c88391f20ac5e494daaf3965eb83a604c932bbf75ad117e9bb66661d36f4dc0ea9040a5a0cebfe579eb7006e06ba5ea08ecaac3280bd4bbde550aa1cf1a45d314c5cb4764f0e5f66597e63c21776924d507fdb5e706abdcb11eaffd93165bec83c62d6095038449ddd2a0c8b7adbd4029eb31bc184913663c72eb0e43e7e5b715f990445ec09ae4a1f8b353323f330a13b0f020a410146db73c6408e958289426e33faceddf9a89102361cc12c5a92384db7be88e8c588451d7d129c2f7813a", 0x1000)
ioctl$SNDRV_PCM_IOCTL_HW_FREE(0xffffffffffffffff, 0x4112, 0x0)

10:22:59 executing program 3:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x10000, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0, 0x2})
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRESDEC], 0x3b)

10:22:59 executing program 1:
socket(0x2, 0xa, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0}, 0x2}, 0x0)

10:22:59 executing program 5:
mmap$snddsp_status(&(0x7f0000ffd000/0x3000)=nil, 0x1000, 0x300000f, 0x30, 0xffffffffffffffff, 0x82000000)
r0 = socket(0x2, 0xa, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
ioctl$TUNSETSTEERINGEBPF(0xffffffffffffffff, 0x800454e0, &(0x7f0000000040)=r1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001240)={0x11, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="85000000af0000000833deff0806000095000000000000000555042003000000"], &(0x7f0000000140)='GPL\x00', 0x1, 0x1000, &(0x7f00000001c0)=""/4096, 0x40f00, 0x666bd4c0e3f0632d, '\x00', 0x0, 0x0, r1, 0x8, &(0x7f00000011c0)={0x9, 0x2}, 0x8, 0x10, &(0x7f0000001200)={0x1, 0xa, 0x2065bd35, 0x4}, 0x10}, 0x78)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r2)
ioctl$TUNSETSTEERINGEBPF(r1, 0x800454e0, &(0x7f00000012c0)=r2)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0}, 0x2, 0x0, 0x0, 0x40014}, 0x0)

10:22:59 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x0, 0x2710}, 0x10)

10:22:59 executing program 4:
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000))
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r0, 0x28, 0x0, &(0x7f0000000000), 0x8)
r1 = syz_open_dev$sndpcmp(&(0x7f0000000080), 0xff, 0x400800)
ioctl$SNDRV_PCM_IOCTL_DELAY(r1, 0x80084121, &(0x7f00000000c0))
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00'})

10:22:59 executing program 2:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x8a64}, [@alu={0x4, 0x1, 0x6, 0x3, 0xf, 0x40, 0x8}, @alu={0x7, 0x1, 0xc, 0x0, 0x9, 0x1, 0x1}, @map={0x18, 0xa, 0x1, 0x0, r0}, @alu={0x7, 0x0, 0x1, 0x0, 0x4, 0x50, 0x38e145b695fdd386}]}, &(0x7f0000000040)='syzkaller\x00', 0x2, 0xc6, &(0x7f0000000080)=""/198, 0x41100, 0x1c, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x8, 0x1}, 0x8, 0x10, &(0x7f00000001c0)={0x1, 0xc, 0x1}, 0x10}, 0x78)
socketpair(0x2c, 0x2, 0x0, &(0x7f0000000280))
syz_emit_vhci(0x0, 0x3b)
mknodat$null(r0, &(0x7f00000002c0)='./file0\x00', 0x10, 0x103)

10:22:59 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(0xffffffffffffffff, 0x28, 0x2, &(0x7f0000000040)=0xa83, 0x8)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r1 = shmget$private(0x0, 0x2000, 0x0, &(0x7f0000fef000/0x2000)=nil)
shmat(r1, &(0x7f0000ffe000/0x2000)=nil, 0x0)
shmctl$IPC_INFO(0x0, 0x3, &(0x7f0000000000)=""/30)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r0)
r2 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
shmctl$IPC_RMID(r2, 0x0)
shmctl$SHM_UNLOCK(r2, 0xc)
sendmsg$AUDIT_TRIM(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x10, 0x3f6, 0xa30, 0x70bd2a, 0x25dfdbff, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x10}, 0x0)

10:22:59 executing program 1:
socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0}, 0x2}, 0x0)

10:22:59 executing program 5:
write$khugepaged_scan(0xffffffffffffffff, &(0x7f0000000040), 0x8)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)
r0 = socket(0x2a, 0x4, 0x4)
r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$SEG6_CMD_SETHMAC(r0, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x54, r1, 0x100, 0x70bd26, 0x25dfdbfb, {}, [@SEG6_ATTR_DST={0x14, 0x1, @mcast1}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x7}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x3}, @SEG6_ATTR_DST={0x14, 0x1, @loopback}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x20000000}, 0x40041)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
shmget$private(0x0, 0x1000, 0x1000, &(0x7f0000fff000/0x1000)=nil)

10:23:00 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x2, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x3, 0x0, @planes=0x0})

10:23:00 executing program 4:
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_bt_bnep_BNEPCONNADD(r0, 0x400442c8, &(0x7f0000000040)={r0, 0xfffffffd, 0x6, "a51e05e6a13d34a30569ce61ffb0a71ab468608209f98e5b3a7b2d325726ade9ac3ca07d2cecff562deeab408916506558de3a07d5a7a0eb6dcee7125acab118732b4dd68bc218678ec354462f8ccd0d3a87af16104d74ed233089d934455529f8db5cde71cb07c244f33124b45faca721e2317f489f1c81a1b1b65b62a598d0b75b5a863b61cacb0682854f823009c391385712f5183dbaa18c00fe3d536f5eb8cfa037e96151775f01256591213d7adfe099dab412dcbb6a"})

10:23:00 executing program 3:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_lsm={0x1d, 0x5, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x4645}, [@generic={0x53, 0x0, 0x8, 0x90, 0x8}, @generic={0xff, 0x0, 0xd, 0x0, 0xbf28}]}, &(0x7f0000000040)='syzkaller\x00', 0x40, 0x72, &(0x7f0000000080)=""/114, 0x40f00, 0xd, '\x00', 0x0, 0x1b, r0, 0x8, &(0x7f0000000100)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000140)={0x3, 0xa, 0x1ff, 0x2}, 0x10}, 0x78)
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)

10:23:00 executing program 2:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_DEV_INFO(r0, 0xd000941e, &(0x7f00000001c0)={0x0, "e59e1b79d4eaf818a6c70291b501592f"})
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000040))
sendmsg$BATADV_CMD_GET_MESH(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="00042cbd7000fcdbdf250100000008003400fd000000050030000100000008002b000300000005002e00010000000500370000000000050035008100000008002c007f00000005002f0001000000"], 0x54}, 0x1, 0x0, 0x0, 0x8000}, 0x20048010)

10:23:00 executing program 1:
socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0}, 0x2}, 0x0)

10:23:00 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
syz_extract_tcp_res(&(0x7f0000000040), 0x8, 0x7)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:23:00 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
sendmsg$AUDIT_GET_FEATURE(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x3fb, 0x800, 0x70bd2a, 0x25dfdbfc, "", ["", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x14}, 0x200008c0)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})

10:23:00 executing program 2:
syz_emit_vhci(0x0, 0x3b)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x200001, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'})
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f0000000080))
r3 = socket(0x11, 0x4, 0xaff)
sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r3, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000100}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x38, r2, 0x400, 0x70bd2b, 0x25dfdbfd, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @random="025c7ac57510"}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x81}]}, 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x20000000)

10:23:00 executing program 4:
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000bc0)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000a40)={&(0x7f0000002f40)=ANY=[@ANYBLOB="44000000cd75d78cfa80258f77802bbbb0b7a1dd6248a830f640b6e24453ec88e0d748e030737b39488eef027e26d1eac4608b8d5541383e628cf04141002b369346f20e9b72de04448a3ab006491d2dec418dea49f0168f3e5b2f27c74b5904cf73d4ed14ca501d4fb3e9ad611a76b953627f953cfdb1805cace8fb87b2301176a827a6b7b08b9094c9fb052df8adfc1ff170bad6b41c3098b29449cee85ebdec1f57631b8d", @ANYRES16=0x0, @ANYBLOB="00022bbd7000fcdbdf250e00000008003c00ff000000080039000600000008003200ffffffff08003400bd07000008003200800000000500300000000000"], 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x800)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0, 0x0, 0x0, <r1=>0xffffffffffffffff})
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000000040)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct, <r2=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct, <r3=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}})
ioctl$BTRFS_IOC_GET_DEV_STATS(r0, 0xc4089434, &(0x7f0000000440)={<r4=>r3, 0x81, 0x1, [0xa69, 0x5, 0x7fffffff, 0xffffffffffffffe0, 0x3], [0x4, 0x62, 0x1000, 0x0, 0x9, 0x0, 0x3, 0x5, 0x1ff, 0x2, 0xd0, 0x3d, 0xdf9, 0x3, 0x3, 0x416, 0x7fff, 0x400, 0xfff, 0x101, 0x0, 0x2, 0x6, 0x9, 0xfffffffffffffffd, 0x7, 0x454c98f9, 0x101, 0x5, 0x0, 0x6, 0xffffffffffff8001, 0x5, 0x7, 0x4, 0x40, 0x2, 0x2, 0x306, 0x3, 0x4, 0x2, 0x2, 0x8, 0x3, 0x4, 0xc73d, 0x0, 0x80000001, 0x400000000, 0x1000, 0xe3a1, 0x6, 0x0, 0x2, 0x101, 0x13cc, 0x5, 0x9, 0x7fff, 0x7, 0x2, 0x2, 0x1, 0x2, 0x3a, 0xe6a1, 0x80, 0x0, 0x6, 0x100000000, 0x2, 0x5, 0x6, 0x1, 0xffffffff, 0x34, 0x3, 0x8, 0x4dab6270, 0xfff, 0x2, 0x3, 0x7fff, 0x1, 0x1000, 0x8, 0x100000001, 0x8, 0x74b, 0x1, 0xfffffffffffffff9, 0x80000001, 0x7fffffff, 0x9588, 0x1, 0x8, 0xffffffffffffffb5, 0x7, 0x40000000000, 0x2, 0x400, 0x1, 0x3, 0x2, 0x80000000004, 0x3, 0xffff, 0x8000000000000000, 0xfa, 0xfffffffffffffffd, 0x8, 0x3f, 0x1, 0x3, 0x3, 0xfffffffffffff801, 0xffffffffffffffff, 0x3ff, 0xf82]})
r5 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
clock_gettime(0x0, &(0x7f00000008c0)={<r6=>0x0, <r7=>0x0})
ioctl$sock_bt_bnep_BNEPGETCONNLIST(0xffffffffffffffff, 0x800442d2, &(0x7f0000001b00)={0x5, &(0x7f0000001a40)=[{0x0, 0x0, 0x0, @local}, {0x0, 0x0, 0x0, @local}, {}, {0x0, 0x0, 0x0, @broadcast}, {0x0, 0x0, 0x0, @broadcast}]})
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000900)={0xfffffff8, 0x1, 0x4, 0x1, 0x56bad4af, {0x0, 0x2710}, {0x2, 0xc, 0x61, 0x0, 0x40, 0x6, "7dde1614"}, 0x0, 0x4, @offset=0x4, 0x7, 0x0, <r8=>r1})
r9 = socket$nl_audit(0x10, 0x3, 0x9)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000c00)={0x14, 0x3, {0x6, @struct={0x1, 0xc0}, <r10=>r2, 0xfffffffffffff44c, 0x2, 0x9, 0x1, 0x2, 0x80, @struct={0x1, 0x2}, 0xffff, 0x8001, [0x13559f17, 0xe24, 0x6, 0x38a6, 0x8000, 0x4]}, {0x6, @usage=0x7, r4, 0x6, 0x7ff, 0x2, 0x1, 0x0, 0xae, @usage=0xcc50, 0x4, 0x1, [0x12, 0x7, 0x0, 0x9, 0xfffffffffffffffa]}, {0x80000001, @usage=0x8, <r11=>r3, 0x0, 0x101, 0x8, 0x1, 0x9, 0x400, @usage=0x8, 0xe3ae, 0x4, [0x4, 0x100000000, 0x80000000, 0x4c3, 0x1, 0x3]}, {0x3, 0xfffffffffffffffb}})
ioctl$BTRFS_IOC_DEV_REPLACE(r9, 0xca289435, &(0x7f0000001000)={0x2, 0x1f, @start={<r12=>r10, 0x1, "9bcc8ee0841703cad2c84590b7f68fcd75c72f4c5965ac171f9cb0f77b0346cce1783afd2622e7e11c0d3d57c04e923cadc04ae79b4a5e43b3fa39f2fbdfebe63cc2ce34996c9cd1d438a9829788fb30353062a5409469a0e67aeab63192a7e197f681e61435cf6051df92b4f7bbfe833d5af18756b91fcc5e4f0f6d076401b3bcedb3389075fc3bc6d92e26514ba5399454b6d742d64ede55287f904602d1c2fc5da522aa9769ed2cdc78eb251e97c870e76163af5dd1e3a0dec09b28cf1232e842d0aeac8d9c614835cb50031bd01442ea2d65f197b79c3fff169b063205b6af7465c3ed7811c775e5d8e4556ad1eec9da61cff5e609ed7350de27a6c8ab19ff4cce0f69b45b5396f2c9237b8c8354245c9300d8260403af543bb977404cec6ebe01cbeba4d9bdf06b9c039f0c3c83ca08068487edb7ba6242bf9e67612d3aa124b9db3103100c2551cc71f448dbee600add29bf3b141b39f5b43e1d6bf617f80f032ce25be3040813ceb2942c32d240710a5fc2b064315de440642e0474e377a71724d2726f5a3d01481c55dd8ffedb54caaaf3b342613622ec0db466970c1d99d85042ac8baa15cb16fd37c49ecf6a0b1c2bbf4cf85a856dcb00e670f5a4737f157fd95dcc46441f3f61f5d6650bae0e4f47f4923a7a46eea83727fece3e7b0d8702bb68f4f401fcc86204c7c6c3e0fbd00cf9a5af606ef9151ac8c3d82adfd3f46148bf9be02e442b418737b8fbe143ca6fa4fc536c716fd1778ec13a913ec083e2815e04b227dc1fa0a4cacecd1db1d59b35c2faa293442e6d28762a3bccbe10da3b77312dd4dd060230eda35ba152e05863036382db6501fa01e65a76bbeeea6141c306e7e37e866b35ad386bde285b5d928e7203a0b80a49b6dbf9144a7b6e3182aa92803e9a3b00b2c14022a3c18eb26f30b5225477f343fb40c3cbc0a98864178f84169ae0a58496b097cd3d7f3e19e5ab4c7125ff814790dfa535c6ebf131608fad4a391722c3bce5f432ff64076c39f92a2b96538c47c6f68a22f86247e0bdf1cd01537415fa83cd38629332e5c9d80a46491d808d0f65d589c320851d7aa36293dc3ce6e43a385f8b49124137a3bf1aa33cbeefdf53119a69a03eb2f277fd405d9ca23cbfd5935ed67d7c6b25747939fa43b13d7726d2aa807d418275c31347896f886b2883d7f964f4152d8d05c04465a57db205accadb07a2a76f624a0cbf56f975a4887c86843b7fd34eefc38845c7b63c1f37fdac819aa62ae0f446016b4c636f3cbcaa56f25ec31c5100f61e3a64f4c3fe39a362e0fbe2465d9dc0b67f3ddb7321e8e88bd72f23d59dd2489f2cabbd0c4e1fc3ef8dc790dc41ac2174c9b05484f3b21574c2b1e6a7d04ab4e1c5c00a2e797c51c831c86cd91689d9dea854672cde70e22455f56676c30c3a93ff5304234082c9611bda55fc", "7564b45c15347ec5d304a5f4ce3db1ddc79bbd184a08e7cbab2e03fec827c111018c61e85bfd50d42a76a518af8efae70937baa48a4a74e7d3619d528b036de0dc6d2efb407aa07bed996d6179118f6e69c3a7f7699e86f146b02444c80a8fd6c55c2494e9a8f48de482d6e9e672de07475f2bc869471c173dc1167a3f563070218cf8ee925bbfdcc77b4fb758007b2909fb0edfa79daae520802d2a822c2b3b6e506738d2ca006991053b9c3527b500c319021840751be9cfe54dea11bfff140ca5138f3b93ba547027f8a6b8389e3fb0e6cc500d8f3c68f16dd7fb611601cc5f7345ffa5697a2f1209536c2e68c9f80a93caa9df20216c22e720b50fff2723ca1715ede4c8c41979f8e818d53b8467d3c2d5da5c967c0ea479396bdfbf6e126c74e6f6306dcca4b19f610263cf94fa0a2bb7f73ce84417cbb4989e7bf66eb7d8d7380e19a044f8b50cc4308470cd46ea23b74b7cce890551775c8ee6968c32d1fca0e4de4ed8be50d2f93686ffae4ff16998e383c9fc05274d23149bd9e9dc47a5fbce05291caf75143e93e564cbaaaa1ccfaa2b0981928648f9913acdc38f71926a974bd02081df857543581032eb7fd3f6e4ebd876cb4498a8e30b9872c1bf191377bdc9f2a26e0b64203900838759d35c4fae739067d60bce2386ad7f9faafc4a3b8dca3a935a4f31f44c620c2006c36808fddf0cdc0f0dec9ac9cb298078476f3ecac708ad43520af653e248c64f75d5223b048bb3a64188c559825cf83083175acd0eacf0d1555fe13c2a7450d72c7f1470acbf94d5790c3b19eda972a35f93e3d6acca696cc01a0f61883101b62bdc5c4e9c69a5139061c09b069743aa9f7fcc80fb945d09f76b2acb977453ce8e15ebecc51984ed54d0c25e4811afdb5251f4e1d49e277ccd66d3a395c0f313024986187910f0111366ca965344a818d8181024cc856f2bf3a972a3ca3c2c53188ad435d1c1673203ca3d4de7e7f847a467df8de0655b4e1b818f55ea9fb920ebe27cbed9e030638585a4776a71a41352c1eeab6e4f58e225c3262302d6889ab9dcf1d837af5a13877ab421789d7a716efc3ad2fe489de24baa22c27fccec997a5fafb4e5b1d892903c1cb652f6546c630411b5f558fcdb9fe741fdf7c10cdffcd425ea0a769d5ea951c1f83df7d3c31c2b247deadcd19e29e63aa4e3e6b3066d087203f719ed508d762a0f89abfb19cc19c12512b5e39efca836fb1f6e6b068079db63fc0a38d643624aea39a9e0c8b5854559b869cb244e573492f2431bda924a8edc26eb6adb156ce1c9114c99cb4c1163265d72c6fcd543ea3a64992fcbcf2495deaed1d7e687818f092ffd0e29f4fc68220e9012392b3a513dfc37d861e088eba989e58da872301d693ec7e75f1cb9e7a5db885644a2186a0843141bc1e3fcedf72c00d5a0dbb6fef4e792471b"}, [0x5, 0x5, 0x8, 0x5, 0x9, 0xffff, 0x2, 0xfffffffffffff800, 0x80, 0xae, 0x1, 0x894, 0x8, 0x1ff, 0x2, 0x8f2, 0x69c8f19d, 0x20, 0xffff, 0xd5, 0x3f, 0x2, 0x4b, 0x1000, 0x653, 0x8, 0x1, 0x100000001, 0x33, 0x0, 0x80000000, 0x2, 0xffffffff, 0x40, 0x2, 0x3, 0x80000001, 0x7e6, 0x5, 0x5, 0xf248, 0x9, 0x20, 0x5, 0x800, 0x7fff, 0xfffffffffffffffb, 0x3, 0x0, 0x2, 0x3, 0x8, 0x3, 0x40, 0x21429388, 0x10000, 0x100000000, 0x8, 0x9, 0x20000000000, 0x39, 0x5, 0xffffffff, 0x8]})
ioctl$vim2m_VIDIOC_QUERYBUF(r5, 0xc0585609, &(0x7f0000000980)={0x2, 0x1, 0x4, 0x800, 0x4, {r6, r7/1000+60000}, {0x5, 0x0, 0xf1, 0x8, 0x1f, 0x2, "60cd370b"}, 0x1, 0x2, @fd, 0xffffffff, 0x0, r8})
r13 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r13, 0xc0585609, &(0x7f0000000ac0)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @fd})
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$BTRFS_IOC_DEV_INFO(0xffffffffffffffff, 0xd000941e, &(0x7f0000001b40)={r12, "45675ed5488d52df1d3c81b811b574e5"})
ioctl$BTRFS_IOC_BALANCE_V2(r13, 0xc4009420, &(0x7f0000002b40)={0x18, 0x2, {0x1000, @usage=0xfffffffffffffffb, r11, 0x2, 0x0, 0x3, 0x0, 0x6, 0x40, @struct={0x0, 0x1}, 0x7, 0x3f, [0x1, 0x0, 0x9af4, 0xff, 0x101, 0x8b1d]}, {0x6, @struct={0xff, 0x2ecc0}, r3, 0x1, 0xfffffffffffffffe, 0xffffffff, 0x8, 0x40, 0x20, @usage=0x890, 0x40000003, 0x4d1a, [0x0, 0x0, 0x100000000, 0x2, 0x2, 0x8]}, {0x6, @usage=0xd86, r12, 0x7fff, 0xffffffff, 0x1, 0x5, 0x5, 0x81, @usage=0x8560, 0xa6, 0x2, [0x0, 0x3f, 0x7, 0x7f, 0xa3, 0x6]}, {0x8, 0x100000001, 0x3}})

10:23:00 executing program 3:
ioctl$NS_GET_NSTYPE(0xffffffffffffffff, 0xb703, 0x0)
linkat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000)
syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0xffffffffffffff65)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
pipe2$9p(&(0x7f0000000280)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80800)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r2)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
r3 = syz_genetlink_get_family_id$SEG6(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$SEG6_CMD_DUMPHMAC(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r3, 0x100, 0x70bd26, 0x25dfdbff, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x48010}, 0x810)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000200)={&(0x7f00000001c0)=[0x6, 0x1], 0x2, 0x80800, 0x0, <r4=>0xffffffffffffffff})
mknodat$null(r4, &(0x7f0000000240)='./file0\x00', 0x8000, 0x103)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r1, 0xc400941d, &(0x7f00000002c0)={0x0, 0x401, 0x9})

10:23:00 executing program 1:
socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0}, 0x2}, 0x0)

10:23:01 executing program 5:
r0 = socket(0x28, 0x5, 0x2408d80e)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:23:01 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r0, 0xc400941d, &(0x7f0000000000)={0x0, 0x9, 0x10000, 0x1})
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})

10:23:01 executing program 2:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r2)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), r2)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r3, 0x1}, 0x14}}, 0x0)
sendmsg$BATADV_CMD_SET_VLAN(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="000327bd7000fcdbdf25120000000000000080000000"], 0x1c}, 0x1, 0x0, 0x0, 0x4004}, 0x80)
syz_emit_vhci(0x0, 0x3b)
ioctl$SNDRV_PCM_IOCTL_XRUN(r0, 0x4148, 0x0)
sendmsg$AUDIT_USER_AVC(r0, &(0x7f00000003c0)={&(0x7f0000000140), 0xc, &(0x7f0000000380)={&(0x7f0000000280)=ANY=[@ANYBLOB="f0000000530400082abd7000fddbdf25818e8a9578f69146877260a9b3658cd28d29a356f940928f03499205ba01c889789ea9742d0ca4dc58e9a64312eac63e03c1828aaaec74d1a2458941fc5a476933c177422a314a018a6b752d7e389004d3762ea572446e7947576a311b1cb917dee01e0f4349ad6baf39bc286f9326cba30e85ee2e433d887e52aa8f8a89ed6d22dc8118a9180b96d823342d6744faf878a65b898abb33adc68b5a1d6734a9379416130ddc13e0542acb8b6ad3de2acef8043a4f1caea7f1c87d186ff0247c109546c67077ddeedb2f739a1251c19d3c0a448b00"/240], 0xf0}, 0x1, 0x0, 0x0, 0x4}, 0x20000041)

10:23:01 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0}, 0x2}, 0x0)

10:23:01 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x0, 0xffffffff, @hyper}, 0x10)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f00000000c0)={&(0x7f0000000080)=[0x10000, 0x324], 0x2, 0x0, 0x0, <r0=>0xffffffffffffffff})
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r0, 0x28, 0x2, &(0x7f0000000100)=0x9, 0x8)
syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x1, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_le_credits={{0x16, 0xfa, 0x4}, {0x8, 0x7ff}}}}, 0x11)

10:23:01 executing program 4:
socketpair(0x29, 0x4, 0x40, &(0x7f0000000040))

10:23:01 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$SEG6_CMD_GET_TUNSRC(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x40, 0x0, 0x400, 0x70bd2b, 0x25dfdbfd, {}, [@SEG6_ATTR_SECRET={0x14, 0x4, [0x2a3f, 0x2, 0x4, 0x3]}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x1000}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x4}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x10000}]}, 0x40}, 0x1, 0x0, 0x0, 0x401}, 0x400809d)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:23:01 executing program 0:
clock_gettime(0x6, &(0x7f0000000000))
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})

10:23:01 executing program 2:
syz_emit_vhci(0x0, 0xfffffffffffffe78)

10:23:01 executing program 1:
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0}, 0x2}, 0x0)

10:23:01 executing program 4:
r0 = socket(0x26, 0x4, 0x8)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'})
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000))

10:23:02 executing program 3:
mmap$snddsp(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1000004, 0x1010, 0xffffffffffffffff, 0x2000)

10:23:02 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={0x0}, 0x2}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$gtp(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r1, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x34, 0x0, 0x10, 0x70bd25, 0x25dfdbfd, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x9}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x4}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x5296}]}, 0x34}, 0x1, 0x0, 0x0, 0x24000040}, 0x10)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r0, 0x28, 0x2, &(0x7f0000000080)=0x9, 0x8)

10:23:02 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$SNDRV_PCM_IOCTL_CHANNEL_INFO(0xffffffffffffffff, 0x80184132, &(0x7f0000000040))
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})
ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000000)={'veth0\x00'})

10:23:02 executing program 1:
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0}, 0x2}, 0x0)

10:23:02 executing program 2:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
sendmsg$AUDIT_TTY_GET(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x3f8, 0x400, 0x8, 0x25dfdbfd, "", ["", "", "", "", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x4000}, 0x840)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
sendmsg$SEG6_CMD_SETHMAC(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x0, 0x200, 0x70bd29, 0x25dfdbfc, {}, [@SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x2}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x1}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x400}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x8800}, 0x4000081)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$AUDIT_TTY_GET(r1, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x10, 0x3f8, 0x10, 0x70bd2c, 0x25dfdbfc, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x1}, 0x814)
sendmsg$SEG6_CMD_SETHMAC(r2, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10000010}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x30, 0x0, 0x2, 0x70bd2a, 0x1, {}, [@SEG6_ATTR_ALGID={0x5, 0x6, 0x8}, @SEG6_ATTR_SECRET={0x14, 0x4, [0x2, 0x5, 0x8f, 0x7]}]}, 0x30}, 0x1, 0x0, 0x0, 0x48000}, 0x8001)

10:23:02 executing program 3:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {<r1=>0x0, <r2=>0x0}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0, 0x0, 0x0, <r3=>0xffffffffffffffff})
r4 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r4, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
r5 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r5, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYRES16=r0, @ANYRES16=r2, @ANYRESHEX=r1, @ANYRES16=r4, @ANYRES16, @ANYRES16=r1, @ANYRESDEC=r3, @ANYBLOB="06a9a392f2df651d9dd2d02d9379400e9a9a2f7691a150e9472ad9d6c88033048f8188e64decc21a4ba3126536553f3f5ce7a74d409fb506f729cac45dcd46320c65d1abd9e18f7f86cf3b9e", @ANYRESDEC=r0], 0x3b)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000000)=[0x4, 0x8, 0x2, 0x80000000, 0x101, 0x6, 0xb2b, 0x8, 0x1000], 0x9, 0x40800, 0x0, <r6=>0xffffffffffffffff})
ioctl$vim2m_VIDIOC_PREPARE_BUF(0xffffffffffffffff, 0xc058565d, &(0x7f0000000180)={0x73d, 0x2, 0x4, 0x100000, 0xffff0001, {0x77359400}, {0x5, 0xc, 0x4, 0xff, 0x40, 0x40, "b76f7f6c"}, 0x7, 0x3, @userptr=0x8, 0x8, 0x0, <r7=>0xffffffffffffffff})
ioctl$VIDIOC_QUERYBUF(r6, 0xc0585609, &(0x7f0000000200)={0x7, 0x9, 0x4, 0x400, 0xde00, {0x0, 0xea60}, {0x5, 0x2, 0x2, 0x6, 0x5, 0x6, "ef69f458"}, 0x1, 0x3, @userptr=0x9, 0x9, 0x0, r7})
r8 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r8)
clock_gettime(0x0, &(0x7f0000000080)={<r9=>0x0, <r10=>0x0})
ioctl$VIDIOC_QUERYBUF(0xffffffffffffffff, 0xc0585609, &(0x7f0000000280)={0x400, 0x7, 0x4, 0x400, 0x9, {r9, r10/1000+10000}, {0x5, 0x1, 0x1, 0x3, 0x9, 0x4, "2f3a1ca8"}, 0x7fff, 0x1, @userptr=0x5, 0x6, 0x0, <r11=>0xffffffffffffffff})
ioctl$vim2m_VIDIOC_PREPARE_BUF(r8, 0xc058565d, &(0x7f0000000300)={0x7f, 0x1, 0x4, 0x400, 0x6, {}, {0x5, 0x0, 0x3, 0x9, 0xb, 0x1f, "128e9965"}, 0x2, 0x2, @userptr=0x3800000000, 0xffffffff, 0x0, r11})

10:23:02 executing program 4:
socketpair(0x23, 0x2, 0x400, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r2)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000200)=@bpf_ext={0x1c, 0xa, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x3ff}, [@exit, @btf_id={0x18, 0x1, 0x3, 0x0, 0x1}, @generic={0x80, 0x8, 0x3, 0x9, 0xf39}, @func={0x85, 0x0, 0x1, 0x0, 0x7}, @map_val={0x18, 0x9, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2}]}, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x78, &(0x7f0000000280)=""/120, 0x41000, 0x18, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x1, 0x5}, 0x8, 0x10, &(0x7f00000001c0)={0x1, 0x3, 0x5, 0x100}, 0x10, 0x306fa, r2}, 0x78)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000140), r1)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000400)={'batadv_slave_0\x00', <r4=>0x0})
sendmsg$BATADV_CMD_SET_VLAN(r0, &(0x7f00000003c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x50, r3, 0x4, 0x70bd26, 0x25dfdbfe, {}, [@BATADV_ATTR_HOP_PENALTY={0x5}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @random="f8aad18824d3"}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x4}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
ioctl$SNDRV_PCM_IOCTL_RESUME(0xffffffffffffffff, 0x4147, 0x0)

10:23:02 executing program 5:
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:23:02 executing program 1:
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0}, 0x2}, 0x0)

[ 3266.329038][ T6375] Bluetooth: hci3: SCO packet for unknown connection handle 3840
[ 3266.398569][ T6375] Bluetooth: hci3: SCO packet for unknown connection handle 3840
10:23:03 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x2, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})

10:23:03 executing program 2:
sendmsg$AUDIT_GET_FEATURE(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x3fb, 0x100, 0x70bd29, 0x25dfdbfb, "", ["", ""]}, 0x10}}, 0x40)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
ioctl$VIDIOC_DQBUF(r0, 0xc0585611, &(0x7f00000001c0)={0x1, 0x7, 0x4, 0x800, 0xbb4b, {0x77359400}, {0x5, 0x2, 0x0, 0x6c, 0xfe, 0x5, "f9340ced"}, 0x200, 0x2, @offset=0x7, 0x9, 0x0, r1})
ioctl$SNDRV_PCM_IOCTL_PAUSE(r0, 0x40044145, &(0x7f0000000100)=0x7)
r2 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000280), r0)
sendmsg$SEG6_CMD_GET_TUNSRC(r0, &(0x7f0000000380)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x4c, r2, 0x201, 0x70bd26, 0x25dfdbfc, {}, [@SEG6_ATTR_SECRET={0x18, 0x4, [0xffff8000, 0xd822, 0x80000000, 0x5, 0x7fff]}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x1}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x8b}, @SEG6_ATTR_DSTLEN={0x8}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x1}]}, 0x4c}}, 0x40800)

10:23:03 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='hybla\x00', 0x6)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:23:03 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x8, 0x103)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
fchmodat(r0, &(0x7f0000000040)='./file0/file0\x00', 0xd2)
syz_emit_vhci(&(0x7f0000000080)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2)

10:23:03 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, 0x0, 0x0)

10:23:03 executing program 4:
socketpair(0x5, 0x800, 0xf7, &(0x7f0000000000))

10:23:03 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @userptr=0x420})
r1 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
shmctl$IPC_RMID(r1, 0x0)
syz_open_dev$vivid(&(0x7f0000000000), 0x2, 0x2)
mknodat$null(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x2000, 0x103)
shmat(r1, &(0x7f0000ffd000/0x2000)=nil, 0xfa024a8b556fa98a)

10:23:03 executing program 2:
syz_emit_vhci(0x0, 0xffba)
syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x2, 0x18}, @l2cap_cid_signaling={{0x14}, [@l2cap_conf_req={{0x4, 0x4, 0x8}, {0x362, 0x3, [@l2cap_conf_flushto={0x2, 0x2, 0x8}]}}, @l2cap_disconn_req={{0x6, 0xae, 0x4}, {0x7, 0x9}}]}}, 0x1d)

10:23:03 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000000)=[0x7fffffff, 0x9], 0x2, 0x80000, 0x0, <r0=>0xffffffffffffffff})
ioctl$VIDIOC_DQBUF(r0, 0xc0585611, &(0x7f00000000c0)={0xb35, 0x8, 0x4, 0x4009, 0x7, {0x77359400}, {0x5, 0x2, 0x20, 0x0, 0x9, 0x3, "d0732d5e"}, 0x3, 0x4, @planes=&(0x7f0000000080)={0x100, 0x1, @fd, 0x3}, 0x2fbcfe7a})

10:23:03 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)
ioctl$SNDRV_PCM_IOCTL_WRITEI_FRAMES(0xffffffffffffffff, 0x40184150, &(0x7f0000000040)={0x0, &(0x7f0000000140)="7e383bf9405a20baaeafea345570a8266f714fba722fca16cd0e071e01ec73438126a560cb626191e445c45081fbdec27de07aec911c73b54f1e33777a879adb20bdf15a38f3dc31871a4b090c9fb2140a63f6122bc5e28cafd96599f9c5bc3c5a50dd1b023bc6820134ef80bde03c49e44045327d8ac991edc0642350f28ec7e330edecf2cd3ef928a65a754710e8e863214748078575e1554d9736341e9c6106c994ac462db08606ada4a0bbc9ff522c94576ad4d527ab9d23b4fd112263eaac56f426fddb27e2fd37b2eaf2183450841de93c3c77ba803006f59fd56210b67fffa9068f5c8d5fde7bc1233f9578f8dde1cc870af0f064cde5", 0xfa})

10:23:03 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, 0x0, 0x0)

10:23:04 executing program 4:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000000)='.pending_reads\x00', 0x41, 0xa4)
ioctl$SNDRV_PCM_IOCTL_PAUSE(r1, 0x40044145, &(0x7f0000001080)=0x3f)
ioctl$sock_bt_bnep_BNEPCONNADD(r1, 0x400442c8, &(0x7f0000000040)={r0, 0x9, 0x0, "b9bbef10f2f715c482aef4fb131119f5b526ad82a5403d215ba4d99e0cf83f8462c27efecc846b31b67b9b8681db14ef4a8f4bb171d8a6b5a8177bb547e00436ca5f88769398d535048c1ba4d108b9bb93a03b901d255eaf14c17f90ce61f1a3a639cfe113571b73cc6cc9c3ff3da4404cf138022d4153b5615658fef56e71c9186803a9e2983e0679b9d2d21456a71c9b70ccad313ee54e75c304167659aae59628f553c7db4d96d4d04d230c7509b1c2b791d4b66602b0027f9da6054f94506e958ce914a2d46f61301a55bfdb0be55ed3825860202adc98c46f30c6bc22eadae7d1b9b10ca7bbbb4a90d9233f08fe1d3359ab2cf0ae779e8e2e3a8a1109ddaab02382f8c817bb97e900a8e94a607c198ef6b63d7d17a9d64f1f7ed377db6406ccbf2b44d3d35623069c3eb7498758407b49930518904b429da80c8089535a6cc5adabb10a9b3ad95eb06d923f59f9fa10423122d936f49543cdedd9b9d045b885b91ef65f991bf423314f464bb82c1b27215b5fb7d1c72579b998e76d943af9677f2e293b97871e5a99dcfd319ca9e8e32458aa744a4ed3b69d54b42ec16adc54faf133ce87d37ef2cb30df304abd59250adcd9742737d503f5ad32ce4ac93324d3ff50efb8b3771e6d464a608bf86c8b9dd65a63b8018ddb78809dbeedee1bd2d65c9931ec4f02bce634ca604f5f7fe9884b8a4078643e2dd2154deb6b01c68aa4b30ff4b7a8163c932ce0611886bcd7ad42343972cdb3d1cf0a742993f25de73a9e805738b1001bb463ae07535ee28cc7b93e29f1db8038331b161670968b7a661bf76d40471ff56b4008cb1c7ac1eeb093d325acfd0c02f2ae1bff5513b5e9203429379db8a3893ee0fef2ae856c65085f5f3481f5c0cec23d4886d01aee9a26ede0cae98742c1003b73fb5ddeca4518f106cff13f9f9a10e0bd026767097059b7f07fa94fdaef5a6e5c6de9550a18e41817927d9b94fe839991d1d4f0f628061e34f4e8f4a39ec7f4ead70e96bb6c270141a4a51909d01c63b4bc2aa4616f347f6f996932ba5fae8dd645da895ee780079a7e80611307d35c8e7445e588743d4f26d7d64d348b51de8b569d2eb8585e5b1911a4ba27b3e3987b74b1871c49c1c2e409a8d3fdce278ee67f0ef2c6df3f9bbeab34d076704b7b1fd1f12e45b44678c6e5e5ad261012575b1f158ec9e425930ba5e5ded64d30f65211a9c62ae471a95bebe044e70caadcf97b7b6ea1aba05db241e17408c2081258da56b5512b904c33328aa4fb5d0c7a87cfdf1096382e2b0570162b24ebcd80c4c656caa478f1cafba109cb9e4f07a32017fc62774ba27c9127743e92a8dc34282cb3a2dbc437db77b1ad72bfc64dc9e54afdef18178465d606bb0e6e5d36ae627f1108fe3b9a503dd82bc474a3ac1a955066128785c8def4b9e83ce957b362bb98afb7dd59d9b3d52252fe54de37b38cd8329e0a925116c44e0eab512a3883acd520d0538c57af4bd1c51bd895f92ef9076d1e12b9201c259c0a35af764ec44dd36d2ac59c3cd9cdaafb378d5ca416dc6e307017cdffd1b83f4923daf8265f42c720db196e973588c34dfb1b697a10576a98669ed826a6e2ceb89415b6161e058c6ed856dc4a20b5eaf2e18fbd26b619ac38394119e5cf76240e0bdc2f792390f7666a8afd53259946b73521902bd54ce14117b9540bc5efa89f16ce91fe22a2752ab14c977fccb32ee017c8d089db26d7b21f07e3249610f8a66d4182049550b565ec893e046430bf8dfecf6e98aaaabf5edc4d172ca1202e17ca5e85836a1cfcb76f83e13db95d9d08c22c44c610d0a5eebacfc271f14553bee6fcd777c98460c928c711b0860aac42b24a181f235bbb6cdc3c7a8d9853f0ebcfebf5f8aeea23abce8e46398fb58ecfc4945e03250a285dcc1145a4d6584d0c0e3e61b8328b2154b8e5551d26a88f8c7eaf2cd7b2b6e0f5d83378c9b1472c7d75afff02f68509f1b4af5f9a0baf8aa2b6623d45fc9e147f34b8967708cce9bb6852db3946870ada7eed8891acb45cd1341bef86d443a5862f4fb0905fca7e258d8351867ee7f5a86bfb2afe67b0d0ec8722796df79e1de3cc5decf5310d94a3e8dad0e2e2b57d8c044b983057c89a9da2cb4efc8b652fc6fb24b7690ad446ebb1e99cee5d70008a02543fe2274329f9b6196628a381195f2fba265dcee0d1dc9b6b0978ef3c8447c97e069ee9a2f3c67dad4aa15d14824fe1404b77868cc5bbb10f81c681a36dc46b17d7caca717eb45f72980f8dff5036325456242d499dcbb81c48c1bebdb9df3a26ebf97af9aa4b60ec7614440bbdc05f4b376be175b73adda8e7b08488d6b048658b2714820c48550aa82dfbfdf227036dd07bc0a7b9c0522db00292d00c3e45d1f46f44b3c72049c4f7f115b5b87bf24bed594aebfe80ac2d424ec99c63809f9ee7e51823187a41f7fd61dee97f5c464422d0e0356864023d399873840df63aa8a70daa1cff7632a60087fc8eeeb7ce1d3167a77bd6a579d144728c83cb9a51f878dc02508c7b0c4215723b3eb11843576004d1d0e240c8471888cb19accaabc639f210fdc0e8a46cf4e49fc6efa44eada39caee2486107ffb1e0f212796fd91f44afa74519c48a1fa82b7041014912824378eaf8884813e5f6032c8ab7bfb914921082cb5260f8fde2589163ab74affd98dc3fcdb7904838644099a4d4e58771fbbd758eb86a85f5c80b0b40f4b2edc2f2237a056ddc344b0356171fa9c1b54aa760304f777e54b030d50cba2dd9508a75cbc891bfd55eaa7d2a7d3609716047691402d9777c2fd804f504aa913cb41767982c45a08e2940faf4e7e7da330ca5df2d806ad81fc73f833636870341afd020b0d993d868c90ddf460f06696ca456afdd1c034c0bc1685818b53209fbe90189d7a781751aff5dc8945931e61d146d55c7b5a1bc696341b40f27e9fc782897bb6bffa5a0a9c2754fd69a1d53f3efe7defa65497fea2c56fc3d4521d8759390884e84ed30cbae270e059c71cc049e51646bbb14f23e62790d9a8545e9e679df7161f153a8edcb0176d19515aa75f3b59b817e3294353e92dac1541bf4b526d2e8824a3b49697907bb4aae78045fcac58dbc95f9b9cd4ecd5a90566855db150c6fd4a9ce1b309a9d71ef93c69a68ff3b84efc472dd20c2d5bec1353af769bc98b24a89b91454251789897ddb5bdaa13f3e7c1b398ef699d26df5f2da0edea1dc209fd5392b2a4c7841160742c54913a3406463a0b4212dc0fff4fbc7825bb891b0f9c91a84f93804b722b419b2a899d0e7a1fac0fcb712fdbfa77dd88d2d62363e36fd1e06bfa79dd9279334e03721d0a46687ff1bd350c3fc4b6588d42110214e85753beff9bc70c888c111bc296d0b6d8b9f10693d0dc49949444e890f5cfe56363b9e54ba867a02d9b3320f94adb3d1825eb23c4c59bfe6159884b9f92296524a64c6949c35f073ccd4cd8bcdd46a828fc86400d38822322c8bb0c116e20d3d77b51d41cdb245d0861a0d270eefa71cf1a0fc2e132d7cf503533f3a49669818c3bd7c0326592715576609207edab85628d941239949ed2294c9718e489c9463b8818915c3419c2985149b9bc429483c51ee4cb880da7d4e4dd1351b16d4886e08f6237613ccaaea7c2b0539e2a221a5b2d24097b4d13df9bbcc465567bf016914e79b4e25f70cf1a68e570c99d24163bea1d53dcdfe2bd30faf97768f0841807df95f67e5e12f090b51cef47878bfff6a89c246b06214897dbacb0ca52bf7e3150d152b689ad658f27a2b6c9d7db2c50bd8f708b8fc3a8a29c3b0ab382b691ed127ff5bffc1a8968032eb77a9e00091b793e3b1c0f2312eb8eeac431e5e5db9067cf930aefa9727cf9e57b460684778f98ca85ca446c0e056cb04f4a1ee61090d4548e9f914a34e8a18feb42eff021a96f651b141b934e969735abe4651c23aa06422aa9da00538d00dced1580e2950f8b13b5764909c2c7fed6977b1d0981de61f097d521d4c6ce1146b9d1b525877337bd44339e88a6c20b7226ef57b556b2e6be795bdcb5bc676972720f7a7fe7d844e7692e8f76501e3819d36ad76f3e039f8ccff8a454041db5274e0893248a6e41ead8195a5e02405d2d329ac0a28b9c8850dbb7fb519373e966d73a6761299ded609cc3d655a7dd5cb0758ced4bbe8c229deb6b055d5621e5da3e7cc08d0cfa6d043d3acc3bef4fb08060c87cb2f8606f382dc6d31bab9efc9aad6b02acce95817e5363e7294e06c1e2767115ebe7db398e162e21f489a9388db98a154c0e367bf829443b9fab9e60ed2f7d7c4524c7e5d8aede6312c01bd37ff2793b0d351020564f633bfd332c381cee5b4654ca10616f30809aa6122478d14786659ec89bde24d1dabcf124fbf204eb504b36a1c34af7efa9d61fde2d229d7a149add17d44708f80dfabeeef90e82570bd8c0ab7ff0d6339d48421ea167e1c615ff6b344cf86b04cda07938e12106e8bb411a1519d0795c04d3f905d4f0a0cb6ccceb0da8c091cc18dbcafd50484ecd533a8df27807a252ec34956010c2dd7a12b0f3879899867acb5db29e511b5d432ef0e884ec8063828b4dcccc946c9fd7f8547ca990fc93a333e82ba3774bad65001a80ee2f66d424ed114ca865b978ac5e4c323ca55aba0995f1daa725d443314c40a73920a671b8256ec4f7becd2867cd8d75509df610e4be0185fe5ef6a7a1e86f16ad9cefb3612f1cae7a3d01b362f4dfbde452dae73984fca8ab7ee4b81b667c862facf05cc47314f1e9d68bed57cb506cd00128661c0b4d14a67562ce81ef20be872e1671a2c21e5e3bffc5fba7e7ee7dc03693b65c8c970b0a0d880f5cd32f7139964d903036a277475a27eae8add0d89d5cc714bcfa9d8acb114727901322139df46739eda8de882256c2ba5e47c32256475f60c0d26284b3a82aa6385181ff071725598f1f1f61c043886965d6538b46c6d7687cdcd9500d19c1af2aa89ad00931f1d85b9e858baf9cee22e7dc61441ecb8ff397fb32b92a05263f0599aa0abe6f3346250ee3480c8cf012c001c94d919624e3ac74514e04a83f2de0e47075e5cfd613e7c7c9ad14faf9a412b4852dac2f0b432748585ab54c1f883478d0c7992dd0e1156b898651e40cae4220a27abcab9519a10002c0805ac3bb5ac4107524c5e9d7447f1e0d2089e55547ccec65deb77465e4decf517a740cb446ee4ca88e3195d446e722b93f82dedf95c261f81d07cb2f6aed27c763496f133b23d4729bd844b6ce830a6bb7edbec13c2af039f7e4fd5f47e857bd8130e929c627086e92572d930e191471361b99e0cc37bcb63c0f822a272f985852f14a6114b6f078a51740237d50d5ef250dca8d0be783a888d9c3bdf1375982dbe7ebab76225a63cc267dd2efdc80a2c9fcd29041c68d21a357f5ae0182b171a917da4341c0ea5e3a21f9b76efa411dd27138172635611a16d2637957cff37d2460986eb43d35734d13032020389500c06ec4cbd670bb1d6cf3e7da87074620ac26274dea92c7db9b631d5d3f1fc50a7f4d732b78d84971032ad6ce8545f51c5c2731973db6d399f2be7ae584f18d499e7c276fa926ac210b6918df59339fde38244aea36024881951d548f928fdf11adff26c6ee9b90b483c44e50b20b97a0d11abc30a06ce987580e669021663683ad572c8111b4a4d895260d7a1fa5142e8ebe1ae6c3ebb8e64c899fb260c9a6dfb27aec230ef58f8dc57c3bfd1e0adb90f07c355a903e0b219ce003b166cfbf8be9ae9239e33944b"})

10:23:04 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x20000, {0x0, 0x2710}, {0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=&(0x7f0000000040)={0x2110, 0x5c}, 0x100000})

10:23:04 executing program 2:
syz_emit_vhci(0x0, 0x1430012)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x8, 0x40, 0xe1, 0x2, 0x0, 0x1, 0x40000, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x10001, 0x1, @perf_config_ext={0x39, 0xc589}, 0x2, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:04 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
sendmsg$BATADV_CMD_GET_ORIGINATORS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x12000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x50, 0x0, 0x0, 0x70bd29, 0x25dfdbff, {}, [@BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x4}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x80000000}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @remote}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x20}]}, 0x50}, 0x1, 0x0, 0x0, 0x801}, 0x10)

10:23:04 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
ioctl$TUNSETVNETBE(r1, 0x400454de, &(0x7f0000000180))
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
r3 = socket$nl_audit(0x10, 0x3, 0x9)
socketpair(0x28, 0x6, 0x7, &(0x7f00000001c0)={<r4=>0xffffffffffffffff})
ioctl$sock_bt_bnep_BNEPGETCONNLIST(r4, 0x800442d2, &(0x7f0000000280)={0x4, &(0x7f0000000200)=[{0x0, 0x0, 0x0, @link_local}, {0x0, 0x0, 0x0, @local}, {0x0, 0x0, 0x0, @link_local}, {0x0, 0x0, 0x0, @broadcast}]})
sendmsg$AUDIT_TTY_GET(r3, &(0x7f0000000d40)={0x0, 0x0, 0x0}, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r2, 0x28, 0x2, &(0x7f0000000080)=0x5, 0x8)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:23:04 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, 0x0, 0x0)

10:23:04 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r0, 0x84009422, &(0x7f0000000040)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}})
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})
syz_open_dev$vivid(&(0x7f0000000000), 0x0, 0x2)

10:23:04 executing program 4:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000001480)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, 0x0, 0x0)
sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x44, 0x0, 0x100, 0x70bd29, 0x25dfdbfb, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x20}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x5}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x1}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0xc0}, 0x4000840)
socketpair(0x18, 0x3, 0x0, &(0x7f0000000000))
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x29c0, 0x0)
ioctl$SNAPSHOT_S2RAM(r1, 0x330b)

10:23:04 executing program 2:
syz_emit_vhci(0x0, 0x3b)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="2d4c4c8d19d6d1e7bcdfefab858285ff34daf5de770ae75a201b09c706372b1f6548b4bfe47f76c16043c9892e61acb422f559b2bba7671f56263d31a40d15"], 0x48)
syz_emit_vhci(&(0x7f0000000040)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x30}, "364377a67ee66b0a0a9a5713a6679db426d4d030f035d453049e8c6521508f9ed4838ae647a1bb2e6f831d0c5eca56cb"}, 0x34)

10:23:04 executing program 3:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
sendmsg$AUDIT_GET_FEATURE(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x10, 0x3fb, 0x200, 0x70bd25, 0x25dfdbfe, "", ["", "", "", "", "", "", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x4}, 0x80)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
r2 = syz_genetlink_get_family_id$SEG6(&(0x7f00000001c0), r0)
sendmsg$SEG6_CMD_GET_TUNSRC(r1, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x28, r2, 0x1, 0x70bd27, 0x25dfdbff, {}, [@SEG6_ATTR_DST={0x14, 0x1, @private0}]}, 0x28}, 0x1, 0x0, 0x0, 0x40004}, 0x1)
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
ioctl$SNDRV_PCM_IOCTL_PREPARE(0xffffffffffffffff, 0x4140, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="010e0a3f602040000041000007"], 0xd)

10:23:04 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00'})
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:23:04 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x2}, 0x0)

10:23:05 executing program 4:
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000))
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r1, 0x1}, 0x14}}, 0x0)
sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2205080}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="040028bd7000fbdbdf250d000000080032000300000005003780010000000500a7b2003100800000000000000000"], 0x34}, 0x1, 0x0, 0x0, 0x2a84831271079d81}, 0x8c889)

10:23:05 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0, 0x7})
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r2)
ioctl$VIDIOC_EXPBUF(r1, 0xc0405610, &(0x7f0000000000)={0x6, 0x0, 0x8, 0x80000, r2})

10:23:05 executing program 2:
r0 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x0, 0x7f, 0x9, 0x1, 0x0, 0x7fffffff, 0x80000, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x3, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x94, 0x4, @perf_config_ext={0x6, 0x3}, 0x8000, 0x4, 0x10001, 0x1, 0x26270ede, 0x2c, 0x2, 0x0, 0x3}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x9, 0x7, 0x6, 0x4, 0x0, 0x6, 0x2000, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x6, 0x2, @perf_bp={&(0x7f0000000000), 0x1}, 0x9640, 0xae16, 0x8, 0x0, 0xf7ff, 0x101, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x8, r0, 0x3)
syz_emit_vhci(0x0, 0xb17c)

10:23:05 executing program 3:
r0 = openat$incfs(0xffffffffffffffff, &(0x7f0000000000)='.pending_reads\x00', 0x4500, 0x2)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
ioctl$TUNSETIFINDEX(r1, 0x400454da, &(0x7f0000000180))
openat$incfs(r0, &(0x7f0000000040)='.log\x00', 0x2c000, 0x4)
sendmsg$AUDIT_TTY_GET(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x10, 0x3f8, 0x8, 0x70bd2d, 0x25dfdbfc, "", ["", "", "", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x30044085}, 0x4c001)

10:23:05 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f00000001c0), 0xc, &(0x7f00000000c0)={0x0}, 0x2}, 0x0)
sendmsg$AUDIT_GET(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x3e8, 0x1, 0x70bd2d, 0x25dfdbfc, "", ["", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x10}, 0x8000000)

10:23:05 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2}, 0x0)

10:23:05 executing program 4:
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000))
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff)

10:23:05 executing program 0:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x2)
sendmsg$GTP_CMD_GETPDP(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x14001000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x58, 0x0, 0x10, 0x70bd2b, 0x25dfdbfb, {}, [@GTPA_MS_ADDRESS={0x8, 0x5, @rand_addr=0x64010100}, @GTPA_PEER_ADDRESS={0x8, 0x4, @multicast1}, @GTPA_NET_NS_FD={0x8}, @GTPA_FLOW={0x6}, @GTPA_FLOW={0x6}, @GTPA_I_TEI={0x8, 0x8, 0x2}, @GTPA_PEER_ADDRESS={0x8, 0x4, @rand_addr=0x64010100}, @GTPA_TID={0xc}]}, 0x58}, 0x1, 0x0, 0x0, 0x40004}, 0x4082)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
ioctl$VIDIOC_DQBUF(r1, 0x5452, &(0x7f0000000000)={0x0, 0xc, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x1, 0x0, 0x0, 0x0, 0x0, 0x3, "40c15b9d"}, 0x0, 0x0, @fd=r1, 0x5ca, 0x0, r1})

10:23:05 executing program 2:
syz_emit_vhci(0x0, 0x4f)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(r0, 0x800442d4, &(0x7f0000000000)=0x9)
r1 = syz_genetlink_get_family_id$gtp(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000140)={'ip6gre0\x00', &(0x7f00000000c0)={'ip6tnl0\x00', <r2=>0x0, 0x2f, 0x7, 0x3, 0x1, 0x20, @mcast1, @loopback, 0x80, 0x0, 0x51db, 0x81}})
sendmsg$GTP_CMD_GETPDP(r0, &(0x7f0000000240)={&(0x7f0000000040), 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x3c, r1, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@GTPA_MS_ADDRESS={0x8, 0x5, @empty}, @GTPA_LINK={0x8}, @GTPA_PEER_ADDRESS={0x8, 0x4, @private=0xa010101}, @GTPA_FLOW={0x6, 0x6, 0x4}, @GTPA_LINK={0x8, 0x1, r2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x24004080}, 0x800)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000280)='rxrpc_tx_packet\x00', r0}, 0x10)

10:23:05 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
r1 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000040)='.log\x00', 0x400200, 0xd1)
r2 = socket(0x1f, 0x4, 0x5b95)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f00000003c0), r0)
sendmsg$BATADV_CMD_GET_ORIGINATORS(r2, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000327bd7000fedbdf25080006001ce3d116c418df0e570cbe4f9a2cff87b796fbb4965ede35df4fcd90a3b9b10ff5debc0826fb311f4e5ffb615a8dc9b03587a8ba8cf41c94b801e7130cfa010fe00fd40301a037c58ca5e15be4cf5049935427afdd0d533db9795bbbcb9c44bf22eb6001064dedce53ed189a8df8bc5a5b663571c24c40a5667e81dc2ce6", @ANYRES32=0x0, @ANYBLOB="06002800030000000800340004000000"], 0x34}, 0x1, 0x0, 0x0, 0x20044041}, 0x804)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r1, 0xc2604110, &(0x7f0000000140)={0xeb6, [[0x0, 0x838d, 0x8, 0x6, 0x3, 0x8, 0x3f, 0xff], [0xfff, 0x51b3, 0x6, 0x8001, 0xff, 0x0, 0x2, 0x101], [0x6, 0x7, 0x2, 0x4, 0x6, 0x80000000, 0x80000000, 0x5]], '\x00', [{0x401, 0xba2a, 0x0, 0x1, 0x1, 0x1}, {0x2, 0x8001, 0x1, 0x1}, {0x7, 0x3, 0x0, 0x1}, {0x4, 0x8, 0x0, 0x0, 0x0, 0x1}, {0x4, 0x7fff, 0x1, 0x0, 0x1, 0x1}, {0x3, 0x6, 0x0, 0x1, 0x0, 0x1}, {0x1, 0x0, 0x0, 0x1}, {0x101, 0xbff, 0x1, 0x1, 0x1}, {0x100, 0x5, 0x0, 0x1, 0x0, 0x1}, {0x5, 0x8, 0x0, 0x0, 0x1, 0x1}, {0x6, 0x7ff}, {0x3ff, 0x80000001, 0x1}], '\x00', 0xbb8})
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:23:06 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
ioctl$SNDRV_PCM_IOCTL_REWIND(r0, 0x40084146, &(0x7f0000000000)=0x800)

10:23:06 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2}, 0x0)

10:23:06 executing program 4:
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000))
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
sendmsg$SEG6_CMD_SETHMAC(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c400000", @ANYRES16=0x0, @ANYBLOB="010027bd7000fbdbdf250100000005000600a5000000"], 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x20000000)

10:23:06 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000080)={0xc09, 0x9, 0x4, 0x20, 0x1, {0x0, 0xea60}, {0x4, 0x8, 0xe, 0x7, 0x0, 0x1f, "f827095b"}, 0xff, 0x4, @planes=&(0x7f0000000040)={0xfffffffd, 0x1, @fd, 0x1}, 0x20})
open$dir(&(0x7f0000000000)='./file0\x00', 0x10942, 0x4)
open$dir(&(0x7f0000000100)='./file0\x00', 0x101001, 0x20)
ioctl$BTRFS_IOC_GET_DEV_STATS(r0, 0xc4089434, &(0x7f0000000140)={0x0, 0x2, 0x1, [0x2, 0x1f, 0xffffffff, 0x9, 0x6fe], [0x5, 0x4, 0x9, 0x7f, 0x7, 0xb2e1, 0x4, 0x2, 0x2, 0x800, 0x8000, 0x4, 0x6ce, 0x10001, 0x5, 0x1, 0x7, 0x3, 0x8, 0xffff, 0xbfd, 0xbf, 0x4, 0x20, 0x3, 0x8, 0x20, 0x3ff, 0x3, 0x3, 0x3ff, 0x2, 0x2, 0x6, 0xdd26, 0x9, 0x3, 0xf8000000000, 0x1, 0x3, 0x10000, 0x3e47, 0x1, 0x4, 0x80, 0x1, 0x7fffffff, 0x6, 0x401, 0xdd23, 0xfffffffffffff801, 0x4, 0x6, 0x9, 0x9, 0x80000000, 0x8, 0x3, 0x1, 0x5, 0x80000000, 0xfff, 0x120000000000, 0x10000, 0x1, 0x1, 0x200, 0x20, 0x4, 0x4, 0x10000, 0x10000, 0xffffffffffffff81, 0x200000000200, 0x80, 0x1ff, 0x4, 0xfffffffffffffff9, 0x1, 0x3, 0x8, 0x400, 0x8, 0x2, 0x4, 0x2, 0x2, 0x9, 0xca5, 0x5, 0x5, 0x5, 0x80, 0x8, 0x0, 0x1, 0x4bb8, 0x9, 0x23, 0xffffffffffff2200, 0x80000000, 0x4, 0x9, 0x0, 0x1, 0x401, 0x8, 0x907, 0x510, 0x40, 0x7fff, 0x8, 0xe52, 0x2, 0x1, 0x4, 0x2, 0x7, 0x0, 0x0, 0x866]})
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})

10:23:06 executing program 2:
syz_emit_vhci(0x0, 0x88)
syz_emit_vhci(&(0x7f0000000000)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x72}, "d7533767fe48e99e6656d3ba73002dca1e8c33408ba3f282b7c09201aa988104b773341beba990f6745528e74d68e5e376bdec590b45352a4c1d2ad4a32a32b1a5cb7e91d67347a6ff9466eec8e90037958ce0b1a17b71853db0a8604f5ce796d24232137ee90e317f6835d4b6cde26a8f9e"}, 0x76)

10:23:06 executing program 5:
r0 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_USER_AVC(r0, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x10, 0x453, 0x300, 0x70bd25, 0x25dfdbfc, "", ["", "", "", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x480c4}, 0x4a801)
r1 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r1, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)
r2 = openat$incfs(0xffffffffffffffff, &(0x7f0000000040)='.pending_reads\x00', 0x0, 0x148)
sendmsg$SEG6_CMD_SETHMAC(r2, &(0x7f00000001c0)={&(0x7f0000000080), 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x28, 0x0, 0x20, 0x70bd28, 0x25dfdbfd, {}, [@SEG6_ATTR_DST={0x14, 0x1, @private2}]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x40001)

10:23:06 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2}, 0x0)

10:23:06 executing program 3:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0, 0x0, 0x0, <r1=>0xffffffffffffffff})
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYRESDEC=r1, @ANYRESHEX=r0], 0x3b)

10:23:06 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000080)={0xc09, 0x9, 0x4, 0x20, 0x1, {0x0, 0xea60}, {0x4, 0x8, 0xe, 0x7, 0x0, 0x1f, "f827095b"}, 0xff, 0x4, @planes=&(0x7f0000000040)={0xfffffffd, 0x1, @fd, 0x1}, 0x20})
open$dir(&(0x7f0000000000)='./file0\x00', 0x10942, 0x4)
open$dir(&(0x7f0000000100)='./file0\x00', 0x101001, 0x20)
ioctl$BTRFS_IOC_GET_DEV_STATS(r0, 0xc4089434, &(0x7f0000000140)={0x0, 0x2, 0x1, [0x2, 0x1f, 0xffffffff, 0x9, 0x6fe], [0x5, 0x4, 0x9, 0x7f, 0x7, 0xb2e1, 0x4, 0x2, 0x2, 0x800, 0x8000, 0x4, 0x6ce, 0x10001, 0x5, 0x1, 0x7, 0x3, 0x8, 0xffff, 0xbfd, 0xbf, 0x4, 0x20, 0x3, 0x8, 0x20, 0x3ff, 0x3, 0x3, 0x3ff, 0x2, 0x2, 0x6, 0xdd26, 0x9, 0x3, 0xf8000000000, 0x1, 0x3, 0x10000, 0x3e47, 0x1, 0x4, 0x80, 0x1, 0x7fffffff, 0x6, 0x401, 0xdd23, 0xfffffffffffff801, 0x4, 0x6, 0x9, 0x9, 0x80000000, 0x8, 0x3, 0x1, 0x5, 0x80000000, 0xfff, 0x120000000000, 0x10000, 0x1, 0x1, 0x200, 0x20, 0x4, 0x4, 0x10000, 0x10000, 0xffffffffffffff81, 0x200000000200, 0x80, 0x1ff, 0x4, 0xfffffffffffffff9, 0x1, 0x3, 0x8, 0x400, 0x8, 0x2, 0x4, 0x2, 0x2, 0x9, 0xca5, 0x5, 0x5, 0x5, 0x80, 0x8, 0x0, 0x1, 0x4bb8, 0x9, 0x23, 0xffffffffffff2200, 0x80000000, 0x4, 0x9, 0x0, 0x1, 0x401, 0x8, 0x907, 0x510, 0x40, 0x7fff, 0x8, 0xe52, 0x2, 0x1, 0x4, 0x2, 0x7, 0x0, 0x0, 0x866]})
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})

10:23:06 executing program 4:
socketpair(0xf, 0x3, 0x8, &(0x7f0000000000))

10:23:06 executing program 2:
syz_emit_vhci(0x0, 0x99f0296ef8e675e)

10:23:07 executing program 5:
socket(0x2, 0xa, 0x0)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000000c0)={0x0}, 0x2, 0x0, 0x0, 0x4008004}, 0x4044000)

10:23:07 executing program 1:
syz_emit_vhci(0x0, 0x1430012)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x8, 0x40, 0xe1, 0x2, 0x0, 0x1, 0x40000, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x10001, 0x1, @perf_config_ext={0x39, 0xc589}, 0x2, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:07 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYRES64=0x0, @ANYRES16], 0x3b)
write$tun(0xffffffffffffffff, &(0x7f0000000000)={@val={0x0, 0x80f3}, @void, @x25={0x1, 0x1c, 0x1f, "82c44b4809c3ee240d5657ff4d54c69e6f70ff1c17ecb7a8568dc74a022937023d16eb67c1b91f884b8ecefddad6f117ffaf95411920f9d21332837abf5903f23ed47fc0603376b73c25c06bb1a18b62d833"}}, 0x59)

10:23:07 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000080)={0xc09, 0x9, 0x4, 0x20, 0x1, {0x0, 0xea60}, {0x4, 0x8, 0xe, 0x7, 0x0, 0x1f, "f827095b"}, 0xff, 0x4, @planes=&(0x7f0000000040)={0xfffffffd, 0x1, @fd, 0x1}, 0x20})
open$dir(&(0x7f0000000000)='./file0\x00', 0x10942, 0x4)
open$dir(&(0x7f0000000100)='./file0\x00', 0x101001, 0x20)
ioctl$BTRFS_IOC_GET_DEV_STATS(r0, 0xc4089434, &(0x7f0000000140)={0x0, 0x2, 0x1, [0x2, 0x1f, 0xffffffff, 0x9, 0x6fe], [0x5, 0x4, 0x9, 0x7f, 0x7, 0xb2e1, 0x4, 0x2, 0x2, 0x800, 0x8000, 0x4, 0x6ce, 0x10001, 0x5, 0x1, 0x7, 0x3, 0x8, 0xffff, 0xbfd, 0xbf, 0x4, 0x20, 0x3, 0x8, 0x20, 0x3ff, 0x3, 0x3, 0x3ff, 0x2, 0x2, 0x6, 0xdd26, 0x9, 0x3, 0xf8000000000, 0x1, 0x3, 0x10000, 0x3e47, 0x1, 0x4, 0x80, 0x1, 0x7fffffff, 0x6, 0x401, 0xdd23, 0xfffffffffffff801, 0x4, 0x6, 0x9, 0x9, 0x80000000, 0x8, 0x3, 0x1, 0x5, 0x80000000, 0xfff, 0x120000000000, 0x10000, 0x1, 0x1, 0x200, 0x20, 0x4, 0x4, 0x10000, 0x10000, 0xffffffffffffff81, 0x200000000200, 0x80, 0x1ff, 0x4, 0xfffffffffffffff9, 0x1, 0x3, 0x8, 0x400, 0x8, 0x2, 0x4, 0x2, 0x2, 0x9, 0xca5, 0x5, 0x5, 0x5, 0x80, 0x8, 0x0, 0x1, 0x4bb8, 0x9, 0x23, 0xffffffffffff2200, 0x80000000, 0x4, 0x9, 0x0, 0x1, 0x401, 0x8, 0x907, 0x510, 0x40, 0x7fff, 0x8, 0xe52, 0x2, 0x1, 0x4, 0x2, 0x7, 0x0, 0x0, 0x866]})
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})

10:23:07 executing program 2:
syz_emit_vhci(0x0, 0x3b)
ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000000)={'ip6gretap0\x00'})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000040)={<r0=>0x0, 0xffffffffffffff6d, 0x5, 0x1})
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000440)={<r1=>0x0, 0x40, 0xfffffffffffffffd, 0x1})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000840)={<r2=>0x0, 0x1f, 0x200, 0x1})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000c40)={0x1e, 0x1, {0x7fff, @struct={0x4d04, 0x8}, r0, 0x1, 0x9, 0x9, 0x6, 0x5, 0x462, @usage=0x1, 0x200, 0x7, [0x8, 0x8, 0x4, 0x0, 0x3, 0x2]}, {0x39, @usage=0x2, r1, 0x9, 0xffff, 0x8, 0x2e70, 0x2, 0x13, @struct={0x9, 0x1}, 0x7fff, 0x7, [0x10001, 0x8, 0x80000001, 0x3, 0x8, 0x8]}, {0x3, @struct={0x800, 0x9}, r2, 0x4, 0x200, 0x100, 0x4, 0x1, 0x49d, @usage=0x9, 0xffff, 0x5, [0x2, 0x0, 0x6, 0xffffffffffffa5cc, 0x9, 0x577]}, {0x4, 0xe81, 0xf1}})

10:23:07 executing program 4:
r0 = syz_genetlink_get_family_id$gtp(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="34000000c25ec66ce89b0f7f725dfa31149e1ce854cb71153059acbe6a0c", @ANYRES16=r0, @ANYBLOB="000829bd7000fddbdf250000000008000400e0000001080009000300000008000400ac1e00010800020001000000"], 0x34}, 0x1, 0x0, 0x0, 0x4004}, 0x0)
socketpair(0x3, 0xa, 0x1, &(0x7f00000000c0))
socket$inet_udp(0x2, 0x2, 0x0)

10:23:07 executing program 1:
syz_emit_vhci(0x0, 0x1430012)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x8, 0x40, 0xe1, 0x2, 0x0, 0x1, 0x40000, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x10001, 0x1, @perf_config_ext={0x39, 0xc589}, 0x2, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:07 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_GET_MESH(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x2c, 0x0, 0x4, 0x70bd2b, 0x25dfdbff, {}, [@BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x9}, @BATADV_ATTR_ISOLATION_MASK={0x8}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x810}, 0x8000)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r1, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x34, 0x0, 0x20, 0x70bd28, 0x25dfdbfd, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x10001}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x100}, @BATADV_ATTR_MULTICAST_FANOUT={0x8}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x8040}, 0x800)

10:23:07 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
getgid()
r0 = geteuid()
r1 = getgid()
fchownat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', r0, r1, 0x800)
r2 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x5, 0x5, 0x4, 0x4, 0x0, 0x260000000, 0x40000, 0x6, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x80000000, 0x2, @perf_config_ext={0x9, 0x100}, 0x80000, 0x4, 0x1ff, 0x9, 0x3, 0x5, 0x9, 0x0, 0x3f, 0x0, 0x8a}, 0xffffffffffffffff, 0x5, 0xffffffffffffffff, 0x8)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r3)
ioctl$NS_GET_OWNER_UID(r3, 0xb704, &(0x7f0000000080))
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3, 0x1f, 0x4, 0x0, 0x0, 0xfffffffffffffffd, 0x41000, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x2, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x80000000, 0x0, @perf_bp={&(0x7f0000000000), 0x7}, 0x10490, 0x9, 0x459a, 0x3, 0x5, 0x40000000, 0x7, 0x0, 0xac41, 0x0, 0x3}, 0xffffffffffffffff, 0xf, r2, 0x8)

10:23:07 executing program 2:
syz_emit_vhci(0x0, 0x3b)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, 0xffffffffffffffff)
ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)

10:23:07 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000080)={0xc09, 0x9, 0x4, 0x20, 0x1, {0x0, 0xea60}, {0x4, 0x8, 0xe, 0x7, 0x0, 0x1f, "f827095b"}, 0xff, 0x4, @planes=&(0x7f0000000040)={0xfffffffd, 0x1, @fd, 0x1}, 0x20})
open$dir(&(0x7f0000000000)='./file0\x00', 0x10942, 0x4)
open$dir(&(0x7f0000000100)='./file0\x00', 0x101001, 0x20)
ioctl$BTRFS_IOC_GET_DEV_STATS(r0, 0xc4089434, &(0x7f0000000140)={0x0, 0x2, 0x1, [0x2, 0x1f, 0xffffffff, 0x9, 0x6fe], [0x5, 0x4, 0x9, 0x7f, 0x7, 0xb2e1, 0x4, 0x2, 0x2, 0x800, 0x8000, 0x4, 0x6ce, 0x10001, 0x5, 0x1, 0x7, 0x3, 0x8, 0xffff, 0xbfd, 0xbf, 0x4, 0x20, 0x3, 0x8, 0x20, 0x3ff, 0x3, 0x3, 0x3ff, 0x2, 0x2, 0x6, 0xdd26, 0x9, 0x3, 0xf8000000000, 0x1, 0x3, 0x10000, 0x3e47, 0x1, 0x4, 0x80, 0x1, 0x7fffffff, 0x6, 0x401, 0xdd23, 0xfffffffffffff801, 0x4, 0x6, 0x9, 0x9, 0x80000000, 0x8, 0x3, 0x1, 0x5, 0x80000000, 0xfff, 0x120000000000, 0x10000, 0x1, 0x1, 0x200, 0x20, 0x4, 0x4, 0x10000, 0x10000, 0xffffffffffffff81, 0x200000000200, 0x80, 0x1ff, 0x4, 0xfffffffffffffff9, 0x1, 0x3, 0x8, 0x400, 0x8, 0x2, 0x4, 0x2, 0x2, 0x9, 0xca5, 0x5, 0x5, 0x5, 0x80, 0x8, 0x0, 0x1, 0x4bb8, 0x9, 0x23, 0xffffffffffff2200, 0x80000000, 0x4, 0x9, 0x0, 0x1, 0x401, 0x8, 0x907, 0x510, 0x40, 0x7fff, 0x8, 0xe52, 0x2, 0x1, 0x4, 0x2, 0x7, 0x0, 0x0, 0x866]})
ioctl$VIDIOC_DQBUF(r0, 0x5452, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})

10:23:08 executing program 4:
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r0, 0x28, 0x0, &(0x7f0000000000), 0x8)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00'})
r1 = socket(0x28, 0x80000, 0x10007ff)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r2)
ioctl$TUNSETLINK(r2, 0x400454cd, 0x33a)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x490400, 0x0)
ioctl$TUNSETOWNER(r3, 0x400454cc, 0xffffffffffffffff)
ioctl$BTRFS_IOC_DEV_INFO(r1, 0xd000941e, &(0x7f00000001c0)={0x0, "4de2b02efb79876a515dc955323aa245"})

10:23:08 executing program 1:
syz_emit_vhci(0x0, 0x1430012)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x8, 0x40, 0xe1, 0x2, 0x0, 0x1, 0x40000, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x10001, 0x1, @perf_config_ext={0x39, 0xc589}, 0x2, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:08 executing program 5:
socketpair(0x1, 0x800, 0x0, &(0x7f0000000040))
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:23:08 executing program 3:
syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0xffffffffffffff28)

10:23:08 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000080)={0xc09, 0x9, 0x4, 0x20, 0x1, {0x0, 0xea60}, {0x4, 0x8, 0xe, 0x7, 0x0, 0x1f, "f827095b"}, 0xff, 0x4, @planes=&(0x7f0000000040)={0xfffffffd, 0x1, @fd, 0x1}, 0x20})
open$dir(&(0x7f0000000000)='./file0\x00', 0x10942, 0x4)
open$dir(&(0x7f0000000100)='./file0\x00', 0x101001, 0x20)
ioctl$BTRFS_IOC_GET_DEV_STATS(r0, 0xc4089434, &(0x7f0000000140)={0x0, 0x2, 0x1, [0x2, 0x1f, 0xffffffff, 0x9, 0x6fe], [0x5, 0x4, 0x9, 0x7f, 0x7, 0xb2e1, 0x4, 0x2, 0x2, 0x800, 0x8000, 0x4, 0x6ce, 0x10001, 0x5, 0x1, 0x7, 0x3, 0x8, 0xffff, 0xbfd, 0xbf, 0x4, 0x20, 0x3, 0x8, 0x20, 0x3ff, 0x3, 0x3, 0x3ff, 0x2, 0x2, 0x6, 0xdd26, 0x9, 0x3, 0xf8000000000, 0x1, 0x3, 0x10000, 0x3e47, 0x1, 0x4, 0x80, 0x1, 0x7fffffff, 0x6, 0x401, 0xdd23, 0xfffffffffffff801, 0x4, 0x6, 0x9, 0x9, 0x80000000, 0x8, 0x3, 0x1, 0x5, 0x80000000, 0xfff, 0x120000000000, 0x10000, 0x1, 0x1, 0x200, 0x20, 0x4, 0x4, 0x10000, 0x10000, 0xffffffffffffff81, 0x200000000200, 0x80, 0x1ff, 0x4, 0xfffffffffffffff9, 0x1, 0x3, 0x8, 0x400, 0x8, 0x2, 0x4, 0x2, 0x2, 0x9, 0xca5, 0x5, 0x5, 0x5, 0x80, 0x8, 0x0, 0x1, 0x4bb8, 0x9, 0x23, 0xffffffffffff2200, 0x80000000, 0x4, 0x9, 0x0, 0x1, 0x401, 0x8, 0x907, 0x510, 0x40, 0x7fff, 0x8, 0xe52, 0x2, 0x1, 0x4, 0x2, 0x7, 0x0, 0x0, 0x866]})

10:23:08 executing program 2:
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x5, 0x10000, 0x1, 0xa639, 0xfffffbff], 0x5, 0x80800, 0x0, <r0=>0xffffffffffffffff})
ioctl$SNDRV_PCM_IOCTL_PAUSE(r0, 0x40044145, &(0x7f0000000000)=0xfff)

10:23:08 executing program 4:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
ioctl$VIDIOC_EXPBUF(r0, 0xc0405610, &(0x7f0000000140)={0xc, 0xffffffc0, 0x1})
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000))
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
fchmodat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x44)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r3, 0x1}, 0x14}}, 0x0)
sendmsg$BATADV_CMD_TP_METER(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r3, 0x20, 0x70bd25, 0x25dfdbfb, {}, [@BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8004}, 0x0)

10:23:08 executing program 5:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
sendmsg$BATADV_CMD_GET_VLAN(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, 0x0, 0x100, 0x70bd2b, 0x25dfdbfd, {}, [@BATADV_ATTR_ISOLATION_MARK={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x10)
r1 = socket(0x1a, 0x3, 0x20)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r1, &(0x7f0000000040)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000000c0)={0x0}, 0x2}, 0x40000)

10:23:08 executing program 1:
syz_emit_vhci(0x0, 0x1430012)
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x8, 0x40, 0xe1, 0x2, 0x0, 0x1, 0x40000, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x10001, 0x1, @perf_config_ext={0x39, 0xc589}, 0x2, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, 0xffffffffffffffff, 0x0)

10:23:08 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r1, 0x1}, 0x14}}, 0x0)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000280), r0)
sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000000380)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)=ANY=[@ANYBLOB='[\x00F5', @ANYRES16=r2, @ANYBLOB="04002bbd7000fcdbdf250900000008003b002600000005003800010000000a0009000180c2000002000005002d000000000008003b00a0a0ed09080039000500000008003200008000000a0009000180c200000e0000"], 0x5c}, 0x1, 0x0, 0x0, 0x4004}, 0x4000040)
ioctl$SNDRV_PCM_IOCTL_UNLINK(0xffffffffffffffff, 0x4161, 0x0)
sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, r1, 0x1, 0x70bd2a, 0x25dfdbff, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x80000000}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x804}, 0x20000080)
ioctl$SNDRV_PCM_IOCTL_REWIND(0xffffffffffffffff, 0x40084146, &(0x7f0000000000)=0x7fffffff)
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)

10:23:09 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000080)={0xc09, 0x9, 0x4, 0x20, 0x1, {0x0, 0xea60}, {0x4, 0x8, 0xe, 0x7, 0x0, 0x1f, "f827095b"}, 0xff, 0x4, @planes=&(0x7f0000000040)={0xfffffffd, 0x1, @fd, 0x1}, 0x20})
open$dir(&(0x7f0000000000)='./file0\x00', 0x10942, 0x4)
open$dir(&(0x7f0000000100)='./file0\x00', 0x101001, 0x20)

10:23:09 executing program 2:
syz_emit_vhci(0x0, 0x3f)

10:23:09 executing program 5:
socket(0x2, 0xa, 0x0)
r0 = openat$incfs(0xffffffffffffffff, &(0x7f0000000040)='.log\x00', 0x400080, 0xb4)
r1 = openat$incfs(r0, &(0x7f0000000080)='.log\x00', 0x96042, 0x24)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={0x0}, 0x2}, 0x0)

10:23:09 executing program 4:
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000))
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000000c0)=@nat={'nat\x00', 0x1b, 0x5, 0x730, 0x0, 0x578, 0xffffffff, 0x120, 0x578, 0x660, 0x660, 0xffffffff, 0x660, 0x660, 0x5, &(0x7f0000000040), {[{{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @dev={0xfe, 0x80, '\x00', 0x36}, [0xffffff00, 0x2803ab42b4c4a9ba, 0xffffff00, 0xff], [0xffffffff, 0xff000000], 'bond0\x00', 'veth0_to_team\x00', {0xff}, {0xff}, 0x67, 0x3, 0x3, 0x8}, 0x0, 0xd8, 0x120, 0x0, {}, [@common=@frag={{0x30}, {[0x2, 0xf4], 0x2, 0x0, 0x3}}]}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x10, @ipv6=@dev={0xfe, 0x80, '\x00', 0x2c}, @ipv4=@broadcast, @port=0x4e23, @port=0x4e23}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x3, @ipv6=@remote, @ipv6=@loopback, @gre_key=0x3d23, @port=0x4e23}}}, {{@ipv6={@private2, @private0={0xfc, 0x0, '\x00', 0x1}, [0xffffff00, 0x0, 0xff, 0xffffff00], [0xffffff00, 0x0, 0xffffffff, 0xffffffff], 'batadv_slave_0\x00', 'veth0_vlan\x00', {}, {0xff}, 0xc, 0x9, 0x7, 0x30}, 0x0, 0x320, 0x368, 0x0, {}, [@common=@unspec=@bpf1={{0x230}, @bytecode={0x0, 0x23, 0x0, [{0x5, 0x0, 0x40}, {0x4, 0x9, 0x0, 0x6}, {0x5, 0x4, 0x1, 0x68}, {0x4, 0x6, 0x8, 0x2}, {0x100, 0x5, 0x10, 0x7f3b}, {0x2, 0x47, 0x8}, {0xa37a, 0x3, 0x9, 0x8000}, {0x1f, 0x9, 0x40, 0x3ff}, {0x4, 0x0, 0x8, 0xff}, {0x5, 0x7, 0xd6, 0x2}, {0x0, 0x1, 0x0, 0x3f}, {0x7f, 0xfe, 0x40, 0x8}, {0x4, 0x9, 0x6, 0x3}, {0x2, 0xeb, 0x4, 0x7ff}, {0x3, 0x80, 0x8, 0x1}, {0x5, 0x8, 0x2, 0xe7a}, {0x6, 0xff, 0x1, 0x343}, {0x2, 0x0, 0x8, 0x6}, {0x800, 0xea, 0x6, 0x10001}, {0x4, 0x8, 0x8, 0x1000}, {0x9, 0x1, 0x2, 0x2}, {0x81, 0x20, 0xea, 0x8}, {0x7, 0x1, 0x8, 0x3}, {0x8, 0x6, 0x0, 0x51}, {0x26, 0x8, 0x5, 0xffff}, {0x5, 0x8, 0xdb}, {0x7fff, 0xc3, 0xff, 0xffff}, {0x2, 0xc0, 0xce, 0x5af6d7a6}, {0x2, 0x40, 0x0, 0x7}, {0x4, 0x1, 0x5, 0x2}, {0x1, 0x3, 0x7, 0x7}, {0x5, 0x4, 0x2}, {0x1, 0xc4, 0x6, 0x6}, {0x9, 0x5, 0xfa, 0xffffffff}, {0x2, 0x9, 0x9b, 0xfffffff7}, {0x4, 0x7, 0x1, 0x8}, {0x74, 0x3f, 0x36, 0x1f}, {0x0, 0x0, 0x9, 0x9}, {0x7, 0x2, 0x2, 0x1000}, {0x7, 0x3, 0x48, 0xfffffffc}, {0x8000, 0x0, 0x2}, {0x2, 0x7f, 0x1, 0x9}, {0x3, 0x1, 0x1, 0x3ff}, {0x101, 0x8, 0x1, 0x5}, {0xff01, 0x1, 0x2, 0xa84}, {0x4000, 0x2, 0x4, 0xdc}, {0x9, 0x6, 0x5, 0x401}, {0x8, 0x5, 0x0, 0xd91f}, {0x2, 0x81, 0x55, 0x7}, {0x2, 0x71, 0x4, 0xc37d}, {0x7, 0x1, 0x1e, 0x4}, {0xffff, 0x2f, 0x4c, 0x7}, {0xfff9, 0x9, 0x4, 0x1}, {0x401, 0x5, 0x3f, 0x8000}, {0x9, 0x1, 0xff, 0x1}, {0x9, 0x81, 0x20, 0x3}, {0xa162, 0x7, 0x5, 0x940}, {0x1, 0x7f, 0x9, 0x4}, {0x7fff, 0x4, 0xfa, 0x401}, {0x6, 0x0, 0x1f, 0x1}, {0x8b68, 0x2, 0x7, 0x664c}, {0x1, 0x7, 0xff}, {0x3ff, 0x0, 0x3a, 0xd8}, {0x8, 0x1f, 0x81, 0x1}], {0x9}}}, @common=@hbh={{0x48}, {0x7, 0x4, 0x1, [0x0, 0x81eb, 0x9, 0x101, 0x3, 0x3f, 0x8, 0x7, 0x9c59, 0x1, 0x0, 0x63, 0x7, 0x3, 0x2, 0xfff], 0xf}}]}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x4, @ipv6=@local, @ipv6=@remote, @port=0x4e20, @port=0x4e24}}}, {{@ipv6={@mcast2, @empty, [0xffffff00, 0xffffffff, 0xff, 0xffffff00], [0xff, 0xffffffff, 0x7fffff80, 0xffffff00], 'geneve0\x00', 'gre0\x00', {0xff}, {0xff}, 0x2f, 0x0, 0x2, 0x10}, 0x0, 0xa8, 0xe8}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "8447c2aa387d9319a8986877790b959ed40214675e14aabd2d7b041326ff"}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0xfffffffffffffeda)

10:23:09 executing program 1:
syz_emit_vhci(0x0, 0x1430012)
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x8, 0x40, 0xe1, 0x2, 0x0, 0x1, 0x40000, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x10001, 0x1, @perf_config_ext={0x39, 0xc589}, 0x2, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, 0xffffffffffffffff, 0x0)

10:23:09 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)

10:23:09 executing program 2:
syz_emit_vhci(0x0, 0x3b)
syz_emit_vhci(&(0x7f0000000000)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x1000}, "bc3fb705349909f05e76f2668872ce28064f3373f3db4c460c64fcada35c599b11e5cb9ed98ca3a1a5e893c813774246417436c22fd72f279fde877966aa4e4dc135cb4cd1359bd669643b4cd81656c8678f4821c9f21e7ad4b59781800ef973470f68f7997ef75455729ada301a1a37271d7123feac4fb550da40c89265e50274743fa38ee5612a9e72851fa74c9f3a8d98d1447225f95dcb6285a72db0e37bd351cc67915d334708a5c3cd4754bed0655dd000404b6556e22f2a8305fb1400fe3ced7260b510c847f66188a78d930f7f3ba87de38819c6fd7924382143e974dc1aad2ad7314d5fde6ef1c155f48376ac47a3239312459b07ec25bf4717f8ec02963c72a19828eaa69e722ca68f20c11416cf21bb0985e7c1e8e5660e04c9d5fb9a23e8b5f21de4983ee86208a860a4dd320d31ef66e010b0a4cc2877002f69bddee734ac178b85176160a5e3ecf5fe0e4c1f58c0675877bea10079e384b0c049ea57870fb8abccbdc6c1c04ff7460c2de5369e663ae5a1e072a3dfb6038d03d60045f0bf899624cb67c2444f5532df90ece9c9f1a1c51b6af01b3839f9a749127b4f8971f3efd00cc76a7563450cf73e456209dfceabe2757da8aad25769b38954c54c0273ccf9fc19afb060d9c8c2ec028727e758c7143b36653f1fef8600a62f3a5fe090f9852bde9dc6e1897f258f7a58055655148c974de7f56c220ccebbc949bc43ac14d63f6533b9eaf8006eabb08d2a2eb0f39ebd80efb1e065ee7e17d60477a38259c31509426b484d8dcaf2cce05aa45b4c75a971f99fadb4cef42954f9b5e15f8e97832ee6aa0d31a9f52037ee29870d17aea700d808983163b23ec65254f2c957b7eeb00789ebb1acb7107d5d4b635bffb730ba73641da99258f2f8840f2a09dc8a8a743ab657f94acf770dc374c8efb1350252e128ef9da2f3155c38baff8c782e80a53cf34e90c20ed85b9c187b8f6dc486a348ea835db85307a73dfb87d62301541058d8c5ed8e91d0fb78c4f852291cd43ce1421545dc3d362ca5160d48836587c1550c8bbf2a14987873ad85daeec4e7b185ca77c40552775ce2ea62899d1c315b1a2f4a2bf2722b8bca8a07a902f60669e839b4fef9feab9923eee03e793b941e08963f73746dbabf53e700bd48563c3a4263ae31c269e59ff6b88cf1bb2ae39b324e93312b7a3ccc778dc726fb9683a8ed2ec2051eac8c5daa90c1b0f7bd4c192c7e97b9f378c80de80d5d78b1199fd316168db587a8513465133d804097f6191c7b0d7e4d708bff2974760b1a8c2f569cb1b6876207ae5f416f8c5374c89663f8c515e49cb14034b5f821570436d0811f2078ff500cf930e2acd1275b2b8a476398e1ca69e5383d45a3366c780473f7f00fdc53f0659216eb374e8e76f4849680309748256d2a1ff596b7d264ee55a2f98f0633083d8fe702e5a075aafa8c5126e91083bc4398d965c1b80d6c129ada06ed86b4de7cc6f0d7ccfed4a2fe10b61a48137dc1e50033c00a47a753b471fa5d2886c6731b9df41f3478fa427434da0123ed2d5751e43da44c0ea17e5378cb919f70a0ffe6438588bb3adcfd3afcb762d826c274ca5c1987d940b44eb43e3ccb0de386370b4ecd848b90b63bc723e23f5f631a7f7974328e096e8af5e908efb8ca2fdb7276c585b40ad305a29dba1501a9e3607d833f9d88c97da3011cc96e6b91f77996da779289a7c2790ef2e6d70a0bd125b7618a567b4607d1df8be5fdab814274235cdebd4d70ad12f70278adae480827236872558ab327ffc3794766bf70ce3a3b3aca63daf4233001e59392964820c842e0982c007e740d39319ed53caa47c9d6c3ebd5d5ec98dc0fc123f3b3ccda1446af773eb5d01f27f0763bf1f82f8eefbbf712a549cd53ca0ddb76c707e9e7b0da0c9310a1a50e66bf2925baa578e8f280cfadc62707d6abbeafae92fadbca63132a720e1090643cd303a4e4f116d71fc020637f076718b9efe3d347d20a8158f3f1caa2b48448d90d77016545ed91258464186aea1bfb2ab5d9853a3e4cfc5a55ae423d127c31ce9c2646a843c3af010c09e0e92d4a7975614e35f6ed034aebf15fe75fa0e61f7392aec6fded97c059cd0895ef6ab9c64768d5a50279b9ff8fe4af5b0731c37bc79f2659155f65cf6b2ed1c8b3c517079cc859dc3f2bd4546aeb7c6f7f5cfb4c2766d166b3b20f4871d53b117bd8d2a5cf38c478026e1d75b1af0f0131790b5910e082b813028f1fca79d8c56276035e951c750cbb219078b35de617073c00a0b8b8637e6f570d1cf0ed69f495f5411ab9614b7b4ba4b5fca43618a81387e01442bd5889b47f8190a9dfd91b4ada0f64063be3b9be2d04949805c153238a4e0f6b6e61de306f58d0f57390e6ead62c7f8a4d41510289331be87768a2bdb7f8bd797d2da416daaeedfb419934cbf84c592e0898dea8816a8523cb692368c36dffc82a9f8a0003d18a82f63f2c6ceb309c5b3ab590055c51b140d2423b24f9d843bb3170c55dcda9947105aa340f1204c81e655a3c5abf42c54cef6e6e517c42bb09b891c848d0234deb44630ef8271e755a1a4da970be8434ffd25f928cc1dfa3855b1dc22483b092980d8dcd4ea1261e51125930675b0ab74333ec2e50169d02210f63dbcb2cefcab3ee2749f1fc5f31a19d4cf515b877d65ed18696f4136a4f53eaff21b7f5eb7fd36822ed7eff1fbc2403e14b3c805a95d6595718d01afa37557c76d5b2eebbf44f9017669cf1de191d46e429e5195709aa0107a1888fe5923eb472fcf67b71269cb8252ec9c48da47b292cc09ff1a5120026b3a7455b5c892c32ad7ccfbf588945442fe82bd0db27efacfde65d0b85297e74c1e2e1f13309a9d23b1bd6f3ee7636a4ebad263ff503f895b6ab03aac904ea1f48e7468c44d36445ab03801e6f44d156cf589b9bf6b81c57ee88b54c1a0e3f4b2cc2aede46910808e04b97087fdd0208674ffc4587270c5a00203bdd823f77476895fe121deebd786c6e8fcc2b76e514fb9ff3671d3acb7beca307a0815ab6305da6a5ed4886977303ffa82400e8ac9ae2016ec7b93a8718630290d56a9c2ee36a536689592f9ca6bcf44dcca0240fae1fba8fd4788f53ca8932f742666e5135a71fa29d9196d280c55481f33648f614f59c97caa99ff48a2fbea0ac77165cb46138b5a9d9cf61d3b3e04020824ef2da42fd8254bf63c510eb6caad353f18f0697527379df4795518a2d56b5db7a9d0e5aacb80d70be56eb243ea4090fd6ed9e46a8641efc6f80263acd86b297c545835413df93e572dcfd235484eaa3930f3a79371b099bbee2bce1ef8c86d69c057e7898addf7ba1ccbe99e6a8e8b9bfaf45438b49d58943597d205eede572f345217c78a703db3b5318b4c62ed291776554834c1c362326f25c4334732aed6d9e193f56cdc462a2a1e51c74bd2c59ffba0b2c6ec34e6b3e96a5da8785406703a9bcb0b8f48da8aa42f5d623505883e358fbdd6fd02cd6999fb7a5545fe60d1a5c787f981b02ce33341e75da0cf8c995197caaeab00119fd8af4abe7b38c2b4a7f7ea1df38d566fdd3421ff0619ab658a849f213187c8b15df3ce59e5b65c7a381a76d34435293fd8e7a7a7047aebf867ba4b0e33b9ea0ae72c9e71bb9162fab8f12cc106cf1c27898ade6d9bf2bc497ebf92b996f3c1c11a5897af213dd74e9d73e23a408f6308a6adfa33efa11b05411c7605989e1e8257408d96fd9965fef639bf269cb3fd881d910282308b6e95c138d08c204ebd74080ff1b34e49d1663ce35ac1fe812ef3f7ee1e5f9818e392cb8cbdced3514566aab8130b47c3c0a5c07225b28b44a76779997c515650780de4b1151aecb127c6623ae6466ef7bcf69f8539bd1d7ee66a1158b5aadf4e041c44aba1f2586638966a6381d1dfe0ce1752ffb7e19b2693ba115edf63cbc1e285a2de9d10869910503a390376dbd02bfc607c70381e7900cdfdf686edce0c1d418d928c710d1d5e9657d53cefb637df6b69a714148ade53d9438a28788c7312c8c5ff04b82ba45c1244b4c8d26fa417ab6712ef7adee2f9fe12191f624c667ce03f06e91971ee73ec6dbf40dfaf4d68b4d636b731967fa9f3f1199467d79e96c4d8eaa435688c8ae59a813ddafd5a07b2fdf68a1e756e95eb33da4539f1f8830269d476dc72883d0d1fc5fd0717f582b3fab31638accb0b622294568d89c36fbbaa14bada4fe3d8ecff4b9f5b2fbd7fbc6ffc78af9b2a64dcf7ed775933881f334bd7b9fb808fa1559fe58c0ced8e24ddfdd8910ede9e9062a4bc2acdb4a580c9c815c6a41671da8d147f0747b7c2322d216dea2c695113c47f97ab387c541e617c2e437d3aebe2aab9685bdcdc3eedc319158c1e212a0081d83f32ddaf42c120f32455cf249c7e3c788e4893b14f37bab0b01cf8357204395676a3cefc1b099220064410f2a79447e1d062f51898e0b4fab5ea3d5e9b1e5cc41566454a8b35c07f2144eafb707a91208f8b4ff93a994fc5f5abbb0474b4047068fec9cda9a3867280b01102372fb043db797677d93710865c1eb75be590d3bb19f9ecb822fac3c070c8bed6cb5d62b2a02b4416efc265f5593b578e3d6bf67e01ddcfe69e4330f54088a8ee589e6cecf990c5a314ee4c16a699a87cbf73a933ae451415c110f06abba7746013f54b2ab7b76291855b414bedc841e8cde9441680d06d983fd026de4688c6dd811775ff65ee0a30394aade6a5eb50fc215603f37f032b2ae04b227ebb17d47469b06ae56a1112ce7d6a2420bb15f0e5b8569f9b47e20455a3d4ea995dd0938155c23e6259fd8f9f28077a0e903e6299f365923e78ce310135da7e478726e75aad21662200f51c7d29f69f779345cfc95f59ce2b590807c31c035f4ecabdd75f609708b9394b6e7de5450a9951fb9ef3fc3541d9533db5dce4b976277f6580a5dfc20e82fbe9993a20e7d10a87b26f2e80cf4e7c471802e2bdb49b40a98e93d40922f677abdccb29ee4141377f5efe078433c247323392ce262758208d731c30b9cc836f30b55d1998851bb370e4544f6b8617df71353135f140f555f6c81825b1bad88fa5ebf01b17ec402356e613f1426e1f5376bf11924f6c9685a0a16bd09d76e5f98f7bf0a95fbe490b1fc9e67314dc55271037c5c84f372249e75f3c62b0357b0e929fa9d697c10658737a49f4951a41d61d8279d3ad897398520d794e7cae2efa8a55aa6feef8e383d3a558115b3ef9a564dea46f4e5af9c3dd526a6c378bc25c63ecb956fad6c41f5bb2e3596399ed7f6d08477977777500ed72fe36983427224c48465ebda9b42c01acc41bb42c9613e94134246ff167024f72adef9911ffde0787114d7bfd7a90fc649318980d936f7675aa74cd64b3c1e7906135373487adb0a8ab6bf546ada43f44def1c18d779d691d7d80146c558c7c2fcb1facde38c7fac55c10f867464e814e565591a828ea5d75d29e5e48e180abffd46c9faf5b18f44c6236809b734d2f492e2b5446aa943ea381c1ca4018f4b2942a0a6850071cde82c95b138073101239380a5bf45c0bdef037d9b6ceaf4cd14a57cb0c1b19b7b427c2a32e5b702973b2f99a9470919e0da5808aab1177ae9bb829c1c1c61463b687ad11c9727ba4e9ce4812b2c7171a4e78425d2be56011efff34392ba20c377ceca76f70f186154f400ce1ac3a729ff07d597c392be14b52e8f7714d2a5ea71905be6e1b0f790a480f3bfd39673d48d61f4a2d40cb4c354ec3b3f3af90c6dcaad4e39fb9d80e05cd769"}, 0x1004)

10:23:09 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000080)={0xc09, 0x9, 0x4, 0x20, 0x1, {0x0, 0xea60}, {0x4, 0x8, 0xe, 0x7, 0x0, 0x1f, "f827095b"}, 0xff, 0x4, @planes=&(0x7f0000000040)={0xfffffffd, 0x1, @fd, 0x1}, 0x20})
open$dir(&(0x7f0000000100)='./file0\x00', 0x101001, 0x20)

10:23:09 executing program 5:
r0 = socket(0x2, 0x1, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:23:09 executing program 1:
syz_emit_vhci(0x0, 0x1430012)
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x8, 0x40, 0xe1, 0x2, 0x0, 0x1, 0x40000, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x10001, 0x1, @perf_config_ext={0x39, 0xc589}, 0x2, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, 0xffffffffffffffff, 0x0)

10:23:09 executing program 3:
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYRESHEX, @ANYRES64, @ANYRES64=0x0, @ANYRES32=0x0, @ANYRESOCT=0x0], 0x3b)

10:23:09 executing program 4:
mmap$snddsp_control(&(0x7f0000ffb000/0x4000)=nil, 0x1000, 0x0, 0x100010, 0xffffffffffffffff, 0x83000000)
socketpair(0x27, 0x3, 0xfffffffe, &(0x7f0000000000))

10:23:10 executing program 2:
syz_emit_vhci(0x0, 0x3b)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
ioctl$vim2m_VIDIOC_PREPARE_BUF(r0, 0xc058565d, &(0x7f0000000080)={0x48000, 0x2, 0x4, 0x40, 0x8, {}, {0x6, 0xc, 0xff, 0x81, 0xcc, 0x6, "580802f8"}, 0x9, 0x4, @planes=&(0x7f0000000040)={0x0, 0x0, @fd, 0x80000001}, 0x40})

10:23:10 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000080)={0xc09, 0x9, 0x4, 0x20, 0x1, {0x0, 0xea60}, {0x4, 0x8, 0xe, 0x7, 0x0, 0x1f, "f827095b"}, 0xff, 0x4, @planes=&(0x7f0000000040)={0xfffffffd, 0x1, @fd, 0x1}, 0x20})
open$dir(&(0x7f0000000100)='./file0\x00', 0x101001, 0x20)

10:23:10 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_FREE(r1, 0x4112, 0x0)

10:23:10 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x8, 0x40, 0xe1, 0x2, 0x0, 0x1, 0x40000, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x10001, 0x1, @perf_config_ext={0x39, 0xc589}, 0x2, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:10 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
sendmsg$GTP_CMD_GETPDP(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0x20, 0x70bd28, 0x25dfdbff, {}, [@GTPA_FLOW={0x6, 0x6, 0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004806}, 0xc800)

10:23:10 executing program 4:
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00'})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r1=>0x0})
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000140)={'sit0\x00', &(0x7f00000000c0)={'syztnl1\x00', <r2=>r1, 0x29, 0x5, 0xa5, 0x8, 0x53, @dev={0xfe, 0x80, '\x00', 0x39}, @private2={0xfc, 0x2, '\x00', 0x1}, 0x7800, 0x80, 0x7, 0x6f86}})
sendmsg$BATADV_CMD_GET_VLAN(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x3c, 0x0, 0x400, 0x70bd2b, 0x25dfdbfb, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x1ff}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x4}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x6}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x9}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x891}, 0x4000)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r3)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000180)={'batadv0\x00', <r4=>0x0})
sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000240)={&(0x7f0000000400)=ANY=[@ANYBLOB='`\x00\x00!', @ANYRES16=0x0, @ANYBLOB="200026bd7000fedbdf250000000008000800030000000c000300000000000000000008000100", @ANYRES32=r2, @ANYBLOB="0800050064010100080009000400000008000700", @ANYRES64=r0, @ANYBLOB="0800090002000000080009000000000008000100", @ANYRES32=r4, @ANYBLOB], 0x60}, 0x1, 0x0, 0x0, 0x4000000}, 0x80)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x6, 0x400000)
mmap$snddsp(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x4, 0x4000010, r6, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r5, 0x8902, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f00000002c0), r3)

10:23:10 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000080)={0xc09, 0x9, 0x4, 0x20, 0x1, {0x0, 0xea60}, {0x4, 0x8, 0xe, 0x7, 0x0, 0x1f, "f827095b"}, 0xff, 0x4, @planes=&(0x7f0000000040)={0xfffffffd, 0x1, @fd, 0x1}, 0x20})
open$dir(&(0x7f0000000100)='./file0\x00', 0x101001, 0x20)

10:23:10 executing program 2:
openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0)
syz_emit_vhci(0x0, 0x3b)

10:23:10 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$AUDIT_USER_TTY(r0, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000080)={&(0x7f0000000140)={0xc8, 0x464, 0x400, 0x70bd27, 0x25dfdbfb, "035085856e1cf4792f01389626a82501050ee830a322e6626b844ba0b144810fc8f9683afe991fd1dea256a976206b728aa07c60b53ac424c9e0a00a24a17b37d907ec0a44e4e2eaadfcdb2d82272adb981fa1f338b29d5b3a6bbaea799acb806f09c54471e4603fdf07ef1d93614cf6c92b5725da3819d5d9a2b516879293328b23db46128777752789f2fbbac861e031e1a2ff70fa5c463ad6c9499f786769532aeab17b1bdcea8091d8d723f5f05c744d12c1a6d31e5b", ["", "", "", "", "", "", "", ""]}, 0xc8}, 0x1, 0x0, 0x0, 0x88840}, 0x4000801)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000002c0), r0)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x24, r1, 0x200, 0x70bd27, 0x25dfdbfe, {}, [@BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x5457}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x4001}, 0x20040001)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x1c, r1, 0x100, 0x70bd27, 0x25dfdbff, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x0)

10:23:10 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x8, 0x40, 0xe1, 0x2, 0x0, 0x1, 0x40000, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x10001, 0x1, @perf_config_ext={0x39, 0xc589}, 0x2, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:10 executing program 3:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRESDEC=0x0, @ANYRESHEX, @ANYRESDEC=r1, @ANYRESOCT=0x0, @ANYRESDEC, @ANYRESOCT, @ANYBLOB="9960a43b6eb696e0d0e4fbd7ed3131bfb5c361c7d2976f69d97456924a7966c35dddbd7566d225b87ef95a13c874a96bae68a78f85899cfb0386dec07d22a80f1ecb66afd311ce49ae45c09640b01c0fa275ce29366c289a48a17c40d2f1e88b8f5ba92b3c08ffee9c5eba56d98a56c6145b5b5cdd82e2d1aaec01bc0638f6e57347d32c18d8ab3ea07eba165ce8c97dd681ffb3e7111791e9b4ecbbf95f3a534d89de4ea797406768f1bfe7d4a388168422a80e24a1d95b6b4e404a02883910a2cb3e598a972439f6b8885c916bf805f0228607951d44701d70dcccb01df13c8800"/235, @ANYRES32=r0], 0x2e)

10:23:10 executing program 4:
socketpair(0xf, 0x3, 0x4, &(0x7f0000000000))

[ 3274.655602][ T1265] ieee802154 phy0 wpan0: encryption failed: -22
[ 3274.662285][ T1265] ieee802154 phy1 wpan1: encryption failed: -22
10:23:11 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
open$dir(&(0x7f0000000000)='./file0\x00', 0x10942, 0x4)
open$dir(&(0x7f0000000100)='./file0\x00', 0x101001, 0x20)

10:23:11 executing program 2:
syz_emit_vhci(0x0, 0xfffffffffffffcc8)

10:23:11 executing program 5:
r0 = socket(0xb, 0x1, 0x3)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r2, 0x1}, 0x14}}, 0x0)
sendmsg$BATADV_CMD_TP_METER(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x3c, r2, 0x61c, 0x70bd28, 0x25dfdbff, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x2}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x3}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x800}]}, 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x4000000)
r3 = socket(0x2, 0xa, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$batadv(&(0x7f00000002c0), r1)
sendmsg$BATADV_CMD_GET_ORIGINATORS(r4, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, r5, 0x2, 0x70bd27, 0x25dfdbfd, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}]}, 0x1c}}, 0x4000800)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r3, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:23:11 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x8, 0x40, 0xe1, 0x2, 0x0, 0x1, 0x40000, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x10001, 0x1, @perf_config_ext={0x39, 0xc589}, 0x2, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:11 executing program 4:
r0 = syz_open_dev$sndpcmp(&(0x7f0000000040), 0x506, 0x12080)
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT32(r0, 0xc06c4124, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3})
socketpair(0xf, 0x6, 0x80000001, &(0x7f0000000000))

10:23:11 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
ioctl$SNDRV_PCM_IOCTL_REWIND(r0, 0x40084146, &(0x7f0000000000)=0x6144)

10:23:11 executing program 2:
syz_emit_vhci(0x0, 0x91)

10:23:11 executing program 0:
open$dir(&(0x7f0000000000)='./file0\x00', 0x10942, 0x4)
open$dir(&(0x7f0000000100)='./file0\x00', 0x101001, 0x20)

10:23:11 executing program 5:
r0 = socket(0x1d, 0xa, 0x20)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:23:11 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x8, 0x40, 0xe1, 0x2, 0x0, 0x1, 0x40000, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x10001, 0x1, @perf_config_ext={0x39, 0xc589}, 0x2, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:12 executing program 4:
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r0, 0x28, 0x1, &(0x7f0000000040)=0xa20, 0x8)

10:23:12 executing program 3:
sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="200027bd7000fedbdfff38338a00080004002c1414bb"], 0x1c}, 0x1, 0x0, 0x0, 0x4004010}, 0x20000840)
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)

10:23:12 executing program 2:
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000000)={&(0x7f0000000000), 0x0, 0x800, 0x0, <r0=>0xffffffffffffffff})
ioctl$TUNGETDEVNETNS(r0, 0x54e3, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
ioctl$TUNSETGROUP(r1, 0x400454ce, 0xee00)

10:23:12 executing program 0:
open$dir(0x0, 0x10942, 0x4)
open$dir(&(0x7f0000000100)='./file0\x00', 0x101001, 0x20)

10:23:12 executing program 5:
r0 = socket(0x2, 0x80000, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000240)={&(0x7f0000000200)=[0x7, 0x5, 0x0, 0x4, 0x4, 0x8, 0x6, 0x3, 0x0, 0xff], 0xa, 0x80800, 0x0, <r2=>0xffffffffffffffff})
mmap$usbmon(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xe, 0x10, r2, 0x3)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r1, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000080)={&(0x7f0000000140)={0x58, 0x0, 0x4, 0x70bd27, 0x25dfdbfc, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x401}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0xff}, @BATADV_ATTR_ORIG_ADDRESS={0xa}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0xb5}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x2b9de7b0}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x1}]}, 0x58}, 0x1, 0x0, 0x0, 0x40040}, 0x200088d0)
mmap$usbmon(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x4, 0x30, r2, 0xffff)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:23:12 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xf, r0, 0x0)

10:23:12 executing program 4:
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r2, 0x1}, 0x14}}, 0x0)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x50, r2, 0x1, 0x70bd2b, 0x25dfdbfc, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x5}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xb}}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x3}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}]}, 0x50}, 0x1, 0x0, 0x0, 0x20000882}, 0x24004010)

10:23:12 executing program 3:
syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x3b)

10:23:12 executing program 2:
syz_emit_vhci(0x0, 0x3b)
ioctl$BTRFS_IOC_DEV_REPLACE(0xffffffffffffffff, 0xca289435, &(0x7f0000000000)={0x2, 0x1dc8, @status={[0x0, 0x8001, 0xffffffffffffffff, 0x1, 0x688, 0x9]}, [0x80, 0x6, 0x1, 0x8000000000bd, 0x80000001, 0x3, 0x2, 0x7, 0x2, 0x0, 0x5, 0x1ff, 0x4, 0x8, 0xc5f, 0x4, 0x7, 0x2, 0x4e43, 0x7ff, 0x3d, 0x2, 0x1, 0x9, 0x21, 0xfffffffffffff800, 0x7f, 0x8, 0x401, 0x6, 0x1000, 0x1, 0x1, 0x101, 0x0, 0x4, 0x1000, 0x7, 0x0, 0x4a5, 0x6, 0xa05, 0x9, 0x3, 0x40, 0x6, 0x7ff, 0x0, 0x7fffffff, 0x3, 0x3575, 0x6, 0x1e, 0x7, 0x6, 0x6, 0x8001, 0xc2a, 0x100, 0x4, 0x1963, 0x9, 0x3f, 0x8]})

10:23:12 executing program 0:
open$dir(0x0, 0x10942, 0x4)
open$dir(&(0x7f0000000100)='./file0\x00', 0x101001, 0x20)

10:23:12 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xf, r0, 0x0)

10:23:13 executing program 3:
r0 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x75, 0xdc001)
ioctl$SNDRV_PCM_IOCTL_RESET(r0, 0x4141, 0x0)
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
ioctl$SNDRV_PCM_IOCTL_HW_FREE(r0, 0x4112, 0x0)
mmap$snddsp_control(&(0x7f00003ff000/0xc00000)=nil, 0x1000, 0x4, 0x80010, r0, 0x83000000)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x8, 0x4], 0x2, 0x80000, 0x0, <r1=>0xffffffffffffffff})
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r2)
read$snddsp(r2, &(0x7f0000000400)=""/2, 0x2)
ioctl$SNDRV_PCM_IOCTL_READN_FRAMES(r1, 0x80184153, &(0x7f0000000140)={0x0, &(0x7f0000000100)=[&(0x7f00000000c0)="3aa5056c66dcb4e716a245c69439f8e68ed0fe0627ffdaea4857ce345a565545622ad35e57b4b258260fa5916f8ddb1a7f4d"]})
sendmsg$SEG6_CMD_SETHMAC(r1, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0x84, 0x0, 0x0, 0x70bd2c, 0x25dfdbfc, {}, [@SEG6_ATTR_SECRET={0x14, 0x4, [0x401, 0x3fdcc973, 0x3ff, 0x7]}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x4}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x3}, @SEG6_ATTR_ALGID={0x5}, @SEG6_ATTR_SECRET={0x4}, @SEG6_ATTR_SECRET={0x10, 0x4, [0xff, 0x1, 0x1]}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x6}, @SEG6_ATTR_DST={0x14, 0x1, @mcast2}, @SEG6_ATTR_DST={0x14, 0x1, @mcast2}]}, 0x84}, 0x1, 0x0, 0x0, 0x2000c820}, 0x20000010)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$SEG6_CMD_GET_TUNSRC(r3, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, 0x0, 0x8, 0x70bd26, 0x25dfdbff, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0xd0}, 0x40)

10:23:13 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
ioctl$sock_bt_bnep_BNEPCONNADD(r1, 0x400442c8, &(0x7f0000000040)={r0, 0x100, 0x3e, "5690c4fb5cd7a40986b5458f2584ad8e1bb282461f6801f67d5bceadb14ef4dc52560e4f3408397d25f8099e0bc05e00d8aa69a55b85ed44217f09625549f30fe0ccac153e11b8bdc8d0c1ebc916a6bd21ffd842"})

10:23:13 executing program 2:
syz_emit_vhci(0x0, 0x8087552a0604d20)

10:23:13 executing program 4:
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(0xffffffffffffffff, 0xc0884113, &(0x7f0000000040)={0x0, 0x60fd, 0x1, 0x1, 0x2, 0x3, 0x8, 0x4, 0x6c4, 0x696c, 0x56dbb4bf, 0x4})
socketpair(0x29, 0x3, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000100), 0x40000, 0x0)
ioctl$BTRFS_IOC_GET_DEV_STATS(r0, 0xc4089434, &(0x7f0000000200)={<r3=>0x0, 0x7fff, 0x0, [0xfffffffffffffffd, 0xef0, 0x1, 0x7, 0x7ff], [0x2, 0xcc15, 0x4c, 0xd4, 0xe3, 0x1ff, 0x77f, 0x0, 0x5, 0x2, 0x5, 0xd1, 0x2, 0x3ff, 0x8, 0x5, 0xffffffffffffffff, 0x101, 0x2, 0x2, 0x392d39c1, 0x103, 0x10000, 0x7f, 0x2, 0x4, 0x10001, 0x187b61aa, 0x9, 0x0, 0x451d, 0x8001, 0x0, 0x0, 0x6, 0x1, 0x7fff, 0xfffffffffffffff7, 0x6, 0xcfe7, 0x4, 0x0, 0x100000001, 0x5, 0xfffffffffffffffc, 0xdb, 0xf05, 0x0, 0x3ff, 0x7, 0xffffffffffffffff, 0xfffffffffffffffb, 0x8, 0x7fffffff, 0x6, 0x40, 0x5, 0xfffffffffffffffe, 0x2, 0x5c, 0x0, 0x100000001, 0x1fe, 0x4, 0x5, 0x3ee1, 0x5, 0x85a, 0x10001, 0x6, 0x1, 0x101, 0x1, 0x7f, 0x4, 0x0, 0x7, 0x5, 0xffffffffffffff01, 0x0, 0x8, 0x4, 0x81, 0x4, 0x0, 0x100000002, 0x7, 0xffffffffffffff7d, 0x0, 0x7, 0xffffffffffffff00, 0x3e, 0x8a, 0x10000, 0x4, 0x0, 0x1fa, 0x7fffffff, 0x7ff, 0x80000000, 0x5, 0x0, 0x1, 0x7, 0x5f, 0x7fff, 0x4, 0x1, 0x11, 0x28, 0xa6, 0x100000001, 0xe9, 0x0, 0x1, 0x7, 0x0, 0x2, 0x0, 0x1f, 0x7f]})
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000a80), 0x80020, 0x0)
ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f0000000640)={r3, 0x400000000000, 0x6})
fchmodat(r2, &(0x7f0000000140)='./file0\x00', 0x0)
getgroups(0x1, &(0x7f00000001c0)=[<r4=>0xffffffffffffffff])
fchownat(r2, &(0x7f0000000180)='./file0\x00', 0xffffffffffffffff, r4, 0x800)
ioctl$TUNSETCARRIER(r2, 0x400454e2, &(0x7f0000000a40)=0x1)
socket$bt_bnep(0x1f, 0x3, 0x4)

10:23:13 executing program 0:
open$dir(0x0, 0x10942, 0x4)
open$dir(&(0x7f0000000100)='./file0\x00', 0x101001, 0x20)

10:23:13 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xf, r0, 0x0)

10:23:13 executing program 3:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {<r1=>0x0}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRESHEX=r0, @ANYRESHEX=r1, @ANYBLOB="137a42e273cd684b329cff3f18be859572da35534a77869284b8746a164c3801f33d10daf99fe2871b1f4d1855a8653d292b2ebdd126be12d0b76f6667c0471a812912af5b5b"], 0x3b)

10:23:13 executing program 5:
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000840), 0x0, 0x0)
mmap$snddsp_control(&(0x7f0000ffb000/0x3000)=nil, 0x1000, 0x4, 0x10, r0, 0x83000000)
r1 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r1, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:23:13 executing program 2:
socket(0x15, 0x6, 0x0)
syz_emit_vhci(0x0, 0x3b)
r0 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f00000001c0)={&(0x7f0000000180)=[0x100, 0x10001, 0x8, 0x9, 0x0, 0x5], 0x6, 0x800, 0x0, <r1=>0xffffffffffffffff})
read$usbmon(r1, &(0x7f0000000200)=""/175, 0xaf)
syz_emit_vhci(&(0x7f00000002c0)=ANY=[@ANYBLOB="042007aaaaaa777b110074c6ff3cfdf8"], 0xa)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="08005c1f6526b581adde0100000005000513391c170008000200e90300000c0004000900159d6b469c23d54b2900001f0000"], 0x38}, 0x1, 0x0, 0x0, 0x4044040}, 0x44000)

10:23:13 executing program 4:
socketpair(0x18, 0x800, 0xfffffffd, &(0x7f0000000040))

10:23:13 executing program 0:
open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x4)
open$dir(&(0x7f0000000100)='./file0\x00', 0x101001, 0x20)

10:23:13 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x8, 0x40, 0xe1, 0x2, 0x0, 0x1, 0x40000, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x10001, 0x1, @perf_config_ext={0x39, 0xc589}, 0x2, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:14 executing program 3:
syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x3b)

10:23:14 executing program 5:
r0 = socket(0x2, 0x80000, 0x7fc)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x1, 0x8, 0x1, 0x8, 0x1ff, 0x4, 0x1, 0x3f, 0x80000000], 0x9, 0x1000, 0x0, <r1=>0xffffffffffffffff})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r5, 0x1}, 0x14}}, 0x0)
sendmsg$BATADV_CMD_GET_VLAN(r3, &(0x7f00000004c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x2c, r5, 0x200, 0x70bd2c, 0x25dfdbfd, {}, [@BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x2}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x8d8)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r6)
r7 = syz_genetlink_get_family_id$batadv(&(0x7f00000003c0), r2)
sendmsg$BATADV_CMD_SET_VLAN(r6, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x34, r7, 0x300, 0x70bd28, 0x25dfdbfc, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x1}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x1)
r8 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r8, 0x1}, 0x14}}, 0x0)
sendmsg$BATADV_CMD_TP_METER(r1, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x38, r8, 0x20, 0x70bd29, 0x25dfdbff, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x9}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0xe1}]}, 0x38}, 0x1, 0x0, 0x0, 0x4004}, 0x8040001)

10:23:14 executing program 0:
open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x4)
open$dir(&(0x7f0000000100)='./file0\x00', 0x101001, 0x20)

10:23:14 executing program 2:
syz_emit_vhci(0x0, 0x3b)

10:23:14 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x40, 0xe1, 0x2, 0x0, 0x1, 0x40000, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x10001, 0x1, @perf_config_ext={0x39, 0xc589}, 0x2, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:14 executing program 4:
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000))
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r0, 0x28, 0x2, &(0x7f0000000080)=0x5, 0x8)

10:23:14 executing program 3:
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0xf38b7728feee760, 0x0)
ioctl$SNDRV_PCM_IOCTL_REWIND(r0, 0x40084146, &(0x7f0000000040)=0x3c)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000300)={0x0, 0x4, 0x4, 0x1})
ioctl$SNDRV_PCM_IOCTL_READN_FRAMES(0xffffffffffffffff, 0x80184153, &(0x7f00000002c0)={0x0, &(0x7f0000000280)=[&(0x7f0000000080)="b0dad67654d2aef440e1d496fb468c7dbbc33f6002a43d8d14ddb5e5295308cd833c4644cbf60871d168", &(0x7f00000000c0)="0fdb3839095d7055d2375b52e4e15bb43a767f66d0d160f0c03083893982404ed8b1081341ef252e7f62c78009134b160237c4a94aec8300867751d7b3bb840317e7e92e834024a255af92f9dc923183e939ff9553c9c7cb81401eb1bc2dea6862ad690aacaa564f472f89ecc7a2b56822fc5da1345079cbe98d07a0c84824f8bf99f0fd399b7d385fd0bd587a6f3b1f03a86466091584418602909647e7f169fa3c87bb29acbcbdb95cc2095ec7f25ba0d135131f5e80677218d675ed8642bf73ad8949308751c47b742b5c4ab21d3d3841427d2b9ccbf2", &(0x7f00000001c0)="bc4dad19d3dccb8ef56907eee9170b46c57116bd57e7c22642744e68883a267977e37899f6656623a7e3868da03419382a603ed243b027fe5cef9d77be3d4881eb0b058546b544c1f37b2c3c86f0e4c816263e915ffd433e292c81dee232aa6ad8fea06345fd317f68340762fbd9f775dd5e106af43a6c7f1ee9b96fc3334f5a55d5d1af1c31a6cb52bf746165fe51cef2f68ccfaafc085bc7e9d4c74aa80284faa3370bb963b3a00c"]})

10:23:14 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)
sendmsg$BATADV_CMD_TP_METER(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x14, 0x0, 0x4, 0x70bd21, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4841}, 0x8000)

10:23:14 executing program 2:
syz_emit_vhci(0x0, 0x3b)
r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x6, 0x200001)
ioctl$MON_IOCG_STATS(r0, 0x80089203, &(0x7f0000000040))

10:23:14 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0xe1, 0x2, 0x0, 0x1, 0x40000, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x10001, 0x1, @perf_config_ext={0x39, 0xc589}, 0x2, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:14 executing program 0:
open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x4)
open$dir(&(0x7f0000000100)='./file0\x00', 0x101001, 0x20)

10:23:15 executing program 4:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205)
socketpair(0xf, 0x3, 0x4, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r3)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000100), r0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r5=>0x0})
sendmsg$BATADV_CMD_GET_VLAN(r2, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB="2c10ff7007aa06664957a432d0d4dd9d4a4abcd10000201676dc99e1f915f4b7e72721f1dc641663013dce7dcb4cadd4373b766155929e0696617121dc12ec27d4ea6ded34d26fa4ebfc5d7ef58eedda5de7fef1bf2fe2e0b2b51d736f857af1a10e464f77fad71bc974367737de68c36bee4a25274943040d5656d89f732a295bd6e18ac17137", @ANYRES16=r4, @ANYBLOB="00012bbd7000fedbdf251100000008000600", @ANYRES32=r5, @ANYBLOB="000019bfb6b7fd8c576d01391cc5c500", @ANYRES32=0x0, @ANYBLOB], 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x80)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r6)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
sendmsg$BATADV_CMD_GET_VLAN(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000380)={0x34, r1, 0x20, 0x70bd29, 0x25dfdbfb, {}, [@BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x3f}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_HOP_PENALTY={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000000}, 0xc011)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r7)
statx(r7, &(0x7f00000001c0)='./file0\x00', 0x2000, 0x80, &(0x7f00000003c0))
ioctl$MON_IOCH_MFLUSH(r3, 0x9208, 0xfffffffffffff800)

10:23:15 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @extended_inquiry_info={{0x2f, 0x2fb}, {0x3, [{@any, 0x81, 0x3f, "1c4c88", 0x4, 0x7f, "3abf44b3b1be6442d069d8df9ac244b1f2185b666470ff4f515bdec3bcf010230ef4335406dd3e51c5a1f76796c0de21d774499c7b47464395f5606ce40e265ee0c6b76fa52bcb6ef3f8068e7c713e62862135ce21dfad8e3a1c208d10392e50b9da670bdff49ccaf2800f35e425a9ebbc39d8ec7bfe01698c83821fbfbf488ee3cab74ecbb5bcaf78d259034bc9de8e57e97ad072a6887b590e41fa8fa13e363085ea93b10c9b232065219682db087436daa85c051c9db70e0347ac70828d0dee4e0df1285ceaf88ac147b0ea4a523ebbd03bdd5077aa4a940ebff78daea97817fd063dc707e9a71dc74a49461d2632"}, {@any, 0x40, 0x7, "a4d784", 0x1, 0x2, "cb5589b1327fdda4aff7ffc008c8a99df33cb3ed121c03cacb7a15d492e1e0535237f71578ee70dbc107ea0d825a54299f1ea51432151ad28e66a5c4fd68784359fbaca1a03a64f8ee5c52bfb7747bbad8bcf180c35a77109e0b4a5a2d21a137cc86dc698db63299d55da3b8db971a7baa97c0a914219b13be734fd114bda99936a2c027da301d717298423c1907733b752a1d609a99a2cecf9625f3184c897c7aad43bc763a2e55a488c760a755065f9902460696d7eb9a2e481e95f036f11749812e71344b3f719191f25b869b3f25c7a962a9b00aa85d6e6063ba57410f52e2837a27342fac0819c75d0983c69c18"}, {@any, 0xbe, 0x7, "e65aaf", 0x3, 0x9, "3f760222ada799c803ae1f636a09037d7583d9b6d0f0da8e99a82176dedeba4d4a59bb209b4df563ef45f0fdfe1573b1b02bc03bf19c0190215becfd8ad7e9930584e6366ce553ec235c312cbc98970f3dfe89af09db29bee710ee5da538f0de9147f094d09de1bc0fd7262244b0422ddb5acb6e35f2b09ce2590208453181a2b7bf958387de49d5493de08b3b43a883e579d8b03e9668ba817c5ed14213a55cc2abcb661d23811a23f16f7a4870dc392b0984bf7fde8253ea9b97d5a21810f6b05fd765f8288216f42d400ac4b58ae6080456004b24807d4fe5e9ba72fc52d1b19119b40012c7e0b9a43de7c22b1a48"}]}}}, 0x2fe)

10:23:15 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$gtp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$GTP_CMD_DELPDP(r2, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r3, 0x1}, 0x14}}, 0x0)
sendmsg$GTP_CMD_GETPDP(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x34, r3, 0x200, 0x70bd2d, 0x25dfdbfd, {}, [@GTPA_O_TEI={0x8}, @GTPA_VERSION={0x8}, @GTPA_VERSION={0x8}, @GTPA_FLOW={0x6, 0x6, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x40010}, 0x10)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:23:15 executing program 2:
syz_emit_vhci(0x0, 0x3b)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x103040, 0x0)

10:23:15 executing program 0:
open$dir(&(0x7f0000000000)='./file0\x00', 0x10942, 0x0)
open$dir(&(0x7f0000000100)='./file0\x00', 0x101001, 0x20)

10:23:15 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x40000, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x10001, 0x1, @perf_config_ext={0x39, 0xc589}, 0x2, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:15 executing program 4:
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='nv\x00', 0x3)

10:23:15 executing program 3:
ioctl$SNDRV_PCM_IOCTL_XRUN(0xffffffffffffffff, 0x4148, 0x0)
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)

10:23:15 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000840)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000200), r1)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)
sendmsg$SEG6_CMD_DUMPHMAC(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000080)={&(0x7f0000000140)={0x50, 0x0, 0x100, 0x70bd26, 0x25dfdbfe, {}, [@SEG6_ATTR_DST={0x14, 0x1, @dev={0xfe, 0x80, '\x00', 0xc}}, @SEG6_ATTR_SECRET={0x10, 0x4, [0x100, 0x10001, 0x101]}, @SEG6_ATTR_SECRET={0x4}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x401}, @SEG6_ATTR_SECRET={0xc, 0x4, [0xffff0001, 0x9d13]}]}, 0x50}, 0x1, 0x0, 0x0, 0x20000050}, 0x8800)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000280)={'batadv0\x00', <r2=>0x0})
r3 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0), 0x145440, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
r4 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r4, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
ioctl$BTRFS_IOC_GET_DEV_STATS(r4, 0xc4089434, &(0x7f0000000400)={0x0, 0xdb, 0x1, [0x5, 0x7, 0x100000000, 0x0, 0x6], [0x4, 0x80000000, 0x7f, 0x7f, 0x1, 0x9, 0x8, 0xffffffffffffffff, 0x301ace45, 0x0, 0x82, 0x4, 0x3, 0x4a6, 0x0, 0x15a, 0xb7, 0x2, 0x20, 0x4, 0x34, 0xf28, 0x3, 0x9, 0xb5bf, 0x80000000, 0x8000, 0x2, 0x40, 0x0, 0x80, 0x0, 0x1000, 0x9, 0xdcd, 0x3, 0x4, 0x61, 0x4, 0x1ff, 0xffffffffffffffff, 0x1, 0x100, 0x9, 0x0, 0x4, 0x4, 0x7fffffff, 0x0, 0x7, 0x8, 0x7, 0x1f, 0xc8, 0x2, 0x177f, 0x9, 0x2, 0x9, 0x1, 0x6, 0x100000001, 0x686b, 0xffffffffffffff00, 0x3, 0x4, 0x4, 0x1f, 0x4, 0x4, 0x6, 0x3, 0x7, 0x100000001, 0x3, 0x8f15, 0x20, 0xa6, 0xffffffffffffffe0, 0x4, 0x4, 0xd96e, 0xfffffffffffff001, 0x9, 0x0, 0x100000000, 0x9, 0x5, 0x400000000000000, 0x9, 0x9, 0x2, 0x2, 0xd95, 0x2a, 0x5, 0x8, 0x2, 0x9, 0x9, 0x7ff, 0x3ff, 0x8, 0x0, 0x101, 0x7, 0x8, 0x2000, 0x7, 0x6, 0x101, 0x0, 0x3, 0x5, 0x3, 0x0, 0x0, 0x80, 0xffff, 0x3, 0x3ff]})
sendmsg$GTP_CMD_DELPDP(r1, &(0x7f00000003c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x5c, 0x0, 0x4, 0x70bd2b, 0x25dfdbfc, {}, [@GTPA_LINK={0x8, 0x1, r2}, @GTPA_LINK={0x8}, @GTPA_I_TEI={0x8, 0x8, 0x2}, @GTPA_O_TEI={0x8, 0x9, 0x2}, @GTPA_VERSION={0x8, 0x2, 0x1}, @GTPA_NET_NS_FD={0x8, 0x7, r3}, @GTPA_I_TEI={0x8, 0x8, 0x4}, @GTPA_O_TEI={0x8, 0x9, 0x4}, @GTPA_MS_ADDRESS={0x8, 0x5, @empty}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000840)

10:23:16 executing program 2:
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
shmctl$IPC_RMID(r0, 0x0)
shmget$private(0x0, 0x2000, 0x8, &(0x7f0000ffc000/0x2000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000)=""/30)
syz_emit_vhci(0x0, 0x3b)

10:23:16 executing program 0:
open$dir(&(0x7f0000000000)='./file0\x00', 0x10942, 0x0)
open$dir(0x0, 0x101001, 0x20)

10:23:16 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x40000, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x10001, 0x1, @perf_config_ext={0x39, 0xc589}, 0x2, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:16 executing program 4:
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
socket(0x11, 0xa, 0xffff)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
r2 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), r0)
sendmsg$SEG6_CMD_GET_TUNSRC(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="6c040000cf543e722c3ca8c1b2dd929ac5e409ec8531dcde454add5c9c094d201818addb7f4b190431089a8a990929e4b2f6b12e6c146cdc491359a2bd6b43f5fe4b900f44b17877d24984fdfa5adbb36ce0712c10ae1dc46239462b5b364b56687f4a2e038ca654f7d7bb866b7526de2c0a2acf53509f28edc31a038170313845cb02582557d532371164105c7b8b42de1c749df6dc838fe079d719ba8283166e3cb3b1846fc0061e670555a4393d5b050c08cd03dd65756aa3", @ANYRES16=r2, @ANYBLOB="000327bd7000fcdbdf2504000000140001000000000000000000000000000000000114000100ff0100000000000000000000000000010500060004000000050005000500000008000200ffff00000800020001040000080002003f0000000800030009000000"], 0x6c}, 0x1, 0x0, 0x0, 0x40000}, 0x20000001)

10:23:16 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f00000001c0)=@mangle={'mangle\x00', 0x1f, 0x6, 0x780, 0x480, 0x268, 0x148, 0x480, 0x0, 0x6b0, 0x6b0, 0x6b0, 0x6b0, 0x6b0, 0x6, &(0x7f0000000140), {[{{@ipv6={@local, @ipv4={'\x00', '\xff\xff', @multicast1}, [0xffffffff, 0x0, 0x0, 0xffffffff], [0xff000000, 0xffffffff, 0xffffffff, 0xffffffff], 'team0\x00', 'veth0_to_bond\x00', {}, {}, 0x38880a9fa98fca3a, 0x1, 0x0, 0x53}, 0x0, 0x100, 0x148, 0x0, {}, [@common=@frag={{0x30}, {[0x2, 0x80000001], 0x8, 0xc, 0x2}}, @inet=@rpfilter={{0x28}, {0x2}}]}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4=@multicast1, @ipv4=@local, 0x16, 0x13, 0x3}}}, {{@uncond, 0x0, 0xf8, 0x120, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x1}}, @common=@icmp6={{0x28}, {0xedeb2b16fc083cde, "9a6c", 0x1}}]}, @unspec=@CHECKSUM={0x28}}, {{@ipv6={@mcast1, @dev={0xfe, 0x80, '\x00', 0x13}, [0xffffffff, 0xff, 0xff, 0xffffff00], [0xffffffff, 0xff, 0xffffff00, 0xff000000], 'wg0\x00', 'veth0_to_team\x00', {}, {0xff}, 0x89, 0x0, 0x1}, 0x0, 0xf8, 0x120, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x1}}, @common=@icmp6={{0x28}, {0x4, "c5c2"}}]}, @HL={0x28, 'HL\x00', 0x0, {0x3, 0x1}}}, {{@ipv6={@private2={0xfc, 0x2, '\x00', 0x1}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', [0xffffffff, 0xff, 0xffffffff, 0xffffff00], [0x0, 0x0, 0xffffff00, 0xffffff00], 'geneve1\x00', 'erspan0\x00', {0xff}, {0xff}, 0x62, 0x4, 0x4, 0x4}, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@mh={{0x28}, {'94'}}]}, @common=@unspec=@NFQUEUE0={0x28, 'NFQUEUE\x00', 0x0, {0x80}}}, {{@uncond, 0x0, 0x208, 0x230, 0x0, {}, [@common=@rt={{0x138}, {0x2, [0x6, 0x1], 0x8, 0x6, 0x3, [@dev={0xfe, 0x80, '\x00', 0x26}, @private1, @empty, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, @private2={0xfc, 0x2, '\x00', 0x1}, @ipv4={'\x00', '\xff\xff', @multicast1}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @ipv4={'\x00', '\xff\xff', @local}, @mcast1, @empty, @loopback, @loopback, @rand_addr=' \x01\x00'], 0x1}}, @inet=@rpfilter={{0x28}, {0x8}}]}, @HL={0x28, 'HL\x00', 0x0, {0x0, 0x1}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x7e0)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r1, 0x28, 0x2, &(0x7f0000000080)=0x9, 0x8)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:23:16 executing program 3:
r0 = ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
ioctl$BTRFS_IOC_DEV_INFO(0xffffffffffffffff, 0xd000941e, &(0x7f0000000080)={<r1=>0x0, "605877dd5e5a0d9768ebc3f79b1b5cf2"})
ioctl$BTRFS_IOC_GET_DEV_STATS(r0, 0xc4089434, &(0x7f0000001080)={r1, 0x3, 0x1, [0x9, 0x6, 0x0, 0xffffffff7fffffff, 0xf3], [0x9, 0x1, 0x81, 0x8, 0x7, 0xf1, 0x72, 0x7, 0x7, 0x800, 0x7, 0x67, 0x100, 0x7, 0x9, 0x1ff, 0x8001, 0x5, 0x0, 0x7f, 0x1, 0x3ff, 0x1, 0x178, 0x0, 0x2, 0x5, 0x5ada5be3, 0x4, 0x10000, 0x0, 0x21, 0x80000000, 0x3, 0xeb8, 0x2, 0x6, 0x1, 0xffffffffffffff02, 0x80000000, 0x7f, 0x0, 0x4, 0x5, 0x2, 0x1, 0x200, 0x4, 0xff, 0xf7d9, 0x97c, 0x3b, 0x2, 0x2, 0x80, 0x0, 0x6, 0x9, 0x3, 0x10001, 0x3, 0x60000000000000, 0x7, 0x10000, 0x9, 0x100000000, 0xffff, 0x800, 0xfffffffffffffffc, 0x0, 0x2, 0x2, 0xb048, 0x9, 0x8fb, 0x0, 0x7, 0xfa83, 0x80000000, 0x8d46, 0x7, 0x1, 0x1, 0x5, 0x1f, 0x10, 0x1f, 0x800, 0x8, 0x7, 0x3, 0x24, 0x9ff0, 0x80000000, 0x4, 0x800, 0x8, 0x68, 0x2, 0x100000001, 0x4, 0xff, 0x2, 0x9, 0x9, 0x6, 0x3, 0x7fff, 0x4, 0xff, 0x3, 0x1, 0x2, 0x9, 0x5b5820a1, 0x1, 0x401, 0x3, 0x3ff, 0xffffffff, 0x6]})
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r2)
ioctl$NS_GET_USERNS(r0, 0xb701, 0x0)
sendmsg$SEG6_CMD_SETHMAC(r2, &(0x7f0000001580)={&(0x7f00000014c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000001540)={&(0x7f0000001500)={0x24, 0x0, 0x4, 0x70bd2d, 0x25dfdbfc, {}, [@SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x5}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000)
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(0xffffffffffffffff, 0xc080661a, &(0x7f0000000000)={@id={0x2, 0x0, @a}})

10:23:16 executing program 2:
syz_emit_vhci(0x0, 0x3b)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000000)={<r0=>0x0, 0x9, 0x100})
ioctl$BTRFS_IOC_DEV_INFO(0xffffffffffffffff, 0xd000941e, &(0x7f0000000400)={r0, "c4f3af2b20d9cdd9eddac98e8f3edc76"})

10:23:16 executing program 0:
open$dir(&(0x7f0000000000)='./file0\x00', 0x10942, 0x0)
open$dir(0x0, 0x101001, 0x20)

10:23:16 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x10001, 0x1, @perf_config_ext={0x39, 0xc589}, 0x2, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

[ 3280.138703][T25147] x_tables: duplicate underflow at hook 1
[ 3280.176359][T25147] x_tables: duplicate underflow at hook 1
10:23:16 executing program 4:
r0 = openat$incfs(0xffffffffffffffff, &(0x7f0000000140)='.pending_reads\x00', 0x2000, 0x0)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x60, r1, 0x2, 0x70bd26, 0x25dfdbff, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x800}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x8000}, @BATADV_ATTR_ORIG_ADDRESS={0xa}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x3becbdee}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x3ff}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x800}, 0x8040)
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000))
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r2)
sendmsg$AUDIT_TTY_GET(r2, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x10, 0x3f8, 0x8, 0x70bd2d, 0x25dfdbfd, "", ["", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x4004001}, 0x200088c4)

10:23:16 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
sendmsg$SEG6_CMD_DUMPHMAC(r1, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000080)={&(0x7f0000000140)={0x80, 0x0, 0x2, 0x70bd2b, 0x25dfdbff, {}, [@SEG6_ATTR_HMACKEYID={0x6a, 0x3, 0xfb}, @SEG6_ATTR_HMACKEYID={0x8}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x7}, @SEG6_ATTR_DST={0x14, 0x1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x3f}, @SEG6_ATTR_SECRET={0xc, 0x4, [0x5, 0xfff]}, @SEG6_ATTR_DST={0x14, 0x1, @dev={0xfe, 0x80, '\x00', 0x36}}, @SEG6_ATTR_SECRET={0x18, 0x4, [0xfffffff9, 0x8020, 0x6, 0x6, 0x6]}]}, 0x80}, 0x1, 0x0, 0x0, 0x40}, 0x4045)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0}, 0x2, 0x0, 0x0, 0x8005}, 0x0)

10:23:17 executing program 3:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x541b, 0x0)
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)

10:23:17 executing program 0:
open$dir(&(0x7f0000000000)='./file0\x00', 0x10942, 0x0)
open$dir(0x0, 0x101001, 0x20)

10:23:17 executing program 2:
ioctl$MON_IOCH_MFLUSH(0xffffffffffffffff, 0x9208, 0x5)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
shmctl$IPC_RMID(r0, 0x0)
r1 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
shmctl$IPC_RMID(r1, 0x0)
shmctl$IPC_RMID(r1, 0x0)
shmctl$IPC_STAT(r0, 0x2, &(0x7f0000000000)=""/230)
socket(0x28, 0x80000, 0x7fffffff)

10:23:17 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x10001, 0x1, @perf_config_ext={0x39, 0xc589}, 0x2, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:17 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)
socketpair(0x3, 0x4, 0x80, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_NEIGHBORS(r1, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x3c, r3, 0x200, 0x70bd2a, 0x25dfdbfb, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x3}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x24000000}, 0x4000000)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r3, 0x1}, 0x14}}, 0x0)
sendmsg$BATADV_CMD_GET_NEIGHBORS(r1, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x24, r3, 0x400, 0x70bd26, 0x25dfdbfb, {}, [@BATADV_ATTR_VLANID={0x6, 0x28, 0x4}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x7}]}, 0x24}}, 0x8)

10:23:17 executing program 4:
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(0xffffffffffffffff, 0x28, 0x2, &(0x7f0000000040)=0x9, 0x8)

10:23:17 executing program 3:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0, 0x0, 0x0, <r1=>0xffffffffffffffff})
r2 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r2, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {<r3=>0x0}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
r4 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r4, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
r5 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r5, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYRES64=0x0, @ANYRES32, @ANYRES32=r1, @ANYRES64=r5, @ANYRES16, @ANYRES64=r2, @ANYRESDEC=r4, @ANYBLOB="96caf063f909987ae9ccfd5293a940928d0165ea101942bd1295b192bb48bd9dfa863c2ba999faa46e69cfd8f81863df78b85973c86e8bb6a571f1db7cba25213e8ef10f55ae2eb746fd310f07525082c2e161f53d49b444453137d2bed8e20f855900f5460fce39659e9f53176e086ce288f9b213255cc195e2d44ba05d2b8c2f94a2c8dfac0ccbc8452c558b45e4582c6161f48a9e36f86048cc80dc27e28d3897ddf96835fc7a09bb", @ANYRESHEX=r3], 0x3b)

10:23:17 executing program 0:
open$dir(&(0x7f0000000000)='./file0\x00', 0x10942, 0x0)
open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x20)

10:23:17 executing program 2:
syz_emit_vhci(0x0, 0x3b)
r0 = socket(0x29, 0x2, 0x80)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000080)={0x3}, 0x8)
ioctl$sock_bt_bnep_BNEPCONNADD(r0, 0x400442c8, &(0x7f0000000000)=ANY=[@ANYRES32=r1, @ANYBLOB="0000000008004892f4371cebadc3d3de89d40ad94d84d3bb791f5e409959b8ddfd1dffff7d24b3e2fe564d8c22074fd713115a0461f3cfeae11f09bb0000"])

10:23:17 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x10001, 0x1, @perf_config_ext={0x39, 0xc589}, 0x2, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:17 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x9, 0xfffff674, 0x5], 0x3, 0x800, 0x0, <r1=>0xffffffffffffffff})
sendmsg$AUDIT_GET_FEATURE(r1, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x10, 0x3fb, 0x100, 0x70bd28, 0x25dfdbfd, "", ["", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x40000}, 0x40082)

10:23:17 executing program 4:
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = accept4$vsock_stream(r1, &(0x7f0000000040), 0x10, 0x80000)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r0, 0x28, 0x6, &(0x7f00000000c0)={0x77359400}, 0x10)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r2, 0x28, 0x6, &(0x7f0000000080), 0x10)

10:23:18 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2)

10:23:18 executing program 0:
open$dir(&(0x7f0000000000)='./file0\x00', 0x10942, 0x0)
open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)

10:23:18 executing program 2:
syz_emit_vhci(0x0, 0xfe55)
r0 = shmget$private(0x0, 0x4000, 0x1000, &(0x7f0000ffc000/0x4000)=nil)
shmctl$IPC_RMID(r0, 0x0)
shmctl$SHM_INFO(r0, 0xe, &(0x7f0000000000)=""/113)

10:23:18 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={0x0}, 0x2, 0x0, 0x0, 0x4000005}, 0x0)

10:23:18 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x10001, 0x1, @perf_config_ext={0x39, 0xc589}, 0x2, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:18 executing program 4:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
mmap$snddsp_control(&(0x7f0000ffc000/0x3000)=nil, 0x1000, 0xf, 0x12, r0, 0x83000000)
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000))
socketpair(0x27, 0x3, 0x1000, &(0x7f0000000040))

10:23:18 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {0x0, <r1=>0x0}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
r2 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r2, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRES16, @ANYRES64, @ANYRESOCT=0x0, @ANYRES64, @ANYRESHEX=0x0, @ANYRES16=r0, @ANYBLOB="b708f594deca33ca05a01af60f581d8d9c3590237cfdcb4f2fbf6b0e3b1757f59ee9a64d5f8d56c98a161bbccfe8c89cda19ecdaf6763e5f525757be0e525f75bc53bb8810eb", @ANYRESOCT=r1, @ANYRESDEC=0x0, @ANYRESOCT=r2], 0x3b)

10:23:18 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000)={0xffffffffffffffff}, 0x4)

10:23:18 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x10001, 0x1, @perf_config_ext={0x39, 0xc589}, 0x2, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:18 executing program 2:
syz_emit_vhci(0x0, 0x3b)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000000)=[0x10001, 0x100, 0x80, 0x4], 0x4, 0x80800, 0x0, <r0=>0xffffffffffffffff})
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
accept4$vsock_stream(r2, &(0x7f0000000200)={0x28, 0x0, 0x2711, @my=0x1}, 0x10, 0x800)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
getgroups(0x2, &(0x7f0000000140)=[0xffffffffffffffff, 0xffffffffffffffff])
syz_genetlink_get_family_id$batadv(&(0x7f00000001c0), r3)
r4 = openat$incfs(r0, &(0x7f0000000100)='.log\x00', 0x90540, 0x11)
ioctl$sock_bt_bnep_BNEPCONNADD(r3, 0x400442c8, &(0x7f0000000280)=ANY=[@ANYRES32=r4, @ANYBLOB="050046f1ea831fb11ff2e64a2ff010cd00003f00029890a9e703832e97ec7ad14c8a0b51045ba9d626030000001dd3eae8b997f68854a2d2ca3794ae41d26c5a53c240834100b8b4d1ff3106c999df86f7ff9f249cadae00000010000000024c8c60978595ff37cfac60d6d37a81c5649caaaaa6e373b23fbe1a5c5ab57cc6f9ee10145dbab9e391857e2226b3dfe7ee4abde287f8c3143e90b7788825ef00ee49065781b680a6c7"])
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
renameat2(r0, &(0x7f0000000080)='./file0\x00', r1, &(0x7f00000000c0)='./file0\x00', 0x4)

10:23:18 executing program 4:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv0\x00', <r1=>0x0})
ioctl$TUNSETIFINDEX(r0, 0x400454da, &(0x7f0000000080)=r1)
socketpair(0x26, 0x3, 0x4, &(0x7f0000000000))

10:23:18 executing program 5:
r0 = socket(0x8, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000040)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0}, 0x2}, 0x0)

10:23:19 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {0x0, <r1=>0x0}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
r2 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r2, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRES16, @ANYRES64, @ANYRESOCT=0x0, @ANYRES64, @ANYRESHEX=0x0, @ANYRES16=r0, @ANYBLOB="b708f594deca33ca05a01af60f581d8d9c3590237cfdcb4f2fbf6b0e3b1757f59ee9a64d5f8d56c98a161bbccfe8c89cda19ecdaf6763e5f525757be0e525f75bc53bb8810eb", @ANYRESOCT=r1, @ANYRESDEC=0x0, @ANYRESOCT=r2], 0x3b)

10:23:19 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
socketpair(0x2, 0x80000, 0x8, &(0x7f0000000040)={<r0=>0xffffffffffffffff})
syz_genetlink_get_family_id$gtp(&(0x7f0000000000), r0)

10:23:19 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x10001, 0x1, @perf_config_ext={0x39, 0xc589}, 0x2, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:19 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r0, 0x28, 0x6, &(0x7f00000002c0)={0x77359400}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$SEG6_CMD_SETHMAC(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x24, 0x0, 0x100, 0x70bd2d, 0x25dfdbfb, {}, [@SEG6_ATTR_SECRET={0x10, 0x4, [0x1f, 0x8f4, 0x8000]}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000800}, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)
sendmsg$BATADV_CMD_SET_VLAN(r1, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, 0x0, 0x200, 0x70bd27, 0x25dfdbfd, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20008840}, 0x10)

10:23:19 executing program 2:
syz_emit_vhci(0x0, 0x3b)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r0, 0x28, 0x0, &(0x7f0000000000), 0x8)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080))
ioctl$SNAPSHOT_ATOMIC_RESTORE(0xffffffffffffffff, 0x3304)
r1 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000000)='.log\x00', 0x1, 0x16)
ioctl$SNAPSHOT_S2RAM(r1, 0x330b)
mknodat$null(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x8, 0x103)

10:23:19 executing program 4:
socketpair(0x1d, 0x4, 0x0, &(0x7f0000000040))

10:23:19 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {0x0, <r1=>0x0}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
r2 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r2, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRES16, @ANYRES64, @ANYRESOCT=0x0, @ANYRES64, @ANYRESHEX=0x0, @ANYRES16=r0, @ANYBLOB="b708f594deca33ca05a01af60f581d8d9c3590237cfdcb4f2fbf6b0e3b1757f59ee9a64d5f8d56c98a161bbccfe8c89cda19ecdaf6763e5f525757be0e525f75bc53bb8810eb", @ANYRESOCT=r1, @ANYRESDEC=0x0, @ANYRESOCT=r2], 0x3b)

10:23:19 executing program 5:
socket(0x2, 0xa, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x246040, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000080)={0x0}, 0x2, 0x0, 0x0, 0x404c494}, 0x6049045)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_DEV_REPLACE(r1, 0xca289435, &(0x7f0000000140)={0x2, 0x400, @status={[0x401, 0x6, 0x10000, 0x3, 0xfffffffffffffffd, 0x4]}, [0x7, 0x87, 0x7, 0x1, 0x80000001, 0x2, 0x1f, 0x5, 0xc25, 0x7, 0x3, 0x9, 0x0, 0xffffffffffffffff, 0x8, 0xe6e, 0x6c8, 0x4, 0x8, 0x4, 0x0, 0x1f, 0x4, 0x6, 0x5, 0x7, 0x84f, 0x3, 0x5, 0x2, 0x6, 0x5, 0x800, 0xffffffffffffaf43, 0x40, 0x4, 0x1, 0x40, 0x7fffffff, 0x400, 0x7, 0x0, 0x7fffffff, 0x6, 0x4, 0xd1, 0x8, 0x81, 0x5, 0x4, 0x9, 0x7, 0xbb6, 0x8, 0x5, 0x1, 0xffff, 0x1, 0x4, 0x1, 0x3, 0xb8b, 0xfffffffffffffff9, 0x81]})

[ 3283.418817][T25242] can: request_module (can-proto-0) failed.
10:23:19 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x10001, 0x1, @perf_config_ext={0x39, 0xc589}, 0x2, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

[ 3283.501439][T25242] can: request_module (can-proto-0) failed.
10:23:20 executing program 2:
r0 = openat$incfs(0xffffffffffffffff, &(0x7f0000000000)='.log\x00', 0xab81c0, 0x50)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x4, 0x9], 0x2, 0x0, 0x0, <r1=>0xffffffffffffffff})
ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f00000000c0)={0x7ff, 0x1, 0xffffffffffffff00, 0x2, 0x40000005, {0x77359400}, {0xe857e5e429857f87, 0x0, 0x0, 0x0, 0x9, 0xe7, "0157099b"}, 0x8, 0x1, @planes=&(0x7f0000000140)={0x4, 0xffff7bff, @fd=r1, 0xffffffff}, 0x7, 0x0, r1})
syz_emit_vhci(0x0, 0x3b)
ioctl$SNDRV_PCM_IOCTL_INFO(r1, 0x81204101, &(0x7f0000000180))

10:23:20 executing program 3:
ioctl$SNAPSHOT_S2RAM(0xffffffffffffffff, 0x330b)
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = syz_open_dev$vivid(&(0x7f0000000100), 0x3, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
syz_emit_vhci(&(0x7f0000000140)=@HCI_ACLDATA_PKT={0x2, {0x0, 0x3, 0x1, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_conn_param_update_req={{0x12, 0xb8, 0x8}, {0xa61b, 0x7, 0x0, 0x101}}}}, 0x15)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000080)={0x1ff, 0x1, 0x4, 0x4, 0x8, {}, {0x1, 0x1, 0x20, 0xbc, 0x5, 0x7f, "3908dfb2"}, 0x1ff, 0x3, @planes=&(0x7f0000000000)={0xc5, 0xff, @mem_offset=0x2, 0x7}, 0x6, 0x0, r1})

10:23:20 executing program 4:
socketpair(0xf, 0x0, 0x0, &(0x7f0000000000))
r0 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000040), 0x4)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000001c0)=@bpf_ext={0x1c, 0xb, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffb}, [@alu={0x4, 0x0, 0x7, 0x6, 0xc, 0xfffffffffffffffe}, @map={0x18, 0x2}, @jmp={0x5, 0x0, 0xd, 0x3, 0x0, 0xfffffffffffffff4, 0xfffffffffffffff0}, @alu={0x4, 0x0, 0x8, 0x9, 0x8, 0x8, 0xfffffffffffffff0}, @btf_id={0x18, 0x8, 0x3, 0x0, 0x4}, @generic={0x6, 0x8, 0x1, 0x9, 0x9}]}, &(0x7f0000000100)='GPL\x00', 0x8, 0x0, 0x0, 0x41100, 0x9, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0x9, 0x2}, 0x8, 0x10, &(0x7f0000000180)={0x1, 0x9, 0xdc, 0x2}, 0x10, 0x2f116, r0}, 0x78)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r3)
ioctl$TUNSETVNETBE(r3, 0x400454de, &(0x7f0000000240))
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r2)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r4)
ioctl$PERF_EVENT_IOC_SET_BPF(r4, 0x40042408, r2)

10:23:20 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {0x0, <r1=>0x0}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
r2 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRES16, @ANYRES64, @ANYRESOCT=0x0, @ANYRES64, @ANYRESHEX=0x0, @ANYRES16=r0, @ANYBLOB="b708f594deca33ca05a01af60f581d8d9c3590237cfdcb4f2fbf6b0e3b1757f59ee9a64d5f8d56c98a161bbccfe8c89cda19ecdaf6763e5f525757be0e525f75bc53bb8810eb", @ANYRESOCT=r1, @ANYRESDEC=0x0, @ANYRESOCT=r2], 0x3b)

10:23:20 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
ioctl$sock_bt_bnep_BNEPCONNADD(r1, 0x400442c8, &(0x7f0000000140)={r0, 0xff6f, 0x9, "b444bd971cc991547b83c00021482849b55a323f1dce38a789bd3c4e1797fcfd17a822907e101699dbaf4e7d770bed95ed22ea0c58ddd7d8320890ac7f4804b7d4a6682d0c5707cd84e400518fab1169710cbef4713b96efd5fbed2745c2956e70fafab6f8fde55a73e19dbdc2ed5c9454168de893edabe1c97d57c7d8d126640ad762ebb4bb9204dc9d505958d8f50bfbde394cbecd69718fa0602456d48fbf14f7a99865659fa07d8f930b6a69908444edb0a586c8553c1e9305725493ea"})
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0}, 0x2}, 0x4000)

[ 3283.877251][ T6375] Bluetooth: hci3: ACL packet for unknown connection handle 0
10:23:20 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x10001, 0x1, @perf_config_ext={0x39, 0xc589}, 0x2, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

[ 3283.967815][ T6375] Bluetooth: hci3: ACL packet for unknown connection handle 0
10:23:20 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x10001, 0x1, @perf_config_ext={0x39, 0xc589}, 0x2, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:20 executing program 2:
syz_emit_vhci(0x0, 0x3b)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x11, 0x6, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x58d2}, [@alu={0x0, 0x1, 0xa, 0x2, 0x2, 0xfffffffffffffff8, 0x4}, @btf_id={0x18, 0x1, 0x3, 0x0, 0x5}]}, &(0x7f0000000040)='syzkaller\x00', 0x8, 0xb3, &(0x7f0000000080)=""/179, 0x41100, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0x3, 0x5}, 0x8, 0x10, &(0x7f0000000180)={0x1, 0xb, 0xfff, 0xfffffffb}, 0x10}, 0x78)

10:23:20 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x0)

10:23:20 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {0x0, <r1=>0x0}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRES16, @ANYRES64, @ANYRESOCT=0x0, @ANYRES64, @ANYRESHEX=0x0, @ANYRES16=r0, @ANYBLOB="b708f594deca33ca05a01af60f581d8d9c3590237cfdcb4f2fbf6b0e3b1757f59ee9a64d5f8d56c98a161bbccfe8c89cda19ecdaf6763e5f525757be0e525f75bc53bb8810eb", @ANYRESOCT=r1, @ANYRESDEC=0x0, @ANYRESOCT], 0x3b)

10:23:20 executing program 4:
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000040))

10:23:20 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x8971, &(0x7f0000000080)={'syztnl1\x00', 0x0})
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_XRUN(r2, 0x4148, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r3)
ioctl$vim2m_VIDIOC_QUERYBUF(r2, 0xc0585609, &(0x7f0000000380)={0x3, 0x1, 0x4, 0x70000, 0xfff, {0x77359400}, {0x5, 0x8, 0x0, 0x40, 0xc6, 0x4, "c6b14e2d"}, 0x2, 0x3, @userptr=0x1ff, 0x9cb8, 0x0, r3})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r4)
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
ioctl$sock_bt_bnep_BNEPCONNADD(r1, 0x400442c8, &(0x7f0000000400)={r5, 0x98, 0x3f, "218e550705df1e0f57785d4986d58ff419bd0ea9656124cdcf1bb8bfa5f648828886cdb6ec18d3d5691414f0eb65dd9851cfff9b79df4bcb058bb3d324830eb28647a25c7dbd160c2dd37941a92aefdf51e48b903ef1bc7180b843f655efb5a19f34ddb297288c"})
sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r2, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="389b12000000007b04a767bd12d0d665016c647c421d42d8d489f92d56838857f06a1c86dca10c11", @ANYRES16=0x0, @ANYBLOB="100026bd7000fbdbdf250600000008002c00010000030500330001000000080039000080ffff"], 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000800)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)
sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r2, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000200)={&(0x7f0000000200)=ANY=[], 0x54}, 0x1, 0x0, 0x0, 0x801}, 0x10)

10:23:21 executing program 2:
r0 = syz_open_dev$sndpcmp(&(0x7f0000000180), 0x5c6cb9d9, 0x40)
r1 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
shmctl$IPC_RMID(r1, 0x0)
shmctl$SHM_STAT_ANY(r1, 0xf, &(0x7f0000000000)=""/110)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f00000001c0)=""/185)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r2)
mmap$snddsp(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x2000000, 0x20010, r2, 0x2000)
shmctl$IPC_INFO(0xffffffffffffffff, 0x3, &(0x7f0000000080)=""/236)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r3)
sendmsg$SEG6_CMD_SET_TUNSRC(r3, &(0x7f00000006c0)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000680)={&(0x7f0000000640)={0x2c, 0x0, 0x400, 0x2, 0x25dfdbff, {}, [@SEG6_ATTR_DSTLEN={0x8, 0x2, 0x20}, @SEG6_ATTR_DSTLEN={0x8}, @SEG6_ATTR_SECRET={0x8, 0x4, [0xfc]}]}, 0x2c}}, 0x6010)
sendmsg$AUDIT_GET_FEATURE(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x10, 0x3fb, 0x200, 0x70bd27, 0x25dfdbfd, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x24000000}, 0x6000000)
ioctl$SNDRV_PCM_IOCTL_READN_FRAMES(r0, 0x80184153, &(0x7f00000005c0)={0x0, &(0x7f0000000580)=[&(0x7f0000000480)="d57f389d0904b52b4eec2dbd942372a15b81d3be641c3921c3a57661c49af22689d63731ae05079a6c5d5395fdaef780aaa4eda714a46ac4e5c113eab7eb461364f3c447f66f983b28ebecef7c070b7341c6a242c5e15c5814bd0c261b30cd5815dfb885b0b3b986ad7acd1391f77ce9749bc1ab222f14d453f2a0b85da3d9d7ccfe39a837d2a854c780b7c552117927f8346f79c6a6d175ac67f490d3a9bccac94d80209beecaa06be4ba744a6937627a8b8fc19c50265105893f8c657c1632ab69e01a9dff8166609b37deaeddb5406e"]})
shmctl$IPC_INFO(r1, 0x3, &(0x7f0000000280)=""/202)

10:23:21 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x10001, 0x1, @perf_config_ext={0x39, 0xc589}, 0x2, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:21 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRES16, @ANYRES64, @ANYRESOCT=0x0, @ANYRES64, @ANYRESHEX=0x0, @ANYRES16=r0, @ANYBLOB="b708f594deca33ca05a01af60f581d8d9c3590237cfdcb4f2fbf6b0e3b1757f59ee9a64d5f8d56c98a161bbccfe8c89cda19ecdaf6763e5f525757be0e525f75bc53bb8810eb", @ANYRESOCT, @ANYRESDEC=0x0, @ANYRESOCT], 0x3b)

10:23:21 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
ioctl$SNDRV_PCM_IOCTL_HW_PARAMS_OLD(0xffffffffffffffff, 0xc1004111, &(0x7f0000000000)={0x8001, [0x9, 0xba82, 0x6], [{0xd551}, {0xffff5bb6, 0x100, 0x0, 0x1, 0x1}, {0xfff, 0xd36, 0x0, 0x1, 0x1, 0x1}, {0x5, 0xffffffff, 0x0, 0x1, 0x1, 0x1}, {0xfec}, {0x1, 0x3ff}, {0x6, 0xab, 0x1, 0x0, 0x0, 0x1}, {0x1, 0x3f, 0x1, 0x1}, {0xd7, 0x4, 0x0, 0x1, 0x0, 0x1}, {0x7e7, 0x1, 0x0, 0x0, 0x0, 0x1}, {0x9f, 0x40, 0x1, 0x1, 0x0, 0x1}, {0x2, 0xfffffff7, 0x1, 0x0, 0x1}], 0x2})

10:23:21 executing program 4:
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(0xffffffffffffff9c, 0xc080661a, &(0x7f0000000040)={@id={0x2, 0x0, @d}})
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000))
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000100)={&(0x7f00000000c0)=[0x9, 0x3f], 0x2, 0x80000, 0x0, <r2=>0xffffffffffffffff})
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r2)
ioctl$SNDRV_PCM_IOCTL_RESET(r0, 0x4141, 0x0)

10:23:21 executing program 5:
socket(0x2, 0xa, 0x0)
socketpair(0x13, 0x80c, 0x4, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000000c0)={0x0}, 0x2, 0x0, 0x0, 0x24000001}, 0x0)

10:23:21 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x10001, 0x1, @perf_config_ext={0x39, 0xc589}, 0x2, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:21 executing program 0:
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRES16, @ANYRES64, @ANYRESOCT=0x0, @ANYRES64, @ANYRESHEX=0x0, @ANYRES16, @ANYBLOB="b708f594deca33ca05a01af60f581d8d9c3590237cfdcb4f2fbf6b0e3b1757f59ee9a64d5f8d56c98a161bbccfe8c89cda19ecdaf6763e5f525757be0e525f75bc53bb8810eb", @ANYRESOCT, @ANYRESDEC=0x0, @ANYRESOCT], 0x3b)

10:23:21 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
getgroups(0x3, &(0x7f0000000040)=[0xffffffffffffffff, <r0=>0x0, 0x0])
r1 = getgid()
getgroups(0x4, &(0x7f0000000080)=[0x0, r0, 0xffffffffffffffff, r1])
openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000), 0x2)

10:23:21 executing program 2:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r1 = accept4$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10, 0x9818bd6f5be0aeb8)
ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000080)={{r1}, {@val, @actul_num={@val, 0x1, 0x65}}})
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
ioctl$sock_bt_bnep_BNEPGETCONNINFO(r0, 0x800442d3, &(0x7f0000000000)={0x1, 0x101, 0x2, @broadcast, 'veth0_to_batadv\x00'})
syz_emit_vhci(0x0, 0x3b)

10:23:22 executing program 4:
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
sendmsg$AUDIT_TTY_GET(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x10, 0x3f8, 0x4, 0x70bd2a, 0x25dfdbff, "", ["", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x90}, 0x2004c040)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f00000001c0)={&(0x7f0000000180)=[0x5, 0xfffffffb, 0x2, 0x3, 0x1], 0x5, 0x1000, 0x0, <r2=>0xffffffffffffffff})
ioctl$TUNGETDEVNETNS(r1, 0x54e3, 0x0)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r0)
sendmsg$BATADV_CMD_SET_VLAN(r2, &(0x7f0000000300)={&(0x7f0000000200), 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x40, r3, 0x200, 0x70bd2d, 0x25dfdbfd, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x4}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @local}]}, 0x40}, 0x1, 0x0, 0x0, 0x6996da2a6a4b4119}, 0x0)

10:23:22 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
r2 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), r0)
sendmsg$SEG6_CMD_GET_TUNSRC(r1, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000045f1d9cfaa990c610f40f82ef693c6280f01b216591c84e5aed7394bbc514de535251e612b81725c2b5baaccef46c6b1879fd789368dcd736c3b3d81f1e5312e263d04434fa5000200000000000000dd7a19fa14ae9c409e740efd94824a607fe96a5a919156564f7fe082c981a3bbcb08a5d4da6e668e4c9694274dbe34ee9937d82c839bb78be392ddb16f192490df9b836936f9c4b0f55e9fbc1a9f3049e610291cc941819a6dea76f7fdd22942f093519530fb928d1a01e301181040b87391", @ANYRES16=r2, @ANYBLOB="00012cbd7000fddbdf2504000000040004000500050000000000"], 0x20}, 0x1, 0x0, 0x0, 0x1}, 0x4)

10:23:22 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x10001, 0x1, @perf_config_ext={0x39, 0xc589}, 0x2, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:22 executing program 0:
syz_emit_vhci(0x0, 0x3b)

10:23:22 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0x1, 0x2, 0x1, 0xa}, @l2cap_cid_le_signaling={{0x6}, @l2cap_ecred_reconf_rsp={{0x1a, 0xdc, 0x2}, {0x8001}}}}, 0xf)

10:23:22 executing program 2:
syz_emit_vhci(0x0, 0x3b)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x11, 0x5, &(0x7f0000000000)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x100}, @ldst={0x0, 0x0, 0x1, 0x6, 0x7, 0x6}, @initr0={0x18, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x8001}], &(0x7f0000000040)='GPL\x00', 0x5, 0x98, &(0x7f0000000080)=""/152, 0x41100, 0x1e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0x3, 0x1}, 0x8, 0x10, &(0x7f0000000180)={0x0, 0x10, 0x6, 0x3}, 0x10}, 0x78)
ioctl$TUNSETFILTEREBPF(0xffffffffffffffff, 0x800454e1, &(0x7f0000000240)=r0)
ioctl$TUNGETFILTER(0xffffffffffffffff, 0x801054db, &(0x7f0000000340)=""/49)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r2)
renameat2(r1, &(0x7f00000002c0)='./file0\x00', r2, &(0x7f0000000300)='./file0\x00', 0x1)

10:23:22 executing program 4:
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmsg$BATADV_CMD_GET_MESH(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, 0x0, 0xb01, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x20}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x7ff}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20048004}, 0x40000)

[ 3286.129480][ T6375] Bluetooth: hci3: ACL packet for unknown connection handle 1
10:23:22 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
r2 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), r0)
sendmsg$SEG6_CMD_SETHMAC(r1, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x7c, r2, 0x20, 0x70bd2b, 0x25dfdbfd, {}, [@SEG6_ATTR_SECRET={0x8, 0x4, [0x8c5a]}, @SEG6_ATTR_DST={0x14, 0x1, @private1={0xfc, 0x1, '\x00', 0x1}}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x6}, @SEG6_ATTR_DST={0x14, 0x1, @remote}, @SEG6_ATTR_DST={0x14, 0x1, @private0={0xfc, 0x0, '\x00', 0x1}}, @SEG6_ATTR_SECRET={0x8, 0x4, [0x6]}, @SEG6_ATTR_DST={0x14, 0x1, @remote}]}, 0x7c}, 0x1, 0x0, 0x0, 0x20048100}, 0x4000840)

10:23:22 executing program 3:
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRES64], 0x3b)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="02c8c02600220001269b9e1e00ff01ff01040902050505000100fcff0409041f0702002000020007020800"], 0x2b)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x17, 0x5, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x9}, [@alu={0x7, 0x0, 0x5, 0x4, 0x4, 0x80}, @generic={0x81, 0xc, 0xe, 0x8, 0x1ff}]}, &(0x7f0000000100)='syzkaller\x00', 0x9, 0x1, &(0x7f0000000140)=""/1, 0x0, 0x1, '\x00', 0x0, 0x5, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0xa, 0x2}, 0x8, 0x10, &(0x7f00000001c0)={0x4, 0x3, 0x9}, 0x10, 0xffffffffffffffff}, 0x78)
ioctl$TUNSETFILTEREBPF(0xffffffffffffffff, 0x800454e1, &(0x7f0000000280)=r0)
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(0xffffffffffffffff, 0xc00464c9, &(0x7f0000000080))

10:23:22 executing program 0:
syz_emit_vhci(0x0, 0x3b)

10:23:22 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x10001, 0x1, @perf_config_ext={0x39, 0xc589}, 0x2, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:23 executing program 4:
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000))
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
ioctl$SNDRV_PCM_IOCTL_HWSYNC(r0, 0x4122, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)

10:23:23 executing program 2:
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(0xffffffffffffff9c, 0xc080661a, &(0x7f0000000000)={@desc={0x1, 0x0, @desc2}})
syz_emit_vhci(0x0, 0x3b)

10:23:23 executing program 5:
r0 = openat$incfs(0xffffffffffffffff, &(0x7f0000000040)='.log\x00', 0x800, 0x0)
ioctl$SNDRV_PCM_IOCTL_CHANNEL_INFO(r0, 0x80184132, &(0x7f0000000080))
r1 = socket(0x15, 0x4, 0x20010001)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r1, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0}, 0x2}, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000180)={&(0x7f0000000140)=[0x3, 0x0, 0x6, 0x870e, 0x5, 0x3f], 0x6, 0x800, 0x0, <r2=>0xffffffffffffffff})
write$snddsp(r2, &(0x7f00000001c0)="599ba4e72e69b9e1f7c66b0b5c8c6f34b7b8e3e2e243ad0bd9fe31adc0c436c750e72862b8d85d2f3ae88f617a50026942085fdb14c39679a39f4c61ec6617d112f0e63a561a7074224236ae75", 0x4d)

10:23:23 executing program 0:
syz_emit_vhci(0x0, 0x3b)

10:23:23 executing program 3:
socketpair(0x2a, 0x5, 0x4, &(0x7f0000000000))
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)

10:23:23 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x10001, 0x1, @perf_config_ext={0x39, 0xc589}, 0x2, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:23 executing program 2:
syz_emit_vhci(0x0, 0x3d65933f)
ioctl$SNDRV_PCM_IOCTL_USER_PVERSION(0xffffffffffffffff, 0x40044104, &(0x7f0000000000)=0x8a0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000140), 0x10880, 0x0)
ioctl$SNDRV_PCM_IOCTL_STATUS64(0xffffffffffffffff, 0x80984120, &(0x7f0000000080))
ioctl$SNDRV_PCM_IOCTL_XRUN(r0, 0x4148, 0x0)
syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT, 0x2)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)

10:23:23 executing program 4:
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000))
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
ioctl$sock_bt_bnep_BNEPGETCONNINFO(r0, 0x800442d3, &(0x7f0000000040)={0x10000, 0x4d, 0xc13, @random="1357fd045efb", 'bond0\x00'})

10:23:23 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x7, 0x3ff, 0x7fffffff, 0x1, 0x115a, 0x1, 0x8000], 0x7, 0x0, 0x0, <r1=>0xffffffffffffffff})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r3, 0x1}, 0x14}}, 0x4000)
sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r1, &(0x7f0000000200)={&(0x7f0000000140), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r3, 0x400, 0x70bd2b, 0x5, {}, [@BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x4}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x2000c884}, 0x4)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:23:23 executing program 0:
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRES16, @ANYRES64, @ANYRESOCT=0x0, @ANYRES64, @ANYRESHEX=0x0, @ANYRES16, @ANYBLOB="b708f594deca33ca05a01af60f581d8d9c3590237cfdcb4f2fbf6b0e3b1757f59ee9a64d5f8d56c98a161bbccfe8c89cda19ecdaf6763e5f525757be0e525f75bc53bb8810eb", @ANYRESOCT, @ANYRESDEC=0x0], 0x3b)

10:23:23 executing program 3:
syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYRES32, @ANYBLOB="2b110cd6d7aa3f3ded1ae224356a59a092ed1c825c04d7052b58d5bb1b30d2d26fa76b58efc7aaf1c62a967eec4c75232bb3ea6e0b6519dfe20cadfad1f2d647ebe27080386c617311f07f364dd2cb3b2dbfd82aad313c85ff655f216463154265ccb3c88b4df67c6697d50edd493e25004f9dcdfc67b8f5a48f5431b55ad9a15ecd2884ab690e7d882b99920a7d255a280e14cde6e0914b6bac091b50f5459286cfc12f4aea4a7c889e6b43f8ec03483f6b46d082f034f59903185d2c110692e5c5b9d95885599b0a5262"], 0x3b)

10:23:24 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x10001, 0x1, @perf_config_ext={0x39, 0xc589}, 0x2, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:24 executing program 2:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000000), r0)
syz_emit_vhci(0x0, 0x3b)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x3, 0x400, 0x81, 0xfff, 0xffffffff, 0x6], 0x6, 0x80800, 0x0, <r2=>0xffffffffffffffff})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000100)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_VLAN(r2, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x24, r1, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}, @BATADV_ATTR_GW_MODE={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x40004}, 0x24004010)

10:23:24 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000040), r0)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000240), 0xee26c29e933a4769, 0x0)
ioctl$SNDRV_PCM_IOCTL_WRITEI_FRAMES(r1, 0x40184150, &(0x7f0000000380)={0x0, &(0x7f0000000280)="6f9b9308505c73eed3e5098d3cc15f0404619fd11646cf2a2f5421bd3b620264d012bfe158c0e26a7800ae536d3a9b34cf9342c00a116a67d1b73c540c4cfba27ff39ea5856e5ae3646a7ae4b6ca4ca3344aa4419aab7c9f7b7f57c8cec0ca54502e3535dc6174d53df270a628b8597c850d2a95bc922047f0c19f83e3de75a6e3a8732eb9a125395bf4ae5ced5a7fc501c6431aac01eb29056775b3e58ee5f4c1787c7e589d3f7180ae9e4f9a8bd3f24da5c9014b10cf4aca8a91eb2f9b97bb0356bf8d973c27b397689120e60c904806b0b094880cf429f060dbdcfb18fc97", 0xe0})
socketpair(0x7, 0x4, 0x20, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
getgid()
sendmsg$AUDIT_TTY_GET(r2, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x10, 0x3f8, 0x0, 0x70bd2c, 0x25dfdbfe, "", ["", "", "", "", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x100}, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:23:24 executing program 4:
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f00000008c0))
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r0, 0xc080661a, &(0x7f0000000840)={@desc={0x1, 0x0, @auto="8bef5a20aecc55a8"}})
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r1, 0xc400941d, &(0x7f0000000040)={<r2=>0x0, 0x1f, 0x6})
r3 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r3, 0xc0585609, &(0x7f0000000b40)={0x0, 0x0, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000900), 0x240000, 0x0)
ioctl$sock_bt_bnep_BNEPGETCONNINFO(r4, 0x800442d3, &(0x7f0000000940)={0x7f, 0xfff, 0x1, @local, 'erspan0\x00'})
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000440)={0x4, 0x1, {0x3, @struct={0x1000, 0x200}, r2, 0x80000001, 0x7, 0x3, 0xfffffffffffffff7, 0x800, 0x45, @usage, 0x5, 0xbbe4, [0x9, 0x0, 0x4, 0x6, 0x7, 0x7]}, {0x8, @struct={0x1, 0x80000000}, 0x0, 0x1, 0x5, 0x0, 0x2, 0x7, 0x8, @struct={0x8, 0x56}, 0x2, 0xe34, [0x800, 0x877, 0x3, 0xd8, 0x4, 0x2]}, {0x3ff, @usage=0x8, 0x0, 0x3ff, 0x8, 0x7a, 0x0, 0x4, 0x6, @usage, 0x7, 0x2, [0x80000000, 0x3e6b, 0xde1, 0xffffffffffff4fd5, 0x3e7, 0x401]}, {0xe0f9, 0x100, 0x4}})

10:23:24 executing program 0:
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRES16, @ANYRES64, @ANYRESOCT=0x0, @ANYRES64, @ANYRESHEX=0x0, @ANYRES16, @ANYBLOB="b708f594deca33ca05a01af60f581d8d9c3590237cfdcb4f2fbf6b0e3b1757f59ee9a64d5f8d56c98a161bbccfe8c89cda19ecdaf6763e5f525757be0e525f75bc53bb8810eb", @ANYRESOCT], 0x3b)

10:23:24 executing program 3:
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x280001, 0x0)
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r0, 0x80083313, &(0x7f0000000080))
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
ioctl$SNAPSHOT_UNFREEZE(r1, 0x3302)
ioctl$SNAPSHOT_SET_SWAP_AREA(r0, 0x400c330d, &(0x7f0000000040)={0x4, 0x8})
r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(r2, 0x80083314, &(0x7f0000000100))
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
sendmsg$AUDIT_TTY_GET(r1, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x10, 0x3f8, 0x10, 0x70bd27, 0x25dfdbfc, "", ["", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x4000000}, 0x84000)

10:23:24 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x10001, 0x1, @perf_config_ext={0x39, 0xc589}, 0x2, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:24 executing program 2:
syz_emit_vhci(0x0, 0x26)

10:23:25 executing program 4:
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket(0x1e, 0x3, 0x7ff)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f00000000c0)={&(0x7f0000000080)=[0x0, 0x7f, 0xb, 0x9, 0x6], 0x5, 0x80800, 0x0, <r2=>0xffffffffffffffff})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000100)={'batadv0\x00', <r3=>0x0})
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r0, 0x28, 0x1, &(0x7f0000000780)=0x2, 0x8)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r4)
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r5, 0x28, 0x0, &(0x7f0000000000), 0x8)
syz_open_dev$sndpcmp(&(0x7f0000000580), 0x2, 0x40)
sendmsg$GTP_CMD_GETPDP(r1, &(0x7f00000006c0)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x2ca8eae8e9bc12b3}, 0xc, &(0x7f0000000140)={&(0x7f0000000640)={0x2c, 0x0, 0x100, 0x70bd27, 0x25dfdbfb, {}, [@GTPA_MS_ADDRESS={0x8, 0x5, @broadcast}, @GTPA_I_TEI={0x8, 0x8, 0x1}, @GTPA_NET_NS_FD={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x44000}, 0x400c040)
ioctl$sock_bt_bnep_BNEPCONNADD(r4, 0x400442c8, &(0x7f00000007c0)=ANY=[@ANYRES32=r5, @ANYBLOB="000000000400392e3ed5e7991bdece57092963717ab73c5b4b21ab4606e84d4293119c2cd13c0d01dde2f09c30ad81a14264f4"])
openat$vcs(0xffffffffffffff9c, &(0x7f0000000700), 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r4, 0x400454d8, &(0x7f0000000740)=0x102)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f00000005c0), r7)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r6, &(0x7f0000000200)="de320608d69bb239b7c66906e1b36eca7a23054dc4d765a126df79ec232a34a40983c376f6e9012b1c973a2692b13ccbdbb92918612b14d911330c593bd441c9c99afb57a693371488c2846674d9d4f2d4bb79b998443fc3e3f87274730b3b8a4feba7c14c8430fe6fe9d86a1511af8adec71e147ce227ae30d7dd1c5dce51f30192bbb39e364ad0571b704d9553b1216f3f00ff1b39fc01edc7e075f04234c2c01130c626218a24aeee7bea061a2d0221083b0af4d22e13bd1373332e6e1f240b17f5aecf12bb69a7f25a11be30332667e30b0f7506a292db894826d8ac394e4e270f74910a1800aefb5881f47dab74ee85850cc10248a70b8c", &(0x7f0000000300)=@udp6, 0x1}, 0x20)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r1, 0x28, 0x2, &(0x7f0000000040)=0x401, 0x8)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000500)=@bpf_lsm={0x1d, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000ff000000000000000000000085100000fdffffff18300000020000000000000000000000850000008d00000018240000", @ANYRES32=r2, @ANYBLOB="000000000e00000006e60001ff00000018100000", @ANYRES32=r2, @ANYBLOB="0000000000000080180000000000000008000000000100009500000000000000"], &(0x7f0000000400)='syzkaller\x00', 0x9, 0x17, &(0x7f0000000440)=""/23, 0x41100, 0x1, '\x00', r3, 0x1b, r6, 0x8, &(0x7f0000000480)={0x4}, 0x8, 0x10, &(0x7f00000004c0)={0x2, 0x6, 0x0, 0x800}, 0x10, 0xffffffffffffffff}, 0x78)

10:23:25 executing program 0:
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRES16, @ANYRES64, @ANYRESOCT=0x0, @ANYRES64, @ANYRESHEX=0x0, @ANYRES16, @ANYBLOB="b708f594deca33ca05a01af60f581d8d9c3590237cfdcb4f2fbf6b0e3b1757f59ee9a64d5f8d56c98a161bbccfe8c89cda19ecdaf6763e5f525757be0e525f75bc53bb8810eb"], 0x3b)

10:23:25 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x10001, 0x1, @perf_config_ext={0x39, 0xc589}, 0x2, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:25 executing program 5:
sendmsg$BATADV_CMD_TP_METER_CANCEL(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000080)={&(0x7f0000000200)={0x5c, 0x0, 0x100, 0x70bd29, 0x25dfdbfb, {}, [@BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x5}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x7}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x2}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x27}]}, 0x5c}, 0x1, 0x0, 0x0, 0x240400c5}, 0x8000)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:23:25 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
mmap$usbmon(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x4, 0x4000010, r0, 0x3)

10:23:25 executing program 2:
syz_emit_vhci(0x0, 0x3b)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000040)={0xffffffffffffffff}, 0x4)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
r1 = openat$incfs(r0, &(0x7f0000000100)='.pending_reads\x00', 0x8002, 0x0)
bind$vsock_stream(r1, &(0x7f0000000140)={0x28, 0x0, 0x2710, @hyper}, 0x10)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r2)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r3)
ioctl$TUNSETFILTEREBPF(r2, 0x800454e1, &(0x7f00000001c0)=r3)
ioctl$SNDRV_PCM_IOCTL_STATUS32(r0, 0x806c4120, &(0x7f0000000080))

10:23:25 executing program 0:
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRES16, @ANYRES64, @ANYRESOCT=0x0, @ANYRES64, @ANYRESHEX=0x0, @ANYRES16], 0x3b)

10:23:25 executing program 4:
write$snddsp(0xffffffffffffffff, &(0x7f0000000080)="b313164710a86fc56a0f62a5be098d90be03cf3e3a6e402f1031d2a644c62a3b928cf8e728869f72ec1d12ffef50faed209b55ec1db705baae9da54808b2f8447a5afc7f541226818ae2b878bd9c46a3f34c4295e816355c0a2a1e7051200c31818710edd73f1740f4df7f3b4e760537aba7126aad06dc8509548553431f2d093b692d7e114679ce7c1a6b710230dbc8a95164029aef6d15b078a96c492e853c58dcaebcc27065aefd5f5ce22d54186937bef3586c24b747abc0983d0bcde78257d2bc6a8dd71523764b5093b6d89bc0571affced03e85ccb262d99b9f0df928597851b8", 0xe4)
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000))
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_PREPARE(r0, 0x4140, 0x0)

10:23:25 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x10001, 0x1, @perf_config_ext={0x39, 0xc589}, 0x2, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:25 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f00000001c0), 0x200, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_bt_bnep_BNEPCONNADD(r1, 0x400442c8, &(0x7f0000000200)={r2, 0x1000, 0x4a0, "8df13d6f0e7188de3f98f7026e00b5af2851656978a68a2a8944f20bf7c754653b0addd20ce640f4afffb9bbebe454ca4941388b6372249b481dab7b8811a8a39c9d0b8e3ed93f0be44c797c79453203fea376de8b8afd3c"})
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)
sendmsg$AUDIT_GET(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x3e8, 0x200, 0x70bd2c, 0x25dfdbfb, "", ["", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0xc0}, 0x20040005)
syz_open_dev$usbmon(&(0x7f0000000280), 0x2, 0x1)

10:23:25 executing program 3:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f0000000b40)={0x20, 0xc, 0x4, 0x0, 0x0, {0x0, <r2=>0x0}, {0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0, 0x0, 0x0, <r3=>0xffffffffffffffff})
bpf$MAP_CREATE(0x14, &(0x7f0000000040), 0x40)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="f842eff94872690b15ed4c65f3ccab5c11ec9b2cacb6b0c2626c51b34396be7e9397893673d19521779f004bd39f8bd7dfc3f031aab83d432e68da704ed67562049937e971b39f805f6277553d3e7d7349bc24897a52d8cca7857756c01186fdf89b09cee5c22f42c2fb9cab2103c7c2468880b969d5f2b1aee5703d840c0bf7a441c87dcc8a784e", @ANYRES64=0x0, @ANYRES64, @ANYRES64=r1, @ANYRESHEX, @ANYRESHEX=0x0, @ANYRESHEX, @ANYRESHEX, @ANYRESOCT=r0, @ANYRES16=r2], 0x3b)
ioctl$VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f0000000080)={0x14a6, 0x2, 0x4, 0x10000, 0x0, {0x77359400}, {0x1, 0x0, 0x4, 0x20, 0x81, 0x1, "650398f7"}, 0x400000, 0x2, @userptr=0x7, 0xee2, 0x0, r3})
ioctl$SNDRV_PCM_IOCTL_WRITEI_FRAMES(0xffffffffffffffff, 0x40184150, &(0x7f0000000000)={0x0, &(0x7f0000000bc0)="1faa88d04510735d57bf86f0ae07963588ada100ba22bd40cd9c5200faa41924901b4f9683310f3c3cd907f31f08e64be2597c2d631417213f3549385795befb870ae8aea55f100ba470bcc2ac22b5bbcb5ef443e6c83406870b66c21002c4a922c1c9625d921de41f54eb4a38f8cccd975175d8563b704ed2dd3a09c6fc9f319977c2d7608a399c8a2b56afdecb634024d06e5ee8b0560929cf0b785f9af82e7e6224b9f2e202cff6b434f81712aa90658d47a567c93720bcbf40f3be3890c039ab67a113d6c5ed39847676af0e25f131d207769d8a29daa5e7ec0ae2b7a5fa17146f06ad561de7f4d19a3ef60316034ec8bf74e90e13142e1f01b454fdc6e1ff16a7c82bc414750038745e868d03d1f926f1a19977bf8f7731ab943a0090dad9c36512672756d0b5faf91f2c589a1af65bf711ca7155d65d98ea8b954281ebf9513c95884ade3310c16f712cfca674525bb0b7bca4d0651e9422581f86380e810beebb0259deba49cc06d06118ade2e55d62d0094ecc53caacf0763dea8abbb866bdc7e3175fd0855c0b2f9664920d39b0f6c516981e1e76ca39539f016d30f2e5386373c5eb00cf6fa70b6a20a7ed50fa08f0ccb0ed2a9137a35e6c3709bbdb33e7c0982abde345c18668e5d081bf0cf56afc85de99b5564abc354f5b01ff37354995131b37983d18d069ca725093d1936ac3653d9e59ae8fea00ec4381d1bf915e4a23ad0be263d6d285f56a8eb60eedca64669250dd45062e4d264d6b73aa50db4b0619406f8c5602c5f2c88be5a05fa40439c268fffedb0ca7fb5b1821d667a9ce872c75ef0d40ffcef5b6481c521767c9d244b22706d33a1e59da2ec51fda2bf5c730012825a585d15fb6bbc0bc230ba8ddbf9aab569ccd00747b3d3efe35f3e502188a082dd1a0107e23366c15359421dcfb389e05cf9563c554601a17215f9b2526a3c38f338de67555bc388ee7281e2ca7cc730c3631b70e2fc9c9af195c6683e9950c7e7c81dc573805a00c500b3dfb097890c17fca4d6484021a36cecdca86bf7b23e0adfa9a01b39b26cfa69432466a24606748902f04c2a0cff6f54c5da6670d950ee288021397d4e65e0736c6145acdc7a1a4ca90bd852ac761768fdd3a2b808a62bc7cde5c4c3f9d45b1c778d62ff3e6567861e57c98c3a3fa1066525b57aa5dd0991a02aa115e66ea96dc92dc9a41a30e0ff453cbbc984732fadf938ee7bab3607a32c1ac5cab27ec107cc46d87bf7959d03ac0d1f0919484223673d0349050a64fbbfa580f963399f647be5757efe7a0175c3552000f30bd51cb1c6bba2e48607440c15f6bc9b275c8d91c3ff68cc258b18bad6cae643e437da22a780a621640120693d0bb12af2711ea66b44f3d5fb96ff2bec7e1f4bd07c918ee545bd9fdecccaf61b2f7923ccb2d94e363a5def1ee1a01999b6ee48e0b080a07f8326af4cf0f53fb50abb0f0cafee6190d93929fccb241f4391d52b01a46c7cff0d13e1289280caf613f4436bdcc7214bbd3e1d7d51ef1cb395d4c77d28f47db930dc730ff26e22b57cd2c943664d4cb8ffab058ecba9906452be31ef848e0003fe77ca57ae194eabd5972a635fc5e4525dfc5ffb98fc8590e17cf5578c75c82ddaef74ccf5c952d885dd631f42926703638338e2bb2f6b75570306d9b43c4ceebcc47fd289fe652eb9a1d6247241a9e601ee2351c9b93999c8e31e98da0bda04d411eb168de83eb63286f20624f2580ea12b6b8b20e127b0e0df911e51bf7ec7f3e576a31597f71e2fe4d0af39beaf5ea8dfadfcc813074b51211aa5e2ac8ba0a06686d257b0177ef58a67275332636afc4a6772a01c7612a1a755f0a27656902a2a0101b4d8e982d3ebe5e012583c3d96862ff925375713463597b058b96f9d436f7c185cfb9f27fd5831b1d66c18d45b86e2f789056e6edf79d238a83c17a339d8fbf3b75bcac9d1a1242252f0ff45b0daf1d494571516fe821d41cc4da9871a66927bc366d25a54db41507404033b1d0954dc4304112c54c00d1425b7b82c7e095042745b4a1c8b3d71a0377d6a0682d6f550c1df3b10e83e2505c26b7a9851ad142b04e5c3ff647b51df909642b280dba7882a29e54dcf4bdf44298c2f6b57a625d086e086b8aa54193072cd94e446e26f7828e8fd272f22e0b5bbeb856af19d65b540d438fe07fc58672374708b096c9c11fb1296d255397e9f0185e9f4011dae68a3194971d3dc99c71f48d19b840025a7f0e0c557a22fcc5281a14d81eb2664fcc41b42768c69f25a89a6ef99eb228e5dc8669556063638e23276ebac0b0ad3d3ecc8ba6919ee76822709ccf0ec53c5c717d6af6c9efcb2c88edff00c69920384656f5d390b41fdea08fd9966c527d3e46ad02a783f2c487a44e1bd34179019474a65b98e0f2e0373616260b7c783882bfc14cfacdabd1d063e3771588e5d2ea36a007b00a812a174cba6cdd884b1a8bd179a86b57c59d2ee5568c42d91f5989d418cf27b2b326b21d6908f92ee8088e0fff255ddcbb12dcd6cbfbc51a8b6c4e9768e07b6d8f547530765c1874914ef2f7e7a6df1d1268522630d8944ace47329fa29d8c959574f939169848b1f7ca8df59dada3a4164eaeb768e00c580faa33b4ff80ef53c82cef61130ffe66189133d0fcb66a397970fd5071547800071f4e61ddfe58ad07d6d9c24a5d1e7e6627d83f052eb6c007fef18f87d99f72afd557aa00169834884ecc520bb0d8682999b28cbbc72936ea2f246a3788adcc6314020dffa0817d070ee1ee66dc618cafa87a24cb8d49907d156abbf7915aa80c3774f87c6ee915e0edf6ff73d8d22338031c2fa8f277992c5647db2653de83f172d6c13f9f4eb80bdaa46e25893d126e6d1eba152a9573b384680d99ecd0d9c4ed30d4c4a0ed11b4d61553ac6b64f28ae0786c8a1aefff4fe0b19ce81fe23346d4ff4154269d27d32f625c8b5b00a20446cad43ef779815389b692fb0c4dc21354d2fbfd083848e6a955db91b6257b7e072dc243d2f3e182d387ae196abf173c74e540148c97eaffffe3349779040fcac83fff8b4b23ab44f0c6f120e99e2f594db10ad39d4bf38aa36fe61ca092df74095566b65590ba304d77e667e4ce8acf7865f441e22ff0d610d7bfd831275ff549f189765401e4e09532095d209c1139ede746af711fe777e537da57c79f1fe568a9f1627238d9e00d75e4ff739f6c43714972247b832bb80bf6d6b4bcbf300130b984c3e622407c937ff28af9cbb71402e1c515ae0a8754ebba7f34a468491246acf220be6e99e2843af9cbc2f449c5741719733a247129662c6b08c5a72d4dd1a679e9bf7d62c40114b9e8cd3420fb8e1be2a466a92da805a6209bf53b36cba264d1205be4f35ac28021d656d1b0e8cd9e95a3be3f8336f703fe0a32de51662f6bcde7f3aaa9535126130c2cc3d357fc68e19c18e0b8203e2adc8a689b96fae6424eb776426241395bd7c729f9a28aa8bd55e7a6a958e720af8af5654ae71c024862aaac1ca961d460481351322e7f43abce87cf0108baba587c677b9e0339122ced74653226e56974beb4f6394ef53c12a907fba7c028ac608194d7dcc805f5fe043a4db26e5add752e5f61892345033eb8254563294e5e82e5cfeb857a608e26ac525e3e889dbea6b2108e4d7581873f28600ad34f86d984add19de52c4ce2a4c00cebd451c7704253bfe64999a02493e5183777893d68703a4326e0a28d1948310c39da5cb11112400c6bcfff23fc7628720e6c98c96f152c8d3a495b91603928af92bd8f63e793ec1eed6625256671bff4841a7ed9b6adb16e0dcec81a21d1a6d916993342d6d026e9d72bafeacce14057efbe280c9714ec8deca578a9b76b0127da872b2c6fcec9f4b47d875b02425dee42961ba94408f8c21860fdf7be433619aa7b46f981ab796606abf850eb1c008ac059bcca5550915f46d6ae584ba3c9ff97b6d80d9f92c7666261ab406ae93fe76a3e887e329c4d5f86c17f6c368cb50c262944bf8068e0056bfdbf6847d4d61e7146b66dd499fd7ab0ae32dd2a78a29b98e3b35cfcbd8320710a289e9655c83b8f168c5cbe46f6107f174aca59a956cb3a77f41dbd5bfa330eddf4a56edf5edf17c12e476c9046e475b4e246cfee96e6e1a74e1d0469e1ee81840fd0a87aad63d404e7f690539cb2c51ab4f6cbdf5a7e72e7df80ee70957ea22dca573503750d82434238e8f76b1b240ef6514e9e029b3ce319ea8cb8eb435f9c8d45484d0ec0675dbd23306dd9fcd305e4b6c6cf2a5099ebea6dcf57152486ebb8f9609fdf4efa639b84235d35e1029ca5de933ad376cd229bf6252c17bb58e8605716a08a6fa9f09df8bd2a882db04a7ead89cd94eb04139f5cde7baf9f92b540c3170513840e2fe4fe17fdcf5ca46f37d29435493c50982c20e2924df4b3ffa36ff0d47f9d42580b60bc7d515afd390f1e9c9b8f16eefd7169d1eca6589aa25d4e0812ce9b2f64c653a0a22ae6b9893d82cc1b31bc1d9f5eedee1fa0d531ea356985f84fa0ba302d28a1b13b7ed4aed1f1746887983825cb5738e31282fb5fbbd889b0f792f6fb2548f028b3bb5e45bae4a0660fafe7dff5534b2804d6ea2332f2c776111008d5ad8900b846268cba2dee7f71fca17df7c0a4b71c8bc662f82b4a2786c3ae6b17c4a01a81c523f34f05d9ca0778f6e82ea5725449470d0db18772c0d391c335f52e320a12ba0360d09118c217c864f6d51c0cc7861f3daa37a680f0e6bbd68220bde365d63dc7008fadfe064e1fbe00552865aa9064d5079cbf22ee94bf0a950d62817074f294cb6257ee12b9d317531a66abf284e4b4bca87a7a08db82fa54777ba3051f4c2c191a0e94dbbe1ef5c5742346bb81a796e379f18557a239a303d30d3387eb99518364c860e12893e7846e8d2ae525d2ac88fc4c67473da416afc4828a9e2ef4919a46291582e07c320aeb19e2a3ea5cc29953ea29c3fe462771152761e3920d798bcc6a02e15d5df2b756f2b1f2e1a7c7aa9c8ad6692dd5d1a565ed50f853ce51e116eff729820435964b97b311b0006751bea63bdc4014fb392a678e69c0656b1c0302d610c36fcea64edfbbebf655199fee16da65d1d72fc1b4f84d79a083f3428fee6c501a3755c26d8d8d3a7bfbc3b3b8890d9ee69d1a229bd94cc3df726672ad7b535dc20b8d2d300388ad87304a7c2cba6e8f9d297d08f01324d57bb194ff3a5503479cc7870df4d45a1fb5bedfe259dd2699ef432d24aa723b438bdd4b051a4b86baa1df8a3b2ff4efc5d5e04d5027d3b93461c5d64090ce49a8377fcfe6981be802d7539314202e537744878e34f8953227507cac96d03eba84ced0164bd6d5b645f5bb63c6cf02158084673f64c136f0fa30fe1723e57f94632d607b767b8dff3ef0c60df771bc25340ad6cab09cef78a82114fb31bb9387dcc46c5fac0ba246a2eceffbdb2e7db3b76d974f8e4ef6c94c22d377a354d8e074311ce2d4cddc964b627255278259af690466e5eb6ed915f314c9a26c870da80e009fee13b991531517dc8549c80e2e950aed7f17f91f3c26ef8541825c630e9b688b911b0e447d855701205225fcdaabf4b85ccca5bb45e903734aa7cad739305c7dbf6e8f58e475b9ad43824d101dcca761e5e8c53d391a7aab75989db06464b769abafa816e673087919f0a73bc1cd8cec3c77601223c485d1a80a8fc43372c371a0a8438c70f146464120b916fa3b2c65b48f3d5b2c597e98be37d3038a0119d6eba32d2118188e188386b00f65b936", 0x1000})

10:23:26 executing program 2:
syz_emit_vhci(0x0, 0x3b)
syz_open_dev$usbmon(&(0x7f0000000000), 0x1ff, 0x165802)
read$snddsp(0xffffffffffffffff, &(0x7f0000000040)=""/250, 0xfa)

10:23:26 executing program 0:
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRES16, @ANYRES64, @ANYRESOCT=0x0, @ANYRES64, @ANYRESHEX=0x0], 0x3b)

10:23:26 executing program 4:
r0 = openat$incfs(0xffffffffffffffff, &(0x7f0000000040)='.pending_reads\x00', 0x200100, 0x108)
ioctl$SNAPSHOT_ATOMIC_RESTORE(r0, 0x3304)
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000))

10:23:26 executing program 3:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
r1 = perf_event_open(&(0x7f0000000140)={0x3, 0x80, 0x9, 0x5, 0x0, 0xc1, 0x0, 0x2, 0x80000, 0x6, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x3ff, 0x0, @perf_config_ext={0x40, 0x7fffffff}, 0x20, 0x1f07, 0x101000, 0x8, 0x10000, 0xfcf1, 0x6, 0x0, 0xffffffff, 0x0, 0x7f}, 0x0, 0x7, r0, 0x1)
sendmsg$AUDIT_USER_TTY(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x30, 0x464, 0x300, 0x70bd2b, 0x25dfdbff, "3078f79df6ca12d3d0df5c99d4fd3e0ed39263189bfb2607d8a69b265eec9402", ["", "", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x4040}, 0x4000000)
r2 = openat$incfs(r0, &(0x7f0000000280)='.pending_reads\x00', 0x280000, 0x1)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000340)=@bpf_lsm={0x1d, 0x5, &(0x7f0000000680)=ANY=[@ANYBLOB="01200700090000004d2b10000100000018370000030000000000000000000000f524e0ff08000000dac4f1c1c136b987105e347616fa90cd6c901db87917ee17485d161a2114a5d55e5b2903e88b2fc6c7e51b0da4cdffe3478b7049aa340c04fbb7cdc9c35bf349fcbf24566c28e71e6900692ea9fb2c6b4475e94218304a326c83b9c94ef4839756bb5ce7e35084d080f5fc277f0ae5fbab1b39f416a78008191ff351573628af88a2a4f85d361a46c29399b53598bd79a7359a69b77321830029fafaa04a56977e377a56db3d8aed4ce9f936060b6d26cf8f4166934efa98ad075850e08c7e29f42cd54cfc57c71e96775e16805a442d7986b30c270cc878e82899c843765d07c7035618982eabd943f7b6cd376582647fa8f255d5cdabe079ed5d6cae3a12e7f24e4f72bcc0ceb1b6c5f3bcd1cf4a3079ede26c4743065b9245ef7cfd77ee13fde3694d8ded2bf195c5881e59a8691f2cbc6d11a2480c923dca096cdd9bd22d1e2f32ce0a5fc58349fd5d8383f8ffcea4a209ee31c6fd6a010bfc034d21690e593ef2dba43f01cb4bf7853616801a3a2e533bbdfddec94b24974bba4a17d3af18e78d8c713a1514a9db12"], &(0x7f0000000240)='GPL\x00', 0x7, 0x0, 0x0, 0x40f00, 0x6, '\x00', 0x0, 0x1b, r2, 0x8, &(0x7f00000002c0)={0x8, 0x5}, 0x8, 0x10, &(0x7f0000000300)={0x3, 0x3, 0xffffffff, 0x8}, 0x10}, 0x78)
syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYRES64=r1, @ANYRESHEX, @ANYRESDEC, @ANYRESHEX=r2], 0x3b)
sendmsg$AUDIT_USER_TTY(r2, &(0x7f0000000640)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000600)={&(0x7f0000000540)={0x9c, 0x464, 0x400, 0x70bd2b, 0x25dfdbfe, "e4e2132c79c165d3e5191a6f95f0eb9ce971c6dee1d5b6cfaace764a1e4cdd4d8ac4c7c6784c9a2dcecfc23ebaaa31c2e88516351375984ab510bdced5301aecc44495fd8a8833f4a268e5ecfb184c3ee20f66a467da5931fe50b014fc35f4ff5aac916a35050b798448be9b945bab3ddb732315a5cf96813faab7e7b4faf34f72d6d80dc9512b9403be", ["", "", "", "", "", "", ""]}, 0x9c}}, 0x8040)

10:23:26 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xef43863b}, 0x2}, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000140)=@security={'security\x00', 0xe, 0x4, 0x4f8, 0xffffffff, 0xd0, 0xd0, 0x2d0, 0xffffffff, 0xffffffff, 0x428, 0x428, 0x428, 0xffffffff, 0x4, &(0x7f0000000040), {[{{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x3ff, 0xfe0000}}}, {{@uncond, 0x0, 0xd8, 0x200, 0x0, {}, [@common=@ah={{0x30}, {[0x4d5, 0x4d4], 0x6, 0x1f, 0x2}}]}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0x6, 'system_u:object_r:var_auth_t:s0\x00'}}}, {{@uncond, 0x0, 0x118, 0x158, 0x0, {}, [@common=@icmp6={{0x28}, {0xb, 'g6'}}, @common=@dst={{0x48}, {0x9b4a, 0x4, 0x0, [0x7, 0x7fff, 0xff01, 0xf801, 0x8, 0x8, 0xff, 0xf4bc, 0x7, 0x20, 0x2, 0x2, 0xf0, 0x0, 0x4000, 0xa40], 0xf}}]}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "0fff617d7c1aa96ca9304fab5b547150c9c8a167d91b7900023369a24561"}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0xffffffffffffff77)
r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080), 0x4a2440, 0x0)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000700), 0xffffffffffffffff)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r2, &(0x7f00000007c0)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x2c, r3, 0x400, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x1}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x3ff}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x34000000}, 0x2000000)

10:23:26 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x10001, 0x1, @perf_config_ext={0x39, 0xc589}, 0x2, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:26 executing program 0:
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRES16, @ANYRES64, @ANYRESOCT=0x0, @ANYRES64], 0x3b)

10:23:26 executing program 2:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB="14000000b3e2730f1658510e40ef6d635e0379b346e3c383562a0e1838642fd2dc728dfa7f74c2e9cde5cd98c88a7128b9bf9f59962de4c575686a7b7d2718c81c18035ec932f89dc11a92bca560092a658eecaa8d3743968e2c6d4b4486fef66daaa550bf059849fc6d07959b4d2617c4de2636e91bc6fdfa93b0461383b4acbcd80f9ab82db334579a89b1a799a316f061479560102963bca0876cb64e1bd3de7311e8b127cc89356ed5ea38533c66b53273616907320d9e35a615c200c2bcc7cf5eb7839cc9774fd33cee06e4af78f786d305ac77e010c26655aabc299d096e7066d42d230c2173f8d5d257a0b358abbbe23cc9c2608296e9183e13f3fcc004de26e519d840c7b57993da67efd5ff942377d16841fb5a59439b97adbd9470af06ee8c5938ddf5caa641955fa5a5d578c8c61068b87c6b0674b9e905769108da707a259fa2806ba7c86ef72293fe52177dfd768b1c7a2a4ac0567dd7f3e15e3ae54293cf320749b738dc0000000000000000000060e56787f1edf27d0cfdc1ec7b09df8ff54353a73481772746c9182dc96266bc6daa1e120077e31c89f7e26d", @ANYRES16=r2, @ANYBLOB="010000000000000000000c000000"], 0x14}}, 0x0)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x44, r2, 0x200, 0x70bd27, 0x25dfdbfd, {}, [@BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x9}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}]}, 0x44}, 0x1, 0x0, 0x0, 0x40080}, 0x80)
r3 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
shmctl$IPC_RMID(r3, 0x0)
shmctl$SHM_STAT_ANY(r3, 0xf, &(0x7f0000000000)=""/40)
syz_emit_vhci(0x0, 0x3b)

10:23:26 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x10001, 0x1, @perf_config_ext={0x39, 0xc589}, 0x2, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:26 executing program 4:
socketpair(0x23, 0x800, 0x0, &(0x7f0000000000))
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
ioctl$TUNGETFILTER(r0, 0x801054db, &(0x7f0000000040)=""/86)

10:23:26 executing program 5:
r0 = socket(0x2, 0x800, 0x5)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$SNDRV_PCM_IOCTL_READN_FRAMES(0xffffffffffffffff, 0x80184153, &(0x7f00000012c0)={0x0, &(0x7f0000001280)=[&(0x7f0000000100)="f0ca537bdb14ad76f9d9f6d18a8d4b9c20df2afbb866f73b5e2481c47eea619777aaebd72b9cd02b1a1b7982bd1301a208c9b2ecf4c9ee7476e9926f810aa31fd6cc13c095dcc7b86c3623f20e93539938c19bc8b3065b3e1246adad21bb43e40d4f2af2afafdb6c26866577f719fbd274e1d9c6d9740b53f9eba6e1a22713d85753b3ef13053800f564888a29b1a3bba92031104e5a0e12f99afe7dd9dc0d267c48fafee6b583e6cc62c0d748575c01723c7d61df880b134c6d415979f341106f662f1868a6db4ceffb4b8f74687be54e794da88fb170f244f0d3d791e83f0b4c9d1375b58438ffcdb55fa233c7d24d12dce89fb013936d24cb1ff7ba7fb2f4c2b1d3b7843ccfbac78bffcf3c0aebc26574984197dfbc29bdd13b66efc9e6ef15eeed9178252d1ac8d1d79313b9218dd05fcce1b2a904178ed14b8a94f2f3ae6f83328f979fd6d5facde90a9341755f0a0bd7a1d551bd0cfdbdd0248f4458f94c5e79c8a5f62b5350509837f2c80deb20823c4eb2ab88439da0067a1ffe907030ca3be2bb031f756d382603824b7d7486e567c546002f489cb0b7cc5563e8ed433f400988d84fcb24b543ac151b013fc110a931f1ca8168cbd40e7de1351cf92cd6765bcf7fead66447c40b03d00361033f4c2f4c466da931456af16927f25d5c5de6077ac5eb4ee048be8c903df641ca89d58172b6333bced1ef0055057e71a8fd3c9588b05b275f5e0d035ce250bbaa591562ebbe83de29aac0e6becd446d24dd32bdee53a939edafa8906bc49efabc75861e6d127876e4461d0630e814e982e8c4e506468b0bb938499a16c7095decc29af0dab3225d851fc1fbc0895565295e86b2b683c8b7e5f38f5ab1dae178d9765a322e9c328978d2141621545f85960b5967eb83d6a35e1722c38d21a09939e3b62fabaa78955effa7a70d266b544199a5fca10db99b7ec0a3c560a9fd21afdf07f30fe3176111d162656858000e8fec0258e0cc36a8ee304b0597dd0890db069d50d0dbd3e4c20a29663216a85ab5b62e60358547620ebad094a30ce29b7d8e6d356189d7e5e9dfc597689e64728ac587bc37f59dff9e8ea83858b107f0ae265f1b1d93c3a795a0b886f69ef3c022d9727d08c70b72d9753a344f3ab292e77286c16e5e45ed29c1873a78aacfeb98d0eb3ca2a612462b43e851ce033527c66b8775f999b3b0d7d8300419c8bccb0ebf7a1f2da96eeae984eefe06ac4cbbdac1a01e9272ad8688205a7e2498caf667c608d3575bb7fa5b506528cf43e130e463ed0c11ef9b6574a9a1b7b581cf101c6c734ecf8280736348093be98385765f183b7b4e5f19b6594ee5320ab9a3498029a7adea3a3767b1a908552d75442090cb3ab504690fd349f5aa6b03274e385b16e85953ef50401ce80dabb2b08b2f3f1c7c746164cde313c58726f78bfa26dabd97f50db154fb9a2c8cdab369dd258333f67986b95e68d3ac0c8a6e74aa34c725812f9b086a27ef59acbb57f9fff6ff6e09bfc475703db84366a35c41970fefcd7a01875aad2635e84d17776fec9a746d515df3d6e1e0171b443d574c74de250200102554c1120fe4db8ce76a836625242266ddb0879795a96badcb4a1a70990c7e8e723bab9a3531b0c543c292866ceee475e5d0d29c4079579510e32d6418a948f3529dfb549ebe43b77ebedebcd3b65d4e01f2e005922544cac53ee9afd4e5cbf1fe1617fea9e8a9960deb327cc0da5bd5491cc3b03ac6bf2aaa8dfadb2cea332639db0d6deb6cb8388ca4c0871c12469403cc84af3fc4901bd11d04cdc9e5191e811a004ca4b68be8d0f4ada905e2b1a7d9251266cdfd91f433b3786c11858bd745bd614c991eb2a3677605853a6475510a6eed2c3218c0ded2ff54b5ad2dcf3f440bd87ff789d709b03fdd149d5d02db8b5e3f9606fa80b6b5dbe2775ffc2a895290d57f6ec0539cee5e3d2304851e1ea4e9fc56b3c86ad22ada2aa64097a12a2de923610ccfddbbe77edd01e31fceededb728d55bbc6b297012ad2a56582a871bf716fde029ca2598460bf3cfa01e418d064dd22dcfc35c803a8aed7b4ed68af770dcc98a81234a7611fac37174045d64ac9ca01f0467cd2ed7e29942c8adb23101171f009fee8f6e8bbddf3e19f64415d44082178c236eb95cb5ddf490611517843fe7f74800799e579363e50561687e9bd0599b89e896a1733e2dd2ad8f9be1108dc410d553bf6a77d409384c3a90405491ab42448ab6cbb5af619c23bec9405aae0a153fc3738f5e2f94d229a230a312efeb447fb0cf95ab65b8d23552108ce059dac392d43320920165aa5575b142b0f9a92b7a4ac1109993044986b4b9270e11ebb06084c2cc2ad12a144a5666a09e26dca473733afd7e8dcccf5d2155489bde5ebda9d4e2995dad2198a8b51d5efdd72d18246621710d2530f5d0b144964e195cb7095baac704a1af119db4b43b7f077173f62eef94918293d0f00376991046d2d1cfc9aa90c15e4f87273e9283039d58985734ff729bf0d688860c49e21129df405a44a12d9818889451de6307f789d20d3b13c5b888066849b0f6607f959a7a424520f681d3f0fe082e82d9b8a5c0c78bd000fd4c655301f46c72746b4ec27c17fb7c165a8c3dcb73e2b7c196c509eecea65b9591932bf879eb48244ba35e94a2cf6780c443546b9b84dc2c359f4726d7558608e799ff12eb362cbb6ea4fd92c8de1eb137161fcd69bed7be28143a4303713f56c120df7e58e4899b71791d1e657c7c2379da932b29d139acb38832e4583d6089bd7bd40c1ec33208ae337c46ed6cc05580ae3129b513ee552d92a5cd2422db8685f1aae146b2c8e19d5ee0144050b1156e719265b39edef12ec2e5a28e3cf83abd3debb5a7b2af5a8a99007d81627dcd467d8ebf77a7c89a502fe456ae03b7c4dcb78594d66adcd6d3e3c11453308589d7b24b77dd4d0e5b0c1b36b97ea9124fce646d33c7b5e0b3dbcfc4c166795f6e880a44911aeab18848acd0d9083b6936731069315cd4f8ce46d5ad0137ce1ff9ed25f711fddb54c6bf1bfdfa1d8b6609f3027127182b20bd3cc26457fc2a14f080bba3375f26c66d0fff4f3fd65294e966e677bbf127881819d61e5082c7e5ceb5f1b4b1a8fa152cad6064619d154b12cedf9266607ce2c68c0d63f5762d71801cbee17f62947475b9a7dca8c1382dd1ee13b37ab069cd15633e7e562da8e4a8b0561cbf2c9d18687fc33a8587b38bae94fb3e61c3d4f4268c0c20a34b621f91986a5f845e5dd00d5762c719a1e883eedb6bae848f28ec5fe8698c9b5f0aae7ec87d6796318b1e1755db55340a82201a1a59451c67e0c3a86b52ee07894753a2102db4f55a054863b778285c199b79d20a79e0cd1827349399728b11344cdd97ce8b98fd833a37ffc6d0a8ba3c4a94d882f38d41c2f43bd35c5a953f3f3e81e7dce30179559b04d863fd8af028fc276156d3bd97a4d29a32bcd27b673a5268ef75a4b2ea9ea8e91ede23c5edf6dd5c7662e1e92e9df01e60d00cf5073105951056234a2dea3ca81866d3343b4bfd35581a1cd1ccb58f4fe219b639a486dfe965e70de11c398828f52a9e8281c86cffa6c990d474a3b5398ae19de1a00104d7048928266833fc81a8afbef179e0abecdd0d6c777d4791657e41d3a8b585623d039d0c9563977e7e19f18e36b1bd3b913470735fae49fa6dbc7636ef9585bc988e8cadbff8bb45d1f16a51f47c44828211e0fbe25ca70a60d3fdb8f6aabf9669bf5098385874e1c184c27ec83a15eb11b94f531f6f675f100ae388e4fbebc2d46b8acd6b6b8ed14f47ef931313e8518d4f4c4a16c82f364fdfa828bff06a886bb06b9a65d781555ae3de8cac84a2a488dbffded50ebf96772ff48b24fcbb16d74a9b59f2e609f1b7de7ccd061292970e8912c74b63580af9e5dbcb2b30655feeb614bd5431f27cfd5fe269f610f71ac8504c5fc9d243c1a041cc49ef0448ad3ab4977e427c6eb9e2e6eb46fe7fb54d16a5e31b8e87e515c20eb513b368a6522c089ceeebda11bc061f251e7c69edb3332b17508745cd6594e2586fe4635aa1e4428b8c328b4c6163ec7fb1bc7649106a2c89ca0e82cdaf6c5efe8af540df64141a7c3f8041b97718b735c5d198924285442bfe1cc8816140aaed4f192845c46ad936b6e951fb867766e639bdef7e0bdcefc5d0ead34b5279bb99dd9a9c5b3cf49d7c003f71ce779a0658d085d88ce35a75294c677dffb6e8f4556a9de0d17f3b576798dc5949f7963dff9c4661464fee593d299ab5db45c51438110d4550137feb6d1440a1fe5de35de265bb542d8dc14489d154f8038daeb9315ed131635f093ef4fe4a677a2ce07f649136e5e2a5239c9680ace06d8d19b2f3e04e30844b5d6cc92e4979c38d2e29e2e94eff65dcaa46246ebba169609f20d55fc30248d7181b39f86dc0cdf55abe81daf1acd05a47add36001d64085ec458a6151be7a2015f455b032417f4e581c1cf004d6ebcb412187f3bdc7d21ff65a8bde7a57facf462351c161b446ff7a32392400d764d6f8da4c9665324b6842ed9dd5cf42ab1699689c84c9a5191d44e30d8e59df1fde4ed5995f5de67c2e4a98be4e7a446ff5a3ab0e62a4dc5ec13aaa721ea5b2cce2398baa860844b85a027ac6e49831231abb7927a99429862a8cb4a74c25f697de63cc3584dc6fd84e3d8b85a15525dc993e2cdeeea9d64d5e708c45dde274d5ec3b091cca0d09fdf25cd40a898df2fbbaefbff68867b6d1246b9680f9f3e0c892d570341491a284bd7309f40d1ab45e5393bf04799fae1d66bf818acc70ba1d1127657b02cab1826e36260870df3a5a0b0fdf2b15dd6f8f236cd78c89e1070b91c6f810e4371757425d0d2fd058ab2818d4dd1072cdcf84d83e1b780747680b2efb5e74d8062f19dae1d3a21e885b78481983677f21b194ae55c29e5a4b185316432333aa079755857b426e02ce394333f8ca1419a1165e95e6805d90e60d87f439cea92b2a253d9f6b28fa8c46ea7637bc6f4193d803ca2fc1e8b383d3163c0009804a127ce07bffe6269142e981328c7be0cd74f6abe77254965c0a7ae108370e6878466ca88c3552c6f6e3beb3f31143a3a1f923560194305c7050ead442ea142de8913d42fc9739a4a78e3f44f4477e428474b58f00681a556eaf62484120981c915871a23bcc1ff1df5bfdd31a274f1b63c56a45de62ed9bb73f55c2e07da7a55fd8f54afda9d55fb8dab9655269fe8f26595efba5856b3ff77dcfbd87d25ff94bcb14372f23f9147b3b0a903f234a3456e199d424749962ae94cb58b5c0f5ece36855623680f4df24ef18c639680a98d366ec87e6ada1983272d8ba0484547fbdd2e1733554ef715ed8e8e1dcce178a8f0bdf7125b8d2a54cfa63abc16f110905a6c6236b0d1d5ebd82c67f2cd669a60413b795febfe2f4b5eb21085f816114402a5b73d9320b13e4d74ee9d6abe21dca1c23cb69c7e0c5e49b968b952c9ced29a93ddbb0030ef64008820eeefd633cd77dbac36d884be0f0cd84d7225814b3c761e48ddd3ef4a0f7c4d43ee1804c760b3a2ebe00ac5865cfc2cfd3bf56306ce571cf67373a37f8244531517dd03d9e2dc78ec76f683f5659abba81f828d932a3b7fce2b8188f5f4c12312e111b926372ea7a319eefa483e0ebf628a26688c53721921b435b9aa1d38dce2563c49f2001c0d8e585a258806805f62357ff611a7d0b7d44c943bbd1688b1d01d3d86265f28ba1654c74706779a640f30fd72c8b62963af9", &(0x7f0000001100)="74c3d455dcf3daf3798827575ad2c0cfbbb8099b199570f99c500cab0d1b790251f68325653b584b762ee140ba08bfb268a3cbe4d6dd107a8c48f542616bd5efda512b860cc2519cde8101ac070b72ebc17a141fbe0ef87dad4e535e36c354afdd23d94eb7639d38e128bd0ccb0032d450aa72a6dd76f0e8c4bd78e3bbf353734f488e75c3e503f9d26509c7", 0x0, &(0x7f00000011c0)="490f19733b91fd262f6b0a8b5ea80ce7e499efafc9766b5ea75947fd4bd26efd0fae5b734ea93723bce38db5febee184dedebe1050f182ec8ba167707e31f652e12850aea20b69fff8f70bd58e5b01105a216a498d568f8774db0623ca3582b34e3749a5d332d2ad3106c2d1884588eba384377f175a0c826dfc6b5f6ee56a3a088e2d0b9de8c7d6e2de898edbc6a0f3abd1cfd482a008cd023d9391babd1135c4cf3e29e990d7"]})
setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r1, 0x28, 0x0, &(0x7f0000000000), 0x8)
ioctl$sock_bt_bnep_BNEPCONNDEL(r0, 0x400442c9, &(0x7f0000001300)={0x401, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000040))
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000080)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0}, 0x2}, 0x0)

10:23:26 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
syz_emit_vhci(&(0x7f0000000000)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x95}, "af9e792a9d18730a42a2497671e231c7e17a4328fa3a06b3a4ed49f333b883b8cd3ee63e39a8138a3117fe3d491416f286afb3fe88639007350c63e562177fc45a2cb068270039b6a12e523574f253fdcfbb411142c165d12ec563b1fdf6243e9fca36cb9542361f2e51cf8dfcc425f6c288319f71e5510d3f65c6a7ff90627635f18d4102f363e488894f4080168f36df486eb7a1"}, 0x99)

10:23:27 executing program 0:
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRES16, @ANYRES64, @ANYRESOCT=0x0], 0x3b)

10:23:27 executing program 2:
syz_emit_vhci(0x0, 0x3b)
socket$nl_generic(0x10, 0x3, 0x10)

10:23:27 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x10001, 0x1, @perf_config_ext={0x39, 0xc589}, 0x2, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:27 executing program 4:
ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0)
ioctl$TUNSETSTEERINGEBPF(0xffffffffffffffff, 0x800454e0, &(0x7f0000000040))
socketpair(0xf, 0x80000, 0x0, &(0x7f0000000000))
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
ioctl$SNDRV_PCM_IOCTL_STATUS64(r0, 0x80984120, &(0x7f00000000c0))
ioctl$SNDRV_PCM_IOCTL_LINK(0xffffffffffffffff, 0x40044160, &(0x7f0000000080)=0x7)

10:23:27 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_channel_selected={{0x41, 0x1}, {0xc8}}}, 0x4)

10:23:27 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r3)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r3, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x44, r2, 0x200, 0x70bd2a, 0x25dfdbfb, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x8001}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0xe73e}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0xfff}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0xa9b0}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x80}, 0x20044880)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000140)={'syztnl1\x00', &(0x7f0000000040)={'syztnl0\x00', <r4=>0x0, 0x2f, 0x7, 0x1, 0x4, 0x9, @loopback, @private0, 0x40, 0x20, 0x1, 0x71}})
ioctl$TUNSETIFINDEX(r1, 0x400454da, &(0x7f00000001c0)=r4)
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r5)
mmap$snddsp_status(&(0x7f0000ffc000/0x3000)=nil, 0x1000, 0x0, 0x13, r5, 0x82000000)

10:23:27 executing program 0:
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRES16, @ANYRES64], 0x3b)

10:23:27 executing program 2:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
ioctl$SNDRV_PCM_IOCTL_HW_PARAMS_OLD(r0, 0xc1004111, &(0x7f0000000000)={0x80000000, [0x7, 0x1, 0x4], [{0x2258, 0x1f, 0x0, 0x0, 0x0, 0x1}, {0x1, 0x0, 0x1, 0x1, 0x0, 0x1}, {0x611aa0b5, 0x5, 0x1, 0x1}, {0xffffff7a, 0x400, 0x1, 0x0, 0x1}, {0x8, 0x7, 0x1, 0x0, 0x1}, {0xfffffffa, 0x0, 0x1, 0x0, 0x1, 0x1}, {0x2, 0xe9a4, 0x0, 0x0, 0x1}, {0x0, 0xff, 0x0, 0x0, 0x0, 0x1}, {0x101, 0x1, 0x1, 0x0, 0x1}, {0x4, 0x200, 0x1, 0x1, 0x1}, {0xfffffbff, 0x9, 0x0, 0x1, 0x1}, {0xb72, 0x7, 0x0, 0x1, 0x1}], 0x975e})
syz_emit_vhci(0x0, 0x3b)

10:23:27 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x10001, 0x1, @perf_config_ext={0x39, 0xc589}, 0x2, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:27 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = openat$incfs(0xffffffffffffffff, &(0x7f0000000000)='.log\x00', 0x20002, 0x1c)
ioctl$SNDRV_PCM_IOCTL_XRUN(r0, 0x4148, 0x0)

10:23:28 executing program 4:
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$gtp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$GTP_CMD_DELPDP(r2, &(0x7f0000000100)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r3, 0x1, 0x20000000}, 0x14}}, 0x4)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000100)={'syztnl2\x00', &(0x7f0000000080)={'sit0\x00', <r4=>0x0, 0x29, 0x8, 0x3f, 0x9, 0x10, @private0={0xfc, 0x0, '\x00', 0x1}, @empty, 0x20, 0x80, 0x0, 0x401}})
r5 = openat$incfs(0xffffffffffffffff, &(0x7f0000000140)='.log\x00', 0x12000, 0x80)
sendmsg$GTP_CMD_GETPDP(r0, &(0x7f0000000200)={&(0x7f0000000040), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r3, 0x100, 0x70bd29, 0x25dfdbfb, {}, [@GTPA_LINK={0x8, 0x1, r4}, @GTPA_NET_NS_FD={0x8, 0x7, r5}, @GTPA_NET_NS_FD={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x804)

10:23:28 executing program 5:
mmap$snddsp_status(&(0x7f0000000000/0x2000)=nil, 0x7ffffffff000, 0x0, 0x10, 0xffffffffffffffff, 0x82000000)
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:23:28 executing program 0:
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRES16], 0x3b)

10:23:28 executing program 2:
syz_emit_vhci(0x0, 0x3b)
mknodat$loop(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x10, 0x1)

10:23:28 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x10001, 0x1, @perf_config_ext={0x39, 0xc589}, 0x2, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:28 executing program 3:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
syz_emit_vhci(&(0x7f0000000340)=ANY=[@ANYBLOB="7732f5bea176b393d31e6383e4f053ab068936b755f3803bc4232f1c08da9a780e2fa7f4c80b17b8a87e1e9bf56cd183b7329bad578a327b9c53a5b7e398c87386e1e27da0edb909892a4c5917c3b3a300981162d528cf89cfd2782f5c58316574bc2fb4a1aecddbf5cdbfdefac80e8159561e1ae7b01b5ed462e1", @ANYBLOB="20957ada6d17fdc660f842aff997f316d1108a2d8822a760fa79c97af3ffbb88a2ed4a6ed6a7f4f4547497527c6227dd6529f82e014c19db24844adb3320fd4be4e1a14bebd7d8bc28b9ef9cee497d37595f2739ecd55cddb5b3fe14641576bd63aaed8d68536967d017df2ccd91c72bbd57ee24e91b50846b0f78db0e952eede257fd9eb389615a4edc6e303846eedd51483f9d29b746d3152478242ca2e9aa97523c69ff6ca9e235822e2708b7a6571a1a8f9e66873d36c3b88cb65c111988c332c77fc09cb5d9cb64de3f6d1a908937ed9ef258c42e753f596e0edce4a7ca14cefc17404f5f467e3b06ae886910dc6fa18b3696de6eb3", @ANYRES16, @ANYRESOCT=0x0, @ANYRES32=r0], 0x3b)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000040)=@raw={'raw\x00', 0x9, 0x3, 0x280, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x1b0, 0xffffffff, 0xffffffff, 0x1b0, 0xffffffff, 0x3, &(0x7f0000000000), {[{{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0xfffe, 0x5, 0x2}}}, {{@ipv6={@ipv4={'\x00', '\xff\xff', @loopback}, @mcast1, [0xffffffff, 0xffffffff, 0xffffff00, 0xffffffff], [0xffffffff, 0xffffff00, 0xff], 'tunl0\x00', 'ip_vti0\x00', {}, {}, 0x33, 0x8, 0x2, 0x48}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0x3}, {0x4}, {0xffffffffffffffff, 0x5, 0x5}, 0x6}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x2e0)

10:23:28 executing program 4:
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
sendmsg$AUDIT_GET(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x10, 0x3e8, 0x10, 0x70bd28, 0x25dfdbfb, "", ["", "", "", "", "", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000}, 0x20000000)
ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f0000000180)={<r2=>0x0, 0x7f, 0x8, 0x1})
ioctl$BTRFS_IOC_BALANCE_V2(r1, 0xc4009420, &(0x7f0000000580)={0xd, 0x0, {0x48ff, @usage=0x6, 0x0, 0xffffffff, 0xbe, 0xd334, 0x7, 0xffffffff, 0x4a0, @usage=0x1000, 0x3ff, 0x4, [0x4, 0x1, 0x9f7, 0xff, 0xffffffff00000001, 0x8]}, {0x1000, @struct={0xa9000000, 0xf0000000}, r2, 0x5, 0x7, 0xc0, 0x7, 0x10001, 0x5, @struct={0x72b, 0x7}, 0x7, 0xfffffffb, [0x0, 0x80000001, 0x590, 0x6, 0xca, 0x7fffffff]}, {0x80, @usage=0x100, 0x0, 0x200, 0x0, 0xf48, 0x9, 0x10001, 0x18, @struct={0x9, 0x7fffffff}, 0x2, 0x2, [0x6, 0xfffffffffffff801, 0x3, 0x2, 0xfffffffffffffffa, 0x8]}, {0x8001, 0x401, 0x2}})
ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)

10:23:28 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000000c0)={0x0}, 0x2}, 0x0)

10:23:28 executing program 0:
syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x3b)

10:23:28 executing program 2:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x200001, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000000c0)={'syztnl0\x00', &(0x7f0000000040)={'syztnl1\x00', <r1=>0x0, 0x4, 0x5, 0xce, 0x1, 0x10, @mcast2, @private0, 0x80, 0x7, 0x8000, 0x4}})
ioctl$TUNSETIFINDEX(r0, 0x400454da, &(0x7f0000000100)=r1)
syz_emit_vhci(0x0, 0x3b)

10:23:29 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x10001, 0x1, @perf_config_ext={0x39, 0xc589}, 0x2, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:29 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_link_key_notify={{0x18, 0x17}, {@none, "b905000000000000007d630e21302846", 0x7f}}}, 0x1a)
shmctl$SHM_UNLOCK(0x0, 0xc)

10:23:29 executing program 0:
syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x3b)

10:23:29 executing program 5:
r0 = socket$bt_bnep(0x1f, 0x3, 0x4)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$sock_bt_bnep_BNEPCONNADD(r0, 0x400442c8, &(0x7f0000000140)={r1, 0x7, 0x0, "08e4162e93c65228fc409f7f59b684194d86f4ab23d5623adf5ea44be841b0d57fa5090ef4993d09881d5a3a04a307d8e63170132c4383c9222f8bb17fcd8d816e68e2d0661bb92d688043671921d4f29221b0de437a2589023cdb6a6ac9b7beb3a38c564fb3329494c4c0af3725d45e823193fd118974e9c7dbe1ec0152d031001e88d95ad0c0e97b5dd7bc48c73547d4977b352e21ca7d92cee00d9245f0982951395db85cc54c0541eb14235e3bf76269f37d25c100b8a7fb89c7929165d1795bd473dd498f61f8a78cb0379fc1b5f03523"})
socketpair(0x1f, 0x5, 0x4, &(0x7f0000000040)={<r2=>0xffffffffffffffff})
ioctl$sock_bt_bnep_BNEPGETCONNLIST(r2, 0x800442d2, &(0x7f0000000240)={0x1, &(0x7f0000000080)=[{0x0, 0x0, 0x0, @remote}]})
r3 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r3, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:23:29 executing program 4:
ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000))

10:23:29 executing program 2:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000000)={0x0, r0}, 0x10)

10:23:29 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x10001, 0x1, @perf_config_ext={0x39, 0xc589}, 0x2, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:29 executing program 0:
syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x3b)

10:23:29 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0}, 0x2}, 0x4000885)

10:23:29 executing program 3:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0, 0x0, 0x0, <r1=>0xffffffffffffffff})
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYRESHEX, @ANYRESDEC, @ANYRESHEX=0x0, @ANYRES64=r0], 0x3b)
r2 = openat$incfs(0xffffffffffffffff, &(0x7f0000000000)='.pending_reads\x00', 0x101000, 0x30)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r3)
r4 = open$dir(&(0x7f0000000380)='./file0\x00', 0x249c0, 0x20)
getdents(r4, &(0x7f00000003c0)=""/121, 0x79)
ioctl$vim2m_VIDIOC_PREPARE_BUF(r3, 0xc058565d, &(0x7f00000001c0)={0xfff, 0x1, 0x4, 0x4, 0x1ff, {0x0, 0xea60}, {0x4, 0x1, 0x1, 0x1, 0xff, 0x9, "9a2295f7"}, 0x8001, 0x3, @planes=&(0x7f0000000180)={0x400, 0x8, @userptr=0x5, 0x6}, 0x4, 0x0, <r5=>r1})
sendmsg$AUDIT_USER_AVC(r2, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f0000001cc0)=ANY=[@ANYBLOB="101000005304000125bd7000fbdbdf255c2a96078ba6d91cf5adb6c07c772d3f402bbc5ffc748849f351719080014e907acf3e7b2dbc31c006e905a1c8f607e2240c25f17709051fef08927a0b11fc39a5ec460c0b0a30fd44fc60fb11f196b596b1c8f8a9d46c835c1a3120297f8485850b8600afb9b1bb8e1f330209686ed74ba02fc1c022eda45e572d7a5aa15c32f4ed295480c64dcad742c79007b6b628a66499bcc58cb7f1a105856aeecaa0517d550c30604198e05e9a1edb4d0b574abb40bdfc71825ec46b8fa8bc245a60b4f66dedb4a2c3881d9cf9e3e8b0c908375750bd42b977877de3dc4920ae232109124fc5074b33c09b70802eddfbc94968bdb957ad11d2bb1c389216f5ff0eaf747aa0f2adb8d32940719efadec87b292b5baac8336f7c2e9908fab0dd8ae5ef00f365b7a2aeadd3f3985e9b54c122787e5f22cd256afef336db59e750924b4814cdf44de4706129b152d742f9f0b9658181cb429c45a1811bb0aa15d6f3d807d3611271721dcf8a072091c332ca936c53333cec88c3ad1a9f5237a3677e6c59704d036c51d033fef2bc9661099c648b99e816d94a309240e421b7e3cdc776e83ec878489e450cf69be819cb65e728c34003a4b744173d9c4c4d9352fa4398c19242f78201006c5174b0d62c9f2924f64f7e7cdff15406e58b2c916c4881cffc8bcc64d4624391983d2f0ffe9b721c827b91545b50f4f5e5f02291831ecbaf51c8f64f43cb4197e8c4be6ea99ad5dc7266a7adfc41d44ce65a1735c117422ea062df75af468edb11124020f81854094952272e4e7e2bc30729b8a92db916a6210ad3472f97d39bdb0015f1c826ed91cc069583e07b065e67fd6ec54c855b86a2c2ab17d2cd421ebe76c8676b914d201748ff1d716ee7a5197e59912143341923e62271b81944f56d218857d96c5d864f7e7d73f5e45ad553edfb4e116d1b989e31852f22e554618f85e081b2f4be5e2c7ef09070f172b18f53b51a39f5e56bae484c89a467fec8f82b6b81965c62b16f0d3271b84223ed11b0ccdd5086418557ea3ca8d15fb7a2d0bdcdf42174ff37f8a2ef66219aeffa823943b579ec65126d00d19d85bb918dd6438b416dd12a23f90c08b44cb54da05b5453672acef5369169d495629e055c6a8354fa1e72e14a66f7b39db768be1558f5ef8a41a73b75125ca2ec3699b1ec5f78a9e68628825f0fdec42bf541698fb813932be6c7349c0546a78831984e309ed89b69a3140085b1fd6d744b424a71b7c6717944f5773c210aaeb6bf201cba99b1dcf5e6e266ac978309f0972318382b497a70a86bb7a69a1c72cb5765458487a5c53d480226801a1ffcc8cb6787d67c4030f557a6ccc6328d9162038ec1fdb9b0e4794c048851bfe1853812671419684b620ee814c8bc22bd109fc2887621dfce472ee7edebcc1e3f0016f202f1f886f174b0c1e9ebe776c01a370466a7e5966b520e1a6114295371a489e29df82dd924d6dd3cb069ecb63c038bb54c229f150b2a7f0754f2eb8510e6b486b6a5ebe79614c1439f41ded6335c88fffbf956538804ed25b3c3bef1a3b1fd3d2a8f97dc81092d0552d7d328052e07f637d8525376813cc6bca4a703adf4a3c905e5358bb60e5d81e543a1e891721cbad91d5c84f8e7699298fec18f4838fc35ebe323e4525b0aaefc8887b76bca39876bbff338403a429695fd83ac30a053465ec3ad81f56b11c2a388c843c537cf950e85464d45a79b87a5c6e30e32ab02d1ea34db7b134106bd801dac37e1533e52575d823bf1a33b7b459a173b9f3105831d5ec90fdb1c589b02868afda46f23fb4763817e667327a47f47186666508b29771736384c858c04ffccc2729ffa48f0e066f15844a66d399f62d9f9e8adbbced93a344fe1e97b0648d949d6c1b8b7133e5875a8b58b363542d63a80c5997d22eff67c90963d7ed98bc631bec34037b9ceb866da67c377fe2f76d1df31ba7bbd44d734a6a7deac0bbbf23610d7435642cf614fb8dfb02dcf6230aa989c2f2a8479ee765173822910ce0e101d32356e96e7d7429c8d39e232305c97667b96c07af1fb7707cb6c210acb3203ca53b8d1eb948e62851d5e0e26c32839c6b03a8312e0803c0dbebfec90ffe2e8eebce96b22eda5ce8d580828e8232db52f40d2eb626a8f88ccb5614ba732ec3534ae6a886ac9a1e56ed418645ac183a0a9fa6c3b8a831ddfc2ae5ccacd714579a5f7c9541aeb74d1e71dc6d2908d508ba4f8d70db005face3cbb538f81025b84970a88704344fb1a029610d068f214f889d7d7aaba0536df671d654d1f21294cfa9bfd9de4c9d48ce8e3a558dfeeb519a2634c23d4b2fc918bb145ff27681c2c0de3bc70c8dfe3ec40d127e500fda77746f68cc90de7ba48e6cda0f4cc114106ddf5242f257ecf42ff5661a8ddd48cffb4cf2f7299267fb3c4a6bb3e340a04849d95838df753444eee890833ddaf7235b0bef782d6d0ca1918947adff46a6411cb38ccf45c303c0535f42851858ec0723026b91e5606118921e862b72471abe420fa7a5956215dc7c906f8f8e1a4b59865d501b0e72d7622dbdae6db08e28ac665e1ca024a0fc96b256a49e470945554ab50f99a3f4fc6f0e429238353ae39886df8372a640d8835c0dff6ced51c1a9624c80f0c8ea20d0af51eefabd2ee7c129cf8fad3f11d87b546da440acc663990b34b262715fc000dd96e6fa958acb127b99dab3d043aa355d6311e7e9e8a411515ba9e8a49021333ce2a4d2d2dda477d39feae9f08665c62fd7104d637a34bc1cc7673471e1bfb60d83dd43a33a3054ac3f506e941528d591b871db96eabdbe4b5581040d1cf88eaf5cd3613eed0e5820df4153951381f82f8c9c14a422514fdadfa63516e4ba68e78b71e391f939fdea4669550062d49ad175aca94e78109125fb7baf44b51996593352803c313a77fec1ea6ec457590fc403ae90d9e311c50769f64dce2ca4cd629e456d9e3527c431194bb1c87e41d5448ed510ba7806368c93fe39994f39654eb212b9e01c1514e448f517ad62f877cdf0e83496d558e250d093485560ffd4964a2a5127c12e0df877c9f411389cde82a9f400036a937552091aa5c43fe09e0102ac0a081fa0fd8209d2be2cf441c15cadefab51f42d2d15511a868a53f45c47f63be23f761f0465dca145711f2a8e3437d96b328e8bda8ad0f18019b3de3180b608744228bd7e8c772c8d820b5bbc9bc1cb2371195472b7999be22200b81065099bd8d5c832cf2f2d12989d03e8da6e4d95ffb0dab9353add4d92f7685e10d54d299ff9fec06a7a7e244b1488fa087ee9b68f8ff3549583ee3a07dbd108fa891ba1ade780242e8894394c00c1fcf81cb5135db68a3c4ad6acbb31222996e3e3caaa4767d53648462439939bbf2bb5f5ae41a0d42b659b723454038a84d526356c6e98c2cf81cf406d70b7e94207a23b3ad8615a7d1678c2f8016de90da79b2114d2393ae7032a54d57bb0e69cb33c9c007f896bc9b9133a12faab984dc4f1234b989cda49b556fca4fe59a862cf48b9ec46e8b8a31f1a39183f1295312008152b227ee5fd9107745594d1c153e92ba4a2ade25cf63a0eda366fd12db33e88af3094ae0115813812a2839c6897d6e7f77546ff531a745f869661948a5cb9e66e3b814939e13f65648b4bd1a8104dffc95718c08aa7ad0bcffb7231681d17a965524af57d698b8574c541cf2b6dd93887152055c038c00efe2ed95030cb3ad4838e98a546f07816914ff1bba406b478599073f8bf78665c43b1d38e48b54574f9582e7dd20ea3645d5ca3286ae384a929d3fd488bd494993946bb3ee49e1f6a3070a87696723147920eb9d9ec3ad2ec19f6259ca1412d8fbe431f04f02001f1febeba5f9570eead6c3f2aa80e90c582f20b803f62333c16278fed43ca98476582e43d6ea9e6b10782030c404b321fa2a2092b25e98972f3108efb5901b1e1fa3e40bcb6020de3cc18acf49cc56f849b369eebf6a23e4296892d290de05cf41ede23678675621eda2c27dbd2a3a4dafe1e4796c3c7b5cbba466618e5858651ceb5c1cb6ae938263982ec89043cb3d9a37b3075bc0ec1ec432f00a763dfd37e3e3212fe061e02f7ef3c10c7665419a59922298e49800025b2f3ded2f924021799b583206de78fe2e0da680cf81742cdc45ebfe889b126a4275287648ef963ee0db4db71d4c8b0031d2d6292cc00d1863c1f53ce5ef0d2cd17e44d4fdbf3731ec6b6c43d8d61e78963b3f7e6bac42bd5f790305f9e7b0b0c60d1c032a52cd3c6faff50a4430ee3f28c839847c695c24a72906b4587dbb06f740f9370f54de2dd30b77432661ceca3c7d88c3fe1f5b4fe8dfaadda188fbb112ddf03588cea8a60a7e6cf2bb64057854f4b8786d170bfa5be0b251c2029848c57f26b4a7113d3bcf01930b68cb1697eb1f67163b428512346f06fe2bda6b76b3c78d41fde86d18009fee5a2ad100ba6cb65b38902411082628e859db541b30df003c4b362b83abf758a3e3fb08b196201e0f0ce53bb15948ba2dc5c9965052efc2316a9a5534b7d1508fc94568fecd29c6522d521421d98bf014c06c2c3873bb619baa809155f78e95e57e5f8e3e2b7fb68572accecf5d833cd2587763f600990cf4fcebe219d1e7f69cd84e8ad98b17cf0defc992027a38d2bc33ed72c54b52c8020def726dd00e3a73a7c621ae7913001f7b6ed3cb4fd7f897e587d5d09bb672da01d52b3670e9de97c7dbcdf28cb4179b81538923883b606da9c0e5afebb95b323765f093466a006346bddbf0b34499c2b68e0473e19b63634ff5fad648f73164c066307b01670b52426832c1eb09d6cffc5a9991b0f87b33f6c9eb6517068f69dfc0e4b6b773a7df679bbe0572536017b30b7b2cc293ce34bde1e9f6550d618ded267539c65a427df7fdb29940826635b00ce8810eb3f551587eb22136d16dd2cc4e83348e19925752bed2d2aef2ce5fa51a0fb8798b47cd8b91e35327f9d722dcdff7f38586f584145c1e13203e20176cf31cc40c151d02ac0aa9e65fad80deae13bdeb1a7d2bec724ec3ec2a560d04ee785bb546a72cb30ae305a01a2555bd7ff571d9c43788a95df3a3d9faee83ae4ab1ca357aa1d81ec08f15516ef6103b42ab593e7c06f76665e9ba1dbf4097880543dd34baa739cba0c4469feed3a0e8ab9539e1146a9714752de62f5e16a0d76e3ed32337656d84a63620aa2e0215d12adc0cea53b391c3f975efa00d2843ca39e154f01e838a33b36799728316eb4b371b22b66f48a602a3c4e015d0c18315547a6773213473431ce657dd6b403dd2ec0b4578a620bc1b7940d78d7652024dd30999ba5f11c589aff6a1cdda5f89ee7eb426f4f32ae58f88b956ade9774bc6e50e4a9249e4bac145a325647b1e0b4addbe206fd92deea8f3c1cb161298203c3f4abe3e7d6f74ba8158cd237a68828cba74ea08841604b0efdd3b7d031125efca74f15dbcde096f9ffacbf263d4799b7d57a094c77d1b10f17cc302c334416203f1dfe75c3ca8c7e57d1551f29143a57778b0ad43f41ae191c273bfb3eef31b567e6189b90d017c9c4bfd81e5d1f1a1ac9974440d16fd355f7329ad5f459d9624b3009426b4213a84df25db59685b7a3029749a5b1fe7d0f18e584db61cd8a2da3b8e0452d2abf6f89d9a280c0125447c85f668db2d86b6ab4fa742e6420f3a2c869cf5712153b3e565a6ef9306bce20db7bf512d07f12c256efb13213b763cfaf9e0e988c25ea27071afabba00000000000000000000000000000000000000007214d4e3a0a71ce40ec4a5a8cb769d0401073238295aef1c5a5fe588bfdf9e20669e82efd4afbb26b3b928adb85569368d85aaa76a35b2ddb74138c70edd24843e7461de6806465f86d43ed92aba7f860b70be04e36e3a414af4c93eeff4204ec99ffc8654c47f0921dee052969faed8c464db717c8ba87a86f055b6800a52b89c1c13c8ea5135688535490c5e3345ed52374652dfa72d6482cd532a18f8a87b3fb3e63c9aacb3d33fd42982dad21c40556730062733d9e135e92b45f72d"], 0x1010}, 0x1, 0x0, 0x0, 0x44000}, 0x8800)
ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000040))
r6 = openat$incfs(r1, &(0x7f0000000240)='.pending_reads\x00', 0x40040, 0x0)
ioctl$BTRFS_IOC_SCRUB(r5, 0xc400941b, &(0x7f0000000440)={0x0, 0xbd2a, 0xffffffffffffffb8})
sendmsg$AUDIT_GET(r6, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x10, 0x3e8, 0x200, 0x70bd26, 0x25dfdbfb, "", ["", "", "", "", "", "", ""]}, 0x10}}, 0x4005)

10:23:29 executing program 4:
socket$inet_mptcp(0x2, 0x1, 0x106)
sendmsg$AUDIT_GET_FEATURE(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x10, 0x3fb, 0x8, 0x70bd28, 0x25dfdbfe, "", ["", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x48010}, 0x1)
sendmsg$AUDIT_USER_AVC(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0xe0, 0x453, 0x100, 0x70bd2a, 0x25dfdbfb, "aaf3686c06a755d9c3da3277bc16144a3b250fd703f9b349f27e4756cdf724856d9b7f7912d325fb5ffc9a7fd222387f6f54b271d2bc44a9b785070f2122eb8f95d66678db28d306e343cdbe6b30b2d7bd6c79b1729937a78b33f004c3a825fda62854e98320f2230c98efc2ec20ad3d05dbc375f22a2aa1c8485157144a223426afd0d9ae1e098c3162ee9124c96b1071e76c16029928b717d58133a315eba6bbcec4ff5509b8b86a3a36827daf8876769c10cdd357c95b22c36f17d7a9b9d6685bcd2e3224ff0bf842da0a9ae443", ["", "", ""]}, 0xe0}, 0x1, 0x0, 0x0, 0x24040101}, 0x50)

10:23:29 executing program 2:
syz_open_dev$usbmon(&(0x7f00000000c0), 0x516c, 0x10800)
syz_emit_vhci(0x0, 0x3b)
ioctl$TUNSETIFINDEX(0xffffffffffffffff, 0x400454da, &(0x7f0000000000))
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000100)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x4c}, "c16c2d71b753b15c47a6884ca50750ea1f87e3a1ac35e9fec434bfa842217b4a54317d78423f1d52e752e7a181300b8ba369e3031a588f802ef19955717faf6edcd42732b44860ef39916a5c"}, 0x50)
bind$vsock_stream(r0, &(0x7f0000000080)={0x28, 0x0, 0xffffffff}, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
ioctl$SNDRV_PCM_IOCTL_DELAY(r0, 0x80084121, &(0x7f0000000040))
ioctl$SNDRV_PCM_IOCTL_HW_FREE(r0, 0x4112, 0x0)

10:23:30 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x10001, 0x1, @perf_config_ext={0x39, 0xc589}, 0x2, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:30 executing program 0:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_link_key_notify={{0x18, 0x17}, {@none, "b905000000000000007d630e21302846", 0x7f}}}, 0x1a)
shmctl$SHM_UNLOCK(0x0, 0xc)

10:23:30 executing program 3:
syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0xfffffffffffffefb)
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_user_confirm_req={{0x33, 0xa}, {@any, 0x8}}}, 0xd)

10:23:30 executing program 4:
socketpair(0xa, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, 0x0, 0x300, 0x70bd2d, 0x25dfdbfc, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x6}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000)

10:23:30 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x8202, 0x0)
sendmsg$AUDIT_USER_TTY(r1, &(0x7f00000011c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000001180)={&(0x7f0000000140)={0x1010, 0x464, 0x8, 0x70bd2b, 0x25dfdbfd, "07aebded7104f201b976f9a613aa6f733b96198ce511f0620b0f51ccef7a6a2ffcedf167f4f4cf85d98af8c251509e1a1768b58c7b90fe6b9b7e58df7bcfa540fd9127ac9629c51b12812eb5c90346441cf6004494f44f5465c4d642f09ddfdc6de59708295912701e192d4a89b5e54300509ec4482a3a2ac91ac629cabb59335040bea53226fc2337b605d3f6410eb1d427f4314a4886bcd22b8c2953dd17ae10bf8dbe6d15d7239599d9e52cb2994ead64830b80e41fd2ef5816bd769d842694c2b2d154ed41c3adb98b1aecd65eca78b2a075053a7b656c34f3311a814768780c06ab847858663fdef6c4363f2556a3996be09da0be8f88ca0dde3f6c5aa8017b8b1367457618db79196c9a9082aea3ecc4ec8138571afef91679ffca2e88c0c18ac4afba732a4169b49db5302b40aea1f7ff5c8d32d90df6e533c7f557770149d8c9b9be13c88dca09095e495c26af6573f713b2e2f28392c596ceead739d63ea7df870e1ad957a29f40acba559d8f1172ee57dc8ba605e3d9dc81ae8943c531e49bd6d19f23f1a5fcb32a1c8c8a346fc898ff03e6e59e948dc11bbd7755856ba2295f6b13044fa00b99bc98ceafd761f9eb76c9da2329d784ed098bed90b01758013042e4d879ebe1dd500703559fef9725af9d7ca3bc54453b528c9814baadd6afcd4fc5b78b7186b346ceb7763faab0ad89027715890aca8871386a907b3338308ed4a02302f0a1416eae376b802add6c7f878823d57c397189cdc3f90c985113078dbb9986aef898071d45539af4d4099f93e21f7a02539674044e0c0c48b6be96fd70d9e2fa2c4b30d00ea0a68ce6d0f94e769b02c07f24fa3ae464d46c53e5fc05b49c687d39d8403e5e12cfefca8cf0787125e8a86e8ebb17e9518b817866e327616531fea52a2d20c9a1ac7bbe5f2bd53d3aa249847783d05d891c5c1c5fc2c41ef967cd4a57c56201944b85b0371eafc078c826e2fc379b743b956f692244883af93d56210ea2eeceede14edba02b6a6caef24014ab98a93b54955e95ca4cabc1b45ac1283c7d613d6d3caedf21f8540c97e3189bd9905e7cc736cd691dc360260dae62f0f73a0a8617f5ff3eb814aea6907b18ad17def2d4cc2e32fc315ac14b35dd60972647e8983bacac0d574e82f227cd79e0131a4e86bd5fa1a05982f7f922fd71c68ad6995bf1a57829535e548df8a4efd86bb88a780f1c31a04e16706752151c2d19b57ce987509958d41d5420b2967ff638a36ec71ed459b47a4763a3b38e9c4624bfe65898f28380d4f415006f5c16316d1f8497caeb8444781e3f9dcb04ab53e3c0e0f70cef8f542f12a5b6a18c2c6319429c9bd8d2f26437463889171a68668fb68c39034d075dc1ffcf2f3fdc1633a3bd2b32931fc6eab272cb8e5e53eef43ec825346fc35ef794cd32915f48e88343f9f5b6c3d9ded83f8c0b585c37eeb257715e0d54292fb8dfe79e844fe5334ffa82289b372f4d006ffaf886207b5df5fd1fe14774bbc658abcfd765078a239ceab2e0fc52e9825cdba6133a7e99542c27e1d2c5c668104f295cfa0d822dc8fa38c34029d724dea8b727ff778fe84530461af0f5f83af99e20d69f943ccf4e8db6e77976f51fa2ad5f61d8eda6618e18fd56e8c26213a863530e29821eb5e233ba280df264e0a94117d264efe3698862613d2e253e57d1543ec694da9f8b84d04d1ea444cc7942745034c6411f1fc505a357a0ae6bc89c7f55b0b75e71c089f621a7a0ddc584c56e41e86135603e824061c486ccde0ede261587af0530a7d865770f26ae50cbdfbeb959eb2cf82c933f48a6fb8902498916f6ee4d83218219ebe9f3e69aa3c49352fc682197c1a60742f1e950167d860bed2cda67a678608f098ea65a35ddd25190a457908bbfc9b25f194bf04d3801c8a3542fb2aa1d96342ebd855e99fb93d12e128a8208bbe51dbf34424a581ed76397bc66cd8ff3a8965d0f39eebc232b362af8e121d5719d6775d59e80b423a12dfafbe25400bb2041a1324cdca62203b301e64b074c808f7c6c095384ff97dd09fca06b605d93d242f41aebb53d416ff7206bae2ee7f0bcb99d85ca072c9565d11792a55578d79e16fea8121fbf83c47c17c7b8536bec0e06adb608ff38d048059a6257e9d091766fef60e55c50b76353564454257a0adcfbbc265806329edf200fd15e0f8db82490ac81e442d45bf4aec05c2f78649e89e8a8a2762de9e7ab225452cb976174d7daabff1d1ce4364370bd5ff768c5fa6755ced1b3dbcaf93cc9e55dd7e8f0d4a74cf6580e02b32617da08305f870ee10c488c9f1c93b3c32b4bb116b00fd2edef3418425dde81876bd7d291b5eced0b519d937cf1806378e983e2fad046295f94395127b59bd39ea5fd08a00e1cd2990f4d68830412a30f3252dd5de0588a794889b42f497c5b237685c1249fe3f046d903880e0ae1ae773a0d17f60a426ab63f496f85ff41fc4c381231786b92fcd965b6135491d481d32b28d025f13b7121cf42c1d6c4fa6419798a1c6dc746cc3a19d8d12c8e0a9aa889b8921dd82fc5068eac49dacb9cd2ace1547044979f2fac7d2933042193ad9cf8740371148de92428800a4f4254f26ead19633db300f89ff6183b6f86e9faf3146985450efd996dd2cccdddf7622b96d9fb833e4803e01c67e6959c549804fdaf2dd1f77de2a890fbf7328086b63677567e471a3848d079f432250193745b07925804acf95c654e9a5a2c3ad6265e36c97928398a5b06f312f3539d1702d4d46749513753b93a69ce3d0bede29e0e36e1616467e0e9146f9708bef779a19b32860d4227f12fd798dc3612c1fdc605d9ad6505f918dfb3081db41e0e05b3649d79320e13cc6b4e1d1b07e9603137f684862d0e1b2d3dbc019d3b4c155ac3924123762a88ce24da9e7c0ef3bce2cc4b099fa923404bc02081bf2c3213e1f732377df8e715991076cdc27cd24623e01671190f3bbcc47f7af82bd536124f7b243b74477bba2784926f0fe57921ccd7a15d466aadda6a890776688ef325e42a000bb6e8cce14ed5bc05ac146879de28f3f9ab708a006fe2813179a49aa8ad6f9ee19aabd113b299bca854a032421d77aa9e7850b8fc15bf56cca4692cdf15a1209a00aed700217a2fad40094c62a0ca29ecaf6f7ab1bf629a46b25bdd278095613a8293771576b2d603a4af4a1cd5fb29060a589ff714df3a28356fb30342603eee5d905fd540423f48416fdbd4aad852099b82d31c309f055e6a848aee73d54729d6648bef73b8b6048b526b9592b6e708c7e59aca6bbe6bb3a2051dfe9e90438617b7a02d83b6765fca2fb13254dd436b4aaf7152a895eadc84d6d1631aa4b34299ea352cf836a0493bedacfb0db3949ec691b54201f3beac48e012082b677f2b16d887860a2f909523b168bec2b6d6e160272c63807d823a2fe018890d8cc5ec6daee19e8e5907a9b184f4ddfda0de4bfafde88414aa39b2c18f0fb82c186abf07fe96c7f9af2c2999714724424037f99583ed1f0302979794d5a5a1faa4c8d81a8066f89368f3963ee5db63ddb70db8b8caadaf5d472ccb36c9b1dd903003bc5f0e059853792ed58262a98a2aa196076886c9e9314635513c950df3d77eadb953edb926d56b09d39c75726c8d810c288a3bcc6bd887274d0d4949e5372de86d15090d8cfa435647eab4c61ac5a36af1eb1db1b80d36be9414e93db7e6b87bbd9d58c33ebef7b206e36e37039b11293a70a8056369b4373e84870207bf9ff5b714f1198367db923bba3c9df4d577711fd53919d3462ab04fc256c549b5f4ee54da473cc674f74b45b601263c6a24fddefca86ba61e0851337fe897435822dc539376b80f09a61a49983bb1dc8fce76b129b5d80050012595b78c962b4e424cede262643cf5c00844abfc4f84caee9d7349a481d5da15996c3ad98d89d37b98a76389de5f4919f0806b680ccf553bcf7b0c180a1b57a945d23faf41bf2b4a3c96b64086eb6461f4765a89f7adbe006a5c28ce9e798870b2bb2e7a9df302efbb8ebb0250421eaf8bcbfc58661fe06034f3c6b400216b356b8cb79db8097b0391c8814af3f1fb4c7fff03efbee79038c2163f7175f4ddc3551d8a6e5caad8e23bff9efb97791b20b9c290f01c94bda6a7bc9cafbc8541d28f3440d73a3b8518fd88d675679c89bd8a7b7f74881927f96039044b9ae55c5fd4cf1b886441e01d6797c831d563dcbe518d202be4a4f7edc0a2e448b9b903c8536229aa44dc430ffa8c8ab13ce330e1974946204a58e12524ac140fc6e5ba78fa3725c4855c108fda0b222b430f2ee2be4bf12fb68b2ab2c793a44c0ef30983ccb2107b2039e7bffad779a3df04ca84d3de4386d383ff6244d11aa4608aeefcf8884b002af25186d984dd8ec632e17b07f0a00ade7baa0fa7745969b2ad8a4a7bc195ae36f650e41d9301cc4d539a9a0beeee6127e2aa120bfa4f4a342438309ebb9511e395663ef11604f9974b5fe797f193fcdbe92be40bc63b6a676f01436dc70cdad554c1a614bdc5aa3bb6c9981a79e906f2ffdef00ae8a5882e74d348519e65bc2b6ed2a2b6fe91c78958dc0e65b73d538b00530a58d73fce953f1814fdd6142233a344eda4d593fecb209595030d9ec79f1954b42ecfc6a385820de03059a00b6a004dd07afff451d53add05bdb1394c00ef810e6dd6b38dd1611780153e3488730ead06065a095d5c189a23cc64eec157b0085e70248d52a33005f0198a6bdab222c64c4f27347ee0564af641a4849a85f4e0eff923285e64a1477be842ca2e93b1f643b60bfe37c8fbc77bcbe729a27d8b32205f2aac0ce7a5fde06d4a9d3020522de6a9c23ad53699862ca6f8448cbea196d09b19e4a27220bc11a3c66b30efded8e773c7c88bad851e8d0e6a1f72fab6b5f599db71c6cba7ec3425d116a1106e0370b98b33987a29c05348558e23a4bca695b8f66f07bb671c322cef269afd64e28f0af6d2d748b05fd2d78dc631b6f049ebaa41854f840df324ca43e5d9032432513c05452d400e40975cb0cd282591f9ad097e4a8f373199b1d5d9399d8de10de8a6360889f1ad20690d356a182d6bfb6da9eaa2c2165fe1ed86f50e329e9bbf02ebfbd6c935d4119c3960abb5329347ebf96336fa649ace452e66680af79683bafa1b4e6c6d938306c7d97180b9bd64bed75b570d2bd27e942ddb624adc654a2cf7d9cd8b10b129d0bfb0d170b420b472b8c3669b5f24957eb5f2f96f7e10276f5578a8abd5549cc30243d049ab9aed805bcd307a3938d09a4fa41855694a9ad2899ba7be1a6641f72214323e84bb800f6b08d668bdb25a5e0edd6671b80afa98acbdef07531b4fb323bfec02842949ee554561394649f3cc99e4689c8578975da96febc0064da60d9db34ad7d8e1153c3ae28d74a213569135c26cf997f833b0ac9b46d4e81340ff69132cc59ee1eb65bfe6049dc80ac21d3f21589dbb7158a0433ce96ee3abf5e4fa25bdae4cf24feed2b19e5b4b43b442f5da6c15b58064c2eaeeb50c3441a08bf667b269f978a5f191aea91fcd85139945fb62e48e67c46a18e0b9b325c5f64af81b9dbafae4c3bb50842c71bc16a2435b2a8b83927b6c049aec4147f1aa1bd623398c7f635fff20927ed60d4c1dcf8505cc7264fba2dda48b5905f87601b39c81794696e09b6af9fc35a88e641847ae41c0455390b2a129d1a6dd0d0143df0157536925124fdb96b2906062280f2df27a8ff0dbe05c10bdb51ed00fbf65d70237b95662523a6e30381a", ["", "", ""]}, 0x1010}, 0x1, 0x0, 0x0, 0x40000045}, 0x4090)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000001200)={'batadv_slave_1\x00'})

10:23:30 executing program 2:
syz_emit_vhci(0x0, 0x3b)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x501000, 0x0)
write$tcp_mem(r0, &(0x7f0000000080)={0xfffffffffffffff8, 0x20, 0xfffffffffffffff9, 0x20, 0x1f}, 0x48)
syz_emit_vhci(&(0x7f0000000100)=@HCI_SCODATA_PKT={0x3, {0xc9, 0xc3}, "b39b277c3a48501ca22e0cbac33002131b1c1c677894b66f303685df990e7d0f1c9cb1055aa54fb9c8c270cce586cd0c93f13f2e9d9d273a6d4dc81bd5e4b78c9b609a4bcc70c137f5e27051747ba8bb6500e814c21398edbc689fa0e56a95a1688ff6259bd4c12b78f58a55d7b5a210718632f635a15a89a980665280e36e64dee729725272b1f7bdab1e85f2a307132356ec8ddffe93d30d88a76f7a8d7c8c54a6e6579752288d4b8319049f18de19bda60b6146924fddb98551164f8729378183ab"}, 0xc7)

10:23:30 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x10001, 0x1, @perf_config_ext={0x39, 0xc589}, 0x2, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:30 executing program 0:
syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x3b)

10:23:30 executing program 3:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
r2 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r2, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r2, @ANYBLOB="0f0514cfc9ffb48df29a7b5d6e3e2c068bb903f371addaf34225bc435677b60fc6ebab98cbf3229cb22d12698fd229e727ec9deb92c2b27560f8c794506d", @ANYBLOB="74eebe1ed3abcfa283f832538c1d2a0e0ff1fffaf7ea2f223256720108f083c4d4109e10e793107faab6faa9aff9ffb5327573505b944e237ad40d6df35e4e61356ac9af5139a7a217453220a3adacb69c2fa0d19d00e9c37571f51a66c1e6cb4b22ed45a29a6388b20e5b005ba7916d3db8551167298b1a8b1a513bf52805346924f817bb32accb8b942801ce9ec73ddcb41ad4306b3661663ee1d97d72a07b5408a79a7511d4696278eb47da1e80f88f5ece0000000000000000000000000000003fc0f367cf877feeb6d366c2e92face742eb5e848832a7df6ac3ea829990208f65395d6f22d456d35d3e8fe2d0633a3f835db73fdc0302e315a28c3db9a5fe12a6a5b57b484db5f3ef8269f8ec08ee5d9b3b209f2ce6ae55972b5159c402d804518d7f5414b8b880c114dcc21bd13888d2b42b3191c9fcc429ce8095f95c6bed31e267339265e5aef6d0e4a358454582e4c52a4d5db1b1b2"], 0x3b)

10:23:30 executing program 5:
r0 = socket(0x2, 0xa, 0x4)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
sendmsg$BATADV_CMD_GET_ORIGINATORS(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x24, 0x0, 0x100, 0x70bd29, 0x25dfdbff, {}, [@BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x9}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x7f}]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20040)
ioctl$BTRFS_IOC_DEV_INFO(r1, 0xd000941e, &(0x7f00000001c0)={0x0, "d73a4b8e92365ab1785c2ca8f980b2d4"})

10:23:30 executing program 4:
socketpair(0xf, 0x5, 0x5, &(0x7f0000000000))

10:23:31 executing program 2:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_DQBUF(r0, 0x4020940d, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "40c15b9d"}, 0x0, 0x0, @planes=0x0})
syz_emit_vhci(0x0, 0x3b)

10:23:31 executing program 0:
syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x3b)

10:23:31 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10001, 0x1, @perf_config_ext={0x39, 0xc589}, 0x2, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:31 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
ioctl$SIOCGIFHWADDR(0xffffffffffffffff, 0x8927, &(0x7f0000000140)={'veth1_virt_wifi\x00'})
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)
sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000180)={&(0x7f0000000080)={0x1c, 0x0, 0x20, 0x70bd26, 0x25dfdbfc, {}, [@BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x54010}, 0x4040040)

10:23:31 executing program 3:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
r2 = openat$incfs(r1, &(0x7f0000000040)='.log\x00', 0x200200, 0x18)
clock_gettime(0x2, 0x0)
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r3)
r4 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000100), r2)
sendmsg$SEG6_CMD_DUMPHMAC(r3, &(0x7f0000000200)={&(0x7f00000000c0), 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x1c, r4, 0x8, 0x70bd2a, 0x25dfdbfd, {}, [@SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x6}]}, 0x1c}}, 0x20004885)
openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r5)
ioctl$SNAPSHOT_FREE(r5, 0x3305)

10:23:31 executing program 4:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
socketpair(0x25, 0x800, 0x2, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r3, 0x1}, 0x14}}, 0x0)
r4 = socket(0x10, 0x80000, 0x1)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r6, 0x1}, 0x14}}, 0x0)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r4, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x440200}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x24, r6, 0x100, 0x70bd2a, 0x25dfdbfd, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_HARD_IFINDEX={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x8001)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r1, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40080000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x24, r3, 0x100, 0x70bd27, 0x25dfdbff, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x2}, @BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x2000000c)
openat$incfs(r0, &(0x7f0000000040)='.log\x00', 0x4400, 0x88)
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000))

10:23:31 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x39, 0xc589}, 0x2, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:31 executing program 0:
syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x3b)

10:23:31 executing program 2:
syz_emit_vhci(0x0, 0x3b)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000000)=[0x2, 0x4], 0x2, 0x800, 0x0, <r0=>0xffffffffffffffff})
ioctl$SNAPSHOT_FREE(r0, 0x3305)

10:23:31 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x21d)
ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000140)={'hsr0\x00'})
ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(0xffffffffffffffff, 0x80083314, &(0x7f0000000040))
ioctl$SNAPSHOT_SET_SWAP_AREA(0xffffffffffffffff, 0x400c330d, &(0x7f0000000080)={0x6, 0x4})
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:23:32 executing program 4:
sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000127bd7000ffdbdf250300000014000400ffffffff0000010059000000060000000800020000000000b3207eb58b30bccf05a3f51cad7f84dbc813a38f214d35ed61bf692d29d6a32cc110438eabaf24d03f216c3874501ad160a074b5ab76508d729022de8afa7eeec8b9ab7326fc3eb73704419a02d0cce578e262f4cdb1bb6b9de12f13ca8638e87b6faa60c6bb0fe47063f0868e0023cda0ccf752419baf726c8c6373bc2400ad9ee3fa320b5c9c26ca6aa7c269f96db5d5d6692354e5319cbb24e05e126e260f1724cbb68c73dd03f51fd979f3dfb01e15586c8a14"], 0x30}}, 0x20000040)
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000280)={&(0x7f0000000140)=[0xff, 0x1, 0xff, 0x1, 0x80000001, 0x200], 0x6, 0x0, 0x0, <r1=>0xffffffffffffffff})
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r2)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r4)
sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r4, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x5c, r3, 0x100, 0x70bd25, 0x25dfdbfb, {}, [@BATADV_ATTR_THROUGHPUT_OVERRIDE={0xfffffffffffffd93, 0x3b, 0x7f}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x4}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x4}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1d}}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x917}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa}, @BATADV_ATTR_HARD_IFINDEX={0x8}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20000080}, 0x24004004)
sendmsg$GTP_CMD_GETPDP(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x34, 0x0, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@GTPA_NET_NS_FD={0x8, 0x7, r1}, @GTPA_NET_NS_FD={0x8, 0x7, r2}, @GTPA_NET_NS_FD={0x8}, @GTPA_I_TEI={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x800}, 0x0)

10:23:32 executing program 3:
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRES16, @ANYRES64=0x0], 0x3b)
ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000040))

10:23:32 executing program 0:
syz_emit_vhci(0x0, 0x3b)

10:23:32 executing program 2:
syz_emit_vhci(0x0, 0x15)
r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x200000000003, 0x2200)
ioctl$BTRFS_IOC_SCRUB(r0, 0xc400941b, &(0x7f0000000040)={<r1=>0x0, 0x0, 0x2, 0x1})
syz_emit_vhci(&(0x7f0000000c80)=@HCI_SCODATA_PKT={0x3, {0xc9, 0xf9}, "2e29493d34a08ede936c260c8ac58e0a8c15cddc21a8759e462272c66c3a281a2bee1c8f498f23d65be274b56d5992e9e9cba8b9fbc03cc578844765600ae0baff86b932d646eb7b77740a5d966c2ee51bb017173868bc4521d2ee55c91195b91910f0d0000a965441d8b1886bd2dc57db734538557aaecae7f3307dcb4f261c2512fd8645d6726b2c6c296800eb69f24e52e92144b28835a2ddea947e96fa415f16d9d17edc87bca824029b34bf7c94d021fe538b28255c7aded500d294a19778b42dcdb9822fa092b0d37d8ed50d7f1755e6a55db34f7407cf383a609f21475427b4a54a3f0b6b8c12260e0dbe60e72ea83dd4c231d1638e"}, 0xfd)
r2 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r2, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r2, 0x84009422, &(0x7f0000000d80)={0x0, 0x0, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {}, {0x0, @struct}})
ioctl$BTRFS_IOC_GET_DEV_STATS(r0, 0xc4089434, &(0x7f0000000440)={<r3=>0x0, 0x4, 0x1, [0x5, 0x1, 0x8, 0x3, 0x101], [0x7fff, 0x81, 0x3, 0x1, 0x8, 0x1ff, 0xfff, 0xecba, 0x0, 0x8, 0x0, 0x2914, 0xff, 0x7, 0x5, 0x6, 0x8, 0x1, 0x3246e5d4, 0xffff, 0xf, 0x5, 0x8, 0x38, 0x100, 0x7ff, 0x401, 0x10000, 0x1, 0x401, 0x6, 0xdd, 0x1ff, 0x0, 0x1ff, 0x0, 0x7, 0x9, 0x77a, 0x80000000, 0x10000, 0xee53, 0x3, 0x9, 0x1, 0x10001, 0x7fffffff, 0x9, 0x413, 0x0, 0xffffffffffffff00, 0x1, 0x1b8, 0x6, 0x6, 0x3, 0x2, 0x3ed, 0x800, 0x4, 0x3, 0x800, 0x5f, 0x7, 0x7fff, 0x100000001, 0x6, 0x0, 0x4f7d, 0x0, 0xfff8000000000000, 0x8, 0x7, 0x7f8, 0xb3, 0x2, 0x2, 0x0, 0x7ff, 0x9, 0x8, 0x6, 0x3, 0x2, 0x3ba, 0xffff, 0x7fff, 0x6, 0xfff, 0x7, 0x7, 0x2, 0x9, 0x9, 0x3, 0xec, 0xa2, 0x7, 0x1, 0xe3, 0x1, 0x20, 0x5, 0x8, 0x2, 0x5, 0x3f, 0x7, 0x1, 0x5, 0xab8, 0x8b05, 0xbc, 0x4d, 0x2503, 0x3, 0x9, 0x8, 0x1a, 0x100000000, 0xf0]})
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000880)={0x2dc8f3ff73bc64da, 0x5, {0x8d3, @struct={0xa6a8}, r1, 0xffffffff, 0xfffffffffffffe00, 0x8000, 0x100000001, 0x0, 0x422, @struct={0x3, 0x8}, 0x9, 0x8, [0x1ff, 0x80000001, 0x40, 0x4, 0x6, 0x7f]}, {0x401, @usage=0x7, r3, 0x8, 0xffff, 0xfffffffffffffc01, 0x2, 0x1, 0x4cd, @usage=0x1, 0x2, 0x8, [0xccd, 0x6, 0x9, 0x4, 0x7f, 0x3]}, {0x401, @struct={0x200, 0x6}, 0x0, 0x8, 0x6, 0x6, 0x1, 0x0, 0x412, @usage=0xffffffff, 0xff, 0xfa, [0xc6, 0x101, 0x0, 0xf73, 0x4, 0x5]}, {0x3, 0xdf, 0x6b}})

10:23:32 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x39, 0xc589}, 0x2, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:32 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$RDMA_NLDEV_CMD_SYS_SET(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x88000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000140)={0x54, 0x1407, 0x20, 0x70bd25, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}, @RDMA_NLDEV_ATTR_DEV_DIM={0x5, 0x54, 0x1}, @RDMA_NLDEV_ATTR_DEV_DIM={0x5, 0x54, 0x1}, @RDMA_NLDEV_ATTR_DEV_DIM={0x5, 0x54, 0x1}, @RDMA_NLDEV_ATTR_DEV_DIM={0x5, 0x54, 0x1}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}]}, 0x54}, 0x1, 0x0, 0x0, 0x10}, 0x24000861)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000200), r1)

10:23:32 executing program 3:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
r2 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r2, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
r3 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r3, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYRES32, @ANYRESOCT=r1, @ANYRESOCT, @ANYRESOCT, @ANYRESOCT=r2, @ANYRES32=r0, @ANYRES16=r3], 0xffffffcf)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$SEG6_CMD_DUMPHMAC(r4, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r5, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x14}, 0x48845)

10:23:32 executing program 4:
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
ioctl$sock_bt_bnep_BNEPCONNADD(r0, 0x400442c8, &(0x7f0000000040)={r0, 0x9, 0xe6e, "75c64829a706cd26f3a121d35529d28d6fe0e4d2587f08c8f6014b2ba8202b17b509fd9f00f14e388245a38c2188624b0242dbdf045ae33b3e60e2937b28a4da8c18c5985166f3e6e2c4f1f10e71c5e4071a841371739d8a673b"})

10:23:32 executing program 0:
syz_emit_vhci(0x0, 0x3b)

10:23:32 executing program 2:
syz_emit_vhci(0x0, 0x3b)
r0 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000000)='.log\x00', 0x400, 0x8)
ioctl$SNAPSHOT_FREE_SWAP_PAGES(r0, 0x3309)
mknodat$loop(r0, &(0x7f0000000040)='./file0\x00', 0x200, 0x1)

10:23:32 executing program 5:
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
sendmsg$AUDIT_GET_FEATURE(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x10, 0x3fb, 0x4, 0x70bd29, 0x25dfdbfd, "", ["", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000000}, 0x4040004)
r1 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r1, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:23:32 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xc589}, 0x2, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:33 executing program 0:
syz_emit_vhci(0x0, 0x3b)

10:23:33 executing program 3:
pipe2$9p(&(0x7f0000000200), 0x874ad7cfeff8c665)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYRESOCT], 0x3b)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
syz_genetlink_get_family_id$gtp(&(0x7f0000000100), r0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
ioctl$TUNSETIFINDEX(r1, 0x400454da, &(0x7f0000000000))
linkat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', r1, &(0x7f00000000c0)='./file0\x00', 0x1000)
ioctl$TUNSETGROUP(r1, 0x400454ce, 0xffffffffffffffff)
r2 = syz_open_dev$sndpcmp(&(0x7f0000000140), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_FREE(r2, 0x4112, 0x0)

10:23:33 executing program 4:
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$BATADV_CMD_GET_DAT_CACHE(r1, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000240)={&(0x7f00000003c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00042cbd7000fbdbdf250d00000005002a000100000005003700010000000a000900abbbbbbbbbbb0000a1bd533757a7193b8a771c641b8fcf09f0e6bda481c78dc5389c434a124037e10caeedf4111f615d25c630ed4dca6d5b4e4c77df850ce295473aa9936ee9ca4a5656e626770351082075fdd411e378f68f11a337e49aec60075db909a0e5aecdd2c55b3cc901885fd644b3"], 0x30}, 0x1, 0x0, 0x0, 0x200000c0}, 0x4)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f0000000500)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x34, 0x0, 0x10, 0x70bd2a, 0x25dfdbfe, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0xb01}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}]}, 0x34}}, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x80000001, 0x9, 0x5, 0xa1, 0xaea0, 0x291], 0x6, 0x0, 0x0, <r2=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000000580)={&(0x7f0000000540)=[0x2, 0xf8, 0x8, 0x0, 0x4], 0x5, 0x400, 0x0, <r3=>0xffffffffffffffff})
sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r3, &(0x7f0000000680)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x1c, 0x0, 0x410, 0x70bd25, 0x25dfdbfb, {}, [@BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x24008084)
r4 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_GET_FEATURE(r4, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x10, 0x3fb, 0x1, 0x70bd2b, 0x25dfdbfd, "", ["", "", "", "", "", "", "", "", ""]}, 0xa}, 0x1, 0x0, 0x0, 0x801}, 0x40801)
sendmsg$AUDIT_GET(r2, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x10, 0x3e8, 0x200, 0x70bd26, 0x25dfdbfd, "", ["", "", "", "", ""]}, 0x10}}, 0x8000)

10:23:33 executing program 2:
syz_emit_vhci(0x0, 0xb)

10:23:33 executing program 5:
r0 = socket(0x2, 0x80019, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)
r1 = openat$incfs(0xffffffffffffffff, &(0x7f0000000040)='.pending_reads\x00', 0x20000, 0x180)
sendmsg$BATADV_CMD_TP_METER(r1, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x3c, 0x0, 0x4, 0x70bd2b, 0x25dfdbfb, {}, [@BATADV_ATTR_VLANID={0x6}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x6}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x3}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x984f}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x5}]}, 0x3c}}, 0x40890)
mmap$usbmon(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000008, 0x2010, 0xffffffffffffffff, 0x1)

10:23:33 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:33 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
r2 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r2, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r2, @ANYBLOB="0f0514cfc9ffb48df29a7b5d6e3e2c068bb903f371addaf34225bc435677b60fc6ebab98cbf3229cb22d12698fd229e727ec9deb92c2b27560f8c794506d", @ANYBLOB="74eebe1ed3abcfa283f832538c1d2a0e0ff1fffaf7ea2f223256720108f083c4d4109e10e793107faab6faa9aff9ffb5327573505b944e237ad40d6df35e4e61356ac9af5139a7a217453220a3adacb69c2fa0d19d00e9c37571f51a66c1e6cb4b22ed45a29a6388b20e5b005ba7916d3db8551167298b1a8b1a513bf52805346924f817bb32accb8b942801ce9ec73ddcb41ad4306b3661663ee1d97d72a07b5408a79a7511d4696278eb47da1e80f88f5ece0000000000000000000000000000003fc0f367cf877feeb6d366c2e92face742eb5e848832a7df6ac3ea829990208f65395d6f22d456d35d3e8fe2d0633a3f835db73fdc0302e315a28c3db9a5fe12a6a5b57b484db5f3ef8269f8ec08ee5d9b3b209f2ce6ae55972b5159c402d804518d7f5414b8b880c114dcc21bd13888d2b42b3191c9fcc429ce8095f95c6bed31e267339265e5aef6d0e4a358454582e4c52a4d5db1b1b2"], 0x3b)

10:23:33 executing program 3:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
ioctl$vim2m_VIDIOC_PREPARE_BUF(0xffffffffffffffff, 0xc058565d, &(0x7f0000000040)={0x2, 0x1, 0x4, 0x800, 0xff, {0x0, 0x2710}, {0x4, 0x0, 0xe1, 0x1, 0x81, 0x40, "0100"}, 0x0, 0x2, @planes=&(0x7f0000000000)={0x5, 0x4, @fd=r0, 0x3}})
r2 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r2, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {<r3=>0x0}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYRES16=r1, @ANYRESDEC=r2, @ANYRESOCT=r3, @ANYRES16], 0x3b)

10:23:33 executing program 2:
socketpair(0xa, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, 0x0, 0x300, 0x70bd2d, 0x25dfdbfc, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x6}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000)

10:23:33 executing program 4:
socketpair(0x28, 0x3, 0x0, &(0x7f0000000000))
socket$inet6(0xa, 0x800, 0x0)

10:23:34 executing program 5:
r0 = socket(0x2, 0xa, 0x80000000)
r1 = socket(0xb, 0xa, 0x4)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r1, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0}, 0x2}, 0x0)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r2)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r4, 0x1}, 0x14}}, 0x0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000280)={'batadv0\x00', <r6=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r7=>0x0})
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000340)={'ip6gre0\x00', &(0x7f00000002c0)={'syztnl1\x00', r6, 0x4, 0x90, 0xff, 0x3, 0x5f, @local, @mcast2, 0x7800, 0x7, 0x1, 0xffffffff}})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f00000003c0)={&(0x7f0000000380)=[0x3, 0x0, 0x192], 0x3, 0x0, 0x0, <r8=>0xffffffffffffffff})
r9 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000440), 0x300, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000004c0)={r8, &(0x7f0000000400)="b8d1f28df13959", &(0x7f0000000480)=@udp=r9, 0x4}, 0x20)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r2, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="04002abd7000fbdbdf250d00000008002b008100000008000300048e8a2772b2dfb671580adb6fdc37da0d90ac0428143f9b290d7a0f8561d1173c902e74e7f1ff45ea0d759719aabb9600c731c34199cdedc3e49fd5c5c34fdafa173e055415f0a3008689e8713f72f0cf20855cb34b8d9df48226dc3dd19fcf311778659968fd8f82d05b77935837c5a68850525fc9b40d18", @ANYRES32=r7, @ANYBLOB="05002a00010000000800320088000000050035000500000005002e0000000000"], 0x44}, 0x1, 0x0, 0x0, 0x40}, 0x894)

10:23:34 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x1, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:34 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
r2 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r2, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r2, @ANYBLOB="0f0514cfc9ffb48df29a7b5d6e3e2c068bb903f371addaf34225bc435677b60fc6ebab98cbf3229cb22d12698fd229e727ec9deb92c2b27560f8c794506d", @ANYBLOB="74eebe1ed3abcfa283f832538c1d2a0e0ff1fffaf7ea2f223256720108f083c4d4109e10e793107faab6faa9aff9ffb5327573505b944e237ad40d6df35e4e61356ac9af5139a7a217453220a3adacb69c2fa0d19d00e9c37571f51a66c1e6cb4b22ed45a29a6388b20e5b005ba7916d3db8551167298b1a8b1a513bf52805346924f817bb32accb8b942801ce9ec73ddcb41ad4306b3661663ee1d97d72a07b5408a79a7511d4696278eb47da1e80f88f5ece0000000000000000000000000000003fc0f367cf877feeb6d366c2e92face742eb5e848832a7df6ac3ea829990208f65395d6f22d456d35d3e8fe2d0633a3f835db73fdc0302e315a28c3db9a5fe12a6a5b57b484db5f3ef8269f8ec08ee5d9b3b209f2ce6ae55972b5159c402d804518d7f5414b8b880c114dcc21bd13888d2b42b3191c9fcc429ce8095f95c6bed31e267339265e5aef6d0e4a358454582e4c52a4d5db1b1b2"], 0x3b)

10:23:34 executing program 2:
socketpair(0xa, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, 0x0, 0x300, 0x70bd2d, 0x25dfdbfc, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x6}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000)

10:23:34 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000), 0x2)

10:23:34 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
socketpair(0x21, 0x3, 0xb0, &(0x7f0000000040))
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:23:34 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x61ec, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:34 executing program 4:
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x6, 0x2, 0x9, 0x5, 0x4, 0xfffffffb, 0x5e48, 0x4], 0x8, 0x800, 0x0, <r0=>0xffffffffffffffff})
ioctl$SNDRV_PCM_IOCTL_HW_PARAMS_OLD(r0, 0xc1004111, &(0x7f00000000c0)={0x1, [0x1, 0xb17e, 0xbe998e2b], [{0x9, 0xfffffff8, 0x1, 0x1, 0x1, 0x1}, {0x6c8, 0x9, 0x0, 0x1, 0x0, 0x1}, {0xe3, 0x9, 0x1, 0x1, 0x1, 0x1}, {0xffffc000, 0x3, 0x0, 0x1, 0x1}, {0xffffffff, 0xfffffffb, 0x0, 0x1, 0x1, 0x1}, {0xfff, 0x9, 0x0, 0x1, 0x1}, {0x7, 0x1, 0x1, 0x0, 0x1, 0x1}, {0x40000000, 0xcb, 0x1, 0x1}, {0x8000, 0x9, 0x1, 0x1, 0x1, 0x1}, {0x6, 0x5, 0x1, 0x1, 0x0, 0x1}, {0x3a9, 0x1d, 0x1, 0x0, 0x1}, {0x3, 0x0, 0x0, 0x1, 0x1}], 0x52e15500})
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000200)={<r2=>0x0, 0x34, 0xfff, 0x1})
ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f0000000600)={r2, 0x80000000, 0x80})
ioctl$MON_IOCX_MFETCH(r1, 0xc0109207, &(0x7f0000000a40)={&(0x7f0000000a00)=[0x0, 0x0, 0x0], 0x3, 0xfffffffa})
socketpair(0x11, 0x3, 0x0, &(0x7f0000000000))

10:23:34 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
r2 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r2, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r2, @ANYBLOB="0f0514cfc9ffb48df29a7b5d6e3e2c068bb903f371addaf34225bc435677b60fc6ebab98cbf3229cb22d12698fd229e727ec9deb92c2b27560f8c794506d", @ANYBLOB="74eebe1ed3abcfa283f832538c1d2a0e0ff1fffaf7ea2f223256720108f083c4d4109e10e793107faab6faa9aff9ffb5327573505b944e237ad40d6df35e4e61356ac9af5139a7a217453220a3adacb69c2fa0d19d00e9c37571f51a66c1e6cb4b22ed45a29a6388b20e5b005ba7916d3db8551167298b1a8b1a513bf52805346924f817bb32accb8b942801ce9ec73ddcb41ad4306b3661663ee1d97d72a07b5408a79a7511d4696278eb47da1e80f88f5ece0000000000000000000000000000003fc0f367cf877feeb6d366c2e92face742eb5e848832a7df6ac3ea829990208f65395d6f22d456d35d3e8fe2d0633a3f835db73fdc0302e315a28c3db9a5fe12a6a5b57b484db5f3ef8269f8ec08ee5d9b3b209f2ce6ae55972b5159c402d804518d7f5414b8b880c114dcc21bd13888d2b42b3191c9fcc429ce8095f95c6bed31e267339265e5aef6d0e4a358454582e4c52a4d5db1b1b2"], 0x3b)

10:23:34 executing program 3:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x40, 0x176)
syz_emit_vhci(&(0x7f00000000c0)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2)
renameat2(r0, &(0x7f0000000040)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)

10:23:34 executing program 2:
socketpair(0xa, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, 0x0, 0x300, 0x70bd2d, 0x25dfdbfc, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x6}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000)

10:23:35 executing program 5:
shmctl$IPC_RMID(0xffffffffffffffff, 0x0)
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:23:35 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x4, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:35 executing program 4:
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000))
ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0)

10:23:35 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
r2 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r2, @ANYBLOB="0f0514cfc9ffb48df29a7b5d6e3e2c068bb903f371addaf34225bc435677b60fc6ebab98cbf3229cb22d12698fd229e727ec9deb92c2b27560f8c794506d", @ANYBLOB="74eebe1ed3abcfa283f832538c1d2a0e0ff1fffaf7ea2f223256720108f083c4d4109e10e793107faab6faa9aff9ffb5327573505b944e237ad40d6df35e4e61356ac9af5139a7a217453220a3adacb69c2fa0d19d00e9c37571f51a66c1e6cb4b22ed45a29a6388b20e5b005ba7916d3db8551167298b1a8b1a513bf52805346924f817bb32accb8b942801ce9ec73ddcb41ad4306b3661663ee1d97d72a07b5408a79a7511d4696278eb47da1e80f88f5ece0000000000000000000000000000003fc0f367cf877feeb6d366c2e92face742eb5e848832a7df6ac3ea829990208f65395d6f22d456d35d3e8fe2d0633a3f835db73fdc0302e315a28c3db9a5fe12a6a5b57b484db5f3ef8269f8ec08ee5d9b3b209f2ce6ae55972b5159c402d804518d7f5414b8b880c114dcc21bd13888d2b42b3191c9fcc429ce8095f95c6bed31e267339265e5aef6d0e4a358454582e4c52a4d5db1b1b2"], 0x3b)

10:23:35 executing program 2:
socketpair(0xa, 0x5, 0x0, &(0x7f0000000000))

10:23:35 executing program 3:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="e591fd5d7cb18480a03e7a855a9ba24f384cc917af47bdf1fb708aba070000000000000049c21e8d7f12963c6aed71b3958b817941f29fdbbb2ce30bcf20667206738059", @ANYRESHEX=r0], 0x3b)

10:23:35 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:35 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16, @ANYBLOB="0f0514cfc9ffb48df29a7b5d6e3e2c068bb903f371addaf34225bc435677b60fc6ebab98cbf3229cb22d12698fd229e727ec9deb92c2b27560f8c794506d", @ANYBLOB="74eebe1ed3abcfa283f832538c1d2a0e0ff1fffaf7ea2f223256720108f083c4d4109e10e793107faab6faa9aff9ffb5327573505b944e237ad40d6df35e4e61356ac9af5139a7a217453220a3adacb69c2fa0d19d00e9c37571f51a66c1e6cb4b22ed45a29a6388b20e5b005ba7916d3db8551167298b1a8b1a513bf52805346924f817bb32accb8b942801ce9ec73ddcb41ad4306b3661663ee1d97d72a07b5408a79a7511d4696278eb47da1e80f88f5ece0000000000000000000000000000003fc0f367cf877feeb6d366c2e92face742eb5e848832a7df6ac3ea829990208f65395d6f22d456d35d3e8fe2d0633a3f835db73fdc0302e315a28c3db9a5fe12a6a5b57b484db5f3ef8269f8ec08ee5d9b3b209f2ce6ae55972b5159c402d804518d7f5414b8b880c114dcc21bd13888d2b42b3191c9fcc429ce8095f95c6bed31e267339265e5aef6d0e4a358454582e4c52a4d5db1b1b2"], 0x3b)

10:23:35 executing program 5:
bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x1, 0x5, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfff}, [@map={0x18, 0x9}]}, &(0x7f0000000080)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0x7, 0x1}, 0x8, 0x10, &(0x7f0000000180)={0x3, 0x5, 0x47c345c8, 0x9}, 0x10}, 0x78)
r0 = socket(0x2, 0xa, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x12, 0xd, &(0x7f0000000240)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x9}, [@ldst={0x3, 0x2, 0x1, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, @map={0x18, 0x7, 0x1, 0x0, r1}, @exit, @map={0x18, 0x4, 0x1, 0x0, 0x1}, @func={0x85, 0x0, 0x1, 0x0, 0xffffffffffffffff}, @map_val={0x18, 0xa, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2}, @jmp={0x5, 0x0, 0x0, 0x3, 0x7, 0x40, 0xfffffffffffffff0}]}, &(0x7f00000002c0)='syzkaller\x00', 0x9, 0x0, 0x0, 0x41100, 0x19, '\x00', 0x0, 0x5, 0xffffffffffffffff, 0x8, &(0x7f0000000300)={0xa, 0x2}, 0x8, 0x10, &(0x7f0000000340)={0x4, 0x0, 0x4, 0x3}, 0x10}, 0x78)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:23:35 executing program 4:
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000))
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r0, 0x28, 0x0, &(0x7f0000000000), 0x8)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00'})

10:23:35 executing program 2:
socketpair(0x0, 0x5, 0x0, &(0x7f0000000000))

10:23:36 executing program 3:
syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x3b)
syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT, 0x2)
socket$bt_bnep(0x1f, 0x3, 0x4)

10:23:36 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16, @ANYBLOB="0f0514cfc9ffb48df29a7b5d6e3e2c068bb903f371addaf34225bc435677b60fc6ebab98cbf3229cb22d12698fd229e727ec9deb92c2b27560f8c794506d", @ANYBLOB="74eebe1ed3abcfa283f832538c1d2a0e0ff1fffaf7ea2f223256720108f083c4d4109e10e793107faab6faa9aff9ffb5327573505b944e237ad40d6df35e4e61356ac9af5139a7a217453220a3adacb69c2fa0d19d00e9c37571f51a66c1e6cb4b22ed45a29a6388b20e5b005ba7916d3db8551167298b1a8b1a513bf52805346924f817bb32accb8b942801ce9ec73ddcb41ad4306b3661663ee1d97d72a07b5408a79a7511d4696278eb47da1e80f88f5ece0000000000000000000000000000003fc0f367cf877feeb6d366c2e92face742eb5e848832a7df6ac3ea829990208f65395d6f22d456d35d3e8fe2d0633a3f835db73fdc0302e315a28c3db9a5fe12a6a5b57b484db5f3ef8269f8ec08ee5d9b3b209f2ce6ae55972b5159c402d804518d7f5414b8b880c114dcc21bd13888d2b42b3191c9fcc429ce8095f95c6bed31e267339265e5aef6d0e4a358454582e4c52a4d5db1b1b2"], 0x3b)

10:23:36 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:36 executing program 5:
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket(0x2, 0xa, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
sendmsg$SEG6_CMD_DUMPHMAC(r1, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYBLOB="7b06892ec73b9bf3ccadbca00032f7e77a0a912eb24f0000000000000000e9701aac4e275ddafbc89649ba9727e635d93c3e25b37a74d3acedee8060a74ddc8cb08638d45501b770fd6c3c5a0dfb175b2a3935a442e059a249deccd20b3477c718d5e0e67871345f5b1b74a8bcc5921fcf20ffe98aa31fb5739d0b4f82ca8f079dfa906ac0cd94476b1a49589fdea63194f7448a4c2dc397d14f6f9a41e04e83da71561da6ce715f770479ca67b53c", @ANYRES64=r1, @ANYBLOB="020026bd7000fedbdf250200000018000400090000007f0900000300000004000000060000000c00a84c99f724445312000008000200ff7f000008000200020000000800020009000000140001000000000000000000000800020009000000"], 0x6c}, 0x1, 0x0, 0x0, 0x20004000}, 0x4008840)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r2)
sendmsg$AUDIT_GET(r2, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x10, 0x3e8, 0x300, 0x70bd2a, 0x25dfdbff, "", ["", "", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x8}, 0x4000000)
ioctl$SNAPSHOT_FREE(r1, 0x3305)

10:23:36 executing program 4:
perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x830, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x180c5}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x11, 0x2, 0xc49, 0x5, 0x402, 0x1, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2}, 0x40)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r0, &(0x7f0000000100)="7f6e5f007421b2b78b5b567e60139e30e624fd054486480a503f9ea3e32e8988c8b72651a5d80dc17592a538ef467586fc76e990434b276553164faa1f9c671a45c1fd8a2d3674c7cb4703d31fb86b8b0bde5fc8e99ae797656ffaf2c8dc0b24840ce2a30aaaabb9ce56e4dbb867dec2", &(0x7f0000000180)=@udp=r1, 0x1}, 0x20)
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000))

10:23:36 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16, @ANYBLOB="0f0514cfc9ffb48df29a7b5d6e3e2c068bb903f371addaf34225bc435677b60fc6ebab98cbf3229cb22d12698fd229e727ec9deb92c2b27560f8c794506d", @ANYBLOB="74eebe1ed3abcfa283f832538c1d2a0e0ff1fffaf7ea2f223256720108f083c4d4109e10e793107faab6faa9aff9ffb5327573505b944e237ad40d6df35e4e61356ac9af5139a7a217453220a3adacb69c2fa0d19d00e9c37571f51a66c1e6cb4b22ed45a29a6388b20e5b005ba7916d3db8551167298b1a8b1a513bf52805346924f817bb32accb8b942801ce9ec73ddcb41ad4306b3661663ee1d97d72a07b5408a79a7511d4696278eb47da1e80f88f5ece0000000000000000000000000000003fc0f367cf877feeb6d366c2e92face742eb5e848832a7df6ac3ea829990208f65395d6f22d456d35d3e8fe2d0633a3f835db73fdc0302e315a28c3db9a5fe12a6a5b57b484db5f3ef8269f8ec08ee5d9b3b209f2ce6ae55972b5159c402d804518d7f5414b8b880c114dcc21bd13888d2b42b3191c9fcc429ce8095f95c6bed31e267339265e5aef6d0e4a358454582e4c52a4d5db1b1b2"], 0x3b)

10:23:36 executing program 2:
socketpair(0x0, 0x5, 0x0, &(0x7f0000000000))

10:23:36 executing program 3:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r0, 0x84009422, &(0x7f0000000c00)={0x0, 0x0, {0x0, @usage, <r2=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct}})
ioctl$BTRFS_IOC_BALANCE_V2(r1, 0xc4009420, &(0x7f0000001000)={0x8, 0x3, {0xffffffffffffffff, @usage=0x1, 0x0, 0x9, 0x0, 0x7, 0xffff, 0x3, 0x404, @struct={0x7fff, 0x1}, 0x5, 0x492313f6, [0x3f, 0x7, 0x8, 0x0, 0x100, 0x9b]}, {0xffffffffffffffff, @struct={0x7f, 0x4b1d}, 0x0, 0x80000001, 0x101, 0xfffffffffffffc01, 0x51e2, 0x9, 0x420, @struct={0x1, 0x400000}, 0xffffff5c, 0x1000, [0x5, 0x61e, 0x1, 0x2, 0x4a8ccd64, 0x28]}, {0x7, @struct={0x7, 0x9}, r2, 0x7, 0x3f, 0x1, 0x9, 0x8000, 0x85, @usage=0xfffffffffffffff7, 0x1, 0x1, [0x80000000, 0x6, 0x1, 0x5487d32d, 0x1000]}, {0x4, 0x7609, 0x4}})
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
mmap$snddsp_status(&(0x7f0000ffb000/0x3000)=nil, 0x1000, 0x100000a, 0x810, r0, 0x82000000)
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)

10:23:36 executing program 5:
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000080)={&(0x7f0000000040)='./file0\x00', 0x0, 0x10}, 0x10)
r0 = socket(0x2, 0xa, 0x0)
sendmsg$AUDIT_TRIM(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x10, 0x3f6, 0x1, 0x70bd2b, 0x25dfdbff, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000010}, 0x20000000)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:23:36 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:36 executing program 4:
sendmsg$AUDIT_USER_AVC(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x280000}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="9c0000005304000229bd7000fbdbdf0900a7b0b7b82f29ccbb5dc31f0ce4c26ccec0f42604d1064b6e8c463a8c6c7e1cd6a5dcc38bf652b883d55445bfd920f286e3b03cf689edccee73d24c48752f6a3367da5ab4e58cc2fe81a5dce26b2048a5699e8f3a45b55cefe066f4bb4036719befabf8c15d85c500364e0a193e39883ea6556232a0e210d1e91257ce0c0b8400"/156], 0x9c}, 0x1, 0x0, 0x0, 0x24004044}, 0x810)
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r2)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)={0x9440507bc2afbffb, 0x5, 0x4, 0x3, 0x140, r0, 0xef21, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x3, 0x4}, 0x40)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000440)={r3, &(0x7f0000000300)="b528a63b0fda42c48e7fc678a73249ba9c96e53b9ebbe8a8199e390ec4696b684683b88c9d8ea2728516feae97d4ba25bce6a82e16980010c2a755e35530faa6f705a6178be0f963603f94f5a8548e78717826687855338ff25769f7106a48b9296ed63ad63e6394c2436d87001c81adfbcb79c01b08af3c49242e54827ab4052f409e2dd3ae9108fd4504755b52faefb40cf7e145fe4cf68b2e4ba02463797d9ee2091234ff360aef91851b2e27bf68eb9e04936bcff6ed1a149b1b3dcf1ec7aae8c396d9437c4b56f5530fddc7c6852c3ff58aefd30919e65a00b9ebb0ef83da4c461f7b489889e81b", &(0x7f0000000400)=@udp6=r2, 0x2}, 0x20)
sendmsg$GTP_CMD_DELPDP(r1, &(0x7f0000000540)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)=ANY=[@ANYBLOB="1c000e0089692f8c3a07cecf4b20853260bc02afc3265f0d993161abc18859667f0cfb51eab421000000023dfb4ad062a5d16f7faa534a5243f01c7df4456d297fb943d10d4b671623ee8c0135d5cd26301c41c17d67c3637d11d90d060000007f4a5ae0", @ANYRES16=0x0, @ANYBLOB="000428bd7000fbdbdf250100000008000100", @ANYRES32=0x0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0xc001}, 0x4010)
ioctl$sock_bt_bnep_BNEPCONNADD(r2, 0x400442c8, &(0x7f0000000200)={r0, 0x7, 0x0, "cb4a063d6beca2869d78700c4a1c8676458ae6b663977347b4cfbd6b5e6dcac46b0f9422463edae3320d0e615da54271e17378ab8bff1d3fd5c5a79a8599450f50c2874de530e19d5609bcbe6a2b0d81e28bd33bd67b896117264c6f2c6207992d451755c629219554c1d6a295f1b90a93dd2efa28b2d578318476e604acd53837daa8b622bce254ce36fa4575a99872b7e1eee2439d816b0da2012d7749f318fd42afb94e"})
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r4, 0x28, 0x0, &(0x7f0000000000), 0x8)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f00000001c0)={'batadv_slave_0\x00'})

10:23:36 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r1, @ANYBLOB="0f0514cfc9ffb48df29a7b5d6e3e2c068bb903f371addaf34225bc435677b60fc6ebab98cbf3229cb22d12698fd229e727ec9deb92c2b27560f8c794506d", @ANYBLOB="74eebe1ed3abcfa283f832538c1d2a0e0ff1fffaf7ea2f223256720108f083c4d4109e10e793107faab6faa9aff9ffb5327573505b944e237ad40d6df35e4e61356ac9af5139a7a217453220a3adacb69c2fa0d19d00e9c37571f51a66c1e6cb4b22ed45a29a6388b20e5b005ba7916d3db8551167298b1a8b1a513bf52805346924f817bb32accb8b942801ce9ec73ddcb41ad4306b3661663ee1d97d72a07b5408a79a7511d4696278eb47da1e80f88f5ece0000000000000000000000000000003fc0f367cf877feeb6d366c2e92face742eb5e848832a7df6ac3ea829990208f65395d6f22d456d35d3e8fe2d0633a3f835db73fdc0302e315a28c3db9a5fe12a6a5b57b484db5f3ef8269f8ec08ee5d9b3b209f2ce6ae55972b5159c402d804518d7f5414b8b880c114dcc21bd13888d2b42b3191c9fcc429ce8095f95c6bed31e267339265e5aef6d0e4a358454582e4c52a4d5db1b1b2"], 0x3b)

10:23:37 executing program 3:
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x90402, 0x0)
renameat2(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', r0, &(0x7f0000000080)='./file0\x00', 0x0)
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)

10:23:37 executing program 2:
socketpair(0x0, 0x5, 0x0, &(0x7f0000000000))

10:23:37 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r1, @ANYBLOB="0f0514cfc9ffb48df29a7b5d6e3e2c068bb903f371addaf34225bc435677b60fc6ebab98cbf3229cb22d12698fd229e727ec9deb92c2b27560f8c794506d", @ANYBLOB="74eebe1ed3abcfa283f832538c1d2a0e0ff1fffaf7ea2f223256720108f083c4d4109e10e793107faab6faa9aff9ffb5327573505b944e237ad40d6df35e4e61356ac9af5139a7a217453220a3adacb69c2fa0d19d00e9c37571f51a66c1e6cb4b22ed45a29a6388b20e5b005ba7916d3db8551167298b1a8b1a513bf52805346924f817bb32accb8b942801ce9ec73ddcb41ad4306b3661663ee1d97d72a07b5408a79a7511d4696278eb47da1e80f88f5ece0000000000000000000000000000003fc0f367cf877feeb6d366c2e92face742eb5e848832a7df6ac3ea829990208f65395d6f22d456d35d3e8fe2d0633a3f835db73fdc0302e315a28c3db9a5fe12a6a5b57b484db5f3ef8269f8ec08ee5d9b3b209f2ce6ae55972b5159c402d804518d7f5414b8b880c114dcc21bd13888d2b42b3191c9fcc429ce8095f95c6bed31e267339265e5aef6d0e4a358454582e4c52a4d5db1b1b2"], 0x3b)

10:23:37 executing program 5:
r0 = socket(0x29, 0x4, 0x8000000)
sendmsg$BATADV_CMD_SET_VLAN(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000140)={&(0x7f0000000180)={0x14, 0x0, 0x1, 0x70bd29, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x20008090}, 0x4000000)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0}, 0x2}, 0x8000004)

10:23:37 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:37 executing program 4:
socketpair(0xf, 0x3, 0x800, &(0x7f0000000000))

[ 3301.092732][ T6375] Bluetooth: hci0: Received unexpected HCI Event 00000000
10:23:37 executing program 3:
write$snddsp(0xffffffffffffffff, &(0x7f00000001c0)="8a17f1faff6bd21ef9bb1122c4f5c7d99cd4878367c9a7e12cbb9aa6c3591d33ee860bd67098e34a5c4558b5326c39fee890a9a35b218dd9030ed79267361cfc04dd315625226cd79300abd44f58f170aefd6036ed06ec6006371c2565e574", 0x5f)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
r2 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$SEG6_CMD_SETHMAC(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)={0x34, r2, 0x400, 0x70bd25, 0x25dfdbff, {}, [@SEG6_ATTR_SECRET={0x18, 0x4, [0x8000, 0x10000, 0x9, 0x9, 0x1]}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x100}]}, 0x34}, 0x1, 0x0, 0x0, 0x12}, 0x1)
r3 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r3, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
sendmsg$SEG6_CMD_SETHMAC(r0, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x24, r2, 0x2, 0x70bd2a, 0x25dfdbfe, {}, [@SEG6_ATTR_DSTLEN={0x8, 0x2, 0x7c91}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0xc011}, 0x890)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000240))
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYRESHEX=r1, @ANYRES64=r3, @ANYBLOB="50f7ccc0c32bac0ac4c4602019bae5069175c4aa89522db1bb4ed567b0a6"], 0x3b)

10:23:37 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r1, @ANYBLOB="0f0514cfc9ffb48df29a7b5d6e3e2c068bb903f371addaf34225bc435677b60fc6ebab98cbf3229cb22d12698fd229e727ec9deb92c2b27560f8c794506d", @ANYBLOB="74eebe1ed3abcfa283f832538c1d2a0e0ff1fffaf7ea2f223256720108f083c4d4109e10e793107faab6faa9aff9ffb5327573505b944e237ad40d6df35e4e61356ac9af5139a7a217453220a3adacb69c2fa0d19d00e9c37571f51a66c1e6cb4b22ed45a29a6388b20e5b005ba7916d3db8551167298b1a8b1a513bf52805346924f817bb32accb8b942801ce9ec73ddcb41ad4306b3661663ee1d97d72a07b5408a79a7511d4696278eb47da1e80f88f5ece0000000000000000000000000000003fc0f367cf877feeb6d366c2e92face742eb5e848832a7df6ac3ea829990208f65395d6f22d456d35d3e8fe2d0633a3f835db73fdc0302e315a28c3db9a5fe12a6a5b57b484db5f3ef8269f8ec08ee5d9b3b209f2ce6ae55972b5159c402d804518d7f5414b8b880c114dcc21bd13888d2b42b3191c9fcc429ce8095f95c6bed31e267339265e5aef6d0e4a358454582e4c52a4d5db1b1b2"], 0x3b)

10:23:37 executing program 5:
socket(0x2, 0xa, 0x0)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0}, 0x2}, 0x40088c5)

10:23:38 executing program 4:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
ioctl$vim2m_VIDIOC_PREPARE_BUF(0xffffffffffffffff, 0xc058565d, &(0x7f0000000880)={0x20, 0x0, 0x4, 0x40, 0xfffff4e1, {}, {0x5, 0xd, 0x3, 0x2, 0x0, 0x40, "78a41833"}, 0x80, 0x3, @planes=&(0x7f0000000840)={0x7, 0xe93a, @fd=r0}, 0x1007})
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000940)={&(0x7f0000000900)=[0x40, 0x9, 0x4, 0x3, 0x9, 0x791, 0x9, 0x81, 0x4], 0x9, 0x80800})
ioctl$VIDIOC_QUERYBUF(r2, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f0000000040)={<r3=>0x0, 0x68, 0xfffffffffffffffc})
ioctl$TUNSETGROUP(r0, 0x400454ce, 0xffffffffffffffff)
ioctl$BTRFS_IOC_BALANCE_V2(r2, 0xc4009420, &(0x7f0000000440)={0x0, 0x1, {0x7fffffff, @usage=0x7fff, r3, 0x4, 0x3, 0x6, 0x5, 0x1, 0xa, @usage=0xffffffffffffffff, 0x1, 0x7, [0x2, 0x5, 0x0, 0x4, 0x7b, 0x9]}, {0x271, @usage=0xfffffffffffffffe, 0x0, 0x0, 0x8000, 0xffff, 0xffffffffffffff01, 0x100000001, 0x2, @usage=0x3, 0x3, 0x0, [0x8, 0x40, 0x3f, 0xfffffffffffffff8, 0x81, 0x3f]}, {0x590, @usage=0xb14, 0x0, 0x2b47, 0x20, 0x3, 0x3, 0x1a3, 0x400, @usage=0x40, 0x3, 0x7f, [0x324c0981, 0x8, 0x2, 0x2, 0x5, 0x1]}, {0x4, 0x0, 0xfffffffffffff000}})

10:23:38 executing program 2:
socketpair(0xa, 0x0, 0x0, &(0x7f0000000000))

10:23:38 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x5, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

[ 3301.668275][ T6375] Bluetooth: hci0: Received unexpected HCI Event 00000000
10:23:38 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0}, 0x2}, 0x40000)

10:23:38 executing program 3:
perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x830, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x180c5}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x11, 0x2, 0xc49, 0x5, 0x402, 0x1, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2}, 0x40)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r0, &(0x7f0000000100)="7f6e5f007421b2b78b5b567e60139e30e624fd054486480a503f9ea3e32e8988c8b72651a5d80dc17592a538ef467586fc76e990434b276553164faa1f9c671a45c1fd8a2d3674c7cb4703d31fb86b8b0bde5fc8e99ae797656ffaf2c8dc0b24840ce2a30aaaabb9ce56e4dbb867dec2", &(0x7f0000000180)=@udp=r1, 0x1}, 0x20)
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000))

10:23:38 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r1, @ANYBLOB="0f0514cfc9ffb48df29a7b5d6e3e2c068bb903f371addaf34225bc435677b60fc6ebab98cbf3229cb22d12698fd229e727ec9deb92c2b27560f8c794506d", @ANYBLOB="74eebe1ed3abcfa283f832538c1d2a0e0ff1fffaf7ea2f223256720108f083c4d4109e10e793107faab6faa9aff9ffb5327573505b944e237ad40d6df35e4e61356ac9af5139a7a217453220a3adacb69c2fa0d19d00e9c37571f51a66c1e6cb4b22ed45a29a6388b20e5b005ba7916d3db8551167298b1a8b1a513bf52805346924f817bb32accb8b942801ce9ec73ddcb41ad4306b3661663ee1d97d72a07b5408a79a7511d4696278eb47da1e80f88f5ece0000000000000000000000000000003fc0f367cf877feeb6d366c2e92face742eb5e848832a7df6ac3ea829990208f65395d6f22d456d35d3e8fe2d0633a3f835db73fdc0302e315a28c3db9a5fe12a6a5b57b484db5f3ef8269f8ec08ee5d9b3b209f2ce6ae55972b5159c402d804518d7f5414b8b880c114dcc21bd13888d2b42b3191c9fcc429ce8095f95c6bed31e267339265e5aef6d0e4a358454582e4c52a4d5db1b1b2"], 0x3b)

10:23:38 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:38 executing program 4:
socketpair(0x28, 0x5, 0xfffdfffc, &(0x7f0000000000))
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x7], 0x1, 0x800, 0x0, <r0=>0xffffffffffffffff})
sendmsg$AUDIT_GET(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x10, 0x3e8, 0x20, 0x70bd26, 0x25dfdbfe, "", ["", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x40000}, 0x80)

10:23:38 executing program 2:
socketpair(0xa, 0x0, 0x0, &(0x7f0000000000))

10:23:38 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000140), r0)
sendmsg$BATADV_CMD_TP_METER(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x30, r2, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @remote}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x1000}]}, 0x30}, 0x1, 0x0, 0x0, 0x40}, 0x40000)

[ 3302.337363][ T6375] Bluetooth: hci0: Received unexpected HCI Event 00000000
10:23:38 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xf, r0, 0x0)

10:23:38 executing program 3:
perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x830, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x180c5}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x11, 0x2, 0xc49, 0x5, 0x402, 0x1, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2}, 0x40)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r0, &(0x7f0000000100)="7f6e5f007421b2b78b5b567e60139e30e624fd054486480a503f9ea3e32e8988c8b72651a5d80dc17592a538ef467586fc76e990434b276553164faa1f9c671a45c1fd8a2d3674c7cb4703d31fb86b8b0bde5fc8e99ae797656ffaf2c8dc0b24840ce2a30aaaabb9ce56e4dbb867dec2", &(0x7f0000000180)=@udp=r1, 0x1}, 0x20)
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000))

10:23:39 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0, @ANYBLOB="0f0514cfc9ffb48df29a7b5d6e3e2c068bb903f371addaf34225bc435677b60fc6ebab98cbf3229cb22d12698fd229e727ec9deb92c2b27560f8c794506d", @ANYBLOB="74eebe1ed3abcfa283f832538c1d2a0e0ff1fffaf7ea2f223256720108f083c4d4109e10e793107faab6faa9aff9ffb5327573505b944e237ad40d6df35e4e61356ac9af5139a7a217453220a3adacb69c2fa0d19d00e9c37571f51a66c1e6cb4b22ed45a29a6388b20e5b005ba7916d3db8551167298b1a8b1a513bf52805346924f817bb32accb8b942801ce9ec73ddcb41ad4306b3661663ee1d97d72a07b5408a79a7511d4696278eb47da1e80f88f5ece0000000000000000000000000000003fc0f367cf877feeb6d366c2e92face742eb5e848832a7df6ac3ea829990208f65395d6f22d456d35d3e8fe2d0633a3f835db73fdc0302e315a28c3db9a5fe12a6a5b57b484db5f3ef8269f8ec08ee5d9b3b209f2ce6ae55972b5159c402d804518d7f5414b8b880c114dcc21bd13888d2b42b3191c9fcc429ce8095f95c6bed31e267339265e5aef6d0e4a358454582e4c52a4d5db1b1b2"], 0x3b)

10:23:39 executing program 5:
r0 = socket(0x23, 0xa, 0x80000003)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r3, 0x1}, 0x14}}, 0x0)
sendmsg$BATADV_CMD_GET_NEIGHBORS(r1, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000080)={&(0x7f0000000140)={0x44, r3, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@BATADV_ATTR_VLANID={0x6}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x20}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x4}]}, 0x44}, 0x1, 0x0, 0x0, 0x20000000}, 0xc001)

10:23:39 executing program 4:
socketpair(0x8, 0x5, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$gtp(&(0x7f0000000040), 0xffffffffffffffff)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f00000001c0)=@security={'security\x00', 0xe, 0x4, 0x440, 0xffffffff, 0x230, 0x230, 0x230, 0xffffffff, 0xffffffff, 0x370, 0x370, 0x370, 0xffffffff, 0x4, &(0x7f0000000180), {[{{@uncond, 0x0, 0xd8, 0x138, 0x0, {}, [@common=@srh={{0x30}, {0x73, 0x6, 0x10, 0x1, 0x2, 0x2, 0x2}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', [0xffffff00, 0x0, 0xff000000], 0x4e22, 0x4e23, 0x4e24, 0x4e22, 0xfffffffd, 0xda, 0x3, 0x4, 0x10000}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@inet=@tos={{0x28}, {0x9, 0x80}}]}, @common=@unspec=@NFQUEUE0={0x28, 'NFQUEUE\x00', 0x0, {0xa12d}}}, {{@ipv6={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x21}}, @empty, [0xff000000, 0x0, 0xff, 0xff000000], [0xffffffff, 0xff000000, 0xffffffff, 0xff000000], 'veth0_to_team\x00', 'veth0_to_bridge\x00', {0xff}, {}, 0x5c, 0x7, 0x4, 0x21}, 0x0, 0x108, 0x140, 0x0, {}, [@common=@srh={{0x30}, {0x87, 0x9, 0x4, 0x80, 0x1f, 0x2, 0x2004}}, @common=@frag={{0x30}, {[0xffffffc0, 0x5], 0x4, 0x4, 0x5}}]}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0x3, 0x4, 0x6}, {0x4, 0x4, 0x3}, {0x3, 0x3, 0x6}, 0xe2, 0xffffffc0}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4a0)
sendmsg$GTP_CMD_DELPDP(r2, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r3, 0x1}, 0x14}}, 0x0)
sendmsg$GTP_CMD_NEWPDP(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10800100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x40, r3, 0x4, 0x70bd2d, 0x25dfdbfd, {}, [@GTPA_FLOW={0x6, 0x6, 0x4}, @GTPA_VERSION={0x8}, @GTPA_FLOW={0x6, 0x6, 0x1}, @GTPA_TID={0xc}, @GTPA_NET_NS_FD={0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)

10:23:39 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xf, r0, 0x0)

10:23:39 executing program 2:
socketpair(0xa, 0x0, 0x0, &(0x7f0000000000))

10:23:39 executing program 3:
perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x830, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x180c5}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x11, 0x2, 0xc49, 0x5, 0x402, 0x1, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2}, 0x40)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r0, &(0x7f0000000100)="7f6e5f007421b2b78b5b567e60139e30e624fd054486480a503f9ea3e32e8988c8b72651a5d80dc17592a538ef467586fc76e990434b276553164faa1f9c671a45c1fd8a2d3674c7cb4703d31fb86b8b0bde5fc8e99ae797656ffaf2c8dc0b24840ce2a30aaaabb9ce56e4dbb867dec2", &(0x7f0000000180)=@udp=r1, 0x1}, 0x20)
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000))

10:23:39 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0, @ANYBLOB="0f0514cfc9ffb48df29a7b5d6e3e2c068bb903f371addaf34225bc435677b60fc6ebab98cbf3229cb22d12698fd229e727ec9deb92c2b27560f8c794506d", @ANYBLOB="74eebe1ed3abcfa283f832538c1d2a0e0ff1fffaf7ea2f223256720108f083c4d4109e10e793107faab6faa9aff9ffb5327573505b944e237ad40d6df35e4e61356ac9af5139a7a217453220a3adacb69c2fa0d19d00e9c37571f51a66c1e6cb4b22ed45a29a6388b20e5b005ba7916d3db8551167298b1a8b1a513bf52805346924f817bb32accb8b942801ce9ec73ddcb41ad4306b3661663ee1d97d72a07b5408a79a7511d4696278eb47da1e80f88f5ece0000000000000000000000000000003fc0f367cf877feeb6d366c2e92face742eb5e848832a7df6ac3ea829990208f65395d6f22d456d35d3e8fe2d0633a3f835db73fdc0302e315a28c3db9a5fe12a6a5b57b484db5f3ef8269f8ec08ee5d9b3b209f2ce6ae55972b5159c402d804518d7f5414b8b880c114dcc21bd13888d2b42b3191c9fcc429ce8095f95c6bed31e267339265e5aef6d0e4a358454582e4c52a4d5db1b1b2"], 0x3b)

10:23:39 executing program 4:
socketpair(0x39, 0xa, 0x0, &(0x7f0000000000))
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x800, 0x7, 0x1f, 0x5, 0x1, 0x9], 0x6, 0x80000, 0x0, <r0=>0xffffffffffffffff})
ioctl$MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f0000000b40)={&(0x7f0000000b00)=[0x0, 0x0], 0x2, 0x5})
ioctl$BTRFS_IOC_DEV_REPLACE(r0, 0xca289435, &(0x7f00000000c0)={0x0, 0x7f, @start={0x0, 0x1, "64d262d2ac4294bbd6c8dfd2cdf893e449bd454483786624d7ae9a538de4198a3a070c6149c9781f323f203329d95069f7b8978495fed611ca80e305997cb8e5dc6e4cc3e8a1b0d59413a480d570f87882829732579cfb4aed17a6daeb608a2902554870dbf42f1afc9d75315ad4ed18a7461d7d5cac8d10a7b4abde79727605111c3ee7ac6fab619679fa94221e643ad3957799fae663b6cf05b1ddf99d313b4d167fd0530d3478e98e3baf48b46281880134d2644d2eacfb0c5c496ffec20583b488de7a04f0041b82af7e0e35a35a9db9523d0f3600f247461b48fa96e7753702eb3e6aad21a17f246fe22cd3f7bb0c8c605579722cf724e7459ee2282263845edd53ab172bdbfeb2ef63c288e069d836308ec4f0c144ed9f9d353b209cc0fd7f87ba1b04fd3ffcdde22b0b5328e8e86103f954ea68ea0a0659632d0be16d5677ab2d4102ece6670f843f4b522f7af7ed68d334d90b30f1b673cb5d99e3c2237e5e4a985763db91730febb2d13464f9e043408d1ff196c1e50cf1171ef841a5d8690598c5bf55c6df53aa97f26a6f11427cc499adecb2dbce46cad370fa92be780113b09bc2091456a27cc01fa8b09eb6ca42f1922b752f924e45b8875e6d6c82554bdcebc76942bf32d9667aadce80b3741e1b73dda6aad257175d940f7832b0a88194c78119f15f8379edbc27ee5b8ee10e76bcd9c0a98bf4fcaa5a58d9b61322e2fe2c4a8ddc85f7440b85f1a0f7a65d893c8daecd0193fc42b11bf2fbde092aec62540ed01b9a4ade6b32a823467292ce31ab7892555cb28a6470037e412df495fe013f05eb0ceced0fd655da8e74971e191cb1f33ff1683b76260f944c59c01515c894e2f9d18840c4f07d2d7f68c2e1c2ff7b3b892cc69ccfcb5b6f6b05428c09053e24d5e21936cb6788f0f93c5dfe036ed78ad6a9e5ed264fd746dd5e0565664a8381c6804f1c3bcbe87d1555ab58b0abe6b021bb308ddc4a49ab05e726a63720ac2812a4c4a91aa69f05b489ffb1f86afb6e1ded9dac4cdc80beebbf9a208dc7d47320a5677a35c1cee30da94aa268f87d501ea33d7c171ff87505db5e341cab35c34fe53b3cb00ddbe1dbeae686302cd8469939ce6642ce8b74548084d88d2d92ca50b1110a78557590b4304739226347561736e3457453a7e02531b1fc7c524df8b7c53fde5e5c2b0f0ba1826d072bf863ed31abcf153239d9386cc8433544f7afa62e542bc45690e7cb7ce78406d70c82829607c46060b07bac0623dee6bf3f77186c57d1f0f7b344d06eff977771f0492a2f464641add5de67a56a9f01f0543e9a5ae9303f56c9cf344631393e717b75373a4cacb51e8e0bfb739f44af1486782331a6e25e11af428c4827b3c529b76e0d1f96dbc712e745de1d8e9777b8bfc24e7197359eb64c9100678334ce7a79b04266703aea30548d5b", "3e2a0191a7c01ffd9bbfcf962bd01d50c7482164559e2af4c40e7a47633036c371f7961a05cc1235e1f09c0b27c99ea04b6ad33d9ca7c86f9e88cda7415db1db00a47c39b59aafd1029c41036e063f28b95513f783abc1ea39b635e1232d84819952b8d5e9e476b75506d2317f95f505d0e412f943a2710646b7516ef0f5694ad915a8281ccc7473f60983f6ee3ed5558a5f5294d4cbf6bc42f476f471c404fe98b677dc55171c561c96876353ffc483bbb2e3943002965f574feb1628f45b4702d3547447bf7a109d334c0d74be5562432b4f10a4eacd76aeba801a47ced531b9044e8d50265562435002e1823c1c92064e42966b335fbe8576fd2af006cce97f52fb40309283ab06d2ad69e206676da524db234dd74efc48e46bd57e52765570737034091a47449a63142ed163e22f2d6d65b407a3795f1261ae87cbc2e92b671fdef3e30321fd316d6bdb508bff1ad47df59bdcf216c6f0fa1247decd3b5bd4ee1963dcbfe871f7159810cc09b3b5ae7298520eb84bb985e07a27b1046d823263ae62aa55ade95cbb48069f372f8cad206bbf5e0012e9c69eeaa928a03b51a7d7570a5a13a954186d048196f3320c29901a640e00e731885570bfcf1b42f9c7b3628ac2852e5ab6e737b6931078621f0f55d60b4f83db714eaff813989c3b2283a2687cfcbcbe6e61fe518947654ca3aa4d78bc976c970f182f6986ecdb1d825b8dddf155649e154f453171213f0b5bfac8337a7c3f39ca94dea9dd824b16812b9cfe54f3baac0df727f71ea6063c7e27e27e53a0f50f5781a8f34c5ffb59e7ed2fb4259fd817155ef3aeef4ef7b8a6e1cf215a533d0b2e85fac7e90d853e44d60f9c5cfcf0b286bf913e17fc1d02a4f5536e0207b3ac80725cfc4103cd25ac448d9e1e20ed2ca922eca2f04fa4b9ed06a04b0972c44c712963896451132f302a59215a0dd1148508a158b067c8f4a7bbcedab51bfde30b4d4f27ae1b75cb5fe265034985b73c385b87ef55c52013dedaaca52d338b7411085527acfc5b5277c73772a37fc27ae5f4459d37e8ed269b7417773372b8feb2e4566f168e45fd031a86a390d9ed892d967c82694a6f96d066efbddf87b4bbee00656e25cd6942deb06f0ff3f58ddc6c16a1536832e48f41d13c41e9226a69678e126fc6f3d7bf40ccb433a5a902386059622a2f68f201a72a839ae7855e5d8e1289e3b4bc38760ba12100b3defe44dedbefdcce507a2b621ff95c74aaf83997f1950f908d518e76142a5c89494c4d1094a02d5f2333fa9212f89541987fff8d58aab765da7b0cd8ccfa834e2b70f5badd04b314636be7ad25c5361371d4c20f984f8026ebc39de2c01faa9a9e8df4f8a35e1c3162d0233ef83573bc953f3d1db28238f4c34853768d3c56fada1ce7305a0ef45fdb890972e2879573b5688819d09d6d3d723a95fe"}, [0x200, 0x6, 0x100, 0x2, 0x4, 0x101, 0x6, 0x15, 0x14c, 0x1, 0x9, 0x5, 0x0, 0xffffffffffffffff, 0x7, 0x180000000000, 0x7, 0x7ff, 0x3, 0x8, 0x0, 0x8, 0x1, 0x1ff, 0x8, 0x3f, 0x1ff, 0xe61, 0x8, 0x2b4, 0x4, 0x1124, 0xff, 0x3f, 0x3e16, 0x1ff, 0x1, 0x2c, 0x7, 0x4, 0x4, 0x864, 0x9, 0x3, 0x8, 0xfffffffffffffffe, 0x1, 0x0, 0x1, 0x3, 0xb22b, 0x6, 0x100, 0x5, 0x6, 0x6, 0x5, 0x2, 0x1, 0x5, 0x5c2, 0x6, 0x1, 0x24a6]})
socket$inet6_tcp(0xa, 0x1, 0x0)

10:23:39 executing program 5:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
ioctl$TUNGETFEATURES(r0, 0x800454cf, &(0x7f0000000080))
r1 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r1, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)
socketpair(0x2a, 0xa, 0xc97d, &(0x7f0000000040))

10:23:40 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x0, r0, 0x0)

[ 3303.534499][ T6375] Bluetooth: hci0: Received unexpected HCI Event 00000000
10:23:40 executing program 3:
perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x830, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x180c5}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x11, 0x2, 0xc49, 0x5, 0x402, 0x1, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2}, 0x40)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r0, &(0x7f0000000100)="7f6e5f007421b2b78b5b567e60139e30e624fd054486480a503f9ea3e32e8988c8b72651a5d80dc17592a538ef467586fc76e990434b276553164faa1f9c671a45c1fd8a2d3674c7cb4703d31fb86b8b0bde5fc8e99ae797656ffaf2c8dc0b24840ce2a30aaaabb9ce56e4dbb867dec2", &(0x7f0000000180)=@udp=r1, 0x1}, 0x20)

10:23:40 executing program 2:
socketpair(0xa, 0x5, 0x0, 0x0)

10:23:40 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0, @ANYBLOB="0f0514cfc9ffb48df29a7b5d6e3e2c068bb903f371addaf34225bc435677b60fc6ebab98cbf3229cb22d12698fd229e727ec9deb92c2b27560f8c794506d", @ANYBLOB="74eebe1ed3abcfa283f832538c1d2a0e0ff1fffaf7ea2f223256720108f083c4d4109e10e793107faab6faa9aff9ffb5327573505b944e237ad40d6df35e4e61356ac9af5139a7a217453220a3adacb69c2fa0d19d00e9c37571f51a66c1e6cb4b22ed45a29a6388b20e5b005ba7916d3db8551167298b1a8b1a513bf52805346924f817bb32accb8b942801ce9ec73ddcb41ad4306b3661663ee1d97d72a07b5408a79a7511d4696278eb47da1e80f88f5ece0000000000000000000000000000003fc0f367cf877feeb6d366c2e92face742eb5e848832a7df6ac3ea829990208f65395d6f22d456d35d3e8fe2d0633a3f835db73fdc0302e315a28c3db9a5fe12a6a5b57b484db5f3ef8269f8ec08ee5d9b3b209f2ce6ae55972b5159c402d804518d7f5414b8b880c114dcc21bd13888d2b42b3191c9fcc429ce8095f95c6bed31e267339265e5aef6d0e4a358454582e4c52a4d5db1b1b2"], 0x3b)

10:23:40 executing program 4:
socketpair(0xb, 0x800, 0x0, &(0x7f0000000000))

10:23:40 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0}, 0x2, 0x0, 0x0, 0x4004}, 0x0)
sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="02002dbd7000ffdbdf250400000005003800010000000a0009000180c20000030000f1161991f611bf426ae4c5e9271958d7952a0b453b5abdeefcafe8468f20398df82701137abb734909d9289e110e82ce2f1f6c7b0592872498312efc392e265ef8d650687326f56351eeb60e01da40d584de85992e9d1d25b59f6aefc64fad09194c5b0c405697561bd9d4b8164c3eef4c8f25478b583345374a0a79b3d6dd88b5d34f4794f4a672627330e2800060dbb1edf6697b0590af17ddeb256f1f5341fa7415c913d9d75a429d4356c313f5535b091a20876a7f"], 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x4000800)

[ 3304.032329][ T6375] Bluetooth: hci0: SCO packet for unknown connection handle 3840
10:23:40 executing program 1:
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0)

10:23:40 executing program 2:
socketpair(0xa, 0x5, 0x0, 0x0)

10:23:40 executing program 3:
perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x830, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x180c5}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x11, 0x2, 0xc49, 0x5, 0x402, 0x1, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2}, 0x40)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)

10:23:40 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0, @ANYBLOB="0f0514cfc9ffb48df29a7b5d6e3e2c068bb903f371addaf34225bc435677b60fc6ebab98cbf3229cb22d12698fd229e727ec9deb92c2b27560f8c794506d", @ANYBLOB="74eebe1ed3abcfa283f832538c1d2a0e0ff1fffaf7ea2f223256720108f083c4d4109e10e793107faab6faa9aff9ffb5327573505b944e237ad40d6df35e4e61356ac9af5139a7a217453220a3adacb69c2fa0d19d00e9c37571f51a66c1e6cb4b22ed45a29a6388b20e5b005ba7916d3db8551167298b1a8b1a513bf52805346924f817bb32accb8b942801ce9ec73ddcb41ad4306b3661663ee1d97d72a07b5408a79a7511d4696278eb47da1e80f88f5ece0000000000000000000000000000003fc0f367cf877feeb6d366c2e92face742eb5e848832a7df6ac3ea829990208f65395d6f22d456d35d3e8fe2d0633a3f835db73fdc0302e315a28c3db9a5fe12a6a5b57b484db5f3ef8269f8ec08ee5d9b3b209f2ce6ae55972b5159c402d804518d7f5414b8b880c114dcc21bd13888d2b42b3191c9fcc429ce8095f95c6bed31e267339265e5aef6d0e4a358454582e4c52a4d5db1b1b2"], 0x3b)

10:23:40 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)
sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, 0xfffffffffffffffe}, 0x20000040)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
r2 = syz_genetlink_get_family_id$gtp(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$GTP_CMD_NEWPDP(r1, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x60, r2, 0x0, 0x70bd27, 0x25dfdbfd, {}, [@GTPA_LINK={0x8}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_O_TEI={0x8}, @GTPA_I_TEI={0x8}, @GTPA_FLOW={0x6, 0x6, 0x4}, @GTPA_I_TEI={0x8, 0x8, 0x4}, @GTPA_MS_ADDRESS={0x8, 0x5, @multicast2}, @GTPA_PEER_ADDRESS={0x8, 0x4, @multicast1}]}, 0x60}, 0x1, 0x0, 0x0, 0x40}, 0x40)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
sendmsg$BATADV_CMD_GET_NEIGHBORS(r3, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x54, 0x0, 0x100, 0x70bd2d, 0x25dfdbfd, {}, [@BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x2}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x3}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0xfffffff7}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x6}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x2}]}, 0x54}, 0x1, 0x0, 0x0, 0x22040814}, 0x8000)

10:23:40 executing program 4:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
openat$incfs(r0, &(0x7f00000000c0)='.log\x00', 0x202001, 0x5)
renameat2(r0, &(0x7f0000000040)='./file1\x00', r0, &(0x7f0000000080)='./file0\x00', 0x2)
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000))

10:23:41 executing program 1:
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0)

10:23:41 executing program 3:
perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x830, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x180c5}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x11, 0x2, 0xc49, 0x5, 0x402, 0x1, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2}, 0x40)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)

10:23:41 executing program 2:
socketpair(0xa, 0x5, 0x0, 0x0)

[ 3304.671733][ T6375] Bluetooth: hci0: Received unexpected HCI Event 00000000
10:23:41 executing program 0:
syz_open_dev$vivid(0x0, 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0, @ANYBLOB="0f0514cfc9ffb48df29a7b5d6e3e2c068bb903f371addaf34225bc435677b60fc6ebab98cbf3229cb22d12698fd229e727ec9deb92c2b27560f8c794506d", @ANYBLOB="74eebe1ed3abcfa283f832538c1d2a0e0ff1fffaf7ea2f223256720108f083c4d4109e10e793107faab6faa9aff9ffb5327573505b944e237ad40d6df35e4e61356ac9af5139a7a217453220a3adacb69c2fa0d19d00e9c37571f51a66c1e6cb4b22ed45a29a6388b20e5b005ba7916d3db8551167298b1a8b1a513bf52805346924f817bb32accb8b942801ce9ec73ddcb41ad4306b3661663ee1d97d72a07b5408a79a7511d4696278eb47da1e80f88f5ece0000000000000000000000000000003fc0f367cf877feeb6d366c2e92face742eb5e848832a7df6ac3ea829990208f65395d6f22d456d35d3e8fe2d0633a3f835db73fdc0302e315a28c3db9a5fe12a6a5b57b484db5f3ef8269f8ec08ee5d9b3b209f2ce6ae55972b5159c402d804518d7f5414b8b880c114dcc21bd13888d2b42b3191c9fcc429ce8095f95c6bed31e267339265e5aef6d0e4a358454582e4c52a4d5db1b1b2"], 0x3b)

10:23:41 executing program 5:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000000c0)={0x0}, 0x2}, 0x0)

[ 3305.039873][ T6375] Bluetooth: hci0: Received unexpected HCI Event 00000000
10:23:41 executing program 4:
r0 = memfd_create(&(0x7f0000000040)='-%*[#-:-\x00', 0x1)
ioctl$BTRFS_IOC_GET_DEV_STATS(r0, 0xc4089434, &(0x7f0000000080)={0x0, 0x29, 0x0, [0x808000000, 0x6, 0x0, 0x80000001, 0x81], [0x5, 0x3, 0x4, 0xffff, 0x9, 0x10001, 0x1, 0x2, 0x100000000, 0x5, 0x7f, 0x4, 0x2, 0x80000000, 0x8001, 0x100000005, 0x101, 0x2, 0x7, 0x40, 0x1, 0x100000001, 0x3, 0x29a, 0x7fffffff, 0x8, 0x5, 0x6, 0x9, 0x4, 0x3f, 0x40, 0x8, 0x6, 0xfff, 0x9, 0x3, 0x5, 0x4, 0x100, 0x7, 0x8, 0x2, 0x1, 0x81, 0xffffffffffffff80, 0x4, 0x8ece, 0x1, 0xe4, 0xd3f, 0x0, 0xfc9, 0x7d19, 0x3ff, 0x1, 0x3, 0x5ec, 0x8001, 0x80000000, 0x5, 0x200, 0x5, 0xfffffffffffffff6, 0x80, 0xf4fe, 0x6, 0x6, 0x2621, 0x8d, 0xff, 0x7ffb, 0x80000001, 0xd3, 0x80000001, 0xff, 0x8, 0x1, 0xca, 0x4, 0x9, 0x7f, 0x9, 0x1, 0x3, 0x1ff, 0x6, 0x81, 0x1, 0xfffffffffffffeff, 0x4, 0x3, 0x80000001, 0x1ff, 0xf07e, 0x67, 0x7fff, 0xe867, 0xb75, 0xcd, 0x9, 0x5, 0x1, 0x1, 0x2, 0x210, 0x8e, 0x4, 0xffffffffffff8000, 0x800, 0x5, 0x1, 0x80, 0xfffffffffffffff7, 0x5, 0x4, 0x10000, 0x5, 0x29e7, 0x6, 0x3]})
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000))

10:23:41 executing program 1:
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0)

10:23:41 executing program 3:
perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x830, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x180c5}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x11, 0x2, 0xc49, 0x5, 0x402, 0x1, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2}, 0x40)

10:23:41 executing program 0:
syz_open_dev$vivid(0x0, 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0, @ANYBLOB="0f0514cfc9ffb48df29a7b5d6e3e2c068bb903f371addaf34225bc435677b60fc6ebab98cbf3229cb22d12698fd229e727ec9deb92c2b27560f8c794506d", @ANYBLOB="74eebe1ed3abcfa283f832538c1d2a0e0ff1fffaf7ea2f223256720108f083c4d4109e10e793107faab6faa9aff9ffb5327573505b944e237ad40d6df35e4e61356ac9af5139a7a217453220a3adacb69c2fa0d19d00e9c37571f51a66c1e6cb4b22ed45a29a6388b20e5b005ba7916d3db8551167298b1a8b1a513bf52805346924f817bb32accb8b942801ce9ec73ddcb41ad4306b3661663ee1d97d72a07b5408a79a7511d4696278eb47da1e80f88f5ece0000000000000000000000000000003fc0f367cf877feeb6d366c2e92face742eb5e848832a7df6ac3ea829990208f65395d6f22d456d35d3e8fe2d0633a3f835db73fdc0302e315a28c3db9a5fe12a6a5b57b484db5f3ef8269f8ec08ee5d9b3b209f2ce6ae55972b5159c402d804518d7f5414b8b880c114dcc21bd13888d2b42b3191c9fcc429ce8095f95c6bed31e267339265e5aef6d0e4a358454582e4c52a4d5db1b1b2"], 0x3b)

10:23:41 executing program 2:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
openat$incfs(r0, &(0x7f00000000c0)='.log\x00', 0x202001, 0x5)
renameat2(r0, &(0x7f0000000040)='./file1\x00', r0, &(0x7f0000000080)='./file0\x00', 0x2)
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000))

10:23:41 executing program 5:
syz_emit_vhci(0x0, 0xfe55)
r0 = shmget$private(0x0, 0x4000, 0x1000, &(0x7f0000ffc000/0x4000)=nil)
shmctl$IPC_RMID(r0, 0x0)
shmctl$SHM_INFO(r0, 0xe, &(0x7f0000000000)=""/113)

10:23:42 executing program 4:
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000))
socket$inet6(0xa, 0x800, 0xdef)

[ 3305.668479][ T6375] Bluetooth: hci0: Received unexpected HCI Event 00000000
10:23:42 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x11, 0x2, 0xc49, 0x5, 0x402, 0x1, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2}, 0x40)

10:23:42 executing program 1:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1d}, {0x7, [{0xc9, 0x1}, {0xc9, 0x400}, {0xa514373a2a07f2b3, 0x1ff}, {0x0, 0x82d6}, {0xc8, 0x7}, {0xc8, 0x200}, {0xc8, 0x7}]}}}, 0x20)

10:23:42 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x8, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))

10:23:42 executing program 0:
syz_open_dev$vivid(0x0, 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0, @ANYBLOB="0f0514cfc9ffb48df29a7b5d6e3e2c068bb903f371addaf34225bc435677b60fc6ebab98cbf3229cb22d12698fd229e727ec9deb92c2b27560f8c794506d", @ANYBLOB="74eebe1ed3abcfa283f832538c1d2a0e0ff1fffaf7ea2f223256720108f083c4d4109e10e793107faab6faa9aff9ffb5327573505b944e237ad40d6df35e4e61356ac9af5139a7a217453220a3adacb69c2fa0d19d00e9c37571f51a66c1e6cb4b22ed45a29a6388b20e5b005ba7916d3db8551167298b1a8b1a513bf52805346924f817bb32accb8b942801ce9ec73ddcb41ad4306b3661663ee1d97d72a07b5408a79a7511d4696278eb47da1e80f88f5ece0000000000000000000000000000003fc0f367cf877feeb6d366c2e92face742eb5e848832a7df6ac3ea829990208f65395d6f22d456d35d3e8fe2d0633a3f835db73fdc0302e315a28c3db9a5fe12a6a5b57b484db5f3ef8269f8ec08ee5d9b3b209f2ce6ae55972b5159c402d804518d7f5414b8b880c114dcc21bd13888d2b42b3191c9fcc429ce8095f95c6bed31e267339265e5aef6d0e4a358454582e4c52a4d5db1b1b2"], 0x3b)

10:23:42 executing program 5:
syz_emit_vhci(0x0, 0xfe55)
r0 = shmget$private(0x0, 0x4000, 0x1000, &(0x7f0000ffc000/0x4000)=nil)
shmctl$IPC_RMID(r0, 0x0)
shmctl$SHM_INFO(r0, 0xe, &(0x7f0000000000)=""/113)

10:23:42 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)

10:23:42 executing program 4:
socketpair(0x1f, 0x3, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
sendmsg$GTP_CMD_GETPDP(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, 0x0, 0x4, 0x70bd26, 0x25dfdbfe, {}, [@GTPA_O_TEI={0x8, 0x9, 0x2}, @GTPA_MS_ADDRESS={0x8, 0x5, @local}]}, 0x24}, 0x1, 0x0, 0x0, 0x400d0}, 0x0)

10:23:42 executing program 1:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1d}, {0x7, [{0xc9, 0x1}, {0xc9, 0x400}, {0xa514373a2a07f2b3, 0x1ff}, {0x0, 0x82d6}, {0xc8, 0x7}, {0xc8, 0x200}, {0xc8, 0x7}]}}}, 0x20)

10:23:42 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x8, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))

[ 3306.307012][  T144] Bluetooth: hci0: Received unexpected HCI Event 00000000
10:23:42 executing program 5:
syz_emit_vhci(0x0, 0xfe55)
r0 = shmget$private(0x0, 0x4000, 0x1000, &(0x7f0000ffc000/0x4000)=nil)
shmctl$IPC_RMID(r0, 0x0)
shmctl$SHM_INFO(r0, 0xe, &(0x7f0000000000)=""/113)

10:23:43 executing program 1:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1d}, {0x7, [{0xc9, 0x1}, {0xc9, 0x400}, {0xa514373a2a07f2b3, 0x1ff}, {0x0, 0x82d6}, {0xc8, 0x7}, {0xc8, 0x200}, {0xc8, 0x7}]}}}, 0x20)

10:23:43 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(0x0, 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0, @ANYBLOB="0f0514cfc9ffb48df29a7b5d6e3e2c068bb903f371addaf34225bc435677b60fc6ebab98cbf3229cb22d12698fd229e727ec9deb92c2b27560f8c794506d", @ANYBLOB="74eebe1ed3abcfa283f832538c1d2a0e0ff1fffaf7ea2f223256720108f083c4d4109e10e793107faab6faa9aff9ffb5327573505b944e237ad40d6df35e4e61356ac9af5139a7a217453220a3adacb69c2fa0d19d00e9c37571f51a66c1e6cb4b22ed45a29a6388b20e5b005ba7916d3db8551167298b1a8b1a513bf52805346924f817bb32accb8b942801ce9ec73ddcb41ad4306b3661663ee1d97d72a07b5408a79a7511d4696278eb47da1e80f88f5ece0000000000000000000000000000003fc0f367cf877feeb6d366c2e92face742eb5e848832a7df6ac3ea829990208f65395d6f22d456d35d3e8fe2d0633a3f835db73fdc0302e315a28c3db9a5fe12a6a5b57b484db5f3ef8269f8ec08ee5d9b3b209f2ce6ae55972b5159c402d804518d7f5414b8b880c114dcc21bd13888d2b42b3191c9fcc429ce8095f95c6bed31e267339265e5aef6d0e4a358454582e4c52a4d5db1b1b2"], 0x3b)

10:23:43 executing program 4:
r0 = getgid()
fchownat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xffffffffffffffff, r0, 0x100)
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(0xffffffffffffffff, 0xc080661a, &(0x7f0000000040)={@id={0x2, 0x0, @d}})
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000))

10:23:43 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x8, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))

10:23:43 executing program 5:
syz_emit_vhci(0x0, 0xfe55)
r0 = shmget$private(0x0, 0x4000, 0x1000, &(0x7f0000ffc000/0x4000)=nil)
shmctl$IPC_RMID(r0, 0x0)

[ 3306.819410][ T6375] Bluetooth: hci0: Received unexpected HCI Event 00000000
10:23:43 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)

10:23:43 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(0x0, 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0, @ANYBLOB="0f0514cfc9ffb48df29a7b5d6e3e2c068bb903f371addaf34225bc435677b60fc6ebab98cbf3229cb22d12698fd229e727ec9deb92c2b27560f8c794506d", @ANYBLOB="74eebe1ed3abcfa283f832538c1d2a0e0ff1fffaf7ea2f223256720108f083c4d4109e10e793107faab6faa9aff9ffb5327573505b944e237ad40d6df35e4e61356ac9af5139a7a217453220a3adacb69c2fa0d19d00e9c37571f51a66c1e6cb4b22ed45a29a6388b20e5b005ba7916d3db8551167298b1a8b1a513bf52805346924f817bb32accb8b942801ce9ec73ddcb41ad4306b3661663ee1d97d72a07b5408a79a7511d4696278eb47da1e80f88f5ece0000000000000000000000000000003fc0f367cf877feeb6d366c2e92face742eb5e848832a7df6ac3ea829990208f65395d6f22d456d35d3e8fe2d0633a3f835db73fdc0302e315a28c3db9a5fe12a6a5b57b484db5f3ef8269f8ec08ee5d9b3b209f2ce6ae55972b5159c402d804518d7f5414b8b880c114dcc21bd13888d2b42b3191c9fcc429ce8095f95c6bed31e267339265e5aef6d0e4a358454582e4c52a4d5db1b1b2"], 0x3b)

10:23:43 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1d}, {0x7, [{0xc9, 0x1}, {0xc9, 0x400}, {0xa514373a2a07f2b3, 0x1ff}, {0x0, 0x82d6}, {0xc8, 0x7}, {0xc8, 0x200}, {0xc8, 0x7}]}}}, 0x20)

10:23:43 executing program 5:
syz_emit_vhci(0x0, 0xfe55)
shmctl$IPC_RMID(0x0, 0x0)

[ 3307.236517][  T144] Bluetooth: hci0: Received unexpected HCI Event 00000000
10:23:43 executing program 4:
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000))
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x200c80, 0x0)
ioctl$TUNGETDEVNETNS(r0, 0x54e3, 0x0)

10:23:43 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
shmctl$SHM_STAT_ANY(0x0, 0xf, &(0x7f0000000000))

10:23:43 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)

10:23:44 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(0x0, 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0, @ANYBLOB="0f0514cfc9ffb48df29a7b5d6e3e2c068bb903f371addaf34225bc435677b60fc6ebab98cbf3229cb22d12698fd229e727ec9deb92c2b27560f8c794506d", @ANYBLOB="74eebe1ed3abcfa283f832538c1d2a0e0ff1fffaf7ea2f223256720108f083c4d4109e10e793107faab6faa9aff9ffb5327573505b944e237ad40d6df35e4e61356ac9af5139a7a217453220a3adacb69c2fa0d19d00e9c37571f51a66c1e6cb4b22ed45a29a6388b20e5b005ba7916d3db8551167298b1a8b1a513bf52805346924f817bb32accb8b942801ce9ec73ddcb41ad4306b3661663ee1d97d72a07b5408a79a7511d4696278eb47da1e80f88f5ece0000000000000000000000000000003fc0f367cf877feeb6d366c2e92face742eb5e848832a7df6ac3ea829990208f65395d6f22d456d35d3e8fe2d0633a3f835db73fdc0302e315a28c3db9a5fe12a6a5b57b484db5f3ef8269f8ec08ee5d9b3b209f2ce6ae55972b5159c402d804518d7f5414b8b880c114dcc21bd13888d2b42b3191c9fcc429ce8095f95c6bed31e267339265e5aef6d0e4a358454582e4c52a4d5db1b1b2"], 0x3b)

10:23:44 executing program 5:
syz_emit_vhci(0x0, 0xfe55)
shmctl$IPC_RMID(0x0, 0x0)

10:23:44 executing program 1:
syz_emit_vhci(0x0, 0x0)

[ 3307.790059][ T6375] Bluetooth: hci0: Received unexpected HCI Event 00000000
10:23:44 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
shmctl$SHM_STAT_ANY(0x0, 0xf, &(0x7f0000000000))

10:23:44 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x0, 0x2, 0xc49, 0x5, 0x402, 0x1, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2}, 0x40)

10:23:44 executing program 4:
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000))
ioctl$VIDIOC_EXPBUF(0xffffffffffffffff, 0xc0405610, &(0x7f0000000040)={0x5, 0xff, 0x3, 0x800, <r0=>0xffffffffffffffff})
ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000080)={{r0}, {@val, @actul_num={@val=0x2b, 0x7fff, 0x74}}})

10:23:44 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(0x0, 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0, @ANYBLOB="0f0514cfc9ffb48df29a7b5d6e3e2c068bb903f371addaf34225bc435677b60fc6ebab98cbf3229cb22d12698fd229e727ec9deb92c2b27560f8c794506d", @ANYBLOB="74eebe1ed3abcfa283f832538c1d2a0e0ff1fffaf7ea2f223256720108f083c4d4109e10e793107faab6faa9aff9ffb5327573505b944e237ad40d6df35e4e61356ac9af5139a7a217453220a3adacb69c2fa0d19d00e9c37571f51a66c1e6cb4b22ed45a29a6388b20e5b005ba7916d3db8551167298b1a8b1a513bf52805346924f817bb32accb8b942801ce9ec73ddcb41ad4306b3661663ee1d97d72a07b5408a79a7511d4696278eb47da1e80f88f5ece0000000000000000000000000000003fc0f367cf877feeb6d366c2e92face742eb5e848832a7df6ac3ea829990208f65395d6f22d456d35d3e8fe2d0633a3f835db73fdc0302e315a28c3db9a5fe12a6a5b57b484db5f3ef8269f8ec08ee5d9b3b209f2ce6ae55972b5159c402d804518d7f5414b8b880c114dcc21bd13888d2b42b3191c9fcc429ce8095f95c6bed31e267339265e5aef6d0e4a358454582e4c52a4d5db1b1b2"], 0x3b)

10:23:44 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
shmctl$SHM_STAT_ANY(0x0, 0xf, &(0x7f0000000000))

10:23:44 executing program 5:
syz_emit_vhci(0x0, 0xfe55)
shmctl$IPC_RMID(0x0, 0x0)

10:23:44 executing program 1:
syz_emit_vhci(0x0, 0x0)

10:23:44 executing program 4:
socketpair(0x22, 0x5, 0xfffffd, &(0x7f0000000000))
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000080)=@raw={'raw\x00', 0x9, 0x3, 0x3e8, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x318, 0xffffffff, 0xffffffff, 0x318, 0xffffffff, 0x3, &(0x7f0000000040), {[{{@ipv6={@rand_addr=' \x01\x00', @private0={0xfc, 0x0, '\x00', 0x1}, [0xffffffff, 0xffffff00, 0xffffffff], [0xffffffff, 0xffffff00, 0xff, 0xff000000], 'veth0_to_bridge\x00', 'veth0_to_bond\x00', {0xff}, {0xff}, 0x16, 0x8, 0x1, 0x2a}, 0x0, 0x1e0, 0x220, 0x0, {}, [@common=@rt={{0x138}, {0x5, [0xd8, 0x1ff], 0x3, 0x10, 0x4, [@mcast1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @mcast1, @private1={0xfc, 0x1, '\x00', 0x1}, @private1, @rand_addr=' \x01\x00', @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, @private1={0xfc, 0x1, '\x00', 0x1}, @private2={0xfc, 0x2, '\x00', 0x1}, @mcast1, @private1={0xfc, 0x1, '\x00', 0x1}, @private1={0xfc, 0x1, '\x00', 0x1}, @mcast2, @mcast2, @ipv4={'\x00', '\xff\xff', @loopback}], 0xd}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00', 0x0, 0x8, {0xa790}}}}, {{@ipv6={@mcast1, @rand_addr=' \x01\x00', [0xffffff00, 0x0, 0xff, 0xff000000], [0xff, 0xffffff, 0xffffff00, 0xffffff00], 'veth0_to_team\x00', 'netpci0\x00', {0xff}, {0xff}, 0x32, 0x7, 0x4, 0x8}, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@mh={{0x28}, {"9ee5"}}]}, @common=@unspec=@AUDIT={0x28, 'AUDIT\x00', 0x0, {0x2}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x448)

10:23:44 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x0, 0x2, 0xc49, 0x5, 0x402, 0x1, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2}, 0x40)

10:23:45 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(0x0, 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0, @ANYBLOB="0f0514cfc9ffb48df29a7b5d6e3e2c068bb903f371addaf34225bc435677b60fc6ebab98cbf3229cb22d12698fd229e727ec9deb92c2b27560f8c794506d", @ANYBLOB="74eebe1ed3abcfa283f832538c1d2a0e0ff1fffaf7ea2f223256720108f083c4d4109e10e793107faab6faa9aff9ffb5327573505b944e237ad40d6df35e4e61356ac9af5139a7a217453220a3adacb69c2fa0d19d00e9c37571f51a66c1e6cb4b22ed45a29a6388b20e5b005ba7916d3db8551167298b1a8b1a513bf52805346924f817bb32accb8b942801ce9ec73ddcb41ad4306b3661663ee1d97d72a07b5408a79a7511d4696278eb47da1e80f88f5ece0000000000000000000000000000003fc0f367cf877feeb6d366c2e92face742eb5e848832a7df6ac3ea829990208f65395d6f22d456d35d3e8fe2d0633a3f835db73fdc0302e315a28c3db9a5fe12a6a5b57b484db5f3ef8269f8ec08ee5d9b3b209f2ce6ae55972b5159c402d804518d7f5414b8b880c114dcc21bd13888d2b42b3191c9fcc429ce8095f95c6bed31e267339265e5aef6d0e4a358454582e4c52a4d5db1b1b2"], 0x3b)

10:23:45 executing program 5:
r0 = shmget$private(0x0, 0x4000, 0x1000, &(0x7f0000ffc000/0x4000)=nil)
shmctl$IPC_RMID(r0, 0x0)

10:23:45 executing program 2:
r0 = shmget$private(0x0, 0x1000, 0x8, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))

10:23:45 executing program 4:
socketpair(0xf, 0xa, 0x0, &(0x7f0000000000))

10:23:45 executing program 1:
syz_emit_vhci(0x0, 0x0)

10:23:45 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x0, 0x2, 0xc49, 0x5, 0x402, 0x1, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2}, 0x40)

10:23:45 executing program 5:
r0 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ffc000/0x4000)=nil)
shmctl$IPC_RMID(r0, 0x0)

10:23:45 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(0x0, 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0, @ANYBLOB="0f0514cfc9ffb48df29a7b5d6e3e2c068bb903f371addaf34225bc435677b60fc6ebab98cbf3229cb22d12698fd229e727ec9deb92c2b27560f8c794506d", @ANYBLOB="74eebe1ed3abcfa283f832538c1d2a0e0ff1fffaf7ea2f223256720108f083c4d4109e10e793107faab6faa9aff9ffb5327573505b944e237ad40d6df35e4e61356ac9af5139a7a217453220a3adacb69c2fa0d19d00e9c37571f51a66c1e6cb4b22ed45a29a6388b20e5b005ba7916d3db8551167298b1a8b1a513bf52805346924f817bb32accb8b942801ce9ec73ddcb41ad4306b3661663ee1d97d72a07b5408a79a7511d4696278eb47da1e80f88f5ece0000000000000000000000000000003fc0f367cf877feeb6d366c2e92face742eb5e848832a7df6ac3ea829990208f65395d6f22d456d35d3e8fe2d0633a3f835db73fdc0302e315a28c3db9a5fe12a6a5b57b484db5f3ef8269f8ec08ee5d9b3b209f2ce6ae55972b5159c402d804518d7f5414b8b880c114dcc21bd13888d2b42b3191c9fcc429ce8095f95c6bed31e267339265e5aef6d0e4a358454582e4c52a4d5db1b1b2"], 0x3b)

10:23:45 executing program 2:
r0 = shmget$private(0x0, 0x1000, 0x8, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))

10:23:45 executing program 4:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
ioctl$TUNDETACHFILTER(r0, 0x401054d6, 0x0)
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000))
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0)
sendmsg$SEG6_CMD_SET_TUNSRC(r1, &(0x7f00000001c0)={&(0x7f0000000080), 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x80, 0x0, 0x8, 0x70bd2a, 0x25dfdbfe, {}, [@SEG6_ATTR_SECRET={0x14, 0x4, [0x3, 0x3ff, 0xff, 0x1bc3]}, @SEG6_ATTR_SECRET={0x4}, @SEG6_ATTR_SECRET={0x18, 0x4, [0x4, 0x101, 0x0, 0xffff, 0x80]}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x4}, @SEG6_ATTR_SECRET={0x18, 0x4, [0x2, 0x0, 0x8, 0x396a, 0x5]}, @SEG6_ATTR_SECRET={0x8, 0x4, [0xaf]}, @SEG6_ATTR_DST={0x14, 0x1, @private0={0xfc, 0x0, '\x00', 0x1}}]}, 0x80}, 0x1, 0x0, 0x0, 0x2004a041}, 0x4000000)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000240)={&(0x7f0000000200)=[0x218c], 0x1, 0x80000, 0x0, <r3=>0xffffffffffffffff})
statx(r3, &(0x7f0000000280)='./file0\x00', 0x0, 0x10, &(0x7f00000002c0))
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r2)
ioctl$TUNSETLINK(r2, 0x400454cd, 0xfcea)

10:23:45 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x19}, {0x6, [{0xc9, 0x1}, {0xc9, 0x400}, {0xa514373a2a07f2b3, 0x1ff}, {0x0, 0x82d6}, {0xc8, 0x7}, {0xc8, 0x200}]}}}, 0x1c)

10:23:45 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x11, 0x0, 0xc49, 0x5, 0x402, 0x1, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2}, 0x40)

10:23:46 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(0x0, 0x3b)

10:23:46 executing program 5:
r0 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ffc000/0x4000)=nil)
shmctl$IPC_RMID(r0, 0x0)

10:23:46 executing program 4:
ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0)
socketpair(0x5, 0x2, 0x0, &(0x7f0000000040))

10:23:46 executing program 2:
r0 = shmget$private(0x0, 0x1000, 0x8, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))

10:23:46 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x5, 0x402, 0x1, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2}, 0x40)

10:23:46 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x15}, {0x5, [{0xc9, 0x1}, {0xc9, 0x400}, {0xa514373a2a07f2b3, 0x1ff}, {0x0, 0x82d6}, {0xc8, 0x7}]}}}, 0x18)

10:23:46 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(0x0, 0x3b)

10:23:46 executing program 5:
r0 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ffc000/0x4000)=nil)
shmctl$IPC_RMID(r0, 0x0)

10:23:46 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x11}, {0x4, [{0xc9, 0x1}, {0xc9, 0x400}, {0xa514373a2a07f2b3, 0x1ff}, {0x0, 0x82d6}]}}}, 0x14)

10:23:46 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x402, 0x1, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2}, 0x40)

10:23:46 executing program 4:
socketpair(0x28, 0x80000, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r0)
ioctl$TUNSETIFINDEX(0xffffffffffffffff, 0x400454da, &(0x7f0000000080))

10:23:46 executing program 2:
syz_emit_vhci(0x0, 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x8, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))

10:23:47 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(0x0, 0x3b)

10:23:47 executing program 5:
shmget$private(0x0, 0x4000, 0x1000, &(0x7f0000ffc000/0x4000)=nil)
shmctl$IPC_RMID(0x0, 0x0)

10:23:47 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2}, 0x40)

10:23:47 executing program 4:
socketpair(0xf, 0x3, 0x1, &(0x7f0000000000))

10:23:47 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0xd}, {0x3, [{0xc9, 0x1}, {0xc9, 0x400}, {0xa514373a2a07f2b3, 0x1ff}]}}}, 0x10)

10:23:47 executing program 2:
syz_emit_vhci(0x0, 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x8, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))

10:23:47 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0, @ANYBLOB="0f0514cfc9ffb48df29a7b5d6e3e2c068bb903f371addaf34225bc435677b60fc6ebab98cbf3229cb22d12698fd229e727ec9deb92c2b27560f8c794506d"], 0x3b)

10:23:47 executing program 5:
shmget$private(0x0, 0x4000, 0x1000, &(0x7f0000ffc000/0x4000)=nil)
shmctl$IPC_RMID(0x0, 0x0)

10:23:47 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2}, 0x40)

10:23:47 executing program 4:
ioctl$MON_IOCG_STATS(0xffffffffffffffff, 0x80089203, &(0x7f0000000040))
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000100)={'ip6gre0\x00', &(0x7f0000000080)={'sit0\x00', 0x0, 0x2f, 0x5, 0x5, 0x8, 0x65, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private0={0xfc, 0x0, '\x00', 0x1}, 0x10, 0x8000, 0x9, 0x20}})

10:23:47 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x9}, {0x2, [{0xc9, 0x1}, {0xc9, 0x400}]}}}, 0xc)

10:23:48 executing program 2:
syz_emit_vhci(0x0, 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x8, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))

10:23:48 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0], 0x3b)

10:23:48 executing program 5:
shmget$private(0x0, 0x4000, 0x1000, &(0x7f0000ffc000/0x4000)=nil)
shmctl$IPC_RMID(0x0, 0x0)

10:23:48 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x40)

10:23:48 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x5}, {0x1, [{0xc9, 0x1}]}}}, 0x8)

10:23:48 executing program 4:
socketpair(0x1f, 0x804, 0x400, &(0x7f0000000000))

10:23:48 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))

10:23:48 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[], 0x3b)

10:23:48 executing program 5:
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000006c0)={&(0x7f0000000640)={0x44, 0x0, 0x100, 0x70bd2a, 0x25dfdbfe, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x8679}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0xd02c}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xffffffff}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000011}, 0x1e965eacab571b20)
syz_emit_vhci(0x0, 0xfffffffffffffdfc)
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x3, 0xff, 0x10, 0x1, 0x0, 0x9, 0x88, 0x6, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x38, 0x0, 0x1, 0x70bd28, 0x25dfdbff, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0xea}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_ORIG_ADDRESS={0xa}]}, 0x38}, 0x1, 0x0, 0x0, 0x4008895}, 0x0)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
ioctl$BTRFS_IOC_GET_DEV_STATS(r1, 0xc4089434, &(0x7f00000001c0)={0x0, 0x400, 0x1, [0x3, 0x7f, 0x4, 0x2, 0x400], [0x80000001, 0x2, 0x100000000, 0xef52, 0x0, 0x0, 0x4, 0x20, 0x80000000, 0x8, 0x9, 0x8001, 0x39, 0x9, 0x3, 0x2e, 0x2, 0x5, 0x5, 0x0, 0x887d, 0x9, 0x6, 0x7fffffff, 0xec2, 0x20, 0x7, 0x0, 0x0, 0x7fffffff, 0x4, 0x4d1, 0x1ff, 0x5, 0x77cf, 0x2, 0x2ec, 0x2, 0x7, 0x5, 0x5, 0xff, 0x1, 0x5, 0x4, 0x2, 0x10001, 0x1, 0x3f, 0x4, 0x3ff, 0x5, 0x8, 0x6, 0x4, 0x9, 0x0, 0x3, 0x5e5f8297, 0xbd, 0x6, 0x2, 0x0, 0x1, 0x3f, 0x4, 0x1, 0x2bb2, 0x8, 0x4, 0x8000, 0x10001, 0xadc2, 0xf97, 0x1ff, 0x7, 0x7fff, 0x0, 0xaaff, 0x4863, 0xc19b, 0xffffffff, 0xffff, 0x6ca2c6b1, 0x1, 0x6, 0x2, 0x6, 0x5, 0xbe74, 0x0, 0x7fff, 0x6, 0x7, 0x80000000, 0x3, 0x9, 0x12e3, 0x8, 0x0, 0x9, 0x80, 0x4, 0x7, 0x80000000, 0x600, 0xb7, 0x2, 0x61d31692, 0x100000000, 0x8, 0x101, 0x3ff, 0x9, 0x50c1, 0x1, 0x5, 0x9, 0x800, 0x3ff, 0x10001]})

10:23:48 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:23:48 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1}}}, 0x4)

10:23:49 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(0x0, 0xf, &(0x7f0000000000))

10:23:49 executing program 4:
socketpair(0x1f, 0x6, 0x1000, &(0x7f0000000040))
write$P9_RRENAMEAT(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x4b, 0x1}, 0x7)

10:23:49 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[], 0x3b)

10:23:49 executing program 5:
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000006c0)={&(0x7f0000000640)={0x44, 0x0, 0x100, 0x70bd2a, 0x25dfdbfe, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x8679}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0xd02c}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xffffffff}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000011}, 0x1e965eacab571b20)
syz_emit_vhci(0x0, 0xfffffffffffffdfc)
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x3, 0xff, 0x10, 0x1, 0x0, 0x9, 0x88, 0x6, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x38, 0x0, 0x1, 0x70bd28, 0x25dfdbff, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0xea}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_ORIG_ADDRESS={0xa}]}, 0x38}, 0x1, 0x0, 0x0, 0x4008895}, 0x0)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
ioctl$BTRFS_IOC_GET_DEV_STATS(r1, 0xc4089434, &(0x7f00000001c0)={0x0, 0x400, 0x1, [0x3, 0x7f, 0x4, 0x2, 0x400], [0x80000001, 0x2, 0x100000000, 0xef52, 0x0, 0x0, 0x4, 0x20, 0x80000000, 0x8, 0x9, 0x8001, 0x39, 0x9, 0x3, 0x2e, 0x2, 0x5, 0x5, 0x0, 0x887d, 0x9, 0x6, 0x7fffffff, 0xec2, 0x20, 0x7, 0x0, 0x0, 0x7fffffff, 0x4, 0x4d1, 0x1ff, 0x5, 0x77cf, 0x2, 0x2ec, 0x2, 0x7, 0x5, 0x5, 0xff, 0x1, 0x5, 0x4, 0x2, 0x10001, 0x1, 0x3f, 0x4, 0x3ff, 0x5, 0x8, 0x6, 0x4, 0x9, 0x0, 0x3, 0x5e5f8297, 0xbd, 0x6, 0x2, 0x0, 0x1, 0x3f, 0x4, 0x1, 0x2bb2, 0x8, 0x4, 0x8000, 0x10001, 0xadc2, 0xf97, 0x1ff, 0x7, 0x7fff, 0x0, 0xaaff, 0x4863, 0xc19b, 0xffffffff, 0xffff, 0x6ca2c6b1, 0x1, 0x6, 0x2, 0x6, 0x5, 0xbe74, 0x0, 0x7fff, 0x6, 0x7, 0x80000000, 0x3, 0x9, 0x12e3, 0x8, 0x0, 0x9, 0x80, 0x4, 0x7, 0x80000000, 0x600, 0xb7, 0x2, 0x61d31692, 0x100000000, 0x8, 0x101, 0x3ff, 0x9, 0x50c1, 0x1, 0x5, 0x9, 0x800, 0x3ff, 0x10001]})

10:23:49 executing program 3:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0x10, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:23:49 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1}}}, 0x4) (fail_nth: 1)

10:23:49 executing program 4:
socketpair(0xf, 0x3, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$BTRFS_IOC_RESIZE(r1, 0x50009403, &(0x7f0000000140)=ANY=[@ANYRES32=r0, @ANYBLOB="0b033b0a43bcfa0a35f758bf73127fbb60a39e2da09063c3aab4292608b039620a130c6d1818c3930bdb382cc9814bc958544e2990e6071381beb33e45987fe77a63d7390ec6bee1ed019a49c3dd7ee0ebace00ff4f05e6425894a0f69e6e79bd1e7fa01cd641f47e886bd3cf97feee3f531cc7a203e8877cd3b610ffa379200b2007c560d4d0706aa1a5c2005a94fdb1e6f80ef8345b3498e3435944a5c6f5566d88b06d674584d24a52d172cf4626e59865ea5a16093eb166e60bca3e7c3b05bf71b19050b30c07782eee201014e0eab3f66ac8491b0c33ee83df1bb9f850a1f49cc1844c39c4eab8604e6"])
r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0xe00, 0x0)
write$snapshot(r2, &(0x7f0000000080)="b0433889e0ca8f1b4d6c3cd8e50b832cabfd0e2e76f594", 0x17)
ioctl$BTRFS_IOC_SCRUB(r0, 0xc400941b, &(0x7f0000000240)={<r3=>0x0, 0x7, 0x6f, 0x1})
ioctl$BTRFS_IOC_DEV_INFO(r1, 0xd000941e, &(0x7f0000000640)={r3, "aae0b19597ce5a9abf584295f629ac0a"})

10:23:49 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(0x0, 0xf, &(0x7f0000000000))

10:23:49 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[], 0x3b)

10:23:49 executing program 3:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0x10, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:23:49 executing program 5:
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000006c0)={&(0x7f0000000640)={0x44, 0x0, 0x100, 0x70bd2a, 0x25dfdbfe, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x8679}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0xd02c}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xffffffff}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000011}, 0x1e965eacab571b20)
syz_emit_vhci(0x0, 0xfffffffffffffdfc)
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x3, 0xff, 0x10, 0x1, 0x0, 0x9, 0x88, 0x6, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x38, 0x0, 0x1, 0x70bd28, 0x25dfdbff, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0xea}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_ORIG_ADDRESS={0xa}]}, 0x38}, 0x1, 0x0, 0x0, 0x4008895}, 0x0)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
ioctl$BTRFS_IOC_GET_DEV_STATS(r1, 0xc4089434, &(0x7f00000001c0)={0x0, 0x400, 0x1, [0x3, 0x7f, 0x4, 0x2, 0x400], [0x80000001, 0x2, 0x100000000, 0xef52, 0x0, 0x0, 0x4, 0x20, 0x80000000, 0x8, 0x9, 0x8001, 0x39, 0x9, 0x3, 0x2e, 0x2, 0x5, 0x5, 0x0, 0x887d, 0x9, 0x6, 0x7fffffff, 0xec2, 0x20, 0x7, 0x0, 0x0, 0x7fffffff, 0x4, 0x4d1, 0x1ff, 0x5, 0x77cf, 0x2, 0x2ec, 0x2, 0x7, 0x5, 0x5, 0xff, 0x1, 0x5, 0x4, 0x2, 0x10001, 0x1, 0x3f, 0x4, 0x3ff, 0x5, 0x8, 0x6, 0x4, 0x9, 0x0, 0x3, 0x5e5f8297, 0xbd, 0x6, 0x2, 0x0, 0x1, 0x3f, 0x4, 0x1, 0x2bb2, 0x8, 0x4, 0x8000, 0x10001, 0xadc2, 0xf97, 0x1ff, 0x7, 0x7fff, 0x0, 0xaaff, 0x4863, 0xc19b, 0xffffffff, 0xffff, 0x6ca2c6b1, 0x1, 0x6, 0x2, 0x6, 0x5, 0xbe74, 0x0, 0x7fff, 0x6, 0x7, 0x80000000, 0x3, 0x9, 0x12e3, 0x8, 0x0, 0x9, 0x80, 0x4, 0x7, 0x80000000, 0x600, 0xb7, 0x2, 0x61d31692, 0x100000000, 0x8, 0x101, 0x3ff, 0x9, 0x50c1, 0x1, 0x5, 0x9, 0x800, 0x3ff, 0x10001]})

[ 3313.329969][T26094] FAULT_INJECTION: forcing a failure.
[ 3313.329969][T26094] name failslab, interval 1, probability 0, space 0, times 0
[ 3313.343364][T26094] CPU: 0 PID: 26094 Comm: syz-executor.1 Not tainted 5.15.0-rc2-syzkaller #0
[ 3313.352485][T26094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3313.363091][T26094] Call Trace:
[ 3313.366475][T26094]  dump_stack_lvl+0x1ff/0x28e
[ 3313.371310][T26094]  dump_stack+0x25/0x28
[ 3313.375601][T26094]  should_fail+0x8bc/0x9c0
[ 3313.380178][T26094]  __should_failslab+0x223/0x2b0
[ 3313.385348][T26094]  should_failslab+0x29/0x70
[ 3313.390465][T26094]  kmem_cache_alloc_node+0x106/0x1180
[ 3313.396019][T26094]  ? rcu_read_unlock_strict+0x9/0x10
[ 3313.401485][T26094]  ? aa_file_perm+0x587/0x34f0
[ 3313.406487][T26094]  ? should_fail+0x75/0x9c0
[ 3313.411205][T26094]  ? kmsan_get_metadata+0x11b/0x180
[ 3313.416558][T26094]  ? __alloc_skb+0x330/0xe40
[ 3313.421384][T26094]  ? kmsan_get_shadow_origin_ptr+0x90/0xc0
[ 3313.427474][T26094]  ? kstrtoull+0x9d6/0xa40
[ 3313.432161][T26094]  __alloc_skb+0x330/0xe40
[ 3313.436738][T26094]  vhci_write+0x182/0x8f0
[ 3313.441306][T26094]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[ 3313.447652][T26094]  ? kmsan_get_metadata+0x11b/0x180
[ 3313.452992][T26094]  ? vhci_read+0xb50/0xb50
[ 3313.457562][T26094]  vfs_write+0x1295/0x1f20
[ 3313.462182][T26094]  ksys_write+0x28c/0x520
[ 3313.466701][T26094]  __x64_sys_write+0xdb/0x120
[ 3313.471580][T26094]  do_syscall_64+0x54/0xd0
[ 3313.476137][T26094]  ? exc_page_fault+0x76/0x120
[ 3313.481145][T26094]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3313.487244][T26094] RIP: 0033:0x7fc52c88754f
[ 3313.491780][T26094] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48
[ 3313.511537][T26094] RSP: 002b:00007fc529e4a150 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 3313.520198][T26094] RAX: ffffffffffffffda RBX: 00007fc52c9d7f60 RCX: 00007fc52c88754f
[ 3313.528924][T26094] RDX: 0000000000000004 RSI: 0000000020000000 RDI: 00000000000000f1
[ 3313.537023][T26094] RBP: 00007fc529e4a1d0 R08: 0000000000000000 R09: 0000000000000000
[ 3313.545104][T26094] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 3313.553188][T26094] R13: 00007fc52cf0bb2f R14: 00007fc529e4a300 R15: 0000000000022000
10:23:50 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(0x0, 0xf, &(0x7f0000000000))

10:23:50 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16], 0x3b)

10:23:50 executing program 4:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40) (fail_nth: 1)

[ 3314.054839][T26110] FAULT_INJECTION: forcing a failure.
[ 3314.054839][T26110] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 3314.068393][T26110] CPU: 0 PID: 26110 Comm: syz-executor.4 Not tainted 5.15.0-rc2-syzkaller #0
[ 3314.077335][T26110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3314.087526][T26110] Call Trace:
[ 3314.090915][T26110]  dump_stack_lvl+0x1ff/0x28e
[ 3314.095999][T26110]  dump_stack+0x25/0x28
[ 3314.100348][T26110]  should_fail+0x8bc/0x9c0
10:23:50 executing program 5:
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000006c0)={&(0x7f0000000640)={0x44, 0x0, 0x100, 0x70bd2a, 0x25dfdbfe, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x8679}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0xd02c}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xffffffff}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000011}, 0x1e965eacab571b20)
syz_emit_vhci(0x0, 0xfffffffffffffdfc)
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x3, 0xff, 0x10, 0x1, 0x0, 0x9, 0x88, 0x6, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x38, 0x0, 0x1, 0x70bd28, 0x25dfdbff, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0xea}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_ORIG_ADDRESS={0xa}]}, 0x38}, 0x1, 0x0, 0x0, 0x4008895}, 0x0)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})

[ 3314.105058][T26110]  should_fail_usercopy+0x39/0x40
[ 3314.110256][T26110]  _copy_from_user+0x5f/0x310
[ 3314.115123][T26110]  ? kmsan_internal_set_shadow_origin+0x52/0xc0
[ 3314.121696][T26110]  __sys_bpf+0x5e3/0x1230
[ 3314.126297][T26110]  __x64_sys_bpf+0xda/0x120
[ 3314.130998][T26110]  do_syscall_64+0x54/0xd0
[ 3314.135549][T26110]  ? exc_page_fault+0x76/0x120
[ 3314.140497][T26110]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3314.146626][T26110] RIP: 0033:0x7fc8f45cea39
[ 3314.151167][T26110] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3314.170964][T26110] RSP: 002b:00007fc8f1b44188 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 3314.179532][T26110] RAX: ffffffffffffffda RBX: 00007fc8f46d1f60 RCX: 00007fc8f45cea39
[ 3314.187616][T26110] RDX: 0000000000000040 RSI: 00000000200000c0 RDI: 0000000000000000
[ 3314.195690][T26110] RBP: 00007fc8f1b441d0 R08: 0000000000000000 R09: 0000000000000000
[ 3314.203938][T26110] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3314.212012][T26110] R13: 00007fc8f4c05b2f R14: 00007fc8f1b44300 R15: 0000000000022000
10:23:50 executing program 3:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0x10, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:23:50 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, 0x0)

10:23:51 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1}}}, 0x4)

10:23:51 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16], 0x3b)

10:23:51 executing program 3:
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0x10, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:23:51 executing program 5:
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000006c0)={&(0x7f0000000640)={0x44, 0x0, 0x100, 0x70bd2a, 0x25dfdbfe, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x8679}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0xd02c}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xffffffff}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000011}, 0x1e965eacab571b20)
syz_emit_vhci(0x0, 0xfffffffffffffdfc)
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x3, 0xff, 0x10, 0x1, 0x0, 0x9, 0x88, 0x6, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x38, 0x0, 0x1, 0x70bd28, 0x25dfdbff, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0xea}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_ORIG_ADDRESS={0xa}]}, 0x38}, 0x1, 0x0, 0x0, 0x4008895}, 0x0)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)

10:23:51 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, 0x0)

10:23:51 executing program 5:
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000006c0)={&(0x7f0000000640)={0x44, 0x0, 0x100, 0x70bd2a, 0x25dfdbfe, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x8679}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0xd02c}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xffffffff}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000011}, 0x1e965eacab571b20)
syz_emit_vhci(0x0, 0xfffffffffffffdfc)
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x3, 0xff, 0x10, 0x1, 0x0, 0x9, 0x88, 0x6, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x38, 0x0, 0x1, 0x70bd28, 0x25dfdbff, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0xea}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_ORIG_ADDRESS={0xa}]}, 0x38}, 0x1, 0x0, 0x0, 0x4008895}, 0x0)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})

10:23:51 executing program 4:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40) (fail_nth: 2)

10:23:51 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, 0x0)

10:23:51 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16], 0x3b)

10:23:51 executing program 3:
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0x10, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:23:51 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x2, @hci_ev_num_comp_pkts={{0x13, 0x1}}}, 0x4)

[ 3315.295439][T26133] FAULT_INJECTION: forcing a failure.
[ 3315.295439][T26133] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 3315.309017][T26133] CPU: 0 PID: 26133 Comm: syz-executor.4 Not tainted 5.15.0-rc2-syzkaller #0
[ 3315.317959][T26133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3315.328147][T26133] Call Trace:
[ 3315.331553][T26133]  dump_stack_lvl+0x1ff/0x28e
[ 3315.336451][T26133]  dump_stack+0x25/0x28
[ 3315.340847][T26133]  should_fail+0x8bc/0x9c0
[ 3315.345446][T26133]  should_fail_usercopy+0x39/0x40
[ 3315.350876][T26133]  _copy_to_user+0x61/0x270
[ 3315.355563][T26133]  ? kmsan_get_shadow_origin_ptr+0x90/0xc0
[ 3315.361719][T26133]  simple_read_from_buffer+0x2ee/0x490
[ 3315.367567][T26133]  proc_fail_nth_read+0x320/0x3f0
[ 3315.372817][T26133]  ? proc_fault_inject_write+0x5d0/0x5d0
[ 3315.378610][T26133]  vfs_read+0x6c8/0x1980
[ 3315.383047][T26133]  ? kmsan_internal_set_shadow_origin+0x52/0xc0
[ 3315.389504][T26133]  ? kmsan_get_metadata+0x11b/0x180
10:23:51 executing program 5:
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000006c0)={&(0x7f0000000640)={0x44, 0x0, 0x100, 0x70bd2a, 0x25dfdbfe, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x8679}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0xd02c}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xffffffff}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000011}, 0x1e965eacab571b20)
syz_emit_vhci(0x0, 0xfffffffffffffdfc)
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x3, 0xff, 0x10, 0x1, 0x0, 0x9, 0x88, 0x6, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x38, 0x0, 0x1, 0x70bd28, 0x25dfdbff, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0xea}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_ORIG_ADDRESS={0xa}]}, 0x38}, 0x1, 0x0, 0x0, 0x4008895}, 0x0)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)

[ 3315.394866][T26133]  ksys_read+0x28c/0x520
[ 3315.399303][T26133]  __x64_sys_read+0xdb/0x120
[ 3315.404074][T26133]  do_syscall_64+0x54/0xd0
[ 3315.408645][T26133]  ? exc_page_fault+0x76/0x120
[ 3315.413585][T26133]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3315.419694][T26133] RIP: 0033:0x7fc8f45815ec
[ 3315.424230][T26133] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48
[ 3315.444290][T26133] RSP: 002b:00007fc8f1b44170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 3315.453033][T26133] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 00007fc8f45815ec
[ 3315.461142][T26133] RDX: 000000000000000f RSI: 00007fc8f1b441e0 RDI: 0000000000000003
[ 3315.469213][T26133] RBP: 00007fc8f1b441d0 R08: 0000000000000000 R09: 0000000000000000
[ 3315.477372][T26133] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3315.485441][T26133] R13: 00007fc8f4c05b2f R14: 00007fc8f1b44300 R15: 0000000000022000
[ 3315.568477][ T6375] Bluetooth: hci1: ACL packet for unknown connection handle 275
[ 3315.589272][ T6375] Bluetooth: hci1: ACL packet for unknown connection handle 275
10:23:52 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0], 0x3b) (fail_nth: 1)

10:23:52 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000)) (fail_nth: 1)

10:23:52 executing program 3:
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0x10, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:23:52 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x3, @hci_ev_num_comp_pkts={{0x13, 0x1}}}, 0x4)

[ 3315.985303][T26145] FAULT_INJECTION: forcing a failure.
[ 3315.985303][T26145] name failslab, interval 1, probability 0, space 0, times 0
[ 3315.998450][T26145] CPU: 0 PID: 26145 Comm: syz-executor.0 Not tainted 5.15.0-rc2-syzkaller #0
[ 3316.007473][T26145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3316.017652][T26145] Call Trace:
[ 3316.021017][T26145]  dump_stack_lvl+0x1ff/0x28e
[ 3316.025882][T26145]  dump_stack+0x25/0x28
[ 3316.030203][T26145]  should_fail+0x8bc/0x9c0
[ 3316.034787][T26145]  __should_failslab+0x223/0x2b0
[ 3316.039889][T26145]  should_failslab+0x29/0x70
[ 3316.044685][T26145]  kmem_cache_alloc_node+0x106/0x1180
[ 3316.050237][T26145]  ? rcu_read_unlock_strict+0x9/0x10
[ 3316.055704][T26145]  ? aa_file_perm+0x587/0x34f0
[ 3316.060819][T26145]  ? should_fail+0x75/0x9c0
[ 3316.065491][T26145]  ? kmsan_get_metadata+0x11b/0x180
[ 3316.070852][T26145]  ? __alloc_skb+0x330/0xe40
[ 3316.075615][T26145]  ? kmsan_get_shadow_origin_ptr+0x90/0xc0
[ 3316.078252][ T6375] Bluetooth: hci1: SCO packet for unknown connection handle 275
[ 3316.081670][T26145]  ? kstrtoull+0x9d6/0xa40
[ 3316.081828][T26145]  __alloc_skb+0x330/0xe40
[ 3316.098561][T26145]  vhci_write+0x182/0x8f0
[ 3316.103072][T26145]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[ 3316.103694][ T6375] Bluetooth: hci1: SCO packet for unknown connection handle 275
[ 3316.109525][T26145]  ? kmsan_get_metadata+0x11b/0x180
[ 3316.109646][T26145]  ? vhci_read+0xb50/0xb50
[ 3316.127001][T26145]  vfs_write+0x1295/0x1f20
[ 3316.131645][T26145]  ksys_write+0x28c/0x520
[ 3316.136189][T26145]  __x64_sys_write+0xdb/0x120
[ 3316.141071][T26145]  do_syscall_64+0x54/0xd0
[ 3316.145635][T26145]  ? exc_page_fault+0x76/0x120
[ 3316.150564][T26145]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3316.156659][T26145] RIP: 0033:0x7f830693854f
[ 3316.161297][T26145] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48
10:23:52 executing program 5:
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000006c0)={&(0x7f0000000640)={0x44, 0x0, 0x100, 0x70bd2a, 0x25dfdbfe, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x8679}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0xd02c}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xffffffff}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000011}, 0x1e965eacab571b20)
syz_emit_vhci(0x0, 0xfffffffffffffdfc)
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x3, 0xff, 0x10, 0x1, 0x0, 0x9, 0x88, 0x6, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x38, 0x0, 0x1, 0x70bd28, 0x25dfdbff, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0xea}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_ORIG_ADDRESS={0xa}]}, 0x38}, 0x1, 0x0, 0x0, 0x4008895}, 0x0)

[ 3316.181058][T26145] RSP: 002b:00007f8303efb150 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 3316.189634][T26145] RAX: ffffffffffffffda RBX: 00007f8306a88f60 RCX: 00007f830693854f
[ 3316.197741][T26145] RDX: 000000000000003b RSI: 00000000200001c0 RDI: 00000000000000f1
[ 3316.205928][T26145] RBP: 00007f8303efb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 3316.214041][T26145] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 3316.222245][T26145] R13: 00007f8306fbcb2f R14: 00007f8303efb300 R15: 0000000000022000
10:23:52 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x5, @hci_ev_num_comp_pkts={{0x13, 0x1}}}, 0x4)

[ 3316.398014][T26153] FAULT_INJECTION: forcing a failure.
[ 3316.398014][T26153] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 3316.411993][T26153] CPU: 0 PID: 26153 Comm: syz-executor.2 Not tainted 5.15.0-rc2-syzkaller #0
[ 3316.420932][T26153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3316.431371][T26153] Call Trace:
[ 3316.434734][T26153]  dump_stack_lvl+0x1ff/0x28e
[ 3316.439578][T26153]  dump_stack+0x25/0x28
[ 3316.443887][T26153]  should_fail+0x8bc/0x9c0
[ 3316.448476][T26153]  should_fail_usercopy+0x39/0x40
[ 3316.453653][T26153]  _copy_to_user+0x61/0x270
[ 3316.458355][T26153]  __se_sys_shmctl+0x678/0xdc0
[ 3316.463425][T26153]  ? ksys_write+0x47c/0x520
[ 3316.468166][T26153]  __x64_sys_shmctl+0xd8/0x110
[ 3316.473124][T26153]  do_syscall_64+0x54/0xd0
[ 3316.477705][T26153]  ? exc_page_fault+0x76/0x120
[ 3316.482636][T26153]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3316.488776][T26153] RIP: 0033:0x7fd5491e7a39
[ 3316.493314][T26153] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3316.513089][T26153] RSP: 002b:00007fd54675d188 EFLAGS: 00000246 ORIG_RAX: 000000000000001f
[ 3316.521675][T26153] RAX: ffffffffffffffda RBX: 00007fd5492eaf60 RCX: 00007fd5491e7a39
[ 3316.529791][T26153] RDX: 0000000020000000 RSI: 000000000000000f RDI: 000000000001003d
[ 3316.537972][T26153] RBP: 00007fd54675d1d0 R08: 0000000000000000 R09: 0000000000000000
[ 3316.546240][T26153] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3316.554337][T26153] R13: 00007fd54981eb2f R14: 00007fd54675d300 R15: 0000000000022000
10:23:53 executing program 4:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:23:53 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0xff, @hci_ev_num_comp_pkts={{0x13, 0x1}}}, 0x4)

10:23:53 executing program 5:
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000006c0)={&(0x7f0000000640)={0x44, 0x0, 0x100, 0x70bd2a, 0x25dfdbfe, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x8679}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0xd02c}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xffffffff}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000011}, 0x1e965eacab571b20)
syz_emit_vhci(0x0, 0xfffffffffffffdfc)
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x3, 0xff, 0x10, 0x1, 0x0, 0x9, 0x88, 0x6, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:23:53 executing program 3:
r0 = socket(0x0, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0x10, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:23:53 executing program 5:
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000006c0)={&(0x7f0000000640)={0x44, 0x0, 0x100, 0x70bd2a, 0x25dfdbfe, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x8679}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0xd02c}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xffffffff}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000011}, 0x1e965eacab571b20)
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x3, 0xff, 0x10, 0x1, 0x0, 0x9, 0x88, 0x6, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:23:53 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts}, 0x4)

10:23:53 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0], 0x3b)

10:23:53 executing program 4:
bpf$MAP_CREATE(0x2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:23:53 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000)) (fail_nth: 2)

10:23:53 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x3, 0xff, 0x10, 0x1, 0x0, 0x9, 0x88, 0x6, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:23:53 executing program 3:
r0 = socket(0x0, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0x10, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:23:54 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x2}}}, 0x4)

[ 3317.669956][T26180] FAULT_INJECTION: forcing a failure.
[ 3317.669956][T26180] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 3317.683640][T26180] CPU: 1 PID: 26180 Comm: syz-executor.2 Not tainted 5.15.0-rc2-syzkaller #0
[ 3317.692640][T26180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3317.702807][T26180] Call Trace:
[ 3317.706167][T26180]  dump_stack_lvl+0x1ff/0x28e
[ 3317.711008][T26180]  dump_stack+0x25/0x28
[ 3317.715316][T26180]  should_fail+0x8bc/0x9c0
[ 3317.719903][T26180]  should_fail_alloc_page+0x20c/0x260
[ 3317.725449][T26180]  __alloc_pages+0x397/0xfb0
[ 3317.730218][T26180]  ? kmsan_get_shadow_origin_ptr+0x90/0xc0
[ 3317.736207][T26180]  alloc_pages_vma+0x152f/0x22b0
[ 3317.741367][T26180]  wp_page_copy+0x383/0x3c60
[ 3317.746187][T26180]  ? __split_huge_pmd+0x1183/0x1250
[ 3317.751555][T26180]  ? kmsan_get_metadata+0x11b/0x180
[ 3317.756903][T26180]  ? kmsan_get_metadata+0x11b/0x180
[ 3317.762243][T26180]  do_wp_page+0x14db/0x1590
[ 3317.766932][T26180]  handle_mm_fault+0x437b/0x4740
[ 3317.772084][T26180]  do_user_addr_fault+0xf85/0x1f00
[ 3317.777397][T26180]  exc_page_fault+0x69/0x120
[ 3317.782139][T26180]  asm_exc_page_fault+0x1e/0x30
[ 3317.787157][T26180] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x40
[ 3317.793932][T26180] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 01 ca c3 0f 1f 80 00 00 00 00 0f 01 cb 83 fa 40 0f 82 70 ff ff ff 89 d1 <f3> a4 31 c0 0f 01 ca c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 83 f8
[ 3317.813684][T26180] RSP: 0018:ffff88810458fcf0 EFLAGS: 00050206
[ 3317.819872][T26180] RAX: ffff88810458fcf8 RBX: ffff88803480aa78 RCX: 0000000000000070
[ 3317.827951][T26180] RDX: 0000000000000070 RSI: ffff88810458fe10 RDI: 0000000020000000
[ 3317.836027][T26180] RBP: ffff88810458fd60 R08: ffffea000000000f R09: ffff88813fffa000
[ 3317.844206][T26180] R10: 0000000000000000 R11: ffff888034809fc0 R12: 0000000000000000
[ 3317.852292][T26180] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000070
[ 3317.860382][T26180]  ? _copy_to_user+0x1ef/0x270
[ 3317.865590][T26180]  __se_sys_shmctl+0x678/0xdc0
[ 3317.870535][T26180]  ? ksys_write+0x47c/0x520
[ 3317.875228][T26180]  __x64_sys_shmctl+0xd8/0x110
[ 3317.880348][T26180]  do_syscall_64+0x54/0xd0
[ 3317.884898][T26180]  ? exc_page_fault+0x76/0x120
[ 3317.889814][T26180]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3317.895887][T26180] RIP: 0033:0x7fd5491e7a39
[ 3317.900491][T26180] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3317.920240][T26180] RSP: 002b:00007fd54675d188 EFLAGS: 00000246 ORIG_RAX: 000000000000001f
[ 3317.928794][T26180] RAX: ffffffffffffffda RBX: 00007fd5492eaf60 RCX: 00007fd5491e7a39
[ 3317.936876][T26180] RDX: 0000000020000000 RSI: 000000000000000f RDI: 000000000001003f
[ 3317.944946][T26180] RBP: 00007fd54675d1d0 R08: 0000000000000000 R09: 0000000000000000
[ 3317.953014][T26180] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3317.961078][T26180] R13: 00007fd54981eb2f R14: 00007fd54675d300 R15: 0000000000022000
[ 3318.031810][ T6375] Bluetooth: hci0: SCO packet for unknown connection handle 0
10:23:54 executing program 4:
bpf$MAP_CREATE(0x3, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:23:54 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0], 0xfdef)

10:23:54 executing program 5:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:23:54 executing program 3:
r0 = socket(0x0, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0x10, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:23:55 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x4}}}, 0x4)

10:23:55 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0], 0x200001fb)

10:23:55 executing program 4:
bpf$MAP_CREATE(0x4, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:23:55 executing program 5:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:23:55 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))

10:23:55 executing program 3:
r0 = socket(0x2, 0x0, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0x10, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:23:55 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x7}}}, 0x4)

10:23:55 executing program 5:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:23:55 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0], 0x7ffff000)

10:23:55 executing program 4:
bpf$MAP_CREATE(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:23:56 executing program 5:
perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x3, 0xff, 0x10, 0x1, 0x0, 0x9, 0x88, 0x6, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:23:56 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1}}}, 0x4)

10:23:56 executing program 4:
bpf$MAP_CREATE(0x6, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:23:56 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0], 0xfffffdef)

10:23:56 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0x2, &(0x7f0000000000))

10:23:56 executing program 3:
r0 = socket(0x2, 0x0, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0x10, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:23:56 executing program 5:
perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x3, 0xff, 0x10, 0x1, 0x0, 0x9, 0x88, 0x6, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:23:56 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1}, {0x2}}}, 0x4)

10:23:56 executing program 4:
bpf$MAP_CREATE(0x7, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:23:56 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0x3, &(0x7f0000000000))

10:23:56 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0], 0xfffffffffffffdef)

10:23:57 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xb, &(0x7f0000000000))

10:23:57 executing program 5:
perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x3, 0xff, 0x10, 0x1, 0x0, 0x9, 0x88, 0x6, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:23:57 executing program 4:
bpf$MAP_CREATE(0x8, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:23:57 executing program 3:
r0 = socket(0x2, 0x0, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0x10, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:23:57 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0], 0xffffffffffffffff)

10:23:57 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1}, {0x3}}}, 0x4)

10:23:57 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0xff, 0x10, 0x1, 0x0, 0x9, 0x88, 0x6, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:23:57 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1}, {0x4}}}, 0x4)

10:23:57 executing program 4:
bpf$MAP_CREATE(0x9, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:23:57 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xc, &(0x7f0000000000))

10:23:57 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
sendmsg$AUDIT_USER_TTY(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000180)={&(0x7f0000000080)={0xe4, 0x464, 0x400, 0x70bd28, 0x25dfdbff, "b4d09d2d8564a1ec2a2d08f11add22b2f429c36f90b5977e41d657901e1842c30e49fe46bdba7c0378cac2816c10d58a456a8fcfd13bf260ffa12ac0328649c079c1ee0f8c36c5a115de2abc9c98956d60372a79f9bfec6e1ccbf6e78e7ce5f14d8dc306ee97d4a84c439c5ff149633986313febd052423775cf1e4c704e74fc3dfb5a2ab12e1e246f3b2f18188af3c9b9563a2659e2b6760869f61bf28b372a1ba36c2dfbdfbcfa9c7534a0d39e0360a5e977e1a86322c17de900689adbce7dd9a7d0bcef316b486be03b7b7cce51a9f1", ["", "", "", "", "", ""]}, 0xe4}, 0x1, 0x0, 0x0, 0x804}, 0x84)
sendmsg$AUDIT_TTY_GET(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x10, 0x3f8, 0xdb887e9d519ff241, 0x70bd26, 0x25dfdbfe, "", ["", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000844}, 0x20040044)
r0 = syz_open_dev$vivid(&(0x7f0000000000), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0], 0x3b)

10:23:57 executing program 3:
socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0x10, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:23:58 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x10, 0x1, 0x0, 0x9, 0x88, 0x6, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:23:58 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1}, {0x7}}}, 0x4)

10:23:58 executing program 4:
bpf$MAP_CREATE(0xa, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:23:58 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xd, &(0x7f0000000000))

10:23:58 executing program 0:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0, 0xffffff7f00000000}}, 0x0)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x1c, 0x0, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x60810)
r2 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r2], 0x3b)

10:23:58 executing program 3:
socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0x10, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:23:58 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x1, 0x0, 0x9, 0x88, 0x6, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:23:58 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1}}}, 0x2)

10:23:58 executing program 4:
bpf$MAP_CREATE(0xb, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:23:58 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xe, &(0x7f0000000000))

10:23:58 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
socketpair(0x18, 0xa, 0x1, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), r3)
ioctl$VIDIOC_EXPBUF(r1, 0xc0405610, &(0x7f0000000040)={0x2, 0x7, 0x8, 0x4800, r2})
openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0], 0x3b)

10:23:58 executing program 3:
socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0x10, &(0x7f00000000c0)={0x0, 0xffffff7f}, 0x2}, 0x0)

10:23:59 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1}}}, 0x3)

10:23:59 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x88, 0x6, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:23:59 executing program 4:
bpf$MAP_CREATE(0xc, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:23:59 executing program 3:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, 0x0, 0x0)

10:23:59 executing program 0:
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
shmctl$IPC_RMID(r0, 0x0)
shmat(r0, &(0x7f0000fed000/0x12000)=nil, 0x3000)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r1], 0x3b)
shmctl$SHM_STAT(r0, 0xd, &(0x7f0000000000)=""/98)

10:23:59 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x40, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))

10:23:59 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1}}}, 0x5)

10:23:59 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88, 0x6, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:23:59 executing program 4:
bpf$MAP_CREATE(0xd, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:23:59 executing program 3:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, 0x0, 0x0)

10:24:00 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000040), 0x1, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0], 0x3b)

10:24:00 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1}}}, 0xfdef)

10:24:00 executing program 2:
syz_emit_vhci(&(0x7f0000001040)=ANY=[@ANYRESOCT, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRESDEC, @ANYRESOCT], 0xfc97)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x101400, 0x4)
statx(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x4000, 0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, <r1=>0x0})
fchownat(r0, &(0x7f0000000040)='./file0\x00', r1, 0xee00, 0x1000)
r2 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r2, 0xf, &(0x7f0000000000))

10:24:00 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:24:00 executing program 3:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, 0x0, 0x0)

10:24:00 executing program 4:
bpf$MAP_CREATE(0xe, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:00 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:24:00 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1}}}, 0x20000004)

10:24:00 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000040), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0], 0x3b)

10:24:00 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
renameat2(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', r0, &(0x7f0000000040)='./file0\x00', 0x0)
r1 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r1, 0xf, &(0x7f0000000000))

10:24:00 executing program 3:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x2}, 0x0)

10:24:00 executing program 4:
bpf$MAP_CREATE(0xf, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:01 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:24:01 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1}}}, 0x7ffff000)

10:24:01 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r1], 0x3b)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r2)
ioctl$VIDIOC_EXPBUF(r0, 0xc0405610, &(0x7f0000000000)={0x2, 0x2, 0x8, 0x84000, r2})

10:24:01 executing program 3:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x2}, 0x0)

10:24:01 executing program 2:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
syz_emit_vhci(&(0x7f0000000200)=ANY=[@ANYRESOCT=0x0, @ANYRES16, @ANYBLOB="8d4abdea7cd0ff00f914dcd934886d9b17cf87bb140a173f059cf6ec912a882080f87ad38e9dddec600405895e", @ANYRES32=r0, @ANYBLOB="8a239af989afe62dcf860100d4808a57c804651346da980866344cc1b224a3f330224280a9c1f769bef48da080094ab6f7218f74057370bd5a056b07920697ca333416ddc7286a3291c2769d3474735f370331454dec3fc9e69fc9eb2def9cf3626ed5060000009f80041be3584e05b215e65b67c17ac0080000007d6272f0d329de863847e291b71962f30431a412372ac76cb604d3182345289c1dba06882bfcd10f0ffc58b9e9e084150b65c1149014fc9483883d118b5c3b91fd4a847d78bea9028ed9c881435691a275fb565fe44936fe8f8c6b3cd593ea978a621792dd3ca94ab8c3d6a858b9829446e3fd1df16986b2afdc9592ccd755f57a044f3f851d3e106ff604e1cb3cd9f9497181aa012fc9d8b636227d23062f63600684f08a375397"], 0x3b)
r1 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmat(r1, &(0x7f0000ffd000/0x2000)=nil, 0x2000)
shmctl$SHM_STAT_ANY(r1, 0xf, &(0x7f0000000040)=""/5)

10:24:01 executing program 4:
bpf$MAP_CREATE(0x10, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:01 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:24:01 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1}}}, 0xfffffdef)

10:24:01 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = openat$incfs(0xffffffffffffffff, &(0x7f0000000180)='.log\x00', 0x1818c2, 0x40)
clock_gettime(0x0, &(0x7f00000001c0)={<r1=>0x0, <r2=>0x0})
r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000240), 0x202000, 0x0)
ioctl$VIDIOC_DQBUF(r0, 0xc0585611, &(0x7f0000000280)={0x4, 0x8, 0x4, 0x2000, 0x7, {r1, r2/1000+10000}, {0x3, 0x0, 0x4, 0x5, 0x0, 0x0, "ff1d6132"}, 0x7, 0x1, @planes=&(0x7f0000000200)={0xd5, 0x80000001, @mem_offset=0x9, 0x3}, 0x100, 0x0, r3})
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r3, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, 0x0, 0x400, 0x70bd25, 0x25dfdbff, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0xa4)
r4 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r4, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRESHEX=r4], 0x3b)
statx(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x800, 0x40, &(0x7f0000000080))

10:24:01 executing program 3:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x2}, 0x0)

10:24:01 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = socket(0x18, 0xa, 0x2)
r1 = syz_genetlink_get_family_id$gtp(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$GTP_CMD_GETPDP(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x34, r1, 0x100, 0x70bd27, 0x25dfdbff, {}, [@GTPA_VERSION={0x8, 0x2, 0x1}, @GTPA_NET_NS_FD={0x8}, @GTPA_VERSION={0x8}, @GTPA_O_TEI={0x8, 0x9, 0x3}]}, 0x34}, 0x1, 0x0, 0x0, 0x30}, 0x40000)
write$snddsp(0xffffffffffffffff, &(0x7f0000000080)="b7f33779334aba396a169609a5558d148506986f3525c9c28288abc06e0e59b81247345477072728185fc28e45e95c0dce4db43a8bbe55d42a73a3bd4e8f835839a7bdbbb812d39f01d4d873b2ea82fc43b5ea5f00656b5197", 0x59)
r2 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r2, 0xf, &(0x7f0000000000))
syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_le_credits={{0x16, 0x40, 0x4}, {0x8001}}}}, 0x11)

10:24:01 executing program 4:
bpf$MAP_CREATE(0x11, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:01 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

[ 3325.542999][ T6375] Bluetooth: Wrong link type (-57)
[ 3325.579544][ T6375] Bluetooth: Wrong link type (-57)
10:24:02 executing program 3:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, 0x0, 0x2}, 0x0)

10:24:02 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001caaa41fddc603058006b3b1c65955a7f307827479bffcb91989a4ad253bf51d1fd7e3f167db6c43f1876c4c5188846a17040da71fd1f92c99f0aa6651912888098294cd6eec314ab3467f98918662254e1e2dc4192ffb37534d4a9a7a248a82eac2ab5009d069717c71979864a897e170b85c22a1e90f3f816f99414044772ac4ae9a00df57a057c881ed23b2863636271d148629c51ab65d1b1f4f060c6df4ea66b0b8e76aca22ad6109c2a578d4c99e0f5044244423e3c102bb00df0b2575896eeee83a48d16e6c7a5a14ebba0fb028379da54ab33d8360b4da6396d4ea36d1600f0e40dfecfd19aa360abdddced71ee047bd38bf93b0f99ae9e50bbcae714c741afe3c05d11c", @ANYRES16=r2, @ANYBLOB="010000000000000000000c000000"], 0x14}}, 0x0)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x24, r2, 0x200, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x30}]}, 0x24}, 0x1, 0x0, 0x0, 0x44804}, 0x20004001)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0], 0x3b)

10:24:02 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1}}}, 0xfffffffffffffdef)

10:24:02 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x4, &(0x7f0000ffd000/0x1000)=nil)
r1 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
shmctl$IPC_RMID(r1, 0x0)
shmat(r1, &(0x7f0000ffd000/0x2000)=nil, 0x0)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))

10:24:02 executing program 4:
bpf$MAP_CREATE(0x12, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:02 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:24:02 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1}}}, 0xffffffffffffffff)

10:24:02 executing program 3:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, 0x0, 0x2}, 0x0)

10:24:02 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="050000000000000018100000ce2b1a16e22b0d6985d650d0861db7bd1986e2e23ffab550ff4f9e8b15a291d3c6297794bb8302833adb7eb4640370f6c307227bc10f5bddfb5f3f843244bd435dcb4fcb03c5263ff32a28acc89cc0b263e989a8f5efd43d3f2f4d5e4107c77f97b0f9c15972fa39f58cb406756141bf075f62905a3d28", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x13, 0x5, &(0x7f0000000000)=@raw=[@generic={0xe1, 0xa, 0x5, 0x8001, 0x6}, @map_val={0x18, 0x0, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x8}, @generic={0x3, 0xb, 0x2, 0xfff, 0x1f}, @alu={0x4, 0x1, 0x6, 0xb, 0x5, 0x82, 0x4}], &(0x7f0000000040)='GPL\x00', 0xdbe8, 0xd5, &(0x7f0000000080)=""/213, 0x41000, 0x8ca3ddb9b88e6f0, '\x00', 0x0, 0x11, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000200)={0x4, 0x2, 0xab, 0x6}, 0x10, 0xffffffffffffffff, r1}, 0x78)
r2 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r2], 0x3b)

10:24:02 executing program 2:
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000000)=[0x8001, 0x5931, 0x3, 0x9, 0x7fff, 0x0], 0x6, 0x80000, 0x0, <r0=>0xffffffffffffffff})
sendmsg$SEG6_CMD_SET_TUNSRC(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, 0x0, 0x300, 0x70bd2b, 0x25dfdbfd, {}, [@SEG6_ATTR_SECRET={0x10, 0x4, [0xfffff800, 0x5, 0x9bf]}]}, 0x24}, 0x1, 0x0, 0x0, 0x24000000}, 0x80)
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r1 = shmget$private(0x0, 0x1000, 0x80, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r1, 0xf, &(0x7f0000000180)=""/102398)

10:24:02 executing program 4:
bpf$MAP_CREATE(0x13, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:02 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:24:03 executing program 3:
r0 = socket(0x2, 0xa, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, 0x0, 0x2}, 0x0)

10:24:03 executing program 1:
syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x1, 0x0, 0x10}, @l2cap_cid_signaling={{0xc}, [@l2cap_cmd_rej_unk={{0x1, 0x0, 0x2}, {0xb76}}, @l2cap_move_chan_cfm_rsp={{0x11, 0x6, 0x2}}]}}, 0x15)
syz_emit_vhci(&(0x7f0000000000)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x26}, "aa44790fd7f8f686388bce7cfcdcc7bea1bd8b75affb1643adcb787e5c98149274f1d3e4bbbf"}, 0x2a)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r0, 0x28, 0x0, &(0x7f0000000000), 0x8)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080))

10:24:03 executing program 2:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {<r1=>0x0}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
r2 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r2, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0, 0x0, 0x0, <r3=>0xffffffffffffffff})
r4 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r4, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRESHEX, @ANYRES16, @ANYRESOCT=r0, @ANYBLOB="fa4a45e0f02a0242754b13541314cb649230486b6aef18e50a0c91e9f79a2fcd3cd082212cba9ccc259c75024215b90df890bbcbad7d149ca18432e825ccd8de17a10b811f9e54d96c321882d19af41c340c1972efeea115867756c9e68990acd3628d663e99a5580f74ff64a14edaaa8b08cbad817dff3b278664414649c2bb7a1d32d460b3d87749399322fc738135ef8a46ef3bdbfc2b6d824c323719be0f5aec6f0481321acf7b664f52a5d0c26e42a606c0a7528c3f0b4c39033ac3c77b1eada430a73882", @ANYRES64=r1, @ANYRES16=r2, @ANYRESOCT=r3, @ANYRESOCT=r1, @ANYRESDEC=r4], 0x3b)
r5 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r5, 0xf, &(0x7f0000000000))

10:24:03 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
sendmsg$AUDIT_GET(r1, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x10, 0x3e8, 0x200, 0x70bd2c, 0x25dfdbfc, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x4}, 0x4040000)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0], 0x3b)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000000)=[0x7ff, 0x1, 0x4, 0x2a8], 0x4, 0x0, 0x0, <r2=>0xffffffffffffffff})
ioctl$TUNSETGROUP(r2, 0x400454ce, 0x0)
r3 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r4 = openat$incfs(r2, &(0x7f0000000200)='.pending_reads\x00', 0x20000, 0x2)
ioctl$TUNSETTXFILTER(r4, 0x400454d1, &(0x7f0000000240)={0x0, 0x5, [@empty, @remote, @remote, @link_local, @multicast]})
ioctl$VIDIOC_QUERYBUF(r3, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$BTRFS_IOC_DEV_INFO(r3, 0xd000941e, &(0x7f0000000ac0)={0x0, "79f52e224729fff9ab8fa1742f3b6736"})
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r5)
sendmsg$RDMA_NLDEV_CMD_SYS_SET(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c0000000714f3012abd7000fdf503368f655025050054007b000000050054", @ANYRES32=r5, @ANYBLOB="08000100010000000900020073797a3200000000"], 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x0)

10:24:03 executing program 4:
bpf$MAP_CREATE(0x14, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

[ 3327.050614][ T6375] Bluetooth: Unexpected continuation frame (len 16)
[ 3327.079815][ T6375] Bluetooth: Unexpected continuation frame (len 16)
10:24:03 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_INFO(r0, 0xe, &(0x7f0000019000)=""/99)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x5411, &(0x7f0000000080)={'syztnl1\x00', 0x0})
ioctl$BTRFS_IOC_DEV_INFO(r1, 0xd000941e, &(0x7f0000000300)={0x0, "63b20b6eea91c6c52186451793f17e21"})
r2 = openat$incfs(0xffffffffffffffff, &(0x7f0000000000)='.pending_reads\x00', 0x0, 0xd4)
ioctl$SNAPSHOT_FREE(r2, 0x3305)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000040)={'ip6tnl0\x00', &(0x7f00000000c0)={'ip6_vti0\x00', 0x0, 0x29, 0x9, 0x1, 0x10001, 0x3, @dev={0xfe, 0x80, '\x00', 0x3f}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x700, 0x8, 0x8, 0x8001}})
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
renameat2(r2, &(0x7f0000000200)='./file0\x00', r3, &(0x7f0000000280)='./file0\x00', 0x8)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x41, 0x0)
r4 = shmget$private(0x0, 0x3000, 0x10, &(0x7f0000ffd000/0x3000)=nil)
shmctl$SHM_STAT_ANY(r4, 0xf, &(0x7f0000000000)=""/102383)

10:24:03 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:24:03 executing program 3:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="050000000000000018100000ce2b1a16e22b0d6985d650d0861db7bd1986e2e23ffab550ff4f9e8b15a291d3c6297794bb8302833adb7eb4640370f6c307227bc10f5bddfb5f3f843244bd435dcb4fcb03c5263ff32a28acc89cc0b263e989a8f5efd43d3f2f4d5e4107c77f97b0f9c15972fa39f58cb406756141bf075f62905a3d28", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x13, 0x5, &(0x7f0000000000)=@raw=[@generic={0xe1, 0xa, 0x5, 0x8001, 0x6}, @map_val={0x18, 0x0, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x8}, @generic={0x3, 0xb, 0x2, 0xfff, 0x1f}, @alu={0x4, 0x1, 0x6, 0xb, 0x5, 0x82, 0x4}], &(0x7f0000000040)='GPL\x00', 0xdbe8, 0xd5, &(0x7f0000000080)=""/213, 0x41000, 0x8ca3ddb9b88e6f0, '\x00', 0x0, 0x11, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000200)={0x4, 0x2, 0xab, 0x6}, 0x10, 0xffffffffffffffff, r1}, 0x78)
r2 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r2], 0x3b)

10:24:03 executing program 1:
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x8f32, 0x3f, 0x7, 0x1000000], 0x4, 0x80800, <r0=>0x0, <r1=>0xffffffffffffffff})
mmap$snddsp_control(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000008, 0x11, r1, 0x83000000)
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1}}}, 0x4)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r2)
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r2, 0xc00464c9, &(0x7f00000000c0)={r0})
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000140)=@filter={'filter\x00', 0xe, 0x4, 0x3f0, 0xffffffff, 0x0, 0x228, 0x130, 0xffffffff, 0xffffffff, 0x320, 0x320, 0x320, 0xffffffff, 0x4, &(0x7f0000000100), {[{{@ipv6={@mcast2, @ipv4={'\x00', '\xff\xff', @remote}, [0xff, 0xff, 0xffffff00, 0xff], [0xffffff00, 0xffffff00, 0x0, 0xff], 'bond_slave_0\x00', 'rose0\x00', {0xff}, {0xff}, 0x7d, 0x5, 0x1, 0x78}, 0x0, 0x108, 0x130, 0x0, {}, [@common=@eui64={{0x28}}, @common=@unspec=@statistic={{0x38}, {0x0, 0x0, 0x7, 0xfff, 0x2, {0x100}}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0x20}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@mh={{0x28}, {"b054"}}]}, @common=@unspec=@NFQUEUE0={0x28, 'NFQUEUE\x00', 0x0, {0x6}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@hl={{0x28}, {0x3, 0x1f}}]}, @common=@unspec=@AUDIT={0x28, 'AUDIT\x00', 0x0, {0x2}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x450)

10:24:04 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000), 0x2)
ioctl$UDMABUF_CREATE(r0, 0x40187542, 0x0)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x1, 0x2)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080), 0x10000, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r1, 0x40106614, &(0x7f00000000c0))
r2 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r2, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
socket$nl_audit(0x10, 0x3, 0x9)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYRESHEX=r2], 0x3b)

10:24:04 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:24:04 executing program 4:
bpf$MAP_CREATE(0x15, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:04 executing program 3:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="050000000000000018100000ce2b1a16e22b0d6985d650d0861db7bd1986e2e23ffab550ff4f9e8b15a291d3c6297794bb8302833adb7eb4640370f6c307227bc10f5bddfb5f3f843244bd435dcb4fcb03c5263ff32a28acc89cc0b263e989a8f5efd43d3f2f4d5e4107c77f97b0f9c15972fa39f58cb406756141bf075f62905a3d28", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x13, 0x5, &(0x7f0000000000)=@raw=[@generic={0xe1, 0xa, 0x5, 0x8001, 0x6}, @map_val={0x18, 0x0, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x8}, @generic={0x3, 0xb, 0x2, 0xfff, 0x1f}, @alu={0x4, 0x1, 0x6, 0xb, 0x5, 0x82, 0x4}], &(0x7f0000000040)='GPL\x00', 0xdbe8, 0xd5, &(0x7f0000000080)=""/213, 0x41000, 0x8ca3ddb9b88e6f0, '\x00', 0x0, 0x11, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000200)={0x4, 0x2, 0xab, 0x6}, 0x10, 0xffffffffffffffff, r1}, 0x78)
r2 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r2], 0x3b)

10:24:04 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:24:04 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1}}}, 0x4)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000140)={'syztnl0\x00', &(0x7f00000000c0)={'syztnl1\x00', <r0=>0x0, 0x29, 0x1, 0x40, 0x458, 0x20, @private2, @mcast1, 0x80, 0x80, 0x6, 0x520000}})
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000200)=@bpf_ext={0x1c, 0x8, &(0x7f0000000040)=@raw=[@call={0x85, 0x0, 0x0, 0x9e}, @initr0={0x18, 0x0, 0x0, 0x0, 0x3}, @btf_id={0x18, 0x9, 0x3, 0x0, 0x2}, @jmp={0x5, 0x1, 0x7, 0x8, 0x9, 0xfffffffffffffff0, 0xfffffffffffffffc}, @map_val={0x18, 0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x80}], &(0x7f0000000080)='syzkaller\x00', 0x2, 0x0, 0x0, 0x41100, 0x2, '\x00', r0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x6, 0x1}, 0x8, 0x10, &(0x7f00000001c0)={0x2, 0x8, 0xfffffff9, 0x400}, 0x10, 0x20253, r1}, 0x78)

10:24:04 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRES32=r0], 0x3b)

10:24:04 executing program 4:
bpf$MAP_CREATE(0x16, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:05 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_LOCK(r0, 0xb)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))

10:24:05 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:24:05 executing program 3:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="050000000000000018100000ce2b1a16e22b0d6985d650d0861db7bd1986e2e23ffab550ff4f9e8b15a291d3c6297794bb8302833adb7eb4640370f6c307227bc10f5bddfb5f3f843244bd435dcb4fcb03c5263ff32a28acc89cc0b263e989a8f5efd43d3f2f4d5e4107c77f97b0f9c15972fa39f58cb406756141bf075f62905a3d28", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x13, 0x5, &(0x7f0000000000)=@raw=[@generic={0xe1, 0xa, 0x5, 0x8001, 0x6}, @map_val={0x18, 0x0, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x8}, @generic={0x3, 0xb, 0x2, 0xfff, 0x1f}, @alu={0x4, 0x1, 0x6, 0xb, 0x5, 0x82, 0x4}], &(0x7f0000000040)='GPL\x00', 0xdbe8, 0xd5, &(0x7f0000000080)=""/213, 0x41000, 0x8ca3ddb9b88e6f0, '\x00', 0x0, 0x11, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000200)={0x4, 0x2, 0xab, 0x6}, 0x10, 0xffffffffffffffff, r1}, 0x78)
r2 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r2], 0x3b)

10:24:05 executing program 1:
r0 = shmget$private(0x0, 0x1000, 0x54000865, &(0x7f0000ffd000/0x1000)=nil)
syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x1d9027321f9c1c61}, 0x2)
shmctl$IPC_RMID(r0, 0x0)

10:24:05 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f0000000b40)={0x0, 0xa, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0, 0x0, 0x0, <r2=>0xffffffffffffffff})
clock_gettime(0x0, &(0x7f0000000080)={<r3=>0x0, <r4=>0x0})
r5 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r5, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
ioctl$BTRFS_IOC_RESIZE(r5, 0x50009403, &(0x7f0000000a00)={{r2}, {@val, @actul_num={@void, 0x1, 0x4d}}})
ioctl$VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f00000006c0)={0x2, 0xa, 0x4, 0x800, 0x1f, {}, {0x4, 0x1, 0x1f, 0x3, 0xdb, 0xf5, "e901b6e5"}, 0x401, 0x3, @planes=&(0x7f0000000680)={0x81, 0x7f, @fd, 0x5}, 0xffffffff})
clock_gettime(0x0, &(0x7f00000000c0)={<r6=>0x0, <r7=>0x0})
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000100)={0x1, 0x2, 0x4, 0x70000, 0x0, {r6, r7/1000+60000}, {0x2, 0x0, 0x3f, 0x1f, 0x0, 0xc7, "677260bb"}, 0x3, 0x4, @userptr=0x2, 0x3, 0x0, <r8=>0xffffffffffffffff})
ioctl$TUNSETTXFILTER(0xffffffffffffffff, 0x400454d1, &(0x7f0000000180)={0x0, 0x9, [@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @multicast, @empty, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2a}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2a}, @remote, @empty, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xf}]})
ioctl$VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f0000000600)={0xcb31, 0x4, 0x4, 0x4000, 0x3, {r3, r4/1000+60000}, {0x4, 0xc, 0x8, 0x40, 0x6, 0x4f, "231227a0"}, 0x7f, 0x1, @offset=0xfffffffc, 0x6, 0x0, r8})
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r9 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r9, 0x84009422, &(0x7f0000000200)={0x0, 0x0, {}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}})
ioctl$SNDRV_PCM_IOCTL_READN_FRAMES(r9, 0x80184153, &(0x7f00000009c0)={0x0, &(0x7f0000000980)=[&(0x7f0000000740)="aeb64d246c8ed43ce3721fb2b4371259dc3510e96b9c97ef79e36a505103b770141d7a9a9ffc1bb2dd7fe021714a0ace45b0afa64ca54cfb2d723df12a938a399a5c00431747086c7c48bc4aa666aa67ea822ae91b33bb4d711ee16440dbd4b6b08dea0041e478f007a426bfa79197fe6ceaff1dfd243b215220899477dc94baee1e1c4fc021e4941d3438a6c262c0ee4504c06745", &(0x7f0000000800)="9f57c76b07ef6c9bcfeb147f6d0e33cabf6af0dcb4865817bf64490aed3ce8369db387884f739b726ea2a2b0a6ba64a63e37717cca50805c1caf05b18926a907e0c6fe37c99661405676c8c45691dfe962b808512309fd656eca54e3cc11b8857845a70e572a1cd7cecb12296f4819d4d9ef62823f90e2cb93d726298fbf810ff7a8803c40d84939f904c0122d6a3525bff0ccc7de1c838ca251c82fb5890e80ffc80c36f685508169cb99cfb7b2", &(0x7f00000008c0)="6a030750e0a7e0f3a46d94fc01473fdb5fb1", &(0x7f0000000900)="f80fe94637d3dc55d99f023387d53c39856a886e50e1ff769412587904e1b75fe18eb700cc6f0eb5e19320bbe13d706dc878da22c35658f2436ef9c8acbb9c2811a5b44521f87c0fd4ccdb0e4341304488c87f72ef7fb4ade04de76d9dac78b7881c356412120d45dcdf049dfeca24832ae976a77b4d092c08810a55d05e330b"]})
openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x2c0900, 0x0)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16], 0x3b)
shmget$private(0x0, 0x2000, 0x10, &(0x7f0000ffb000/0x2000)=nil)

10:24:05 executing program 4:
bpf$MAP_CREATE(0x17, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:05 executing program 3:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="050000000000000018100000ce2b1a16e22b0d6985d650d0861db7bd1986e2e23ffab550ff4f9e8b15a291d3c6297794bb8302833adb7eb4640370f6c307227bc10f5bddfb5f3f843244bd435dcb4fcb03c5263ff32a28acc89cc0b263e989a8f5efd43d3f2f4d5e4107c77f97b0f9c15972fa39f58cb406756141bf075f62905a3d28", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x13, 0x5, &(0x7f0000000000)=@raw=[@generic={0xe1, 0xa, 0x5, 0x8001, 0x6}, @map_val={0x18, 0x0, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x8}, @generic={0x3, 0xb, 0x2, 0xfff, 0x1f}, @alu={0x4, 0x1, 0x6, 0xb, 0x5, 0x82, 0x4}], &(0x7f0000000040)='GPL\x00', 0xdbe8, 0xd5, &(0x7f0000000080)=""/213, 0x41000, 0x8ca3ddb9b88e6f0, '\x00', 0x0, 0x11, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000200)={0x4, 0x2, 0xab, 0x6}, 0x10, 0xffffffffffffffff, r1}, 0x78)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)

10:24:05 executing program 1:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYRES32], 0x4)
ioctl$SNDRV_PCM_IOCTL_HW_FREE(0xffffffffffffffff, 0x4112, 0x0)
ioctl$SNDRV_PCM_IOCTL_RESET(0xffffffffffffffff, 0x4141, 0x0)
ioctl$MON_IOCG_STATS(0xffffffffffffffff, 0x80089203, &(0x7f0000000000))

10:24:05 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:24:05 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x3000, 0x100, &(0x7f0000ffc000/0x3000)=nil)
shmctl$SHM_UNLOCK(r0, 0xc)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))
r1 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_TRIM(r1, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x3f6, 0x2, 0x70bd27, 0x25dfdbfd, "", ["", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x4810}, 0x801)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
clock_gettime(0x0, &(0x7f0000000140)={<r3=>0x0, <r4=>0x0})
ioctl$vim2m_VIDIOC_QUERYBUF(r2, 0xc0585609, &(0x7f0000000180)={0x1f, 0x2, 0x4, 0x4, 0x1, {r3, r4/1000+60000}, {0x6, 0x2, 0x3f, 0x0, 0xc4, 0x2, "855590cc"}, 0x2, 0x3, @offset=0x20, 0x5})

10:24:05 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0], 0x3b)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
sendmsg$AUDIT_TRIM(r1, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x3f6, 0x1, 0x70bd29, 0x25dfdbfe, "", ["", "", ""]}, 0x10}}, 0x8014)

10:24:05 executing program 4:
bpf$MAP_CREATE(0x18, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:06 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:24:06 executing program 3:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="050000000000000018100000ce2b1a16e22b0d6985d650d0861db7bd1986e2e23ffab550ff4f9e8b15a291d3c6297794bb8302833adb7eb4640370f6c307227bc10f5bddfb5f3f843244bd435dcb4fcb03c5263ff32a28acc89cc0b263e989a8f5efd43d3f2f4d5e4107c77f97b0f9c15972fa39f58cb406756141bf075f62905a3d28", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x13, 0x5, &(0x7f0000000000)=@raw=[@generic={0xe1, 0xa, 0x5, 0x8001, 0x6}, @map_val={0x18, 0x0, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x8}, @generic={0x3, 0xb, 0x2, 0xfff, 0x1f}, @alu={0x4, 0x1, 0x6, 0xb, 0x5, 0x82, 0x4}], &(0x7f0000000040)='GPL\x00', 0xdbe8, 0xd5, &(0x7f0000000080)=""/213, 0x41000, 0x8ca3ddb9b88e6f0, '\x00', 0x0, 0x11, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000200)={0x4, 0x2, 0xab, 0x6}, 0x10, 0xffffffffffffffff, r1}, 0x78)

10:24:06 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1}}}, 0x4)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000040), r0)

10:24:06 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x4000, 0x400, &(0x7f0000ffc000/0x4000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
ioctl$NS_GET_PARENT(r1, 0xb702, 0x0)

10:24:06 executing program 4:
bpf$MAP_CREATE(0x19, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:06 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000140), 0x0, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000100)={&(0x7f00000000c0)=[0x0, 0x96f4], 0x2, 0x800, 0x0, <r1=>0xffffffffffffffff})
ioctl$TUNSETOFFLOAD(r1, 0x400454d0, 0x1c)
clock_gettime(0x0, &(0x7f0000000000)={<r2=>0x0, <r3=>0x0})
ioctl$VIDIOC_QUERYBUF(0xffffffffffffffff, 0xc0585609, &(0x7f0000000040)={0xd7, 0x1, 0x4, 0xe000, 0xffff0001, {r2, r3/1000+10000}, {0x1, 0x1, 0xff, 0x2, 0xa, 0x1, "2bf77473"}, 0x1, 0x4, @fd, 0x10000})
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0], 0x3b)

10:24:06 executing program 1:
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="041d05ffb1030800"], 0x8)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
ioctl$TUNSETVNETBE(r0, 0x400454de, &(0x7f0000000000))

10:24:06 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:24:06 executing program 3:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="050000000000000018100000ce2b1a16e22b0d6985d650d0861db7bd1986e2e23ffab550ff4f9e8b15a291d3c6297794bb8302833adb7eb4640370f6c307227bc10f5bddfb5f3f843244bd435dcb4fcb03c5263ff32a28acc89cc0b263e989a8f5efd43d3f2f4d5e4107c77f97b0f9c15972fa39f58cb406756141bf075f62905a3d28", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)

10:24:06 executing program 4:
bpf$MAP_CREATE(0x1a, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:06 executing program 2:
syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYRES64=0x0, @ANYRESDEC], 0x3b)
r0 = shmget$private(0x0, 0x3000, 0x54000000, &(0x7f0000ffc000/0x3000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
sendmsg$AUDIT_TTY_GET(r1, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x3f8, 0x100, 0x70bd2a, 0x25dfdbff, "", ["", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x40084}, 0x20000011)
shmctl$IPC_INFO(r0, 0x3, &(0x7f0000000140)=""/24)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r2)
syz_genetlink_get_family_id$SEG6(&(0x7f00000000c0), r2)
socket$nl_rdma(0x10, 0x3, 0x14)

10:24:06 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000200)={0xa, 0x4, {0x10001, @struct={0x7f, 0xfff}, 0x0, 0x80000000, 0x4d34, 0x7, 0x400, 0xfe4, 0x10, @struct={0x0, 0x1}, 0x8001, 0x6, [0x1f, 0x3, 0x7, 0xffffffff, 0x3, 0x1]}, {0x9, @struct={0x5, 0x6}, 0x0, 0xa9, 0x40, 0x40000, 0xfffffffffffffff7, 0x8, 0x80, @struct={0x7, 0xfff}, 0x100, 0x1, [0x217, 0x6, 0x4, 0x10000, 0x1ff, 0x4]}, {0x9, @usage=0x4, <r1=>0x0, 0xfffffffffffff1b7, 0x3505, 0x3, 0xfffffffffffffffd, 0x9, 0x3f, @struct={0x200, 0x39a}, 0xffffffff, 0x200, [0x9, 0xffffffff, 0x3, 0x4, 0x26a400000000, 0x7f]}, {0x4ef, 0x101, 0x1}})
ioctl$BTRFS_IOC_GET_DEV_STATS(r0, 0xc4089434, &(0x7f0000000600)={r1, 0x1, 0x1, [0xffffffff, 0x49, 0x80, 0x7, 0x9], [0x2, 0x10000, 0x10000, 0x1f, 0x80000000, 0x80000000, 0x5, 0xfffffffffffffffa, 0x4000400000, 0x1, 0x8, 0x1, 0xfffffffffffffff7, 0x80, 0x3, 0x4, 0x9, 0x80000000, 0x81, 0x89c8, 0x3, 0x4, 0x800, 0x400, 0x4, 0xb5a, 0x4, 0x800, 0x3, 0x7, 0x3f, 0x7, 0xfffffffffffffffd, 0x7, 0x9, 0x6, 0xfffffffffffffffd, 0x3, 0x8, 0x0, 0xc17, 0x694, 0x0, 0x6, 0x7ff, 0x663e, 0x101, 0x1ff, 0x6, 0x0, 0x3, 0x8001, 0xfffffffffffff001, 0x4, 0x6f, 0x80000000, 0x1, 0x40, 0x9, 0x3, 0x3, 0xa6, 0x6, 0x0, 0x7, 0x4, 0x2fb, 0x3, 0xfff, 0x3, 0x0, 0x98cf, 0x7b0, 0x20, 0x100, 0x3, 0x3, 0x1000, 0x9, 0x8000, 0x80000001, 0x7fff, 0x2, 0xf696, 0x8c60, 0x2, 0x7, 0x7, 0x1, 0x8001, 0x5c, 0x3ff, 0x76, 0xffffffffffffff06, 0x100, 0x306, 0x3, 0xfffffffffffffff9, 0x1f, 0x14, 0x1, 0xb70, 0x1, 0x5, 0x366, 0x7fffffff, 0x6, 0x8, 0x1ff, 0x2, 0x1, 0x80000001, 0x7, 0xffff, 0x100000000, 0x1, 0x4, 0x7, 0xff, 0xffffffffffffffe7, 0x4]})
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r2 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r3)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r3, 0x89f3, &(0x7f0000000100)={'ip6tnl0\x00', &(0x7f0000000080)={'syztnl1\x00', 0x0, 0x29, 0x7f, 0x4, 0x3, 0x57, @empty, @loopback, 0x40, 0x7820, 0x2, 0x7}})
ioctl$SNDRV_PCM_IOCTL_STATUS32(0xffffffffffffffff, 0x806c4120, &(0x7f0000000000))
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r2], 0x3b)

10:24:07 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:24:07 executing program 1:
syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0x0, 0x3, 0x2, 0x40}, @l2cap_cid_signaling={{0x3c}, [@l2cap_conf_req={{0x4, 0x9, 0x38}, {0x20, 0x8c, [@l2cap_conf_ews={0x7, 0x2, 0x5}, @l2cap_conf_efs={0x6, 0x10, {0x9, 0x0, 0x7fff, 0x2, 0x7, 0x4}}, @l2cap_conf_flushto={0x2, 0x2, 0x3}, @l2cap_conf_rfc={0x4, 0x9, {0x1, 0x6d, 0x5, 0x100, 0x1, 0xfff8}}, @l2cap_conf_flushto={0x2, 0x2, 0x4}, @l2cap_conf_rfc={0x4, 0x9, {0x2, 0x12, 0x0, 0xf5a7, 0x43, 0x5}}]}}]}}, 0x45)

10:24:07 executing program 4:
bpf$MAP_CREATE(0x1b, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:07 executing program 2:
ioctl$SNAPSHOT_S2RAM(0xffffffffffffffff, 0x330b)
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))

10:24:07 executing program 3:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="050000000000000018100000ce2b1a16e22b0d6985d650d0861db7bd1986e2e23ffab550ff4f9e8b15a291d3c6297794bb8302833adb7eb4640370f6c307227bc10f5bddfb5f3f843244bd435dcb4fcb03c5263ff32a28acc89cc0b263e989a8f5efd43d3f2f4d5e4107c77f97b0f9c15972fa39f58cb406756141bf075f62905a3d28", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

[ 3330.969511][ T6375] Bluetooth: hci1: ACL packet for unknown connection handle 0
[ 3330.983491][ T6375] Bluetooth: hci1: ACL packet for unknown connection handle 0
10:24:07 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x0, 0x2)
clock_gettime(0x0, &(0x7f0000000100)={<r1=>0x0, <r2=>0x0})
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000140)={0x8, 0xa, 0x4, 0x40, 0x8000, {r1, r2/1000+60000}, {0x2, 0x8, 0x6, 0x4, 0x4, 0x81, "016c1a51"}, 0xffff82ae, 0x1, @userptr=0x8, 0x56d1})
r3 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r3, 0xc0585609, &(0x7f0000000000)={0x40, 0xb, 0x4, 0x2000, 0x9, {0x0, 0xea60}, {0x5, 0xc, 0xe4, 0x2, 0x4, 0x81, "5081271d"}, 0x2, 0x0, @offset=0x1200000, 0x2, 0x0, <r4=>0xffffffffffffffff})
r5 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r5, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
perf_event_open(&(0x7f00000002c0)={0x0, 0x80, 0x20, 0x4, 0x6, 0x62, 0x0, 0xb33, 0x28000, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={&(0x7f0000000280), 0xa}, 0x100, 0x9a, 0x0, 0x1, 0x9, 0xf7, 0xbb, 0x0, 0x2, 0x0, 0x101}, 0x0, 0x10, 0xffffffffffffffff, 0x2)
ioctl$VIDIOC_QUERYBUF(r3, 0xc0585609, &(0x7f0000000380)={0x460c, 0x6, 0x4, 0x2000, 0x20, {0x0, 0x2710}, {0x4, 0x2, 0xfe, 0x1, 0x81, 0x1f, "6df8f532"}, 0xffffa859, 0x2, @planes=&(0x7f0000000340)={0x0, 0xffffffff, @mem_offset=0x8, 0x7}, 0x4})
ioctl$VIDIOC_QUERYBUF(r5, 0xc0585609, &(0x7f0000000200)={0x3ff, 0x7, 0x4, 0xe000, 0x80, {}, {0x5, 0x8, 0x1f, 0x1, 0xff, 0x1, "e32bd1b8"}, 0x763, 0x2, @userptr=0xca, 0x94})
ioctl$VIDIOC_QUERYBUF(r3, 0xc0585609, &(0x7f0000000080)={0x1, 0x5, 0x4, 0x0, 0x5, {0x77359400}, {0x1, 0x8, 0x7, 0x20, 0x1e, 0x6, "0089d33d"}, 0x7, 0x1, @fd, 0x8, 0x0, r4})
r6 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r6], 0x3b)

10:24:07 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:24:07 executing program 1:
syz_emit_vhci(&(0x7f0000000080)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2)

10:24:07 executing program 2:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x2, 0x1, &(0x7f0000000000)=ANY=[@ANYBLOB="8510000002040000"], &(0x7f0000000040)='syzkaller\x00', 0x9, 0x0, 0x0, 0x40f00, 0x3, '\x00', 0x0, 0x1a, 0xffffffffffffffff, 0x8, &(0x7f0000000080)={0x0, 0x3}, 0x8, 0x10, &(0x7f00000000c0)={0x5, 0x9, 0x3, 0x3f}, 0x10, 0x0, r0}, 0x78)
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r1 = shmget$private(0x0, 0x1000, 0x4, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r1, 0xf, &(0x7f0000000000))

10:24:07 executing program 3:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="050000000000000018100000ce2b1a16e22b0d6985d650d0861db7bd1986e2e23ffab550ff4f9e8b15a291d3c6297794bb8302833adb7eb4640370f6c307227bc10f5bddfb5f3f843244bd435dcb4fcb03c5263ff32a28acc89cc0b263e989a8f5efd43d3f2f4d5e4107c77f97b0f9c15972fa39f58cb406756141bf075f62905a3d28", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

10:24:07 executing program 4:
bpf$MAP_CREATE(0x1c, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:08 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:24:08 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$SNDRV_PCM_IOCTL_WRITEI_FRAMES(0xffffffffffffffff, 0x40184150, &(0x7f0000000040)={0x0, &(0x7f0000000ac0)="1e1f55c31d63914358ed1b09e0eae9d2716a9717c20ecedb3a5cfa756f519c49e854abe713efd8986a9d5a50cd20d7a4454315eaeca768c008e1117e46312eedbac22c5a51921611756f5fa7bd7fb83f9387b313b3964b20318ba26ba0ff91411acd01028432cf730a155928221d8f207ae8a75b835622675d5ae6f659760aeaeeb8829f6c821eb724c4c6bad6da3223a917e36c5f0c51317ac8f1a5485a9566c0d52c2140342b44ffa976c73637fb8364c8727ab05fa13b176241a57c049ea72e08bb0b68c1ef2bd69cabb557d5a6b86a1bbf39bea9c63bed832849321a9433d740a30cacd6077d64e5d95ea4b869cc67892aea31d69923cc6df09e1191f4328600320e6062a828a57d95ce2ce91dc4466cf204a207d2e928b0ef8ff5f695fead4df28fcbe090b46a3abee2cd63c9d2019bbdd00a998c964ee00bc08a952a9d7824ab9a45dec4ae55eafd8fab19d2bdaf9bc700aba7a7e5d42d9110d4f9655220f216f0dd68725516b3c6130d1857b6e75ffec50964fc7a7c2947861d24a10ae49347c4c00cda624bab2926fe5df00962a3e019ad1a4054fd53b0237aa74efbc7e638eb62b796a375ff7d3749f25ac4b03dd661c7f3fec5ee8846db0f553ed225f1b8243209913a892d1bbf9a0999b16097a50fe039c510782bfcf0465aae39a69fff43a8d83fe25dbc74b69f06ec9a6bede289d523f6fe46d1decf9050afa00392612b98b1129d3c11f790c9e895f993a862afda673967aea172c2d86230c3ba88191f50e558f0a7553846b827af4a470ec7aee33c356b78f2962d50d38d5dfc50f021e2900d98f4f68c5cb49e81fb329e78dd7cd2f8fc13fd354f4c0831f0dd055ee5633cebffd2ef3672fabecbd6bdb709d8ffab43acb210283565a9623f0a924612b4e2fc6617d67a15a7f5c9e74efa7e346b28cce2445c296f572c4babcc8ffe31acc32cb6c45cfb6da233e7e2837afaec81add8c72e176b1d36db347492b2405b93976709db48b068f99e75b8bacc4d3c7a5570ee9470237535a4f38769e3371192fff1ead53fe6d3ca797e57508a0b5e4ffa0ab9aa4f61bc11356dad6f970f22bd0068f6a8bd9815068cd31368760c128b39ed2aff7db67494678fc3014fb3cb71c99310035a57ca987e1a9bde7ac1d8c917214573d09e6a604c5b878beb1b7485ebba9a5152513be6ba9ff5e6273a22f87cb4d906e5949deea9d008fb65acd84025fa9d79a8cc61386acc785dcf0901ed352614b0c27f2b688fbc7924af47d4b88f60aee671f3f6982e7b64dbc86251ab41784b46239605aad293420bfa95c31230d722cd41ecd4892aeafb46938fa9d953a900e3556dcf66088507d5996bd754f303ef7bf42b78368e911bd4907749bf9011e33322cfce8d9ba85a4c02910d4854b7bb99be9621d326ae562a4afde42cd254ee3d8562617b1974463e89756d16e59d7fb82887abaf6cf91deb46f9d716bcc6567eee98a76a455ef804219a3f1b1c7476571b3d517d2d19f05ba65f940436da0b3c004a9d2446b8c03addbd6ab008f97f01e7873e714de6c7756d74f1977bea006b2f21e18c955aa3874852d3d30a19f0ebfd755e8683a264b05d148640798da93feb6aa4c4692d870077ef5ae74525ce69e908375318da0387eb5e2b11eefbd9a17d9f43c9268c78b4cbe945e2b8da6c41d37f4ba32ccdc5e084d812950a2cea1f029138ddba1ac700a578f3e6c4537cf019c8678d32df43bedf716b8398a0b600a32a902198ce9bad1aa22c2cbcf629b9ad3776c45682f755ca36fc361537fb18c32dee4e1ed17ae6287ca9a85888184b39f3059462fcf8c13876f71beeadcc962345be86e3e08bd02ba18c6e7dc5a29e2f569246e0fe19c5515e15948c0b09e77a9172f671b482d392b8f194f620af4b22d41516a39e094a463c0d64bac1a3ce63a39973dffb565f849032f2ff7192be0445286e5fa8c21a945bde0cc035196ea27209c61546a3b36429864fd38a910496b50323de050b01c24fb872098b999e08546984ae9f65efa35fe316cc884c2bf2b985fd691c729fefede1c19692e051d6716df47434c92a8d5c183790a8a593eb64caa2aa3278970aa766280cd9043e6f4530f74aab03f206b32afae3478727f39ac2bf9dfca964106c4e6da4073d4c50b2e24857998df1eb8e492c0e37043d0498b618381a180e76d155fd52596b6eb808590d1a69d1922d10cbeb1fde29c1c19c7c4c17ffb51c4775601c8061f8c56efee32dee3b4a1b565fa6694b48a5c77d9c6598a4c8dfcdd177e5c4e8e45e35ad834f2e8be9dc92c0b352f302397acc560f53056dfde69c585ba6eeb856f08057acaf6dcd58ade4b5d377fa81378d35abf3f037df06a24a12f92ebc29dfc6914e34da49dc9f40e9bf2c00c06b888d802546c6b66a7614d36494f75e00cdf47c4dd3451a570da4bbf1c2c0ecdb867ddec734f7f096d8e5263e139d92c53ae890fe902833cf3233ef86658fab4eda42ed47a79849d14e33ee5031c518f6bde805c63764e94b15b1754e554e0748114910cc9b560f161c7a11c9fe245458f85607ce3c767133001abe8769b81a50cf4a85361f968cec5d28b0039894638cd5decceb52be151ab3accfbf73a11d13aa1ba6fde4c23ab0e59015525296bba0466068f56cea846a1eaf07497b203d4c01309728b218b12a83aa1509b8cf41a1ced09e11149636e6f9cd113de5c924b45bf51fd7e9f28f6be61dff42ca6803068a1e08c61ee961ec62d93502038e24ddd92ae965634b7de7e5ea8625cd91bb810f57f024bebaa5b1c0d599639686f7d0938bf8c17542a5c31a273816cfcf8122f4f52050d0fb0d373a8c4a50c562711c563e7f4601b30739da34f53f3ed79836e7794a41b02b47e9363dd74e334791a142e8dabf4c34cd05bdb4a1623016e49928631f813a8fcb44df47076ee236b4fdfe8c426c98de20a3ab972465ed92c4f3550ebacb6717e038ef4f2f642e9378ab13fdd167ae115b11c418bd3c0de1462450f66b59e02d19d43dd77ca39c7fa4f3a5836401ac85229e822c26d99e787297b870e8a082c0321bfb15d725d4a3ee1fca90923b8e61ad359b1515869e024a86ac20631dbb17e1cbb602735ee933b34bab529ca42cb78e2acb2fabace7c876093b0ed86db592d666c478ab3a77c093f4fcdbaeff77c427a2985d2ef40a853f4ec113e2a570e20ffd70ffdc0c8dca50b8af2aa1144008da13da849e437e818c51e3e78db3204a90a679c3f4223ffe4221c3689f90076796bdfe0aa16c4592485e95be35ae05678cdaa979a663231cf16b17072a54792a26a42906851b0c74fbefe58e8ad294ccad52d79a1d89f598e19f3642556163b1e82e6cdea060294789359318c408cb975c71c33966128a1429576d60c307afef44364e4fa07ac8f0d89d49ac52a1771db823b841b38f91b9c941e23ea708370eac8f44ac196fba372fc4fd977be4f9a37c61e26bd58828bb15f4a1531d48e0f5c7c75ccb55c6f4a5d4f9ac1447088eb021acdad27826cc25147839d3368b8566bc5a11d981630ab86162c59bedc396aeaa216fa99a13be2e399a43e0ebcc97004ef51a6f42a67490d1dad6b7f1c0fda2f43ced0f87a2d1a25f657ccc4df1fe9d327591ffe8c1b4fa805279b48d5e4bad195792976d38f23d63dbe98e80abf0aa2aa701e28f7633a43fe6613758fb508662613074564b7d7e91512e65d58c869c058887ccda5b608dcfc8198084068caa9a1f6c432cd3a7bbe8cc1d6dd8103d999d1a25649c96296fae52bb8de2fd977b33237d56be82b17deed6298b18eb7f98c163badda6a12256ac1e4f9c090e1f18469cde7311480332e243c1cffe29f554b540799fa7e26a6edf65eb0dacfd76f9ca059ed86ff14698987a7d1015f48db14ea4d900ab179e3fbdcde82174b94bb782b870e8ff5506f8d82cf257d67c2443e445368430381508b4e6baa7fea6e479cb04f88ecd2bda28dc7c2d735b1d778bcdbf6b98bb6e6a48ab9a7454390383d503f6ee3c3a608248ef7d2d27b40422724fb1b4c18b77bd328b24efcc33f18effa79aa7deef1c41835dee10024b99032a9a3ce5cfb7d4cc0acf7439bc18f5d716437f4c7bef195aa3af9230b8118c6d236898290eaf7266ef1a7e8a531bdd77ca734693ccc8c0b21adbc559e5e25b28bd1f5d2a0371caf7ac6cd365b45eadb82deb98fed7679c3903f6e360a5fe6dbf0847b27a7ed33a8f8c67765c85d8cac152c5787adfb232f794c64dc6ae145cecba3019543f5338e21e35e227d0b28d1146d507e58d903dd068809f0c8f2aabc7f846c7658a58b98d36bdd5c36e3bcf1fa1a5c6b10c0d59f42afd5639d8efde9cac4028d04d55c2d0ae228891747beacd9938a791e3bf88947fc1e46eabe0be69403014d06f9f4419e3aab5181bea4ab3cc93bf5a4ed44aa6f6ccce05da98cbf1dcf5c209e98464ad125e33a501c2493bf867874b6c7189762b704c4187ad1792098cd47f353ca414daf52847bd165c39867afb2f9646a2afc9cb040c0aff0b87a17275292342fb64f2013cfdb2e132e28a1e4fd1804eef4888fe9b383a40e449beb67265d833c82909cc0f63e5ab8b175a27b3f6a6527bf6775885e4349615635e6debdc1775dba2a5e681dba8ababd720dead6f13c104b5d0f55f6e40bc3125d3aa8fe48c2eb2937d86d03b159e4ac30e94253a76d25beb70797ea5c1983124d4e21f6658ee78c7d48fe863e5d566d866b1df00403e9b5b6829a099a769099c1b3d11a73dfb5ec7514daa06e3642b75ecf9a0fdcfc5a63df10f9d0cef970f8e9712ca448b87e9535bdc877603807c44bde0ed51d7145f8c898f8ba6011e3ad509b7d21f07dbdcd222c6e4a07a8a31ed96007a10b995beec04582350fbc239cf88382ebcbb0e03d53bedbad03ffc8d0b2f3b1954183f847ec1e0113f484be55d7cc7041e89551bf918fd3757512f17fa8c3d02ed55f28e6bd99cfdc8747118ae7ff250c1a519b96b10f6e3d9ff110de0d7a501b7a5d728f57d6b4067be04d469f67d08b1e1ddb8b121a35a13cced745f106ca8674c2867b68960e77539825e520ac00ea40eb162e852e7d5047d8c5984ea4c5cfe188be60c8e2155977741c220087f061e547820ba914b50704b347b507123239f377acbc648f05939318e2b23bcb35e2b568853dcfac7d30b48bfb6b0335dc3d652e47b1450b1156066e11d2984e5b13aa799e50eae12200022ececd30db049b6df8f705b9407358f8039f4721dabd0eab0feaea297b9703e3b4576056248937c9005b4faa10af394690aed6900f24502d97cec96ddf58613029286ddc40313719013cc4769643ebe0569c2218661bc3829f907686101e3bbded1ab9f287a22e70748c982361402eed80b98af524dce24faa03b1af7ba68f349f1e65f87464f8800d02641afbcdc9453b037321682d1819b1452718299c4cc20c49ab879beb6b5f78aa7da41d8cb099a93f0b8f1d5297374f32d8bf310fdfe432319e3feb6ef19e0592df1aff0b9902c7d594efa0107afcdea0e494c182c6ed87b523ab8e1eed4fdb274c456796c95a379e38b9252c41cc5caac4fa33814fb35ccba83da64e6f17942f54e374eacc8692c8908111f5887b13d57c1a83e0d18f3acaee06bbda9a0af563ba0b234c660d64ad40d182d8c1e0479580fd72980f615e64fab4aed431c1738097626689c88323c67909597231b4d6ce5ee0d4d05b94937565822017276cde8e50cc18452df7d17a034d85636ddf50b1d0470f0e442ea6516c7eb6ba1e763", 0x1000})
openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x181, 0x0)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0], 0x3b)

10:24:08 executing program 1:
syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x25}, {0x9, [{0xc8, 0xfff9}, {0xc8, 0x8}, {0xc9, 0x3f}, {0xc9, 0x2}, {0xc8, 0x2}, {0xc9, 0x401}, {0xad, 0x4}, {0xc9, 0x7c}, {0xc9, 0xff00}]}}}, 0x28)

10:24:08 executing program 4:
bpf$MAP_CREATE(0x1d, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:08 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
shmctl$IPC_RMID(r0, 0x0)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000040)=""/102400)

10:24:08 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="050000000000000018100000ce2b1a16e22b0d6985d650d0861db7bd1986e2e23ffab550ff4f9e8b15a291d3c6297794bb8302833adb7eb4640370f6c307227bc10f5bddfb5f3f843244bd435dcb4fcb03c5263ff32a28acc89cc0b263e989a8f5efd43d3f2f4d5e4107c77f97b0f9c15972fa39f58cb406756141bf075f62905a3d28", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

10:24:08 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:24:08 executing program 1:
syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2)
socket$inet6(0xa, 0xa, 0x9)

10:24:08 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0], 0x10)

10:24:08 executing program 4:
bpf$MAP_CREATE(0x1e, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:08 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x10, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))

10:24:09 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)

10:24:09 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:24:09 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[], 0x6c)

10:24:09 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1}}}, 0x4)
syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2)

10:24:09 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
ioctl$SIOCGIFHWADDR(r1, 0x8927, &(0x7f0000000000)={'veth1_macvtap\x00'})
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))

10:24:09 executing program 4:
bpf$MAP_CREATE(0x21, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:09 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)

10:24:09 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:24:09 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x2640, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r2, 0x1}, 0x14}}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000100)={'sit0\x00', &(0x7f0000000080)={'ip6gre0\x00', <r3=>0x0, 0x2f, 0x3f, 0x3, 0x2, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}, @remote, 0x80, 0x7800, 0x7fff, 0x80000000}})
sendmsg$BATADV_CMD_GET_VLAN(r0, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x38, r2, 0x8, 0x70bd2d, 0x25dfdbfd, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_ORIG_ADDRESS={0xa}, @BATADV_ATTR_HARD_IFINDEX={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0x4008800}, 0x24084810)
r4 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r4], 0x3b)

10:24:09 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1}}}, 0x4)
syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_role_change={{0x12, 0x8}, {0x2, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}}}}, 0xb)

10:24:10 executing program 4:
bpf$MAP_CREATE(0x22, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:10 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
r2 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
shmctl$IPC_RMID(r2, 0x0)
shmctl$IPC_STAT(r2, 0x2, &(0x7f00000003c0)=""/4096)
r3 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
shmctl$IPC_RMID(r3, 0x0)
shmctl$IPC_STAT(r3, 0x2, &(0x7f0000000080)=""/104)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000380), 0x1040, 0x0)
shmctl$SHM_STAT_ANY(r3, 0xf, &(0x7f0000000300)=""/67)
fchmodat(r1, &(0x7f0000000040)='./file0\x00', 0x88)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r4)
ioctl$SNDRV_PCM_IOCTL_RESET(r4, 0x4141, 0x0)
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
statx(r1, &(0x7f00000013c0)='./file0\x00', 0x0, 0x4, &(0x7f0000001400)={0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0})
fchownat(r5, &(0x7f0000000140)='./file0\x00', 0xee00, r6, 0x0)

10:24:10 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)

10:24:10 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:24:10 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r1], 0x3b)
r2 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r2, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000080)={0x9, 0x8, 0x4, 0x10800, 0x8, {}, {0x4, 0xc, 0x6, 0xd, 0x2, 0x80, "f1875186"}, 0x255, 0x3, @planes=&(0x7f0000000040)={0x8, 0x6, @fd, 0x4}, 0x6, 0x0, <r3=>0xffffffffffffffff})
ioctl$VIDIOC_DQBUF(r2, 0xc0585611, &(0x7f0000000100)={0x0, 0x3, 0x4, 0xe000, 0x3, {0x0, 0x2710}, {0x1, 0xc, 0x9, 0x2, 0xc0, 0x9, "86e51076"}, 0x800, 0x4, @planes=&(0x7f0000000000)={0x8, 0x1, @userptr=0x4, 0x401}, 0x0, 0x0, r3})
ioctl$MON_IOCQ_RING_SIZE(0xffffffffffffffff, 0x9205)
ioctl$MON_IOCH_MFLUSH(0xffffffffffffffff, 0x9208, 0x9)

10:24:10 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="04132b00"], 0x4)
syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x0, 0x3a}, @l2cap_cid_signaling={{0x36}, [@l2cap_create_chan_rsp={{0xd, 0xc6, 0x8}, {0x57, 0xfff, 0x4, 0xfffb}}, @l2cap_move_chan_req={{0xe, 0x0, 0x3}, {0x5, 0x79}}, @l2cap_move_chan_rsp={{0xf, 0x4d, 0x4}, {0x5, 0x5}}, @l2cap_move_chan_req={{0xe, 0xff, 0x3}, {0x2, 0x5}}, @l2cap_move_chan_cfm={{0x10, 0x7, 0x4}, {0x7ff, 0x101}}, @l2cap_info_req={{0xa, 0x4, 0x2}, {0x101}}, @l2cap_move_chan_cfm_rsp={{0x11, 0x3, 0x2}, {0x2}}]}}, 0x3f)

10:24:10 executing program 4:
bpf$MAP_CREATE(0x23, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:10 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x0, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="050000000000000018100000ce2b1a16e22b0d6985d650d0861db7bd1986e2e23ffab550ff4f9e8b15a291d3c6297794bb8302833adb7eb4640370f6c307227bc10f5bddfb5f3f843244bd435dcb4fcb03c5263ff32a28acc89cc0b263e989a8f5efd43d3f2f4d5e4107c77f97b0f9c15972fa39f58cb406756141bf075f62905a3d28", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

10:24:10 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x3000, 0x8, &(0x7f0000ffa000/0x3000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000)=""/102400)
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(0xffffffffffffffff, 0x28, 0x1, &(0x7f00000194c0)=0xac, 0x8)
shmctl$IPC_INFO(r0, 0x3, &(0x7f0000019440)=""/75)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
mmap$usbmon(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x3, 0x110, r1, 0x6)
r2 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r2, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
ioctl$BTRFS_IOC_GET_DEV_STATS(r2, 0xc4089434, &(0x7f0000019000)={0x0, 0x553, 0x1, [0x6, 0x101, 0x4, 0xffffffff, 0x8], [0x3, 0x169, 0x5, 0xff, 0x80000000, 0x7, 0x9, 0x0, 0x1701, 0xffffffff, 0x4, 0x3, 0x8f, 0x81, 0x1, 0x1, 0xfff, 0x0, 0xf3, 0x9, 0xffffffffffff7fff, 0x6, 0x8, 0x0, 0x2, 0xd9, 0x401, 0x65, 0x3, 0x7, 0x81, 0x10, 0x7, 0x1, 0x7, 0x400000000, 0x0, 0x6, 0x1ff, 0x200, 0x7, 0x2800000000000000, 0x1, 0x6, 0x7, 0x3, 0x36c, 0x8, 0x5, 0x0, 0x3e90, 0xfffffffffffff5af, 0x1, 0x3, 0x200, 0x4, 0xffffffffffffffff, 0x8, 0xffffffffffffffff, 0x8, 0x79, 0x9, 0x9, 0x3, 0x1ff0, 0x8, 0x2, 0x400, 0xfff, 0x7fffffff, 0x8, 0x1000, 0x4, 0xde, 0x4, 0x8d, 0x8, 0xffffffffffffffff, 0x1, 0x200, 0x9, 0xdc1, 0x1, 0x6, 0x0, 0xf234, 0x5, 0x8, 0xd6, 0x9, 0x2, 0x100000000, 0x8, 0x0, 0x1, 0x9, 0x1, 0x200, 0xc39a, 0x1, 0x0, 0x3, 0x9, 0x6, 0xffffffffffffc3b4, 0x5, 0x4, 0x7ff, 0x0, 0x10000, 0x7, 0x1, 0x7, 0x3, 0x7f, 0x2, 0x842d, 0x6, 0x139d7761, 0x10001, 0x7b]})

10:24:10 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:24:10 executing program 1:
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="91bee6dc1dcaeea6f0ba5ce95f2b7004130100"], 0x4)

10:24:10 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r1], 0x3b)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
sendmsg$AUDIT_GET_FEATURE(r2, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x10, 0x3fb, 0x100, 0x70bd2c, 0x25dfdbfb, "", ["", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000080}, 0x8000)
sendmsg$BATADV_CMD_GET_MESH(r0, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="5cd70dd2", @ANYRES16=0x0, @ANYBLOB="00012bbd7000fedbdf250100000008002c0009000000080034000200000008002b00ffffffff08003200030000000600280000000000060028000000000008002b000500000008003200000000000800340009000000"], 0x5c}, 0x1, 0x0, 0x0, 0x8000}, 0x4000000)

10:24:10 executing program 4:
bpf$MAP_CREATE(0x300, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:11 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x0, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="050000000000000018100000ce2b1a16e22b0d6985d650d0861db7bd1986e2e23ffab550ff4f9e8b15a291d3c6297794bb8302833adb7eb4640370f6c307227bc10f5bddfb5f3f843244bd435dcb4fcb03c5263ff32a28acc89cc0b263e989a8f5efd43d3f2f4d5e4107c77f97b0f9c15972fa39f58cb406756141bf075f62905a3d28", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

10:24:11 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:24:11 executing program 2:
ioctl$TUNSETTXFILTER(0xffffffffffffffff, 0x400454d1, &(0x7f00000000c0)=ANY=[@ANYBLOB="00800000aaaaaaaaaaaa000000000000f577b00f9ca6c0389f2f9ace0180c200000eaaaaaaaaaa0c0180c200000eaaaaffaaaabb01c1e3006db7"])
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
r1 = shmget$private(0x0, 0x4000, 0x1328161afcfdc875, &(0x7f0000ffb000/0x4000)=nil)
shmctl$SHM_INFO(r1, 0xe, &(0x7f0000000000)=""/133)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))
shmctl$SHM_INFO(0x0, 0xe, &(0x7f0000000100)=""/19)
r2 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
shmctl$IPC_RMID(r2, 0x0)
shmat(r2, &(0x7f0000ffc000/0x4000)=nil, 0x6000)

10:24:11 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1}}}, 0x4)
syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x1, 0x11}, @l2cap_cid_signaling={{0xd}, [@l2cap_conf_rsp={{0x5, 0xeb, 0x9}, {0x101, 0x1000, 0x3, [@l2cap_conf_fcs={0x5, 0x1, 0x1}]}}]}}, 0x16)

10:24:11 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="b714c758bfbde51363e0b93c92dd0b6f74b28e117695d2e8e6d3b325f5e5adb40fc2c1bdc986047a01339223ee40d338da5dc53b96b26c5f3560afcae722cb5cdf045ca73b482574926baa83bdc09f44f25d07bfd0d7e5c203f1efb74f47cf551e7a4473d4a4eb9f9c5315604a9a08412c2504130f3ed29686401417e387e6b03e1e1a30731e84e36098bbf027f74857b000917e71c4fcd3126b052c7ae32bff1f4c38766cf40d73ac04dc48dc6ca9b0aefa00be902a"], 0x29)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r0, 0x28, 0x0, &(0x7f0000000000), 0x8)
accept4$vsock_stream(r0, &(0x7f00000000c0)={0x28, 0x0, 0xffffffff, @local}, 0x10, 0x0)

10:24:11 executing program 4:
bpf$MAP_CREATE(0x500, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:11 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x0, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="050000000000000018100000ce2b1a16e22b0d6985d650d0861db7bd1986e2e23ffab550ff4f9e8b15a291d3c6297794bb8302833adb7eb4640370f6c307227bc10f5bddfb5f3f843244bd435dcb4fcb03c5263ff32a28acc89cc0b263e989a8f5efd43d3f2f4d5e4107c77f97b0f9c15972fa39f58cb406756141bf075f62905a3d28", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

10:24:11 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))
ioctl$SNDRV_PCM_IOCTL_SYNC_PTR(0xffffffffffffffff, 0xc0884123, &(0x7f0000000000)={0x2, "00eb99581d88e2bbd193b1ac9855734fc253649b1e6b4360e07d356c69f6a50e74c09265c674424f807c2ec6ab70243ec5963baef63efcca7679d771295c6f65", {0x2, 0x10000}})

10:24:11 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:24:11 executing program 1:
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="35000000a34c5ddf9ef1cb2ed6e1d042b17e06fcdfab83a638d5ad39d3c85985669c0f81223bc9cf9cf5097d63c168777472d2ce993ec362a33eff0878f4afd4942b92024367b78f98275788ae1e2c2ea1e0693e50"], 0x4)
syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x1, 0x0, 0x10}, @l2cap_cid_signaling={{0xc}, [@l2cap_conn_rsp={{0x3, 0x0, 0x8}, {0x101, 0x6, 0x7, 0x400}}]}}, 0x15)

10:24:12 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0], 0x3b)
socket$inet6_udplite(0xa, 0x2, 0x88)

10:24:12 executing program 4:
bpf$MAP_CREATE(0x600, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:12 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, 0x0, &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

[ 3335.729379][ T6375] Bluetooth: Unexpected continuation frame (len 16)
10:24:12 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:24:12 executing program 2:
syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x3b)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00'})
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
shmget$private(0x0, 0x1000, 0x800, &(0x7f0000ffe000/0x1000)=nil)
ioctl$BTRFS_IOC_DEV_INFO(r0, 0xd000941e, &(0x7f0000000180)={0x0, "02686f22bc9feec29b81c228d1b2ae39"})
sendmsg$BATADV_CMD_GET_VLAN(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x4c, 0x0, 0x200, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x42}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0xe9}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x4}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000000}, 0x48801)
r1 = shmget$private(0x0, 0x3000, 0x100, &(0x7f0000ffd000/0x3000)=nil)
shmctl$SHM_STAT_ANY(r1, 0xf, &(0x7f0000000000))

10:24:12 executing program 0:
syz_open_dev$vivid(&(0x7f0000000040), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000000), 0x0, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0], 0x3b)

10:24:12 executing program 1:
syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @inquiry_info_with_rssi={{0x22, 0x39}, {0x4, [{@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x1f, 0x6, "e83abc", 0x3f, 0x3}, {@any, 0x7f, 0x0, "b977ca", 0x20, 0x5}, {@none, 0x5d, 0x7, "e71bcb", 0x60}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xff, 0xd7, "ace76f", 0xc072, 0x8}]}}}, 0x3c)

[ 3336.094966][ T1265] ieee802154 phy0 wpan0: encryption failed: -22
[ 3336.101559][ T1265] ieee802154 phy1 wpan1: encryption failed: -22
10:24:12 executing program 4:
bpf$MAP_CREATE(0x700, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:12 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, 0x0, &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

10:24:12 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xffff, 0x2, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:24:13 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1}}}, 0x4)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f00000002c0)={&(0x7f0000000280)=[0x7fffffff, 0x10001, 0x9, 0x4, 0x1000, 0x1], 0x6, 0xc0000, 0x0, <r0=>0xffffffffffffffff})
write$P9_RRENAMEAT(r0, &(0x7f0000000300)={0x7, 0x4b, 0x2}, 0x7)
syz_emit_vhci(&(0x7f0000000240)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000001c0)=@bpf_ext={0x1c, 0x2, &(0x7f0000000040)=@raw=[@ldst={0x3, 0x3, 0x2, 0xa, 0x8, 0x0, 0x4}, @generic={0x1, 0x7, 0x4, 0x176, 0x8}], &(0x7f0000000080)='GPL\x00', 0x7, 0x7c, &(0x7f00000000c0)=""/124, 0x41000, 0x14, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0xa, 0x3}, 0x8, 0x10, &(0x7f0000000180)={0x5, 0x3, 0x4, 0x2}, 0x10, 0x7840, r1}, 0x78)

10:24:13 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYBLOB="042c1105c900ffffffffffff0007003e593f00ff10e31808edfb086e44ce0532faca77c6dbe51e1be0bc312e6c90df40b8fa4dfdb2888f087ee80c7dce873021a0004a7b90e5b0faa652137dbf56451d0f88a545e30016f69578eda70aa908b631fc9f139a382036cfe09e230e0babd34b954013a0d8a3074b9d721cff987b2208af6c142dc4f4519c28c6bcc4ce1f35764680c87a7a1aaf5b0fec0000000000000000000000000000004e876262829de19958e115d706b0cb03b3633c49c7c55b6392284759a146f8fb3a66b02045f801bc4c4de777f12fc97a0c3897b12efd197851d78dd41ee118d191566776ebe71d19e8f42dfcfbb89bce9d9d07d382e69ecb2ec7316695aaffdf4ec59d5c28c6063de07d8cabd471e267e161c06cb2d0bd1506622429066608a4092148010c78a5df50ea59dee066a5af494de6664d9274c0d3217c5ab5de133565d6fa54a988981252a23e1efb73dd4d4715e198acb5cdffe6d169ac975b0cb8"], 0x14)
syz_emit_vhci(&(0x7f0000000100)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x45}, "3c84386bd197bdc8c6731d3076be10aa0902484ff4c05f6fedf797b7c6fa30358e81d0b4ef892323482973ddd282d21daffc4c24d1a6b0e426ad14975d97df3050281ea168"}, 0x49)
shmctl$SHM_INFO(r0, 0xe, &(0x7f0000000080)=""/4)
write$snddsp(0xffffffffffffffff, &(0x7f00000000c0)="c4ac5fc2ab37622ce47d244df0", 0xd)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000180)=""/23)
socket$inet6_udplite(0xa, 0x2, 0x88)

10:24:13 executing program 4:
bpf$MAP_CREATE(0x900, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:13 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0], 0x3b)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x101000, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000100)={'ip6tnl0\x00', &(0x7f0000000080)={'ip6_vti0\x00', <r3=>0x0, 0x2f, 0x20, 0x2, 0x40, 0x8, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @remote, 0x1, 0x8, 0x4, 0x312f}})
ioctl$TUNSETIFINDEX(r2, 0x400454da, &(0x7f0000000140)=r3)
mmap$snddsp(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x3000000, 0x30, r1, 0x3000)

10:24:13 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, 0x0, &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

10:24:13 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:24:13 executing program 2:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
ioctl$TUNGETIFF(r0, 0x800454d2, &(0x7f0000000000)={'ip6erspan0\x00'})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000180)={&(0x7f0000000140)=[0x3, 0x1, 0x7, 0x200], 0x4, 0x80000, 0x0, <r1=>0xffffffffffffffff})
r2 = openat$vcs(0xffffffffffffff9c, &(0x7f00000001c0), 0x422d80, 0x0)
sendmsg$BATADV_CMD_GET_NEIGHBORS(r2, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x84000}, 0x17, &(0x7f0000000280)={&(0x7f0000000240)={0x3c, 0x0, 0x100, 0x70bd25, 0x25dfdbfc, {}, [@BATADV_ATTR_VLANID={0x6, 0x28, 0x2}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0xb7}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x80c0)
ioctl$TUNGETDEVNETNS(r1, 0x54e3, 0x0)
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r3 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r3, 0xf, &(0x7f0000000000))
shmctl$SHM_INFO(r3, 0xe, &(0x7f0000000040)=""/235)

10:24:13 executing program 1:
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
shmctl$IPC_RMID(r0, 0x0)
shmctl$SHM_INFO(r0, 0xe, &(0x7f0000000000))

10:24:13 executing program 4:
bpf$MAP_CREATE(0xa00, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:13 executing program 0:
syz_open_dev$vivid(&(0x7f0000000000), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
clock_gettime(0x0, &(0x7f0000000040)={<r1=>0x0, <r2=>0x0})
ioctl$VIDIOC_DQBUF(r0, 0xc0585611, &(0x7f00000000c0)={0x7, 0x3, 0x4, 0x4000, 0x0, {r1, r2/1000+10000}, {0x3, 0x0, 0x20, 0x80, 0x8, 0x7, "8917124b"}, 0xffffffff, 0x1, @planes=&(0x7f0000000080)={0x9d58, 0x2, @mem_offset=0x1}, 0x3})
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)

10:24:13 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="050000000000000018100000ce2b1a16e22b0d6985d650d0861db7bd1986e2e23ffab550ff4f9e8b15a291d3c6297794bb8302833adb7eb4640370f6c307227bc10f5bddfb5f3f843244bd435dcb4fcb03c5263ff32a28acc89cc0b263e989a8f5efd43d3f2f4d5e4107c77f97b0f9c15972fa39f58cb406756141bf075f62905a3d28", @ANYRES32], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

10:24:13 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:24:14 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000)=""/10)

10:24:14 executing program 4:
bpf$MAP_CREATE(0xb00, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:14 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1}}}, 0x4)
shmat(0xffffffffffffffff, &(0x7f0000fff000/0x1000)=nil, 0x7800)

10:24:14 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="050000000000000018100000ce2b1a16e22b0d6985d650d0861db7bd1986e2e23ffab550ff4f9e8b15a291d3c6297794bb8302833adb7eb4640370f6c307227bc10f5bddfb5f3f843244bd435dcb4fcb03c5263ff32a28acc89cc0b263e989a8f5efd43d3f2f4d5e4107c77f97b0f9c15972fa39f58cb406756141bf075f62905a3d28"], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

10:24:14 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
clock_gettime(0x0, &(0x7f0000000000)={<r1=>0x0, <r2=>0x0})
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r3)
ioctl$VIDIOC_DQBUF(r0, 0xc0585611, &(0x7f0000000040)={0xfffffffe, 0xa, 0x4, 0x8, 0x2, {r1, r2/1000+10000}, {0x5, 0x0, 0x40, 0x20, 0x80, 0x8, "9cedca8f"}, 0x10000, 0x2, @offset=0x80000000, 0x90000000, 0x0, r3})
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r4 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r4], 0x3b)

10:24:14 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:24:14 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x2, 0xe}, @l2cap_cid_le_signaling={{0xa}, @l2cap_ecred_reconf_req={{0x19, 0x9, 0x6}, {0x0, 0xc638, [0x9]}}}}, 0x13)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
r1 = shmget$private(0x0, 0x4000, 0x10, &(0x7f0000ffc000/0x4000)=nil)
shmctl$SHM_INFO(r0, 0xe, &(0x7f0000000140)=""/165)
shmctl$IPC_INFO(r1, 0x3, &(0x7f0000000040)=""/207)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))

10:24:14 executing program 4:
bpf$MAP_CREATE(0xc00, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:14 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
mmap$snddsp_control(&(0x7f0000ffc000/0x2000)=nil, 0x1000, 0x0, 0x80010, r0, 0x83000000)
syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x1, 0xa2}, @l2cap_cid_signaling={{0x9e}, [@l2cap_move_chan_rsp={{0xf, 0x20, 0x4}, {0x0, 0x101}}, @l2cap_info_req={{0xa, 0x3f, 0x2}, {0x8}}, @l2cap_conf_rsp={{0x5, 0xff, 0xa}, {0x3, 0xef, 0x40, [@l2cap_conf_flushto={0x2, 0x2, 0xffff}]}}, @l2cap_move_chan_cfm={{0x10, 0x8, 0x4}, {0xcc2, 0x7}}, @l2cap_info_rsp={{0xb, 0x2, 0x5c}, {0x0, 0x4, "22b5f0099af929c50a8b3ca9e037967fc7653447606969ae0c1c2fba423d346b33b408cd8102bbe16c28f4a0bf9829e9fce3e7f4734dc9d91602f9ffdc0857b1c0c496a01237454840076e2c28180ac06085d9549d2ef3da"}}, @l2cap_conn_req={{0x2, 0x91, 0x4}, {0x8}}, @l2cap_create_chan_rsp={{0xd, 0x1, 0x8}, {0x1000, 0xfff8, 0x100, 0x74b2}}, @l2cap_move_chan_cfm_rsp={{0x11, 0x1, 0x2}, {0xf16a}}]}}, 0xa7)

10:24:14 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

10:24:14 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000080)={0x6, 0xb, 0x4, 0x70000, 0x200, {}, {0x3, 0x0, 0x2, 0x7f, 0x3, 0x0, "42239d73"}, 0x6, 0x4, @planes=&(0x7f0000000040)={0x2, 0x9, @fd=r1, 0x5}, 0x40})
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r2 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_EXPBUF(r0, 0xc0405610, &(0x7f0000000000)={0xb0c7fe4d38782179, 0x7, 0x2, 0x2800})
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r2], 0x3b)

10:24:14 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:24:15 executing program 4:
bpf$MAP_CREATE(0xd00, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:15 executing program 2:
r0 = syz_open_dev$sndpcmp(&(0x7f0000000040), 0x7, 0x440440)
mmap$snddsp_status(&(0x7f0000ffc000/0x4000)=nil, 0x1000, 0x2000002, 0x30, r0, 0x82000000)
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r1 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r1, 0xf, &(0x7f0000000000))
r2 = shmget$private(0x0, 0x2000, 0x10c4, &(0x7f0000ffd000/0x2000)=nil)
shmctl$SHM_INFO(r2, 0xe, &(0x7f0000000000)=""/40)

10:24:15 executing program 1:
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04c41a51327f6ae3ace317130100"], 0x4)

10:24:15 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

10:24:15 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x3}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:24:15 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x0, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
ioctl$VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f0000000040)={0x6, 0x1, 0x4, 0x8, 0x7, {0x0, 0xea60}, {0x1, 0x8, 0x8, 0x5b, 0x4, 0x3, "b34401c6"}, 0x100, 0x4, @fd, 0x3})
syz_extract_tcp_res(&(0x7f0000000000), 0xfffffff8, 0x430b)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0], 0x3b)

10:24:15 executing program 4:
bpf$MAP_CREATE(0xe00, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:15 executing program 1:
ioctl$SNDRV_PCM_IOCTL_STATUS32(0xffffffffffffffff, 0x806c4120, &(0x7f0000000040))
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYBLOB="35542bca132824e92049c9ee108e322210d1141745b7ebdf69abf9ee9ab22ec81c662c0f013d94b729e1e9edb6c59b09def01f147074f60f918571e86c6146552b0bea85dd0b8f0a7b33e5276fed7dfa0041861f1e4a28bbb2d5bded70397849b97d5aa0f22f8b6b6d52de0c45390bce6d47d1c60900c93652724052e3cf0307ecffae846b4658f8d851ee4d"], 0x4)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
ioctl$TUNSETOWNER(r0, 0x400454cc, 0xee00)

10:24:15 executing program 2:
ioctl$SNDRV_PCM_IOCTL_INFO(0xffffffffffffffff, 0x81204101, &(0x7f0000000000))
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_MESH(r0, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x14, r1, 0x1, 0x70bd2b, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4000040}, 0x4000050)
shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x2000)
r2 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
ioctl$SNDRV_PCM_IOCTL_DELAY(0xffffffffffffffff, 0x80084121, &(0x7f0000000140))
shmctl$SHM_STAT_ANY(r2, 0xf, &(0x7f00000002c0)=""/102400)

10:24:15 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

10:24:15 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:24:16 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0], 0x3b)

10:24:16 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))
shmctl$IPC_RMID(r0, 0x0)

10:24:16 executing program 4:
bpf$MAP_CREATE(0xf00, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:16 executing program 1:
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="589ee02802c6d2bc382df88ac4b268838b8a76e342e358b4d29f02eddfc5775d81c55a09797aa1ed90f7b6121e6180e51350429446e0e8ea7220848e466176fa45db9334e69a62ef6282150efe9a39849143ad7342"], 0x4)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
ioctl$TUNSETOWNER(r0, 0x400454cc, 0xee00)
ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(r0, 0x80083314, &(0x7f0000000040))
accept4$vsock_stream(r0, &(0x7f0000000100)={0x28, 0x0, 0x2710, @my=0x1}, 0x10, 0x80800)

10:24:16 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

10:24:16 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:24:16 executing program 0:
syz_open_dev$vivid(&(0x7f0000000000), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0], 0x3b)

10:24:16 executing program 4:
bpf$MAP_CREATE(0x1100, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:16 executing program 1:
ioctl$TUNGETFEATURES(0xffffffffffffffff, 0x800454cf, &(0x7f0000000000))

10:24:16 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
socket$inet6(0xa, 0x2, 0x3)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000000)=[0x701, 0x6], 0x2, 0x800, 0x0, <r1=>0xffffffffffffffff})
mmap$snddsp_status(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x3000000, 0x4081113, r1, 0x82000000)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))

10:24:16 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

10:24:17 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x5, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:24:17 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x3b)

10:24:17 executing program 1:
syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x3, 0x3, 0x1b}, @l2cap_cid_signaling={{0x17}, [@l2cap_conn_req={{0x2, 0x66, 0x4}, {0x2, 0x5}}, @l2cap_create_chan_req={{0xc, 0x1f, 0x5}, {0x75d, 0xff, 0x4}}, @l2cap_move_chan_cfm_rsp={{0x11, 0x1, 0x2}, {0x7}}]}}, 0x20)

10:24:17 executing program 4:
bpf$MAP_CREATE(0x1200, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:17 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

10:24:17 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x3}, 0x0, 0x0, 0x4, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:24:17 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000380)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
sendmsg$SEG6_CMD_DUMPHMAC(r4, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x28, 0x0, 0x10, 0x70bd2c, 0x25dfdbfb, {}, [@SEG6_ATTR_DST={0x14, 0x1, @private2={0xfc, 0x2, '\x00', 0x1}}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r3)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r3, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x44, r2, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [@BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x80000000}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x9}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}]}, 0x44}, 0x1, 0x0, 0x0, 0x40004}, 0x24004011)
ioctl$TUNDETACHFILTER(r1, 0x401054d6, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000280), r3)
sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r5, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x24, r6, 0x41a, 0x70bd27, 0x25dfdbff, {}, [@BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x7}, @BATADV_ATTR_BONDING_ENABLED={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x4000004)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0], 0x3b)
ioctl$TUNSETQUEUE(r3, 0x400454d9, &(0x7f0000000200)={'wg2\x00'})

10:24:17 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))
shmctl$IPC_INFO(r0, 0x3, &(0x7f0000000040)=""/4096)
syz_open_dev$dri(&(0x7f0000000000), 0x100000000, 0x208000)

10:24:17 executing program 1:
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000080)={&(0x7f0000000040)='./file0\x00'}, 0x10)
syz_emit_vhci(&(0x7f00000000c0)=@HCI_EVENT_PKT={0x4, @hci_ev_conn_request={{0x4, 0xa}, {@any, "41a272"}}}, 0xd)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000180)=@nat={'nat\x00', 0x1b, 0x5, 0x568, 0x1f8, 0x2e8, 0xffffffff, 0x1f8, 0x0, 0x498, 0x498, 0xffffffff, 0x498, 0x498, 0x5, &(0x7f0000000100), {[{{@uncond, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0x4, 0x5, 0x6}, {0x0, 0x2}, {0x1, 0x1, 0x1}, 0x7, 0x5}}}, {{@uncond, 0x0, 0xd0, 0x118, 0x0, {}, [@common=@unspec=@state={{0x28}, {0x7}}]}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x2, @ipv6=@mcast2, @ipv6=@empty, @port=0x4e21, @port=0x4e23}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x1e, @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}, @ipv4=@initdev={0xac, 0x1e, 0x1, 0x0}, @port=0x4e21, @port=0x4e21}}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x9, 0x0}, @private2={0xfc, 0x2, '\x00', 0x1}, [0xffffff00, 0xffffff00, 0xff], [0xffffff00, 0xffffff00, 0x0, 0xffffffff], 'ip6tnl0\x00', 'veth0_virt_wifi\x00', {}, {0xff}, 0x3c, 0x7f, 0x7, 0x53}, 0x0, 0x168, 0x1b0, 0x0, {}, [@common=@ah={{0x30}, {[0x4d3, 0x4d6], 0x10000, 0x7, 0x6}}, @common=@srh1={{0x90}, {0xc, 0x41, 0x82, 0xff, 0x2, @ipv4={'\x00', '\xff\xff', @multicast1}, @private0={0xfc, 0x0, '\x00', 0x1}, @empty, [0xffffffff, 0x0, 0x0, 0xffffffff], [0x0, 0xffffff00, 0xffffffff], [0xffffffff, 0xffffffff, 0xff, 0xffffff00], 0x2, 0x49}}]}, @NETMAP={0x48, 'NETMAP\x00', 0x0, {0x0, @ipv4=@rand_addr=0x64010101, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, @port=0x4e20, @icmp_id=0x67}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5c8)

10:24:17 executing program 4:
bpf$MAP_CREATE(0x1300, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:18 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="050000000000000018100000ce2b1a16e22b0d6985d650d0861db7bd1986e2e23ffab550ff4f9e8b15a291d3c6297794bb8302833adb7eb4640370f6c307227bc10f"], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

10:24:18 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x3}, 0x0, 0x0, 0x0, 0x8, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:24:18 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
r0 = shmget$private(0x0, 0x1000, 0x1, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))

10:24:18 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x0, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0], 0x3b)

10:24:18 executing program 4:
bpf$MAP_CREATE(0x1400, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:18 executing program 1:
syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0xd}, {0x3, [{0xc8, 0x7ff}, {0xc9, 0x8}, {0xc8, 0x585}]}}}, 0x10)
syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2)

10:24:18 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x3, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:24:18 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="05"], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

10:24:18 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="80000000001000000007525522aea89c33f20017236894d89ded070400ff000900"], 0x11)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT, 0x2)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))
shmat(r0, &(0x7f0000ffd000/0x3000)=nil, 0x2000)

10:24:18 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000000), 0x2, 0x2)
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT32(0xffffffffffffffff, 0xc06c4124, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4})
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r1], 0x3b)
r2 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000000c0)={0xffffffffffffffff}, 0x4)
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000200)={0x18, 0x2, {0x9, @usage, 0x0, 0x48400618, 0x3ff, 0x81, 0x3, 0x0, 0xc, @usage=0x1cdf, 0x81, 0x7, [0x2, 0x5c0f, 0xffffffffffff03d6, 0x6, 0x0, 0x8]}, {0x3, @usage=0x8, 0x0, 0x100, 0x80000001, 0x57, 0x614a, 0x100, 0x20, @usage=0xffffffff, 0x40, 0x8001, [0x1000, 0x9, 0xca18, 0x6, 0xd073, 0x39]}, {0xf2, @usage, <r3=>0x0, 0x100000000, 0x4, 0x3, 0x9, 0x0, 0x44, @usage=0x3ff, 0xffffffff, 0x9, [0x1f, 0x8, 0xfffffffffffffbff, 0x8, 0x3, 0x7]}, {0x400, 0x3}})
ioctl$BTRFS_IOC_DEV_REPLACE(r2, 0xca289435, &(0x7f0000000ac0)={0x3, 0x3, @start={r3, 0x0, "dd5a0a9a05ff7d3b7e820d37124abac3be75872f60c57862a820782d4d6e745c0c72db2a5a24e417c30244b0b5ff55bdfd05415a56b41487cd5a54208698bc0343099a01053c74c80a007bcfb4c0fd01c2b947f919642e4d5d0707810f112a715e0c0577195b3d57cbedc7726cde857e45eaaa8e4a8ee31cfc18be99f45c42daf21e114baea9e6d52a70e1f1e5eae15afc77887291791c09e46c31c0ebd618e9dff08b3fb74f223dfb5d0ecbe7307e7fbb51e6c11b01e8d320856d8b04f54cbeadb95002d52a2a1774510ff2f8afb1bf2ccec4f0933a33c4e2dfb23874e744ee364b208b09db6e170ef006dbb41ec8cd94eb1bae36d6800e7c6a316d58ac7f3c188efbd100d3f9d95704f2e1ff206490aa6b7545d6a35c5e8985f5d01207e0d9273583321b1b4d42be55b3bfa73be1044b83b12129ac3738231c8a4200b1ad477eb454db73df5412633143c52275e7602a66576b8550d919dafee6432b60aed075a7ec30f2a0317eaf3b9381cc7a8bf2d5db70df966f3a4586a4b52b60a8159c03cb5f64364623f682fc7353fddc2699f09de309630a657eafe7a4538d2a33b82b532603e3d4f6c2789e73e107347b37f4627dc651100ccc402dbe1396a5dfd13a43e31f8621b6694f7d2191b814f66c10ec5dd90631cad0adafb8a2196a0072a0a78a57d8b562b80bdba980ed0f648bf272e75b42124671027640520f3648e52b2547d2a868574e2c6badafff5685f65d5f8d738e4a358fe5153fc7482b3107194ce00ee2d0ac17cafbb2dcf6a16f884aca3f5089af201c95e7808dad398e50d446b5edcf4902202a981850986da19c410b1d5c45a017b4073016dd13cac5c5ba34015c6a038b579ce836f98de5246c45fcd64cf56b02da9f2769e1ef40d79865b006cb047b86fd48ca546b2ab66613a24526b6184acef050d71dfaebb9df6aa28a9fe946d8d26f7e2bb658148b2bf571724d4068122253c9801f83f231a5da44fada96228f67d8b9079f2bf11c2424bce5d12eae693db2820e1716eefbeee88a22370c83ed07f4418ea19e8dfbc5fcea29191bd0f4bf47253d9c945706f9437b7db19fab654f41cf114227828eb5033612e763d4903b78d49af7b1a54c1433b0ad61629eb961a9e0f5073877f9eb5ed6de3c734915958ff67d3326c33a90a5d36a55492cf7c72e0d9cc335ac7606223ceff5ebc450577f8b5c0571fc18a9b92a3cdd1d2f3f7a6eb8fa1216fe785b6f30307ad7ffc76115dc91b849006ebe4ba1c82ff16842adc13052e7101cd145231c17d230773bb3a91ad30c551cd8fde4c7f62099956c5d3122939d3f6fd31a0ad0f9f5253920f1ad6e656ee2b9c25ba09d5ea240e09a90d28f5d01ecfe7e247ab6b5d970055cd4ed7c6e3200d307b828f01c490774d15fc0aef56214f21495de866d2c9a16e86bb6dbe5e12fc9c0b3f050", "f0c7b637e5991ea4c8d33eeea6f94403b0b7318f6e8e24d9cd6160f0461a326d848afa8bf6f52bafc69bb8251f0e87689369890f58999721a2776c8c0560351429accea06b9ffd213627c68317bbc5985b7269c9a54deed36bf45b324884c19d531c9e84eb390b05c7820f0619b8b06b6864ce5f83f8c15a42308075bc113e5ca8acde2c108e6daeea70f60816e119b8a1885f43a8b0e09449ab221969d105a1797a5cde423224a5c2bd743fefe452663aad2165623971b00a3598d53fd1566028c5778e95a55efcc7dd2ea09d73aa98abe37430faf83ef02dd5168a2bbc80ddeb8c591db8d1d95cb63a1a5a6d16d2615143c2b097ccf04eced17e376925577273e958eae1923ef6baf4b625639d51960f121b80b7051c11d66ead82e8808f67921890ea960eb916f5f1861dd51748e0d7c13c7c990e0c1aabb4844347561a0a559a5dcb9dfa38241c687456b51f7b0509e8f3f4dd08335528306b4201c95a70fdabb438dbe875706121f891442fe7952e8f95721ee2ebb151dbb5bfb47b1a4f24ca0eaf558b3038532d8e5653f88488723d3cd4a944b531e97b15ca736b2b45af68b76cdf6ce68c0b50ce5e085fbdc9f1d1f9e83a47a421be6c779f7ccc0282a5b41bd95f74506f2965a4c905b9a9552789da54204dee5f6a8629d069cd6513db59a4a582e1095bc272f832a1fdedf7199f3674f1c427f635b41ee1518eb068ceae74e544340c6021e9db4f315f4a90926597c74f5075f8b81595538306dd3230a0e4aadeb9f11b8ffbe96337c1f195c367060c59c90e8d1eae1a76391e1ebdb23781ea72fc23fe2e40920ab174f131f3c15139b17f2901e5d058c467e21d6bcdbf20d98efcacfc28661e113c46cc0a282e3b23c600c142d1c2123eac769d6b1f291a8c684a92b14c0a01d5cd3ce3aeb8aed96748ecadd3b0bfb994b7880dae3441dda774a765ec59b0fe2d85380487b818325cbacd3f5281668316e3cafd11e69056e421464d6ba4cd7390572d376ae674149fd220ce929faada61db4415510205b6eae38efcd8cf618f40b28385079b3a9c4d5562765306e48b6204a69e6672757e79a7156ae9b4a9f40dc6a4f4ea15f014d61eb5e51695babe1a2187bf72560af32d6cae4d3cd5e7b633c72e9e8915a5d0dea31da91ef0a6851420b79fdc221d84bede3326c5c73809888d0c80700074e719b7634af2d0ad78fc3008e6641b4cab33ccef75e3f69bf5bc62b9792c7ee840d8deaa0e826ad5e80691cbad5f22b819d2317f16b73458dfe756f456742d5ba6b39a74643d65d14e492ce8473949167a77618011c93b24166fb3338e16972836bbafa7fc8d1cc4f2fff7e0a901336c510e452f3ea17379f8c746ca5f2ba07b0274c70df79f47598d280b727c5c35f523692a035922c02d012d5960cc888e3eda602e98bfe554e52b02abdec83570"}, [0x2, 0x5, 0x3, 0x7f, 0x8, 0x4, 0x666e, 0x7, 0x9, 0x3, 0x6801, 0x1000, 0xffffffffffffffff, 0x800, 0x1, 0x20000, 0x1f, 0x73889ae3, 0x80000000, 0x7, 0x4, 0x81, 0x2, 0x4, 0x401, 0x7, 0x200, 0x0, 0x7, 0x4, 0x3, 0x200, 0x80, 0x11c6, 0x6, 0x4, 0x5, 0x1, 0x7ff, 0x265, 0x7, 0x489, 0x8, 0x2, 0xad1, 0xfffffffffffffff8, 0x80, 0x9, 0x6, 0x24, 0x3ff, 0x5, 0x100000001, 0x1, 0x5, 0x1, 0x4, 0x1f7880000000, 0x83f, 0xfffffffffffffffe, 0x8000, 0x5, 0x2, 0x4]})

10:24:18 executing program 4:
bpf$MAP_CREATE(0x1500, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:18 executing program 1:
sendmsg$AUDIT_USER_TTY(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f0000000040)={0xfffffffffffffd0d, 0x464, 0x100, 0x70bd25, 0x25dfdbfb, "56ae58b1bb156593b2528bed16c460b00dd5b2d8d9c552704fee1b99f672127f0a5ffa3cc895a32a308d25360143d9744dfb808b966325e22378973e9272069225118ffeaf3043b5885aee4b498d1d8b58ea94fd972134945a1a1f4a62da4fa75f001dd6dcb94cc40457bca5b2a6b7bf4c88a467f24c25395b5e502c7423f12044ace01e78ac7abab62d9461ad049d9526a97c64cf12a79bc0fb29515bd8c0dc72e980c935b408c5ac6db9dcf0ff5465b77468b5a25d93255750d6f307e08097872a06841ecdb2c9d02f7344e12e68e7fe40fd6f3fe7870bd0833ea77d3a4be108cac2e650b364ae2babd6b691", ["", "", "", ""]}, 0x100}, 0x1, 0x0, 0x0, 0x20000881}, 0x20040849)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="04139a72427c78abfdedcde39b2c6eccab67bc43991d91f5d604723b50f7597f085f480fd2b41288d57619162636354111616e070568557dbadc21e38a7770a106707fd76585a2b83fedff313ee1a23fd6cb7f37908d746d46355325448eb3b967f62e6b4897574f8550d58b4b6583d5c2729c318071e1436e5a4f8dc737b926d652ab7b8c93873e3dd59482eeefa4f8509f8329ce7e51877a4a242e812f0a4b377450ea06c325a20a20ea5b8beebdc19e4f041c73b9f7b2ae4e69b8adf2e4ad77906730a07da13e71e0eb85c219b3a0825801960eb0c9a41804762ff779da7f00e88314a263481d81b82ffd427bcf49ba9cc65c1e3ad3897f96b66e55bb7be42d53043e5c5a98a1adebd47a8f4469aeb237d69941bcd7b0258fa211a9ddb85cbbe791e2e6fc53c0d5290b75abb5295932418f71"], 0x4)

10:24:19 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:24:19 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="05"], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

10:24:19 executing program 2:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x18, 0x8fe, 0xca7e, 0x2b, 0xe98, r0, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x1}, 0x40)
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
r1 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
shmctl$IPC_RMID(r1, 0x0)
r2 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
shmctl$IPC_RMID(r2, 0x0)
shmctl$SHM_LOCK(r2, 0xb)
shmctl$SHM_STAT_ANY(r1, 0xf, &(0x7f0000000000)=""/13)

10:24:19 executing program 4:
bpf$MAP_CREATE(0x1600, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:19 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000000), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0], 0x3b)

10:24:19 executing program 1:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$NS_GET_USERNS(0xffffffffffffffff, 0xb701, 0x0)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000180)={0x0, 0x8, 0x4, 0x0, 0x0, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "7910366f"}, 0x0, 0x0, @userptr})
sendmsg$BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="4033df17f6b9d8ef3fcf00000087c4fff27bdf4b45912f0b502a0a4ae6aa3f11de2725e093327aca7395edc7f0d16db743df4acaf750da3380a630338ca6a94f5d2b830501121c28e63f650ba47c50357b20", @ANYRES16=0x0, @ANYBLOB="000427bd7000fbdbdf25020000000a0009000000000000000000080031000300000008003a0000000000080032000800000005002a0001000000"], 0x40}, 0x1, 0x0, 0x0, 0x8000090}, 0x4000810)
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1}}}, 0x4)

10:24:19 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:24:19 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="05"], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

10:24:19 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x5, 0x0, 0x0, 0x0, 0x194}, 0x40)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x1ffffffffffffd59, &(0x7f0000000040)=@raw=[@btf_id={0x18, 0xb, 0x3, 0x0, 0x3}], &(0x7f0000000080)='GPL\x00', 0x1, 0x96, &(0x7f00000000c0)=""/150, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x5, 0x1}, 0x4, 0x10, &(0x7f00000001c0)={0x1, 0xb, 0x6, 0x800}, 0x10}, 0x78)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))

10:24:19 executing program 4:
bpf$MAP_CREATE(0x1700, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:19 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$SNDRV_PCM_IOCTL_LINK(0xffffffffffffffff, 0x40044160, &(0x7f0000000000)=0x76)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0], 0x3b)

10:24:20 executing program 1:
syz_emit_vhci(&(0x7f0000000040)=ANY=[], 0x4)

10:24:20 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6288, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

[ 3343.691485][T21124] Bluetooth: hci1: command 0x0409 tx timeout
10:24:20 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="050000000000000018100000ce2b1a16e22b0d6985d650d0861db7bd1986e2e23ffa"], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

10:24:20 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x400801)
mmap$snddsp(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x100000e, 0x12, r1, 0xf000)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))

10:24:20 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x1, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0], 0x3b)

10:24:20 executing program 4:
bpf$MAP_CREATE(0x1800, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:20 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x2000, 0x0)
ioctl$BTRFS_IOC_DEV_INFO(r0, 0xd000941e, &(0x7f0000000400)={<r2=>0x0, "b8b23159c02a1c1fd5b0713cfd6c2d6a"})
ioctl$BTRFS_IOC_BALANCE_V2(r1, 0xc4009420, &(0x7f0000001400)={0x2, 0x6, {0x68, @usage=0x1, r2, 0x4, 0x7ff, 0xfffffffffffffffa, 0x6e40, 0x7, 0x20, @struct={0x3, 0x1}, 0x81, 0x1ff, [0xffffffffffff0001, 0x0, 0x101, 0x1f, 0xada, 0x40]}, {0x9, @struct={0x7ff, 0x2}, 0x0, 0x7, 0x5, 0x7fffffff, 0x77, 0x3f, 0x1, @usage=0x5, 0x7fffffff, 0x9d, [0x7ff, 0x7, 0x9, 0x1, 0x1, 0x3]}, {0x7fffffff, @usage=0x2, 0x0, 0x490, 0xfffffffffffffffe, 0x6, 0x1, 0x5, 0x95, @struct={0x7, 0x37}, 0xfff, 0xffffffff, [0x7fffffff, 0x3ff, 0x4, 0x7fffffff, 0x100, 0x3]}, {0x4, 0x2}})
sendmsg$GTP_CMD_DELPDP(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="020027bdf000fbdbdf2501000008060006000400000008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB], 0x2c}, 0x1, 0x0, 0x0, 0xc004}, 0x4000840)
ioctl$SNDRV_PCM_IOCTL_DRAIN(r0, 0x4144, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000240)={&(0x7f0000000200)=[0x6, 0x7, 0x1, 0x7f, 0x40, 0xa465, 0x7], 0x7, 0x0, 0x0, <r3=>0xffffffffffffffff})
r4 = syz_genetlink_get_family_id$gtp(&(0x7f00000002c0), r0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000300)={'batadv_slave_0\x00', <r5=>0x0})
sendmsg$GTP_CMD_GETPDP(r3, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000380)={&(0x7f00000018c0)=ANY=[@ANYBLOB="00000000aa548b0e137bfa98233e0363810a2f24d2ba4d7f80e609e37dee4939f772220d53acac4adf586aaf5168cea3c682e73c4ca05989bc2c1f6642", @ANYRES16=r4, @ANYBLOB="000729bd7000fcdbdf250200000008000100", @ANYRES32=r5, @ANYBLOB="080002000100000008000700", @ANYRES32=r1, @ANYBLOB="08000400ac1414aa"], 0x34}, 0x1, 0x0, 0x0, 0x400}, 0x4004010)
r6 = openat$vcs(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
ioctl$TUNGETDEVNETNS(r6, 0x54e3, 0x0)
syz_emit_vhci(&(0x7f0000001800)=ANY=[@ANYBLOB="f1a101830000000027a0649dfcfe48bff43294ed8d9116cd68e7ab22b51c4a76fac1faad501eedf3387a6056cae6628152e0b1f75d02197e11694354b8a3442762ed5afc0aeb78faa40479938aac32586330cbdf03d46b475d4e0d35cb0fe68c647e318d7108e5f46e0185e8a02e44b6fb3120b507a93484e13a645ed207e261f68b1e4935eee3c79a45a843934bd1a0a53ed452114d"], 0x4)

10:24:20 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xae}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:24:20 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="0500"], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

10:24:20 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x4, &(0x7f0000ffd000/0x1000)=nil)
r1 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
shmctl$IPC_RMID(r1, 0x0)
shmctl$SHM_LOCK(r1, 0xb)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000)=""/4)

10:24:21 executing program 4:
bpf$MAP_CREATE(0x1900, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:21 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0], 0x3b)
ioctl$SNDRV_PCM_IOCTL_REWIND(0xffffffffffffffff, 0x40084146, &(0x7f0000000000)=0x101)

10:24:21 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x3}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)

10:24:21 executing program 1:
r0 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x5, 0x501000)
ioctl$SNDRV_PCM_IOCTL_UNLINK(r0, 0x4161, 0x0)
syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="0413010006fcb7ab5de06fddbff962ea23a9a94b45a8efc6d19c42315c6aa64209353d24ab9be71681d3a65e964f5fc9c681393a97c49eebff90ebaf5068f7ee3e77ba474e04f2272a1aa49cd30303a6410641fd9c117634aca44c6d5ea166478a0c4c986004281e4065d9c0e358c2891243759955964ed5b6c5ca45f7b53d2a2b2566385b71bd8e7da3f667193b6ada8ef7ba918f49bd1272bec7d84c6e50c160f8fae920772872db96d9065510ddf34d58d02e59d9840facbf139adf0ee1"], 0x4)

10:24:21 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="0500"], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

10:24:21 executing program 4:
bpf$MAP_CREATE(0x1a00, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:21 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x4000, 0x2, &(0x7f0000ffb000/0x4000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))
r1 = shmget$private(0x0, 0x2000, 0x80, &(0x7f0000ffd000/0x2000)=nil)
shmctl$SHM_STAT(r1, 0xd, &(0x7f0000000000)=""/198)

10:24:21 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x3}}, 0x0, 0x0, 0xffffffffffffffff, 0x1)

10:24:21 executing program 0:
syz_open_dev$vivid(&(0x7f0000000040), 0x1, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$vim2m_VIDIOC_PREPARE_BUF(0xffffffffffffffff, 0xc058565d, &(0x7f0000000180)={0x1f, 0x3b8486d558890443, 0x4, 0x401, 0x1, {0x0, 0x2710}, {0x4, 0x1, 0x1, 0x20, 0x0, 0x1, "afa8827f"}, 0x0, 0x3, @userptr=0xfff, 0x8, 0x0, <r1=>0xffffffffffffffff})
ioctl$BTRFS_IOC_SCRUB(r0, 0xc400941b, &(0x7f0000000200)={<r2=>0x0, 0x1, 0x6532d44a})
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r1, 0xc400941d, &(0x7f0000000600)={r2, 0x401, 0xfffffffffffffffd})
r3 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r3, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080), 0x82100, 0x0)
ioctl$VIDIOC_QUERYBUF(r3, 0xc0585609, &(0x7f0000000100)={0x3f, 0xb, 0x4, 0x2000, 0x3ff, {}, {0x1, 0xc, 0x81, 0x21, 0xda, 0x6, "21722be1"}, 0x6, 0x2, @planes=&(0x7f00000000c0)={0x0, 0x6, @fd=r4, 0x9}, 0x7})
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRESOCT], 0x3b)

10:24:21 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
ioctl$SNDRV_PCM_IOCTL_STATUS64(r0, 0x80984120, &(0x7f0000000040))
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1}}}, 0x4)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
ioctl$NS_GET_NSTYPE(r1, 0xb703, 0x0)

10:24:21 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="0500"], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

10:24:21 executing program 4:
bpf$MAP_CREATE(0x1b00, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:22 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
shmctl$SHM_LOCK(0xffffffffffffffff, 0xb)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000000))
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x50d600, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_FREE(r1, 0x4112, 0x0)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r2)
mmap$snddsp_status(&(0x7f0000ffa000/0x3000)=nil, 0x1000, 0x2000003, 0x2010, r2, 0x82000000)
read$snddsp(0xffffffffffffffff, &(0x7f0000000080)=""/93, 0x5d)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))

10:24:22 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x3}}, 0x0, 0x0, 0xffffffffffffffff, 0x1)

10:24:22 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
sendmsg$RDMA_NLDEV_CMD_SYS_SET(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x1407, 0x61a, 0x5, 0x25dfdbfb}, 0x10}, 0x1, 0x0, 0x0, 0x800}, 0x0)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0], 0x3b)

[ 3345.770683][T26117] Bluetooth: hci1: command 0x0409 tx timeout
10:24:22 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1}}}, 0x4)
syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2)
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="043b0a5900aaaaaa1102000000"], 0xd)
syz_emit_vhci(&(0x7f00000000c0)=@HCI_SCODATA_PKT={0x3, {0xc9, 0xe9}, "0c7089c257ae759bcad7fc4f9bfeeaa96de33880ccff5c2ddc86ba39cd6b560659c4b357bd024c5345fd1a17538f3020f614d7f30bfc9aeafa2f8243e274eea4cf1d6ebbbc0ab51e86e2354c3e78c9559424e134cf17734cc7b55833401317c8e17db75a20e74794228f3e750d3cb83fd433cac84036b37311bde168c10fbf118651a45d69df922b15d8f14e732f04eaad46afe82d15cd4bc26186dc3d641fd9e0df340e3cb911a70053341c1ccb6bea23b616d9c0d0fff949a1a41005e647e6d7aa7b316e359c3bc1f542f008ee3ad4376a9a168fef61dae607270a6cffb4a4dbcdfa7b724cbd6323"}, 0xed)

10:24:22 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="050000000000000018100000ce2b1a16e22b"], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

10:24:22 executing program 4:
bpf$MAP_CREATE(0x1c00, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:22 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x78000000, &(0x7f0000ffd000/0x1000)=nil)
syz_emit_vhci(&(0x7f00000000c0)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_version={{0xc, 0x8}, {0x0, 0xc9, 0x9, 0x4, 0x2}}}, 0xb)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))
r1 = shmget$private(0x0, 0x1000, 0x20, &(0x7f0000ffd000/0x1000)=nil)
shmctl$IPC_INFO(r1, 0x3, &(0x7f0000000100)=""/88)
shmctl$SHM_STAT(r1, 0xd, &(0x7f0000000000)=""/151)

10:24:22 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x3}}, 0x0, 0x0, 0xffffffffffffffff, 0x1)

10:24:22 executing program 4:
bpf$MAP_CREATE(0x1d00, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:22 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="ffffff7f"], 0x4)

10:24:22 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000080), 0x0, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000000), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000040), 0x3, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0], 0x3b)

10:24:22 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="0500"], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

10:24:23 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
ioctl$BTRFS_IOC_DEV_INFO(0xffffffffffffffff, 0xd000941e, &(0x7f0000000100)={<r1=>0x0, "c2a002a7a628fae824f351a85b520b80"})
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000001100)={0x8, 0x1, {0x4, @usage=0x8000, 0x0, 0x4, 0xda17, 0xc0, 0xffffffff80000001, 0x100000001, 0x18, @usage=0x9, 0x7, 0x6, [0x1, 0x0, 0x9620, 0x6, 0x7, 0x2]}, {0x8, @struct={0x300, 0x8}, r1, 0x875, 0x66d, 0x28000000000000, 0x4, 0x6, 0x48, @struct={0x80000001, 0x7}, 0x8000, 0x4, [0x8, 0x6, 0x9, 0x3f1b, 0x4135d6f6, 0x1]}, {0x0, @usage=0x7, 0x0, 0x9, 0x7, 0xfffffffffffffff7, 0x2ac, 0x9, 0x20, @struct={0x1f}, 0x3, 0x20, [0x771f682a, 0x400, 0xfffffffffffffffd, 0x1, 0xd1e]}, {0x100000001, 0x3c6, 0xfffffffffffffffc}})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000000)=[0x1f, 0x20, 0x6], 0x3, 0x800, 0x0, <r2=>0xffffffffffffffff})
ioctl$MON_IOCX_MFETCH(r2, 0xc0109207, &(0x7f00000000c0)={&(0x7f0000000080)=[0x0, 0x0], 0x2})
r3 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r3, 0xf, &(0x7f0000000000))

10:24:23 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x3}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)

10:24:23 executing program 4:
bpf$MAP_CREATE(0x1e00, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:23 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1}}}, 0x4)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r1, 0x1}, 0x14}}, 0x0)
sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="10002bbd00000000df250d00000005002e0000000000300001000000050033000200000008000b0001010000"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x20008005)

10:24:23 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="0500"], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

10:24:23 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r1], 0x3b)
r2 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r2, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
ioctl$BTRFS_IOC_DEV_REPLACE(r0, 0xca289435, &(0x7f0000000ac0)={0x2, 0x2, @start={<r3=>0x0, 0x0, "376efadef6855cbb16a6d3b8ef1401c16414d481fe23880d985fdd694600bf71e9c685ec212e0bd4faa54e6ad2537f9b85a90f4c79cf011d4a5f11b42865963d08b655ff9f0e437a2668466a6845c5ea9e3bf57efa1f4ec3f477ae5fa8b3dc6ff4ce5f6befa3ab1810126a6317b529e63c2ec73473542adc53148e90100cd5ecb048b1f637d4b18f94893db65355001e882adbebb38bed9b4905b252be031f489e468f7a508e25e046e89b0343a46bef13aa874bc31011c9ae7f490794bf53b88cd61fff7b7ace1601d106501ba5b9b6096006fae2550d609582d20835d582634100c80c47a7faca652dc87bc75672a802917a2707715bd456c17ed5a194b8c5015352a57ce7e63fdd6978773f49511ff280324728422fea37fd2e0b1770f91677dbb9bc04072914d1e661ae4e18262cfd18e2820c183bf52780237fa8cf390aa5590084b570c12b6625cbdad5bb60b7b86e3df1a4b04e0efe320f1ebeee9d0a905c3253eed8be1f31ab7d982dccb4dcb71ed53a95b3ed22040904873a8d2a5d2e8b24e66de58966a22e080c66840a87a849a8f2fa20d3d1f6141e68dc4e7777793a3d340bcfe276ede8fb526b7f2f0e69b799084cae8af3dea46427e2ac23bd40ecaf59d7cf78325be9e2bd2f3a9451baca42208913e6146903a3cdf7ccf7ed3e72a2603423ea2d5de9509d8e581c5189b44d0ddd59c5d5dcd41b3fda51586bc91a688522af62601440956d987e9118400b87ddf2a176d3051715576abb72fcdba2629f029e7f19c5353ad5f682bae3ab7620095f204e047dd6b627fda108a41354d5b3977ad1f4ca0f46ef49e6a6ec7f4bb5112368fff276664e0926a24f9726b34d3477006b64b4d2ebff32c0b0011e65dd307677e6577e0f15c399ed3e9da33d0af769a187e7c85373d7dbba29b0063dd79eb66e03d4c6b3e23071fdc2133dfe4948013d9af9393c7e86ada13915b36fb838535992d7ee9b47a30547ee24ddc82289abf8c79a0648077bdc0c9360ec082023ad01accc47e97af2c90526459a6bc079f53ba27a9da6b9f622f8ea7f17195d56ec22be3333103b0ea0aea0bb97192e9d9c02390bbd78d85fe346416b1551652c96337910e05e472a2cec361eee5f0a0257c0b877a50c6730fd24717b5de29c44f40ffe149c973d70ab79e5fbe4748268b159eab33245527e7e70490a368e7cdc25f34f28b549e4e78301aba740d1f132f909a8dd5befde8e5377c1411858fa7676a7eba262e3de036f2bd627dcd821e238a08bb73ddfbe63dcbf1a3cb686bf160fa497af68ebd21ba614c4ce0907c18d0e789969fa918eb8ebd1b47a817befedf84f4c992c495b3d754aabca72e5c2a7111278c4826b337570b924a642b203b83c981acca40bcf41090769c1eb10ef8e0837684ffa4ff5e076d38ccf8e425eba9ac80c998ebc0e96459a6f63ba", "25ce99ab1c2e62a78dd0bc0a7231217b4c26f617af229fba0b06038257c4aa3cfc0e66d4fac21b7764c13ef1e8308094163dd5217b48d95efdf511b0eeff42d168df3d5cfdec34cbc9c7cb6eb031815fc1762fc7884d842dd0d6db13249f139f8c885464684bb67d651519ebb3c8afe4d36fddadf470474949c5749de47af7fd14f5c0b0d79db9d5852a0f819dfde1810287a5098ef307bb04e4642d918b3a5791e19961beaeda1c024d01441abf18e5f60e6a10d0489bb45a3b68da2dcfb067ee64b4016c17498dfe254cca2f5016381ef769f6d3972fcc62ae57c7e44caa6c59c480e22018e2aafb32b770fec3afa5fc0b0c2f03dd8067dd38e6caced78a5ff835c245d60d43bc377eb023d3738da1c2b8a5874763d268ef7cf499d394bacd7314c1fc60b69e7cc69f66ef8a78e7583ea9daadbd75b5e57c8b07d85da9aa75cfb8b873c7353efc56e77528ca4b552ef42612716d39fbd57a69826287dfce1e62fb81ed3f60ad68731142f0648acba9d2059934c2b075e36a9c33074bbecb07a58ce782b95ba1446dbb41d17f81beec0c130a5d47140d644e6a26f3f5206593dbec3ad74ee072852b4eef9bbb0d685f4be00a4faba3965e1dadf541160cf212ef9eebc600aed7ee2c1c7d81332845260ed90616e54a1ab8b9d44c29a251324fd9aaaea6d691fa0b8c7deb0e4ea463b911f073e9cef23389bfc001c177c051be1d967406c191966c3892b36845bec483af45ceef8f314bb807e2492308951a9eb33a7c28f27bd942221323364cd64cf6668ee065072ff8a783306052007a07f08fa7f8d5fdb3552cb8085b951bbb64453edb52472fd6cb8397c64b2f7d18b47bfd8dd22e9fd0e189a63674f593a95a1b455912300fde1bb86f77939ab50ec6c7b839d994f7de27daa5a88d1b38cc52e1457bad62ca93ba9e397e6b2fd1c15227cc4a70084a7ce0d72c19d9d624778027090bb4c325d30d425c0661133acfacf4e89f44729b6120fb743698a809c5f1c681cc4cdf3647f720b4a1b961fb2b255a1cce89deb49e1fa0e3c856ea2784d335d67eb33d9add4dfff0f1aa7c9a88fbf49baa523197a90e35d6c0041c8090a547cc88a7454f5c46f0a8a16de138f525b3e763463b07d8be49dd54ad79741fce39961c3150bf22473bf17adb0782f642a6bae671007eeadaf4da3aa05f16b01f03fb9bd6fbb37e1a33659fd2296da61b5c7a012128547292020248e91ea20bba7633a3141a927238d0069ad0478a4e76ce2f065672e7ad5be258d6671e129c66057092e79609adc3a466ac81eac5e341219afdee759709901186aea7357b27f0474edebbdd4246515a41af7c60b5f396e3228bf8f324d23c81539ef7c69e05797ff981d4072310458a97a73ee467d4cc9652684f053bd88c65dbf67238e2ba18326e262cd0f3c1026e0a09bb4c0b8d17af22"}, [0x5, 0x9e1, 0x3, 0x3, 0xfffffffffffffffa, 0x8, 0x5, 0x2593, 0x5, 0x1, 0x800, 0x7, 0x5, 0xffffffffffff62d8, 0x3ff, 0xd18, 0x400, 0x5, 0x3, 0x7, 0x100000000, 0xfffffffffffffff8, 0xffffffffffffff80, 0xfffffffffffffff8, 0x0, 0x7fff, 0x9, 0x0, 0x6, 0x99, 0x4, 0x60, 0x9, 0x9, 0x80000001, 0x6, 0x101, 0x8, 0x4, 0x400, 0x100, 0x400, 0x1, 0x5, 0x7, 0x4, 0x1ff, 0x1b2c, 0xb2, 0x5f481a13, 0x4, 0x46, 0x5, 0xfffffffffffffff7, 0x6, 0x8, 0x3, 0xfffffffffffeffff, 0x4, 0x8, 0x0, 0x7f, 0x0, 0x1]})
ioctl$BTRFS_IOC_BALANCE_V2(r2, 0xc4009420, &(0x7f0000000200)={0xa6d225b93eb1a9f6, 0x1, {0xe87, @struct={0x1, 0x7}, 0x0, 0x3178, 0x1, 0xffffffff, 0x1077, 0x8, 0x8, @struct={0x9, 0x6950}, 0x6, 0x23, [0xa88, 0xff, 0x5, 0x5, 0x89, 0x2]}, {0x2, @struct={0x1, 0x3}, 0x0, 0x200, 0x4, 0x18a4, 0x3, 0x4, 0x28, @usage=0x1f, 0x1, 0xa0c, [0x10000, 0xfff, 0x273f, 0x3, 0x3f, 0x7]}, {0x240, @usage=0x8217, r3, 0x7ff, 0x4f, 0x3f, 0x3f, 0x6, 0x20, @struct={0x4, 0x5}, 0x3, 0x7fffffff, [0x7, 0x6, 0x0, 0x101, 0x8, 0x2]}, {0x5, 0x0, 0xfffffffffffffffa}})

10:24:23 executing program 2:
syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x11)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))

10:24:23 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x3}}, 0x0, 0x0, 0xffffffffffffffff, 0x1)

10:24:24 executing program 4:
bpf$MAP_CREATE(0x1f00, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:24 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="0500"], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

10:24:24 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="9144413f"], 0x4)
syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT, 0x2)

10:24:24 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RXATTRCREATE(r1, &(0x7f0000000040)={0x7, 0x21, 0x2}, 0x7)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0], 0x3b)

10:24:24 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x3}}, 0x0, 0x0, 0xffffffffffffffff, 0x1)

10:24:24 executing program 2:
syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x1a00, &(0x7f0000ffc000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))

10:24:24 executing program 4:
bpf$MAP_CREATE(0x2000, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:24 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="05000000000000001810"], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

10:24:24 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000080)='.log\x00', 0x4000, 0x8)
r1 = openat$incfs(r0, &(0x7f00000000c0)='.log\x00', 0xcc400, 0x103)
ioctl$TUNSETIFINDEX(r1, 0x400454da, &(0x7f0000000040))
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, 0x0)
syz_open_dev$vivid(&(0x7f0000000a80), 0x3, 0x2)
r3 = syz_open_dev$vivid(&(0x7f0000000a80), 0x0, 0x2)
r4 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r4, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {<r5=>0x0}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x4, @planes=0x0})
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYRES16=r3, @ANYRES16, @ANYRESDEC=r5, @ANYRESOCT=0x0, @ANYRESOCT], 0x3b)

10:24:24 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1}}}, 0x4)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
sendmsg$AUDIT_USER_AVC(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f0000000080)={0xcc, 0x453, 0x8, 0x70bd2d, 0x25dfdbfb, "5249ce1cbfbbb2e7c539d761b7005a26614d75a1dc29d4baf3cb7d7cf548dad4cd8eec765674fe2949bbf6c70ad2a01e548bafb7ec7dcb0568053c9dac50cd57ff8d4e2f0af76e1c219357180b959967c8e1afae507867506f53bddc3531499bb6472adbe948a600e8fa49d1d781a5f3679e7367804fe7dafcdf910a27bc67535a9fd30803eb2ccb66be919415e6a8e40b00d0825584c599fdf806e7bfc7540f90f12bb182f49f5ab1eaa2d1cc435fc4e767f08eb26a2f9b349b", ["", ""]}, 0xcc}, 0x1, 0x0, 0x0, 0x40081}, 0x20000000)

10:24:24 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x3}}, 0x0, 0x0, 0xffffffffffffffff, 0x1)

10:24:24 executing program 2:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000040)={0xc8, 0x9, 0x4, 0x20, 0x5, {0x0, 0x2710}, {0x3, 0x1, 0x8, 0x4, 0x5, 0xf7, "db2be07a"}, 0xb8b, 0x3, @userptr=0x6, 0x2})
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r1 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r1, 0xf, &(0x7f0000000000))

10:24:25 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="05000000000000001810"], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

10:24:25 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000040), 0x3, 0x2)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000000)=[0x1, 0x3f, 0x8a7, 0x80000000, 0x1f, 0x9], 0x6, 0x80000, 0x0, <r0=>0xffffffffffffffff})
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB='$\t\a\x00', @ANYRES16=r1, @ANYBLOB="01002bbd7000ffdbdf250600000008000b00010100000800310003000000"], 0x24}, 0x1, 0x0, 0x0, 0x4008801}, 0x24040080)
syz_open_dev$vivid(&(0x7f0000000a80), 0x3, 0x2)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r0)
sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r0, &(0x7f0000000300)={&(0x7f0000000200), 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x34, r2, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0xff}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_GW_SEL_CLASS={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x5}, 0x84)
socket(0x28, 0x6, 0x1)

10:24:25 executing program 4:
bpf$MAP_CREATE(0x2100, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:25 executing program 5:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1)

10:24:25 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1}}}, 0x4)
syz_emit_vhci(&(0x7f00000000c0)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_notify={{0x3b, 0xa}, {@none, 0x2}}}, 0xd)
ioctl$VIDIOC_EXPBUF(0xffffffffffffffff, 0xc0405610, &(0x7f0000000040)={0x9, 0x786b, 0x4, 0x40800, <r0=>0xffffffffffffffff})
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r0, 0x84009422, &(0x7f00000004c0)={0x0, 0x0, {}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct, <r1=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}})
ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000080)={'veth0_to_team\x00'})
ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000480)={{r0}, {@val={r1}, @actul_num={@val=0x2b, 0x10000, 0x70}}})

10:24:25 executing program 2:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0, 0x0, 0x0, <r2=>0xffffffffffffffff})
syz_emit_vhci(&(0x7f0000019100)=ANY=[@ANYRESOCT, @ANYRESOCT=r0, @ANYRES64=r0, @ANYRESOCT=r2, @ANYRESOCT, @ANYRES64=r0, @ANYRES16], 0x3b)
shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000019040))
shmctl$SHM_STAT_ANY(0x0, 0xf, &(0x7f0000000000)=""/102376)

10:24:25 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="05000000000000001810"], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

10:24:25 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(0xffffffffffffffff, 0x28, 0x2, &(0x7f0000000000)=0x6, 0x8)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)

10:24:25 executing program 4:
bpf$MAP_CREATE(0x2200, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:26 executing program 1:
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000000040)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}})
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1}}}, 0x4)

10:24:26 executing program 5:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1)

10:24:26 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="050000000000000018100000ce2b"], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

10:24:26 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r2 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_genetlink_get_family_id$devlink(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$VIDIOC_QUERYBUF(r2, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x5, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "55b57a38"}, 0x0, 0x2, @planes=0x0})
syz_emit_vhci(&(0x7f0000001ec0)=ANY=[@ANYRES16=r1, @ANYRES16=0x0, @ANYRES16=r0, @ANYRES64, @ANYRESOCT, @ANYBLOB="594599480052b6dae6289fc33397c306717929dd740fa1a2e984549013281e6698c21e5332a990fc91af2998fcd737f20b7b048055e3189472b5c44991fb128316d660b2688de81f229e91767d8c8eb842b256de531539418ce422d10fefd2be761a9a7df4de35b9778ac81a8ab353bd58f462407e8d119f9253980fb6865359ca03a58ab52a0330b42280b381557a0d864685a7ee4501bbb8c5bea64dbd8043cd5176d4397e60d3585652775ea4d1f3facb9b905d25f500727ad75fd8406da5dbfe5abe93701afba67a8e8597e7ea4dabb57597dfaff9d9afe45dbda1eae2fe4644d0ba6e029b40e08e4176bc66b8ae81908b4211dfa6d9b4fbb14d1ecbeb028536585d797c0b3926170d5c8177db3ea7d26f6687f92c49026207a797bd8cd41b3beb151084fa56481666daa5d7fc3da7fa687b5303791b461f683c6bfc3197aef9391b0fae6b3ea909bc", @ANYRES64=r2, @ANYBLOB="e02dfa62080eb454ec5d82a115bc437113d34076aa2b2e4c5d21b6ff47e49389720f64fb5b6182143d9b342b442c7075a78e889d29704fd838ac801d6151579092ffb0b03fc2dbf48950a843763e9b7f9b78313a2da4b74b940aa58cd1d1a9b4ef58178103a5ff9eccdeb8964e34b535f535abdde055ffc4151285dcfe0f9d8555c903f5d1e8ab1a1dfab27ab6396e475c2b8aa024bb70", @ANYBLOB="941f035226322fdd2db27c18280caa31de7eb4b77fd8cb0d0b2a6e810fae4f6a7b2e9c13607e8072fba634e349f31a562cfe8c5d8c6ef6f0b13fccca7e55f3516cc05381860c7ea4fb0ebb23b6a34761321e6868a21522f3879014227a614c9612173236a98ba540cf1b18bac6e3cd9f212aaf6bf025156cebc94f8b1bc141c4cd86c4456b9bb4b5b3069a7735aa7259d5021c21c030434ec706bebd6e47bd5eb0cb46a780efe65ba7fe7e3b9d5159972cfcdab202b57601c26584fd08f9747f8b6691daf5fc01d63c41f8d342364610b03a7df67704114dd64ce971cc5719ef136edbff3e25f5cb27d86ea0", @ANYBLOB="96a15befaf5e7629f3ad77563a00c8b1ab16245e344f3689a152cc2af8ec123ec3c65bbb24cf482f0244d571754b670a394d860d1eac805cda666071f143179a0be0323009017773a7e59292a9703467739e9520a37a78219c14a55ded1a7d84857e510211f543f72d5f806b8980178dbd8e4324e18fd372d7e449fbcf23afc48821a67ccd1eb47aa0e7356c7575bea87dc14ccee046adf6b59a90eeb7109e29a9e35ef6c23dd679f6cad1089711572ab9a7d4d8a9f82f5675256a401a11f5b6cebe7e14a5732fb5b6259bd546e349e2e27063cb743951f556f621a022d54c09d0424de66d271f9f58fc10f71f1080ea14754931ad6c860af34d1a579a4b75e5b37d695048be7810f6930ce3af6b059a9546519bb18b52ff799cf1ed94d67f632adc515103ec9acb9346df9efba1a10296da475f61236d140dbada23a62b815c3fe42b67621e71966e60425f808fc86c640fd60419b41c956d596048cb17b89192fe3fb9dc1413b70e3034a9b0144dad62b330ce1b3902ee290cde35230859e29bc9b9b1a5f03d22dc5212e60e30a1303683c8da5f1612cfd1cce6c1c902e4b5992f0018995f9ca048225ae36f3d1c1dcda4f1191978e11eda28e93a703927791d4037e9fb23597bec873d9c76c49d9bf69dda97cf6c56fc54d74f4b4137095f4fce39b35690fb93b9247ce5e68d7101be8348e75ea2d192f82dfe2d19df41c339db7c07ef1cb34368a41860fe1b3a5b405a7ce78ce60fd2a8238fe795b1217b9b58acd698ba84c67f040283c88ad3813a661d49244523e0db44815c9573a6b2506d2630d02e7b86032129b623e450762866bc99083a688485f0bd56d488265f0ebfff86628fdd1042e4af9a4994c963a8b75d7308129eb409da5b2c96c3521073be6f559d63680432ff7e54818a13923021d6d85e254c18883dc3042926cbad1169b4d1dcd78ab9b5645f8f31fe6958532e4fa493118139b5ee8048feedc2a29b1fa7020f5d700f7d5b9473bb87c7e50860651878ce96305f36820dc0268826bc9d19a7b684e7f7e48a44c5c0ffe087209b9d1af90487b12d4a1233f684b71ae41c7a0b25351bc75dca35953e700afa6a0db426ff1e722969d2e43372f4d1081abf6f215abc9bc5f743f8d6cbdf9404ecff242010e9afdbbda0a524581593a3c3874c8b7144e57bddec3ca16d155eba28999fd49c56386ed41e79c30198ca03f391b70457804a5e1792d46cc2da22bca55f5bb011b58e57ac34d24471c9f7f340f908605fa3dd32fbe87856ce37c5e9ebba1dd0780a7876be0c22248002e752775b8939f6cfbcbb78cb9d4493f2922fbde76dcd86f96cf71315ac2ba7ea8ffc5692e72bb9a6c88f69e997305c4b9a2555ccedc33b114b9a1c5c90b77b146962aec2120a09b6f07383721c913d6156bfa9857779bec853b8c3cb4b0dc7a5b579b621b3367996a4cfd3872e827112a184bfd53694840653f6f04704a6cf66ea273ba1f7af49599a5fb0a76f5bf81090c8a6f5573e8eb1b9f09d478f3a0dd43ee3d225b27bb00b7d68ff39868bb2c91652270c6eab2d42d7dea8dc195581aed89795a4a18ef0509aa013ed7f78df3cf30b5e707944ea6753f282a67a6a1ee355be145236f36a967c0d5baeb79bce444a31595e432da68284b9767c450dc974ea155611eaeefef4917c97e7c24509d07810b933f491745e5441ac362171cdb951a0efbc6ed05d6409afdcc3b0f6bf714d38b3b305f03e575ad269c4162df4ae5b0de3c4218a26a4157d999ab011428fa79984859a703056ce79b0467645b7080f67285d5654504882091d235a7d0c31fd08a706c64748facf59be53cf2c7034b53da367d845f1f416d15184babf2e974bf288a0ba6f7de08afa9533b42f8180364c65c09c0dc375a89d7ae10d503aee5c5e7e7040ac7f37bdaab2116d7c1069e4fa6ea11794e0490a35a9de7158c58ba943a449caa0ad62790472f820f26cb1450ecacd91d300862d4b367b7c454ab2e742bd397247dd197139ae00d20fb061e80eb9a6e9b4728cfd61a6b31db322282e12aff5e687453663659a11abc4ded3d46ca271384c12bebd6bd481a3e34bf075f7004a6c7f86ecbbb5e3af0721bfb7648d31bb1465931c8956bbe21be465ba9746c801959a959e1ad48abcbe301329e11ef50ebe9040ec1146444d8b0a374a37cc4f962bdd4dbc3f961eca4e02679b2d539b8f327fee118a384355842c770a590a0a902a14573d8e322de13b36d498f9f9b49aabc3256e530d6cb1c5f291d840e0d1dd395ad5172e6c68c5efd4f5ef67128031a7b94224079032e194df8fb2eda4d0a5369b9a333ffa7cae8541beafb2e5e59bf914fa48c12aace1531802fd79eb03220c1f85b976ca92c5b58a1a8895ba6870b423535a827073348c84d9c6b40f1a285117f7496aa63dbf089f62fbbfc4b65084d6d7e0d6765219898a00d1de33dc1bb523b466b03f124eecc1c7a1ae8a49373dd61502fa16639a4ad6650ae9beeb74e9bae817d600d200efe5584fd0ee58b3ef948f261bb2bc4d02c7018b3a9b52eaa032ee942ebe7c66bf58c488eb2688bd668841576c1c59cec00e73b5d3e006a17f71d649e3f3fd598379dad2183dcf2b1b51b86dba27cdddf37dc57c327e7e4e0bdc19f4e80353e2f77cfba03f693e283189a357204b8fc343fb05f2f80e194679efb4117dc5e4020d041344f0910ba8eb2890b104917f376eb3d809a23b869f0b76f48442575e6011d5993949deaba02fcf952d57f0ac9f15ef7876e7132aa81c335b10053582e1b19dedbec122b132bc3160017f1485af18cd2a0b3f640d81f1313850e4496e730bf63b45e0a9006eefb6a9e1b1e7ba8e933673aee36cc3bb7e1af0873ca81736aafa374d19a265d5295b46e6797cb3f0b3120d87617fe33e3a34caf28cb5c36711e09bd6f8dc0c8a37b2f1ac0002401f4a0a483a7fec71f53cec75fc0c4fcb61ef80c5d843059c1a06138d609f9ed6193de8337219e13e65c6b0f0d24145e38b0e07a7a79a278c3ddf4cc82b3b2d51dfec2fc7336d8eff69057f46e3ed3e15dec6aa973345939d4cc567003e4ac11b692e850e6c4ffa2135bd42651ee43273bb6e424bd20356d5316331e54791ae092353a2add91a1bbbe5fb05e6c399c0b69b740bdfe0896745d1615f5762a1381616c0404fdb6292c8e7cd5765a0fcfbc20af1d67dddf124000795eb7afa7b912bc28b0ef3b531e4cb0d8d75701fac43ac6f19adbe08684bdd78dfd17572f7b0dda4bb84c1ec5d33cab6ec20a5b18cb63cbb8f150ecc4b18d067141214a169dfcf4cf212b27909d4f8c2aeeb18a2eb12512ce111abf7c4c923aecc52ef6f1370ea1537558aae972f7a86d5ef2a6460719fc5fe9637036071942ef955d70b84fe92e5530f93e242ed112c70cde0f7eab7941137b0b7b25af64c65f247d6b2ff470dd5ec3a5f6b134c341dbd9cb0e432481a9ee2095827aa1e263d8775af2046b110663934be7e5081a5e10d7d25ce4be59000a04e43ed425844ed6f9e5d060f2984f9977afdd7eea2adbec11571d528853a241ad3843f6c6d3ab30f5d086a317b3330bec9e01f1877c40b7e8a6fbc52d9f13c9725483d93dd84fadc23a2c71058e3c25f9223a61b93f3faab3ae27aa77a918e41a942820e0e6587e84c2125c512665489ba214d315999c1994d62f9ebd752da422e5892220a42e87957cdca89a6a1e46354bf8f638885a2c9bcd92b172ba795106fa3a451fc04a3e21bd5a3e1146252d80c1e998344b0ce62c44863c04866a4c5eee58bbf4f7748df627ae1f92ad7de1b80ea379ecbeb88526744e302cba9fc56b212a370b0673b304bfc4f8208615887157b7109e984ecee7748f1652a3c1e6de1db59a5dcbf842dd6a960fb9dc47d2f6782b17c42c14a6cb5814a4524074aa32ead436a8cee7326c254bb9643ef69a92940d43a8ea3f8f6757cec9ca436a173099be376eea9283d63d2016a5bfd45df45fe62594fc280ffc3e63c88c6f457cd3e72ac0d60655559039d83b3be9151ce9184a414d7f533de4ded1e21871c572b0797127231602fad1348de8a169adee936e38976ed17d05de977790d3616bb92225c28da410064743e2fd1dbf4cf6219d15b00d71cb3f0c487cd625a1dd0f268e7d86ab153acc5e07766b1428f9458b67867ef5fb8112634f80465f34a57b9efc777af01c27ab7db41d65853ece1e052e160aad2ea363c2a5bb05dc122ce5fefbf19dce39d177d42c582cdeff810902d00c31e46b70930520ecd94188faefc2ee71adca7c8a7b4914368819252faf4840399c1909fa9ac0fd6a68603b1e2d1720151eaf260cb2a6da595c29eac0a6fd53288eb651ccfb7a663321ee6fb5c9d93223341ba9d3d311e5ccaf6650cbf8bd1cb16614fbb1f266bcad9c609ede2ab2453d1f1124f8a0590e7b81e9954b8da210b27af8a373ddeba1dd09ab77c52310331737766fbe7f4f300b187d1f1f8754db6c878bbce3bac9f56b9d64b6d82110c5b546a0f3da39b3de6ad9374c1725aac8a340ac34b15461243705188956ad7870e0a8afaa2a08b7e01c28e0c952fba0daf57db3886644374b46dee83fa81f250f685b2a6d68e185800ff91722475a66c0d589d20936c7a428a294215559cd67f138b826ebe00e892cdefc7bff06eca7d191fb8a89251fa1cd6266a4d3b4f50a697a60a71f7dbd9f70c26298e65096ae7ee725ad3774cbaa1b597fbeddaca7851b18b2dc824a1fd8d4fc42dbcab798c0516d3af837ce7a9e6a0a7101a6d5763ba7e0f81ed3e2e45e8bf866f0af8568bd564270b7fb647817b0dd455c2d0f62be4bdee9e9d335f7a428d1e3af6b4c131770293ccc7287be7b8da3d394ec548c6b4c062d6d9202395af3dd96c94dcbe51a290006842057081e92a04ce1b90199d61439da73b247bc25a5b21fb672273530d6b9881771272fe74f57ad0c42250c1dc6ad8311c38ead882a38549e3535d9bc3acf75dce5ac752a0256259ae4216dd8e44770af0cd584df1a83b6cd2a9ae534ee703eb3b80e534e09633e31216a95e92f5c9207b224a2c3cf32e7a572f1ca232074279f5a8340634a76ae84b5cc5f82901ca56f8eaf48e7f248287f4fd6bf87814cfd2e5d154f40b5be3dcbd6ba7a7731ff27b772b3079ed4f223a621561dc6653409f2196ea3e1c8e458a21edcac88c274f1a6b4be1b52611d07202cd40cb5e6ca953ba6deb05dd74ab043652525554aa434d6a0459994483d0a2460d511a92ca21b291f8478e5f8903e25a7688e3a5738213b8cd0b0169a2489e22d36b3aa889f327df780335df2af6d977ba54768481e3fe7c5f0666ff267d4cc1bd989e77a5e293ff58e58a2f3b79d1b6666469f71717069a71f504384db9d61b219cc268c34f3b5605136b9161f9c4013d8136625871fd8ddc0b6335a3243f7841d1b70ee9d101a6e065bee0a9e1b175d8216d98b7b9e94f83c08c063339dd0cc0033105829eebe964643618a96697dd90d4ea0c04973e91e5bae7c1fa22a2cd2b3625c193d89a0dc8264c5013ba7076b16608740d5eb196fc70e24b42b7d3ef2a57b1b7fe812291b805836bbe0dbd4dcd45917dea9a71785c6a7955a1a268b0afde576b2859c7ca51ae403aeb93eb109e710b98a14c0ef0c03e2f4de6f90ddbb1015e47cd7e01ca004e860f3df70b6f18ff50f89627905b3ef245c2fd65ed8e39eccc78184eaa27f747bf403c60cc110a844d5eda7bbbb423ed95c708a80eae75b806faf780590c0bf3df2e3d1bd46734befe06056a8a5fd1"], 0x3b)

10:24:26 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))
mmap$usbmon(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x3000008, 0x12, 0xffffffffffffffff, 0xfff)

10:24:26 executing program 4:
bpf$MAP_CREATE(0x2300, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:26 executing program 1:
syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_role_change={{}, {0xff, @any, 0x7b}}}, 0xfffffca9)

10:24:26 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="050000000000000018100000ce2b"], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

10:24:26 executing program 5:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1)

10:24:26 executing program 2:
sendmsg$AUDIT_USER_AVC(0xffffffffffffffff, &(0x7f00000010c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000001080)={&(0x7f0000000040)={0x1010, 0x453, 0x300, 0x70bd26, 0x25dfdbfb, "23a4f6fc4b4afbf3c53caa9e7ec654ea2f592265a52aeab61eefb48b980e6b0e451c5553f99faeaa28d3c873cfdb5cf76d8f4f49cd12218a9a1a26e7f70ce8fb7171aa92cb2307bd47732ba95756436bf9b0728354d3c2585634bcb1f87ab5510ad82be4aac2f7da74fa8b16162976796d2e063e04c74fd20799476e0c3b2ce99be9266856bcde02a04a958f48cdb950029f0295832d3371370e61be1b3914e6ec61c1edec540b3cfbefbb777ca204ea1a5f9cd40c5507ec1da1fed63c18b2bcbd9838aab3830e71ab1b6b3ba7a5265dcc0bfc3cfbaae80315657f6d951e8f71695cac24d369833ffbcaae94f757553891dba51b0297607ac0d375dd2262dae37d54c9cfc6a39ad71bc48dcb69a8dceb153ed2c212b7038b01b6d9d74045a93f8c8ef81da10f8b0640f2c2490977411d011588844e9b117ddcba7f23c06b51aa7aa3a3ef6d53da90c1ac33aa9b3663d8f6f09023df0045813bc3e4489a13e588ac7db86e7d7a5eed72d6da285130cec527859df58712dba59d6d9b18f94c13dec2dccdbd40fac7330bc1580ac32802c8e3d3c90efdd607080551a455df24e08e6a9a8ddbeefbff103ab665ffab97daf519e35865000b58c5a7b1e9bd321fce01fcb32518c8cc998203b3c04cb0480c91b9496f95a8260c68c75943bab642e35f01a6f991ede2b8bd0778734963dce055eb494c670a6edf429a2aab22fd33e94b39cfa4df1b65676ff20edd1afb83dd0e727b48b7a8732e621dca2f76ee7d61966dac53380eed8cefc308f8d087332da29f36aad0dfee95fb19fa1c8bcecfc2ae797a524b7ab597c5f9c572343c7e6f2af65c2c104ac2b51543dea3658b8710867deceddc6edbf30abee661630feffd15e2cfe35e9868317ddc27627236bd3f13e27dd9979536bd037966e06bf35644806d12259bcf6285614e31a95016ac2473398e66953104934e7b30fbfcab238fd93fdd1ee2aeb0535645f7685d7960e9e4cd44c80327f7e6ccbf32c8ffe7a9993b3002f229df189fa11b4a22cd88dc31a77be0b1c6528628adb35ce98c876f92e6ff043c7dbe2053efcc69368e8277c3ccb6ad3639bc15aada3255a228c4021e03aad6a4b03423518411f0e51a33ad3f9aa7ab26fb3bb6e5d97e8805d71b14da2da169e84fe2f6f1a25443758dee16a597ff4c5b7d39622e91c6c88f14e2240754891f9654e3db3058986ea395961662ec7ebf2bf2b4e599d1dad1aa0c0e677226c550aeff937166f5c197bda1a8b92f8aa3daec856e246e71709f706be977da41286b022732a6b499bef889a1d74500be24100193eea9f2460e81db458679841a64cab245957786cf126079950f90ac3c57f84b9c5d0d9ec52c1f1fba8e4826116a6b3a5016039d84395b4ac24bfa875b18fdbf3324a64baa627455e6f68aa5157b45eeae9c598f2dfe58b1c8b068fefc818ddf2a78be308ea63168e1265d6ddcb00f12374414da518c1b13d44892031bb7cfee6d7dcea65438d13c95623f3ff9e31641ce21471eac33c143bb19ff74dcd39bfbd5319bb4f91ac78cd969cf6b91e04bb366eb18a4c8bb72ea8c47cb6f40232dfeb1b94a4b226676899e197324d567c677d466e348b69b0a4898896ffde0d21988bded20602afdba6845d5d65bcec14daacb730420886b8d2a3f3aac2654bc7bb77ddcca6bad5f312cc51f466ff61a50214b55a3bf3624b1e767cc9600020651a62020898245b673c388850da68e0b3b56e4048e8b7bec8f925577cd5c098e4302cf86d30716ea1ac73e18907bf46d3e988f96a9079adb0cc46b921afedfa3e1da20b330a80a5ef9545dec3f423dda9f6f8edbcc1475850f8ee2420f413b2179123a2e2ae19a84541afa7ee1ce331eaaf8cd851c6fc29f5a9fc47294e7bbd995dd935549f5d2091d4eca2babe574e01019baf5848b806251560e512c9c223f1784707b96f3d61d5d9aaf8f66ce1916c8de33d50bcf5c124c90bc4c590ecb808ec2b28a4bbdc63ea1e164ad649c9f4abb686bb4dec3b56d7347575b7b6d5b1a1ccbe42ea195e650fba10c634100af7352cf9a580d22041c02c7c3db8232eeb64643d531ef749907cfbef5ce3fbdc652b5513992867f43dd73156c41b4974968f8c0c50972fffb1a5dfa7bcd520e8474916a35763a6dc50f73bb9e83184ea0056ed2863989f0161bb7524be5173562a9552770983a00ba6bd78f63ee987c9935253bcd9c79914194a4c91d2a6921aca65bc9293dcbae1bf6ce1766f5053ce731dedd1c73d1c6d236f441954f18a96200c84379ece577f32abbe6fe332aa86601c03a9178251231b1ca327d6bbe094d31524ec98456e880f13132e242928185e804355b017c60072e4fe2f3fb8c52f2e2c15de3faa9f7f088815dfa632240703a4590990668d7de7df94cb127c70c4da7ce82b7fdd26a51583b88e9d8d38224dd720489e5a330897aa5a0e03700579ab52d1aaab879a510a350674864cc1f8fdfdb723f5af2b07cfe46b8ea429d82589713c434c929fb6b88459c3528f3a6ca002b0e47ffe1e8ccf73c39dbe4f20f68f126ba282af8bf15c8031e1fe2e51a3cb4507648fa1a80b62d2f601471942687d48c0a405b27f47ed026fa41eb8672afefa92b50fc45e29835bd0c2ff671f9a925c96d74c67b6ba2dffa60d3af4df84d44dbe9f7aa95efd5ec7e18d23e75678206714f165e8c9b974140ac758dadf92ac6448c7df365f16cd40c2cb0c310c69f2fe1d1ba78713eff62cd145587e3472c87bf55b32def7b010dd64c89a6499620805300861e91e9392fd3089ddec3ea4c642c3efe4ef1a888aef3ea174fa6ed98ecbca5d995b40043d50b62ec3945cbd82877e0a4f5753fe4b285b415ac006c6a4a4846261e1da71eef469e1466aff99d7463f7f2d65f104b672952007628a31a1dd0c6675421e604cebeff155e17e1c5af35fbeb179e92c7e486f8ed5e9fac6cf1068a08ce795e5d2a439ba2c808de8f80955114b25b230fdbcba2c793fa0be6415adea18b690af20cf15b90484511ff18f850a6fdb692875a314545ebe5b0a2a36b4c8132aa4f5bad7be2076abb0e9da8423eeb8fefce303c0a5ed6deae59a085906dca49a280e73bec7222b500f8f87d0dfe458c3f4474f4a362636e304548f4cb384298a4e3a6bcf3d57fb34fb098e1bbe578ac30c39b046251745be7111c9eb3f5c35537719ab9e1d52caad12cd59d2218a755f5bc2e92b8fe5e798c38ad9a865bdb4eed66c8660f801837ec71a6b0dbe14d8ff6fb24173cf7c5dc73fda06cf71bf4c440b06987ef132ad4f84c808c215aab0b85aa60aa6f9e3715b5b296f3c9dfb364bcaf36174bce5db97e2f8b486446e4fb7ff65ca4e32ddd3f4b6076a244c91b3eadc7ab547800cabb3ac50b114fa1dd837336012e46cd408357ae0325d2207a9fbccb5a8a7850282b052165f219b3469cb2607d8a0d90539b9142e32ab3829a12846e9e56364b495d505e4949b1e0690f2b3bb6a5481b6993afaa1dc1eb81c4c1f7e1236f547712b1667e8a23dec2e2d7887ad025d5c614f41bd2b70930d1430547c804dcb0d7de225511d7602a30e92946a446a6e591993d70705cb76fdd901893f51efba60d8641c0b8bf6def3988cbc9ee739eb2992661cd0df1fab06100de782f2af81fd9d689c6bf61ccaaf669e56dc85f5c710662d1c191393c32fbef600bc8806c0c5cd87ce18dda0dd36ed529a4a061bbcb607b5e25e87ad48e8b6401a39de6a242f7948c38e9d5d99a369f7a4ef92ed5a67977f35e54e2dbd8b6f6fe697804bf2d5b2b58641d5d3820be37193184afe08365afc7d771126b7c2282c0fb108ac025af595c7a21c3797bc835f53593496af9fedf4468379fa427536cd3191d47a801d863aea5aec21512927f7a537f3b54b59962f7610821f66f5ff58d27e3274c07dc30cf03b87bf9481b6133d377050f3a87b58c7cf59767cef4798baa2edf32190847993569ee6ab5b469cf5d08e9c15e0a7cb78708ad8aa531d12cae6fab6774324c761266eeace0280d30a214348c499435bd9ae25d15c26e4ba156088240319eb133fd972e5c55d950e51c395b396a6ad565b58f276068afbcc28f6c06713be39867cfcc9855b5db1a5afcc8b5229a07d40789d855cdf48efbe02ab8801de8d04d703fdee1033583c17ca9ca22745e6471e10afa102717d423f3c8679bfbafe01f2df663b977b1601d02b657b46eee02efa4bcf0c307439606e3bce1e7c26ac4ba19097348ee4605d6df091b4c8e75425bbb5ca9d495368d313c46ad09b4a5ddc56718c6fb3aa9b6fca7eda56d35dc5b78c212e7e22f7ce22ee5a272ce3c5b84e406eac53f49483803a5c661d4284d839cf744532bdaec797661b180773d3970bbe235112c8b4d880959a77e94802e88276749ca6f1e7e242e54f9a7f0e56427b68bcf72438745ab9892459dae68d1cbdb22a4594e9d39e5f2e4da3b340247f1ac961d74fc1799f17a86b1030bb90a62456675c0c748b7b6ba938a27c1d5fc70919ac6eba500c35e7468a98914f2244ba10e01791b13fe25e4cd442a362ed137e1526fe508e495edfdc8942a23675c2a3e4516703748021662c1a09dfaf666838f288e92c95e3ee21155dceab78e3be1b7186dec4f21a53d043f570edb79e9a19ac0d8bae1f4536da663c0f58e8d1a54a49cd92b32785c2c77f7b7786693e535b7f2e3d5615ef7b1d76478ebddc83a3ac84c3d8969679cb40b1dc30e09d501b03142a606693d6c6bf4c9e0edd52cd79b681deb56079beb4316303ccfca9c5d5e572b20c4c4b73adf5702ccfeb72a6c19b4328167d9117cbf3742c125cfc8701965118b93c30352a2b54fecc4fd920cc3a8339ecbffa2486b1e28f65d6b7fec56d858cc636da771c4e65da7beb30b69322e2b7d2401676e0fffcb702bca4690d67e9fa530d570ed4f0a01069f63a199a69c96e29746719352b08d349b9b5e4af4920d12aec6ed241d705e8955bf94fe3a8a1901e35fbeec39c33c0d5d08a05f8952f7f74fef85a467b9ad0979833ade5b82a4bae9e1f9c977616fcb5bf13e6d3a829b0092a2e4d87a2e2e4f6ce75596d4da74e2a7dda4f5fd95944560ae478cf453d1c08678b06c729415380f9c7f175c6c8eeb7a9c9fca9ea73a77eaa17a099d0281e3e690b152e7ea03d5aa04a7f8d5216a1303f3409968c4f9759a3a12af51209ef8c0b022498064fda3954d1c4b0c10a964b66db07dc80466d064013603c8a5dd44ca574d2b51c4c5a78bdd990814be21223c82eccba019e00498a318321fbdfe9dc0ac461306a144681f939b116cf823f9f4cd0e56e034e43c3ba1aa92453cba0bdeaee0620ed961904055a5c0905b07ced9f77da3dfb1fa854a2abc058fd55105a6e3231d61a26cc621502deb019853711362eeaa8934fdd840a85471c0adf28ac3ce77e6c73ff699eec24d68ac7f980b38dba5fa3b3bcecb49634dd826fc6807ac051b870752727ffdeeea29440dc1be0fa71ded70b2eb2314888520b21c4448cc6ef00d710267300577bccfae3adbac155eedddc9dfa27c3c3deadcb0c7053f7562ebf271cd3ce55263754d779d5d2862284cd6559d270bad6a4ecd7d4eb6afcdf3da1b7191e454a591d9d16ce591334c6642904182009471283bf86040dfe6e6f3bdcb23a2e6debcc31032e7523f6577d128064a49626a38e804b4777d83b6bdf720b10c2f21a839ceae6e3a79db850b80f74b8036d0bffbc041fc99e8276b3c8069428a3c59b9395594ee34ba5276060e52321c2d13979068e00369a03e834684", ["", "", "", "", "", "", "", "", ""]}, 0x1010}, 0x1, 0x0, 0x0, 0x4014}, 0x20000000)
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))

10:24:26 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0], 0x3b)

10:24:26 executing program 4:
bpf$MAP_CREATE(0x1000000, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:27 executing program 1:
r0 = shmget$private(0x0, 0x3000, 0x8, &(0x7f0000ffc000/0x3000)=nil)
shmctl$IPC_INFO(r0, 0x3, &(0x7f0000000000))
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00\x00\x00'], 0xfffffec0)

10:24:27 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="050000000000000018100000ce2b"], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

10:24:27 executing program 5:
perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x3}}, 0x0, 0x0, 0xffffffffffffffff, 0x1)

10:24:27 executing program 0:
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000000)=[0xd11d, 0x9, 0x3], 0x3, 0x80000, 0x0, <r0=>0xffffffffffffffff})
ioctl$SNAPSHOT_SET_SWAP_AREA(r0, 0x400c330d, &(0x7f0000000080)={0x0, 0x7ff})
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r1], 0x3b)

10:24:27 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
syz_emit_vhci(&(0x7f0000019040)=@HCI_SCODATA_PKT={0x3, {0xc8, 0xa5}, "98ec417ec7d2e559a8a6561834c3e1a616505d53e3cf27af6e6d01d840e1517c865d7f7682f317440760bdb9151b9760180ab544f8e384dc31c9537044acca111edaf0798ef04508e97a281749620f2fa92e370bf18b4a091b25c6d0bca61e0a088abd2965443a0d0920a607275c10f6b1972b8d25c38906720f5bf1b839b69c21eb6e9e856494c3ce090877ec92f1cef45063e3c1ef9e41b13906a51987916d23fd802b3e"}, 0xa9)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000)=""/102400)
r1 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
shmctl$IPC_RMID(r1, 0x0)
syz_emit_vhci(&(0x7f0000019000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x1, 0x1, 0x1a}, @l2cap_cid_signaling={{0x16}, [@l2cap_move_chan_req={{0xe, 0x3f, 0x3}, {0x6, 0xff}}, @l2cap_info_req={{0xa, 0x7, 0x2}, {0x1}}, @l2cap_create_chan_req={{0xc, 0x9, 0x5}, {0xfffe, 0x7f}}]}}, 0x1f)

10:24:27 executing program 4:
bpf$MAP_CREATE(0x2000000, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:27 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="050000000000000018100000ce2b1a16"], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

10:24:27 executing program 5:
perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x3}}, 0x0, 0x0, 0xffffffffffffffff, 0x1)

10:24:27 executing program 1:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRESHEX=r0], 0x4)
r1 = openat$incfs(0xffffffffffffffff, &(0x7f0000000040)='.log\x00', 0x400100, 0x41)
r2 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r2, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
clock_gettime(0x0, &(0x7f00000002c0)={<r3=>0x0, <r4=>0x0})
ioctl$VIDIOC_DQBUF(r2, 0xc0585611, &(0x7f0000000300)={0x6, 0x9, 0x4, 0xe000, 0xe9, {r3, r4/1000+10000}, {0x4, 0x0, 0x5, 0xba, 0xff, 0x5, "edb21fc4"}, 0x3ff, 0x1, @offset=0x40, 0x84})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r6, 0x1}, 0x14}}, 0x0)
syz_emit_vhci(&(0x7f0000000280)=@HCI_VENDOR_PKT, 0x2)
sendmsg$BATADV_CMD_SET_VLAN(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r6, 0x300, 0x70bd2b, 0x25dfdbfb, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x3f}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x101}]}, 0x24}, 0x1, 0x0, 0x0, 0x48004}, 0x80)

10:24:27 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000000), 0x1, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0], 0x3b)

10:24:27 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={0xffffffffffffffff, &(0x7f0000000000)="8bae19dc61390bba29357ce9a5452a19f3bdd131b44b571a03f1773ca1c138ceff79d1e19a1658c1decce26cc981e72a21d08c9214b966d6ac3ef816a75a00a8809d65db633624f569279ab70453efb98f3da58caaf50ef65608a9e84d68c5ec2ca745710db7b4fdbc98c6d3d6c896f90b1817ff69ddfc52488c8286f21f4c3e798499cbf973a2b65f2fcac8aa9d7405f962e6fa6bf790cc690b6d372fa8a1c50758a69d7dc4325c0b635bf3525bb34afe8172d899f86134", &(0x7f0000000100)=@buf="7152da9bcc8857dac3efb99c121e4136a5dd7016d5d4e7196f104aa34d56f9f607189380784311a04eadfbecbacd3a01d78d125431b1e7fa47ceb643"}, 0x20)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))

10:24:28 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="050000000000000018100000ce2b1a16"], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

10:24:28 executing program 4:
bpf$MAP_CREATE(0x3000000, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:28 executing program 5:
perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x3}}, 0x0, 0x0, 0xffffffffffffffff, 0x1)

10:24:28 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x0, 0x1a}, @l2cap_cid_le_signaling={{0x16}, @l2cap_ecred_reconf_req={{0x19, 0x7, 0x12}, {0x7f, 0x4, [0x8, 0x72a, 0xe8, 0x7, 0x80, 0x8, 0xc0f]}}}}, 0x1f)
r0 = openat$khugepaged_scan(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$khugepaged_scan(r0, &(0x7f00000000c0), 0x8)
sendmsg$AUDIT_TTY_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x10, 0x3f8, 0x0, 0x70bd2d, 0x25dfdbfb, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x84}, 0x880)

10:24:28 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0], 0x3b)

10:24:28 executing program 2:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
syz_emit_vhci(&(0x7f0000000200)=ANY=[@ANYBLOB="d4d81a5811edd61185ea724d82dd188e48eb1ee3b4d5e596ad1d09009d6fd76c58b369c2d0499fb4c8559d5a10ab848af8edcd9f1615c6fcfd3888e14dac876f4b22d295f5c94671d9ba2e2e4c1b94e4da5fc053c89e428416d1a6768de99c1d23d1bf8364422a2b7b010d00002866778048ab924f277832ca752612866e72fbe5930d1fbbd23d7843e794a7e98a3a28f4afd893fe0190ac37d0210e507aa2b0217249ac3f3846f5d5f200d19334315f393ba424ac13f050e5fd899f5e7f87ebfc28d510be538942bf00c70bf01146b9080000005ed204a37f4806fb465771c42c51e07587d5529f55670c37d10466453e5591181477f4ce4d65796cb071f9c920c080987144c7fadcdca8db1afc7c49c7b2a431696ff18a1a43b6f0aea4ebab9ed0cb611e17012aff1eef6dc03d4a9ca4768fe09e27b786119b159c7c0efc304ce5dc58a95ac20f9f8c35439dc6a4", @ANYRES64=0x0, @ANYRES64=r0], 0x3b)
r1 = shmget$private(0x0, 0x1000, 0x40, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r1, 0xf, &(0x7f0000000000))

10:24:28 executing program 4:
bpf$MAP_CREATE(0x4000000, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:28 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x3}}, 0x0, 0x0, 0xffffffffffffffff, 0x1)

10:24:28 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="050000000000000018100000ce2b1a16"], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

10:24:28 executing program 0:
syz_open_dev$vivid(&(0x7f0000000080), 0x3, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000040), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0], 0x3b)
socket$nl_generic(0x10, 0x3, 0x10)

10:24:28 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x1, 0x2, 0x1e}, @l2cap_cid_signaling={{0x1a}, [@l2cap_cmd_rej_unk={{0x1, 0x9, 0x2}, {0x100}}, @l2cap_move_chan_rsp={{0xf, 0x0, 0x4}, {0xda5d, 0x40}}, @l2cap_create_chan_rsp={{0xd, 0x9, 0x8}, {0x9, 0x100, 0x2, 0xb7}}]}}, 0x23)
bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x0, @my=0x1}, 0x10)

10:24:28 executing program 2:
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))

10:24:28 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x3}}, 0x0, 0x0, 0xffffffffffffffff, 0x1)

10:24:29 executing program 4:
bpf$MAP_CREATE(0x5000000, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:29 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="050000000000000018100000ce2b1a16e2"], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

10:24:29 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000000)={'nr0\x00'})
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x3, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0], 0x3b)

10:24:29 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x4)

10:24:29 executing program 2:
clock_gettime(0x0, &(0x7f0000000000)={<r0=>0x0, <r1=>0x0})
ioctl$NS_GET_USERNS(0xffffffffffffffff, 0xb701, 0x0)
ioctl$VIDIOC_QUERYBUF(0xffffffffffffffff, 0xc0585609, &(0x7f0000000040)={0x6, 0x4, 0x4, 0x0, 0xffffffff, {r0, r1/1000+60000}, {0x3, 0x8, 0x6, 0x6a, 0x0, 0x1, "5d6dfa5d"}, 0x8000, 0x4, @userptr=0x7, 0x3f, 0x0, <r2=>0xffffffffffffffff})
ioctl$vim2m_VIDIOC_QUERYBUF(0xffffffffffffffff, 0xc0585609, &(0x7f00000001c0)={0x0, 0x2, 0x4, 0x20, 0x0, {0x77359400}, {0x4, 0x2, 0x0, 0x0, 0x5, 0x2, "8fbef54e"}, 0x7fffffff, 0x4, @offset, 0x4, 0x0, r2})
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
syz_emit_vhci(&(0x7f0000000240)=@HCI_SCODATA_PKT={0x3, {0xc8, 0xf5}, "38aedf4d804964b48cc3b9d09541b5301d6a3a97c56cf35f7d0dd5475e90c691253cddb69d0877b2c974352e2159a60601ceb1f4d138ef9dfae19727b7e4c56f0008170715a10507fb9fb4d5b316d6c2561c6fa963f8917acb7a8f4b88675eb665160faf7f044b83afaaca2bd2e83cc928834772b6052c053fb956d074e3b985c802972c8d59190639d1ca5b9199f9c834681c883c1df699ea665337260ac6ab1371422c6ad4f640225ce91f80177860413d2f3012d03938c3b312b039e053a0cebe827dc8f055ad38f56ba5560ba9ea91315d235317a1415c385c2f0d1c7123d772aa5f7fc1795442f490c5fdf2706cbd42e03e44"}, 0xf9)
mmap$usbmon(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x3, 0x4010, 0xffffffffffffffff, 0xffff)
r3 = shmget$private(0x0, 0x3000, 0x10, &(0x7f0000ffa000/0x3000)=nil)
shmctl$SHM_STAT_ANY(r3, 0xf, &(0x7f0000000000))
r4 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffa000/0x1000)=nil)
shmctl$SHM_STAT(r4, 0xd, &(0x7f00000000c0)=""/200)
shmctl$SHM_UNLOCK(0xffffffffffffffff, 0xc)
ioctl$TUNSETPERSIST(0xffffffffffffffff, 0x400454cb, 0x1)

10:24:29 executing program 4:
bpf$MAP_CREATE(0x6000000, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:29 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x3}}, 0x0, 0x0, 0xffffffffffffffff, 0x1)

10:24:29 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="050000000000000018100000ce2b1a16"], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

10:24:29 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1}}}, 0x4)
syz_emit_vhci(&(0x7f0000000040)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x60}, "0036d26e8358865287a21328dfa180d3495a14c50b9da6c64349a7d7f7550ebe69fb55eeb1e4f77e58f31e34b0477c67d41172c2da60cb871030ae8a484f3220397708e261d36aa9777ddd7f7b88e59b2b7cd8c70eac3990a8973a4864a977e7"}, 0x64)

10:24:29 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000040), 0x1, 0x2)
r0 = socket(0x2a, 0x0, 0x4)
sendmsg$SEG6_CMD_DUMPHMAC(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="400400e3809832074f2c95c316d297a299a2b60a8e3c879a3c5c6c2efbfe8aa56c10e4a16dbc47ffc879971367d20bb2e281c7ffe9d8d60f7ba558b48cdde7ae05d856308fdf94d3f0bdaa0ba171af590da1872bd5f7", @ANYRES16=0x0, @ANYBLOB="000428bd7000fbdbdf2502000000050006000400000008000300e00000000500050000000000"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0xf543f032fe2637f0)
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r1], 0x3b)

10:24:30 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x3}}, 0x0, 0x0, 0xffffffffffffffff, 0x1)

10:24:30 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = socket(0x18, 0x2, 0x1ff)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3)
r1 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r1, 0xf, &(0x7f0000000000))
shmctl$SHM_LOCK(r1, 0xb)

10:24:30 executing program 4:
bpf$MAP_CREATE(0x7000000, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:30 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="050000000000000018100000ce2b1a16"], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

10:24:30 executing program 1:
r0 = openat$incfs(0xffffffffffffffff, &(0x7f0000000100)='.pending_reads\x00', 0x4000, 0x100)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000001c0)=@bpf_tracing={0x1a, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffffffde, 0x0, 0x0, 0x0, 0x9}, [@func={0x85, 0x0, 0x1, 0x0, 0x3}]}, &(0x7f0000000080)='GPL\x00', 0x8586, 0x38, &(0x7f00000000c0)=""/56, 0x40f00, 0x0, '\x00', 0x0, 0x1c, r0, 0x8, &(0x7f0000000140)={0x5, 0x3}, 0x8, 0x10, &(0x7f0000000180)={0x3, 0x3, 0xc6ac, 0x10001}, 0x10, 0x14ac9}, 0x78)
syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x4)
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(0xffffffffffffffff, 0x28, 0x1, &(0x7f0000000040), 0x8)

10:24:30 executing program 0:
sendmsg$BATADV_CMD_GET_ORIGINATORS(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0x200, 0x70bd26, 0x25dfdbfb, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000804}, 0x20000000)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0], 0x3b)

10:24:30 executing program 4:
bpf$MAP_CREATE(0x8000000, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:30 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))
shmctl$IPC_RMID(r0, 0x0)
r1 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
shmctl$IPC_RMID(r1, 0x0)
shmctl$SHM_STAT(r1, 0xd, &(0x7f0000000000)=""/3)

10:24:30 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x3}}, 0x0, 0x0, 0xffffffffffffffff, 0x1)

10:24:30 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="050000000000000018100000ce2b1a16"], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

10:24:30 executing program 1:
syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="09d9fd7e56c004130900707edd114105068193a497b0b4ad6cbd821c8fca5711843c9fcbfd04ce585908b6e4bb8f9f4e5b28003d870ed06be3ae1a8fc2f4e50194e258de3687f56c05d62070c4be1c24341beb1da9b814f2293d447515b7907928249d3322ae175f0967ba9f1c485043c14d359f698c22e3ce2153e6779af8a728634720cd40ece2e4857095b5efd7234ff0f51caf877c9538e40e85496679c06b430590a22e2b152f29ca830953fa5eee4833eef2210830fef167d8b8a9c4c171d75d1e6bfe5558dc129bf90feff043a53a737dab008c0808"], 0x4)

10:24:30 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
ioctl$SNDRV_PCM_IOCTL_XRUN(r0, 0x4148, 0x0)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[], 0x3b)

10:24:31 executing program 4:
bpf$MAP_CREATE(0x9000000, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:31 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x3}}, 0x0, 0x0, 0xffffffffffffffff, 0x1)

10:24:31 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000040)=""/4)
statx(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x2000, 0x2, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0})
getgroups(0x4, &(0x7f00000000c0)=[r1, 0x0, 0xee00, 0xee01])
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r2)
ioctl$SNAPSHOT_FREE_SWAP_PAGES(r2, 0x3309)

10:24:31 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="050000000000000018100000ce2b1a16e2"], 0x0, 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

10:24:31 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="04800100"], 0x4)
openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)

10:24:31 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRES16=r0], 0x3b)

10:24:31 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x3}}, 0x0, 0x0, 0xffffffffffffffff, 0x1)

10:24:31 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000000)=[0x3, 0x824, 0x0, 0x2, 0xd9], 0x5, 0x0, 0x0, <r0=>0xffffffffffffffff})
ioctl$SNDRV_PCM_IOCTL_USER_PVERSION(r0, 0x40044104, &(0x7f0000000080)=0x4)
r1 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r1, 0xf, &(0x7f0000000000))
mmap$snddsp(&(0x7f0000fec000/0x14000)=nil, 0x14000, 0x200001a, 0x8010, 0xffffffffffffffff, 0x1000)

10:24:31 executing program 4:
bpf$MAP_CREATE(0xa000000, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:31 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="050000000000000018100000ce2b1a16e2"], 0x0, 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

[ 3355.371761][  T144] Bluetooth: hci0: Received unexpected HCI Event 00000000
10:24:31 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1}}}, 0x4)
syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2)

10:24:32 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x3}}, 0x0, 0x0, 0xffffffffffffffff, 0x1)

[ 3355.529312][  T144] Bluetooth: hci2: Received unexpected HCI Event 00000000
10:24:32 executing program 0:
syz_open_dev$vivid(&(0x7f0000000000), 0x1, 0x2)
syz_open_dev$vivid(&(0x7f0000000080), 0x3, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[], 0xa0)

10:24:32 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x1, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x1a, 0x7, &(0x7f0000000240)=@raw=[@map={0x18, 0x4, 0x1, 0x0, 0x1}, @exit, @exit, @call={0x85, 0x0, 0x0, 0x70}, @map_val={0x18, 0x8, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x6ba}], &(0x7f0000000280)='syzkaller\x00', 0x401, 0x41, &(0x7f00000002c0)=""/65, 0xf4f30fb5242023de, 0x9, '\x00', 0x0, 0x6, 0xffffffffffffffff, 0x8, &(0x7f0000000340)={0x1, 0x1}, 0x8, 0x10, &(0x7f0000000380)={0x3, 0x7, 0x1f, 0x2}, 0x10}, 0x78)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x5, 0x9, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x7}, [@ldst={0x3, 0x3, 0x6, 0x5, 0x1, 0x8, 0x4}, @alu={0x7, 0x0, 0x3, 0x0, 0x0, 0x40, 0x10}, @ldst={0x0, 0x0, 0x2, 0x9, 0x9c4fceb1e92eb457, 0xc, 0x10}, @call={0x85, 0x0, 0x0, 0xffffff79}, @jmp={0x5, 0x1, 0x5, 0x8, 0x8, 0xffffffffffffffff, 0x4}, @generic={0x80, 0x4, 0x6, 0x80, 0xffff}]}, &(0x7f0000000080)='GPL\x00', 0x7fffffff, 0xff, &(0x7f00000000c0)=""/255, 0x41100, 0x8, '\x00', 0x0, 0x4, r1, 0x8, &(0x7f00000001c0)={0x7, 0x2}, 0x8, 0x10, &(0x7f0000000200)={0x3, 0xa, 0x4bfc, 0x2}, 0x10, 0x0, r2}, 0x78)

10:24:32 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1}}}, 0x4)

10:24:32 executing program 4:
bpf$MAP_CREATE(0xb000000, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:32 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="050000000000000018100000ce2b1a16e2"], 0x0, 0x3, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

10:24:32 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x3}}, 0x0, 0x0, 0xffffffffffffffff, 0x1)

10:24:32 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r1 = syz_open_dev$vivid(&(0x7f0000000100), 0x3, 0x2)
r2 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRES16=r2, @ANYRESHEX, @ANYRESDEC=r0, @ANYRESHEX, @ANYRESDEC=r1], 0x3b)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(0xffffffffffffffff, 0x28, 0x2, &(0x7f00000000c0)=0x3, 0x8)

10:24:32 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
syz_open_dev$sndpcmp(&(0x7f0000000000), 0xac5, 0x0)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))

10:24:32 executing program 1:
syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1}}}, 0x4)
syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2)
bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000080)={0xfffffffd}, 0x8)

10:24:32 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="050000000000000018100000ce2b1a16e2"], &(0x7f0000001400)='syzkaller\x00', 0x0, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

10:24:33 executing program 4:
bpf$MAP_CREATE(0xc000000, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:33 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x3}}, 0x0, 0x0, 0xffffffffffffffff, 0x1)

10:24:33 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000))
syz_open_dev$vivid(&(0x7f0000000040), 0x1, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0], 0x3b)

10:24:33 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
open$dir(&(0x7f0000000000)='./file0\x00', 0x8002, 0x20)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))

10:24:33 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRES32], 0x4)

10:24:33 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="050000000000000018100000ce2b1a16e2"], &(0x7f0000001400)='syzkaller\x00', 0x0, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

10:24:33 executing program 4:
bpf$MAP_CREATE(0xd000000, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:33 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x1)

[ 3357.116859][  T144] Bluetooth: hci0: SCO packet for unknown connection handle 0
10:24:33 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0], 0x3b)
sendmsg$SEG6_CMD_DUMPHMAC(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x3c, 0x0, 0x300, 0x70bd2b, 0x25dfdbff, {}, [@SEG6_ATTR_SECRET={0xc, 0x4, [0x1ff, 0x6]}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x800}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x7}, @SEG6_ATTR_SECRET={0x4}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x7ff}]}, 0x3c}, 0x1, 0x0, 0x0, 0x81}, 0x4000000)

10:24:33 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1}}}, 0x4)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT32(r0, 0xc06c4124, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4})

10:24:33 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000)=""/3)

10:24:34 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="050000000000000018100000ce2b1a16e2"], &(0x7f0000001400)='syzkaller\x00', 0x0, 0x96, &(0x7f0000001440)=""/150, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

10:24:34 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)

10:24:34 executing program 4:
bpf$MAP_CREATE(0xe000000, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:34 executing program 1:
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYBLOB="00000000d369b9988c73502ecb7ecdf9ef41c8fc5d4debe1774418c8aac0219ba203e1471041bf2b17bbd740f4749b4726888ae5ebe7bdfd26b20e2ce6cf3ed766613dd3b1b7b57192f06dd2f9ea7cab68f771cbff9adfea554a0bc10949cc4077d1207dae822d9c15efc22255bbb6b6c161c9441a7df69e4bdbaaba52cce2d4c27e51e3ce56652f0770de3ba6f0c8f794df4ef12a1211e50f052021eda071a3300987a86d843c4850a75da757a44f56a1c061a8fc39be62795c4e75c6a559344f706fe0f6bffe2a00b93f8e48722292e7314b419059b815e10791728f806eccda1625f8382f5529adcfcf7fa63fbee1cb48a1aeea1db070c0c435db34e80f38dc817fca4f67de1e5c2a6c6df82e6dc75ca7d5cb99319dc5499eac0b03f4b70b52ddfec4d1b993c36b8d077f3ef78da0a41c635b677f9418dfaedcfe09d3bab53b72653b5c85ada14808052e67cca19c9f6d99598f44dc01f01e8adbef5a05020c5960354baa8e4b607e8605077cf2ef24955a6e5e782fe9b8fc64bfb1b6366e79600aae346de8ccfd8d55d7011447781325fb761b4e6eb1447c940d418b812a6a686e66ad3f"], 0x4)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000040), 0x4)

10:24:34 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
ioctl$SNDRV_PCM_IOCTL_UNLINK(r1, 0x4161, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r1, 0x84009422, &(0x7f0000000dc0)={0x0, 0x0, {0x0, @struct, <r2=>0x0}, {}, {0x0, @struct}})
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r1, 0xc400941d, &(0x7f00000005c0)={<r3=>0x0, 0x8, 0x4, 0x1})
ioctl$BTRFS_IOC_BALANCE_V2(r1, 0xc4009420, &(0x7f00000009c0)={0x2, 0x0, {0x9, @struct={0xf5a5, 0x5}, r2, 0x7ff, 0x9, 0x3, 0x0, 0x1, 0x401, @usage=0x401, 0x7fff, 0x9, [0x80000000, 0x8, 0x8, 0x1, 0x2, 0x2e]}, {0xffff, @struct={0x7f}, 0x0, 0xccb, 0x8000, 0x8, 0xa9, 0x7, 0x42, @struct={0x2, 0x1}, 0x4, 0xfffffffe, [0xfff, 0x8001, 0xffff, 0x6, 0xeb24, 0x53]}, {0x1, @struct={0x1, 0x4}, r3, 0x7, 0x7, 0x8000, 0x8001, 0xdd2b, 0x42b, @usage=0x8001, 0x8b0, 0x7, [0x7fff, 0x7, 0x9, 0xc000000000000, 0x5]}, {0xb8b2, 0x0, 0x5}})
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r4)
ioctl$SNDRV_PCM_IOCTL_DRAIN(r4, 0x4144, 0x0)
r5 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
shmctl$IPC_RMID(r5, 0x0)
shmctl$SHM_UNLOCK(r5, 0xc)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))

10:24:34 executing program 4:
bpf$MAP_CREATE(0xf000000, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:34 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="050000000000000018100000ce2b1a16e2"], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

10:24:34 executing program 5:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
syz_emit_vhci(&(0x7f0000019040)=@HCI_SCODATA_PKT={0x3, {0xc8, 0xa5}, "98ec417ec7d2e559a8a6561834c3e1a616505d53e3cf27af6e6d01d840e1517c865d7f7682f317440760bdb9151b9760180ab544f8e384dc31c9537044acca111edaf0798ef04508e97a281749620f2fa92e370bf18b4a091b25c6d0bca61e0a088abd2965443a0d0920a607275c10f6b1972b8d25c38906720f5bf1b839b69c21eb6e9e856494c3ce090877ec92f1cef45063e3c1ef9e41b13906a51987916d23fd802b3e"}, 0xa9)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000)=""/102400)
r1 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
shmctl$IPC_RMID(r1, 0x0)
syz_emit_vhci(&(0x7f0000019000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x1, 0x1, 0x1a}, @l2cap_cid_signaling={{0x16}, [@l2cap_move_chan_req={{0xe, 0x3f, 0x3}, {0x6, 0xff}}, @l2cap_info_req={{0xa, 0x7, 0x2}, {0x1}}, @l2cap_create_chan_req={{0xc, 0x9, 0x5}, {0xfffe, 0x7f}}]}}, 0x1f)

10:24:34 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r2 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r2, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0, 0x8000, 0x0, <r3=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f00000000c0)={&(0x7f0000000080)=[0x8], 0x1, 0x0, 0x0, <r4=>0xffffffffffffffff})
ioctl$VIDIOC_DQBUF(r4, 0xc0585611, &(0x7f0000000140)={0x2, 0x0, 0x4, 0x100, 0x3f, {0x0, 0x2710}, {0x3, 0x8, 0xc3, 0x81, 0x7, 0x0, "dc71c6bf"}, 0x9, 0x3, @planes=&(0x7f0000000100)={0x40, 0x5, @fd=r0, 0x9}, 0x2, 0x0, r3})
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x2)
ioctl$VIDIOC_EXPBUF(r1, 0xc0405610, &(0x7f0000000000)={0xb, 0x9, 0x11cd, 0x0, <r5=>0xffffffffffffffff})
ioctl$VIDIOC_EXPBUF(r2, 0xc0405610, &(0x7f0000000040)={0x2, 0x401, 0x97, 0x4000, r5})
r6 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r7 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r7, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0, 0x0, 0x0, <r8=>0xffffffffffffffff})
ioctl$BTRFS_IOC_SCRUB(r7, 0xc400941b, &(0x7f0000000200)={<r9=>0x0, 0x100})
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r6], 0x3b)
r10 = socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$BTRFS_IOC_GET_DEV_STATS(r4, 0xc4089434, &(0x7f0000000600)={<r11=>r9, 0x10001, 0x1, [0x4e881a90, 0x1, 0x9, 0x101, 0x2], [0x7f, 0x89, 0x214, 0x8, 0x4, 0xbd, 0x7fffffff, 0x3, 0x1, 0x4, 0x1bbf, 0x2, 0x8, 0x0, 0x200000000000000, 0x1, 0xc000000000000000, 0x6, 0xfffffffffffffde6, 0x3ff, 0x0, 0xffffffffffffffe2, 0x9, 0x800, 0x1000, 0xd302, 0x4, 0x40, 0x9, 0x6a, 0x7, 0x0, 0x100, 0x2, 0x1, 0x0, 0x3, 0x3, 0x5, 0x0, 0x9, 0x86f, 0x80000001, 0x100000000, 0x40, 0xffc0000000000000, 0x7e37, 0x9fc7, 0x1, 0x10000, 0xf8d, 0x100000001, 0x3a, 0x1, 0x3, 0x10001, 0x8, 0x0, 0x3, 0x99bc, 0xaa4a, 0x1a, 0x7, 0x3d, 0x3, 0x5, 0x99e, 0x9f7, 0x18000000000000, 0x6, 0x2, 0x7, 0x6, 0x3, 0xdcf, 0x7, 0xe1, 0x10000, 0x101, 0x8000, 0x5, 0xfffffffffffffc01, 0x401, 0x9, 0xb2, 0x5, 0x5e9c, 0x3f, 0x4, 0x7f, 0x7, 0x4, 0x7, 0x9, 0x0, 0x4, 0x400, 0x0, 0x1, 0x49b3, 0x2, 0x80000001, 0x1, 0xffffffffffffadfd, 0x8000, 0x96a5, 0x2, 0x3, 0xef8, 0x4, 0x8f, 0xffffffff, 0x5, 0x7fff, 0x2c6, 0x4, 0x2, 0x9, 0x8c, 0x2]})
ioctl$BTRFS_IOC_DEV_REPLACE(r10, 0xca289435, &(0x7f0000000bc0)={0x0, 0x1, @start={r11, 0x0, "0ffb7d105cc504c90956b624fa31bc7a1d22427c14282c505a9d2970212e04183b413bab312d9aec07243948850b4228c9a835a1d54116c814a81c32b3a316ffb1544c00375f07a60dafc6ed49033b12bd2771f3821ca8e649a3dc68a7609f6667d05c9394f8a18502a785500c78add00e0aa1b1f498926c70cfe6425dc6f0d644ef284c396cc364e73fa1f80c159ff82f97c68326ee16c39f0819ce724e64da63804599de377f85e038654ccf23e0a0033de7476312fe582be3fc565b419e8a5aad6752313c31653aaa819b377f7269d4c7e1424c94816f2a3755db54ba6119d0ce8bc63cfbd8f52293731107e6eea197a34d8d620682340bc0baabd03f923ed5bd51d42c631d22b90be1163e7408da90318af93ead7e9f2985c9ce30ac5be1731c0286e5276c9587e4fc694c3a1fe636b94551007108f750d1f571a8bd4ab149c206603353b5837444a0d14eae0f67d2af1fdbea434ebd2fefcc81914c92a6946953973b752b7a200055eb63856e5c104fa11ec666f8070e80d996121514730a58d94687708ecf66b5790bf36dd539fbd11f1faa0b569a85435aff889eff6a33b7e4c7552bf9e08732dc45a68ee24c0978e7e5d35c379ece04feaad2f934a2bdd150d5c32181751798ad16aa073970e8b5eaaa95e95d9695294653f0cf42394318d880421309968d956614ef285b665a3c7db52f159d11960263cb461883633fd80f7ca80ed41ea2dfa107ec010dc90eb330d369881c9ebff6a71c3991561b1969db11bb22a7ac1fe3aafe82b3cce3479a14853e6197af22a575c27e291bf2f2098a641ec57d56849889c5d3ae606cf78bccb7cee3ae5ea4dc433c23d65e1e624fc07ba0ef0d5713e614c7b34ec7afc8d6e668bf67c5851849717719689eaa9d4cfad24b6153002b48c95ea2553edd1b40faae889d39a37882e82dae0a6c868d47d1577fb2b1644a4b31a302c3b0bc91a5ab66e3fe124283649b83a646f54a1d660b7bde75e13a4553550b2380c942ac5f83456d568df145fdda0adc9add7d5f10022316594d45d63722526890c871d10a9bfe6f58d7a89fa664d9625402bee69fd65bedae9a7d49fc4e33ee27b986a12720738fa66600019e35fd488b8c68767505620f9bed57494092de9babfa2ae3faac28a63c91d2e474beffb8e3cd9cb1d36151801756ba4295b77ca86ccab2954097ec6ba0f988173e44590565ed362a485ff81aeb05686986f282b12bb0ee4fed49fe281e8e36dddcb545740f2f3acbcb5ccc902bfd4d6a14b2bdb2394ed563e39efa435459a4d221b9711ced0687a021a02d023d20ade7195336dcbe713e36ac22bc9acd6fe15416cdc3f094694426e53ce6dc0e783343d94fff0915a30699be84d2e2d77cf0ba1fea672038f4d49a86a60ab6fc25f3a7bf09cd77b2d4d84e7f30ac2e6df3d3893136aaf067fafc29", "2a69395fdb7cec0a6745a10c36ce85a9b8254d698248a7212c22c97757f2fce494111c7d98afb5df0481fc751e60209b4b6d318380909483aedee53e42bc7aef3cafd31e684a88ae28134a27d92f8990661d28edbca661fe952bd00a8aa5bc3ffa40be9b67b846305b122ffbe95b1cc980368ac55e11a22c130747c9582bfe0420d0cbad1988db37f940f277d4e0509b2d28db1ff3dfd731e7ce2b41dfee47bcc0c0abdd3c5be78c1f7c59fe136cd96e11b09bc58a2a56760c3adcd48ef727c3aba82583c768de8012b743321a0c4efb4ea294907cb5516967a8bf41539490d03336d7a838837e8dbd5e150f1494352ea8ef9f9e768fedb8d7e439611f20d6b05fe0d13d1ebbd4386da0248ca1d41cb4ee3dacbdc3760092515d90be734249641e995f92bdd753caa2f66476d6db376a3a2202617b72b9917ae1ff5b85208437f499b207baa2e3fc13764fb648debbea48135773c4cc23eb022bd231c7af8b763f019b71e90bda4f264eb27231ab184ce66140c03a9cb58ebce87ba670efbd2b656e8dd405f1ef3ed80e322bc40553a441b2a2af22d888941ac6dda44b3531d1b284e21eb4aa5b7f9db180c18176dab35cba48c21c81b4ecf20cb284467365f3591719054c7cad08a2bd292cc1d7f650e13ade03607dad528f42f10ffe77d9de264bf0fea42f7204a2b57e2324f18fd3248cdaa9caf2f49a7ac4e6b631b4c2376bc99d87b8c9c5c9764922700e42dc717ecfc22553eb7ec5cdd7e54a71ddbaf8c36670ef9713760aa7f4632a7cf8142b3b9b8a19b2a83f730296cafffc7ce5ed666016aa21844031444eb94edab6cdb3a4e76c3b38f14cd3640d72786c1acee553817332efb0d78b30a33709ff4c59439c8c6a1dba902c0771f0c50a642e8fad5d02ded86ff07cba10b85d9907918b099996f20e649a749d1cbd4d75e73ef48f5315d10afaaa86b0a865eeb7d4d4c697efda719ec416a8f1ab6ebc0b663db6d5f41b56af7b62b110ff22089bdf623de52ae4dc7716eea8c00fe9878158c0dc1720ade7f88c3cb4a79282bac6ef4e120606016ae3dd7c6159d2cef75d116cae4f94cf6a1704b27f1416d4c2fa220a22d4e8078f27b10f40d204531db16735058819a4538a8e326c917d1109ff57bfd8089b57f7eda4e97cddb26735b6be0cc847621244c29c3035fcd218a6de9431aa8edd06fe8c390e3d17157db0d96fb1672c9375258bf60d2aba748899134c88cebd23ff3f36a9ef4328e8c161ab4b49b078ddfb1f28f40d5bcffdd6669ce59c98c9cf60645a4b2981f79b1014e3b98bc880a34b9eacb0479687146b749553a2293da3ab8895d71d9688db7a96b6665f4b05988a4c5aa99f65cf3f5de0edb67f899c3634db904c31f16ef87ac8798b9d8ea254b7b8e268052c81cf42154b87ab651ec9c35c09d014d0cf6d702705fc2020c48a"}, [0x7, 0x9, 0x0, 0x2, 0x7ff, 0x5, 0x10001, 0x6, 0x6, 0x8, 0x1, 0xbc, 0x3649dbee, 0xffffffff7fffffff, 0x3, 0x203, 0x9, 0x2, 0x8, 0x3, 0xffffffffffffffff, 0x200, 0x3ff, 0x88f, 0x3, 0xffff, 0x4, 0x7fff, 0x3, 0x1, 0x3ff, 0x5c, 0x10000, 0x6, 0x1, 0x5, 0x9, 0x2, 0x80000000, 0x6, 0x8001, 0x2, 0x3, 0xffffffffffffffd8, 0x8, 0x3, 0x800, 0x9, 0x86, 0x4b43, 0x4, 0x1, 0x0, 0xb57b, 0x1f, 0x7, 0x800, 0x6, 0x7, 0x6200000000000000, 0x2, 0x8000, 0x2]})
clock_gettime(0x0, &(0x7f0000000a40)={<r12=>0x0, <r13=>0x0})
ioctl$VIDIOC_DQBUF(r1, 0xc0585611, &(0x7f0000000ac0)={0x6, 0x2, 0x4, 0x10000, 0x7, {0x77359400}, {0x2, 0x6, 0x5, 0x3, 0x1, 0x8, "02c08612"}, 0x7f, 0x2, @offset=0x101, 0x2, 0x0, <r14=>r8})
ioctl$vim2m_VIDIOC_PREPARE_BUF(r4, 0xc058565d, &(0x7f0000001600)={0x8, 0x2, 0x4, 0x10, 0x401, {r12, r13/1000+60000}, {0x5, 0xc, 0x4, 0x81, 0xb8, 0x6, "1b8194bf"}, 0x1, 0x3, @offset=0x8001, 0x20c8, 0x0, r14})

10:24:35 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1}}}, 0x4)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x1a, 0x80000000, 0x3ff, 0x4, 0x84, 0xffffffffffffffff, 0x101, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x4}, 0x40)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0), 0x101000, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000080), &(0x7f0000000100)=@tcp=r1, 0x1}, 0x20)
socket$nl_generic(0x10, 0x3, 0x10)
openat$incfs(r1, &(0x7f0000000080)='.log\x00', 0x581000, 0x1d1)

10:24:35 executing program 4:
bpf$MAP_CREATE(0x10000000, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:35 executing program 5:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
syz_emit_vhci(&(0x7f0000019040)=@HCI_SCODATA_PKT={0x3, {0xc8, 0xa5}, "98ec417ec7d2e559a8a6561834c3e1a616505d53e3cf27af6e6d01d840e1517c865d7f7682f317440760bdb9151b9760180ab544f8e384dc31c9537044acca111edaf0798ef04508e97a281749620f2fa92e370bf18b4a091b25c6d0bca61e0a088abd2965443a0d0920a607275c10f6b1972b8d25c38906720f5bf1b839b69c21eb6e9e856494c3ce090877ec92f1cef45063e3c1ef9e41b13906a51987916d23fd802b3e"}, 0xa9)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000)=""/102400)
r1 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
shmctl$IPC_RMID(r1, 0x0)
syz_emit_vhci(&(0x7f0000019000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x1, 0x1, 0x1a}, @l2cap_cid_signaling={{0x16}, [@l2cap_move_chan_req={{0xe, 0x3f, 0x3}, {0x6, 0xff}}, @l2cap_info_req={{0xa, 0x7, 0x2}, {0x1}}, @l2cap_create_chan_req={{0xc, 0x9, 0x5}, {0xfffe, 0x7f}}]}}, 0x1f)

10:24:35 executing program 0:
syz_open_dev$vivid(&(0x7f0000000080), 0x3, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x0, 0x2)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r0, 0x80083313, 0x0)
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
r2 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r2, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYRES32=r2, @ANYRES16], 0x3b)

10:24:35 executing program 2:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0x200, 0x70bd26, 0x25dfdbfb, {}, [@BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x1c}}, 0x20000000)
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r1 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r1, 0xf, &(0x7f0000000000))

10:24:35 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="050000000000000018100000ce2b1a16e2"], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

10:24:35 executing program 4:
bpf$MAP_CREATE(0x11000000, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:35 executing program 1:
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'batadv0\x00', <r0=>0x0})
sendmsg$BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x64, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x81}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x8}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x3}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0xffff}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r0}]}, 0x64}, 0x1, 0x0, 0x0, 0x40}, 0x1)
syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x152}, @l2cap_cid_signaling={{0x14e}, [@l2cap_conf_req={{0x4, 0x70, 0x8}, {0x1f, 0xfff, [@l2cap_conf_mtu={0x1, 0x2, 0x1ff}]}}, @l2cap_disconn_req={{0x6, 0x1, 0x4}, {0x80}}, @l2cap_conf_req={{0x4, 0x40, 0x1d}, {0x3, 0x54, [@l2cap_conf_fcs={0x5, 0x1, 0x1}, @l2cap_conf_flushto={0x2, 0x2, 0x6}, @l2cap_conf_efs={0x6, 0x10, {0x8, 0x1, 0x1f, 0x100, 0x3f, 0x32}}]}}, @l2cap_disconn_req={{0x6, 0x9, 0x4}, {0x100, 0x80}}, @l2cap_disconn_rsp={{0x7, 0xce, 0x4}, {0x8001, 0x1000}}, @l2cap_info_rsp={{0xb, 0x4, 0xd5}, {0x2, 0x7fff, "c6525e289d6af0b4093896bc6fe0efddcbfa261274d94d4dd5daab44b3f86793b04776040e720e527545d46b559a88bb6903f5e4d1d445e3b2e5c8b863f0b3d4e679da9fde33b52fd4f4878fe106f7c536ff71ffba689b8b03168619daa02569e5d59d55c7b4bcc299d149c54e7cbc77f87fcc7edc24261a99d5dae9aab81f3427cdbf52d339c92ac0f14e9ebf7e67509cf11f3864185be2e1a45f9bad1c520fffa7d92d1047a57f3fae29d0c8a784acea6b89f23eed259761bc62c13a17603e9ccd9c0a513a9e48491fcc0554f1205a6f"}}, @l2cap_conf_rsp={{0x5, 0x5, 0x20}, {0x35f, 0x2d6, 0x3, [@l2cap_conf_mtu={0x1, 0x2, 0x8ea}, @l2cap_conf_rfc={0x4, 0x9, {0x0, 0x2, 0x31, 0x81, 0x1, 0x800}}, @l2cap_conf_ews={0x7, 0x2, 0xffe1}, @l2cap_conf_fcs={0x5, 0x1}, @l2cap_conf_mtu={0x1, 0x2, 0x3}]}}, @l2cap_create_chan_rsp={{0xd, 0x0, 0x8}, {0x1ff, 0xa3, 0x1, 0xb3}}]}}, 0x157)

10:24:35 executing program 5:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
syz_emit_vhci(&(0x7f0000019040)=@HCI_SCODATA_PKT={0x3, {0xc8, 0xa5}, "98ec417ec7d2e559a8a6561834c3e1a616505d53e3cf27af6e6d01d840e1517c865d7f7682f317440760bdb9151b9760180ab544f8e384dc31c9537044acca111edaf0798ef04508e97a281749620f2fa92e370bf18b4a091b25c6d0bca61e0a088abd2965443a0d0920a607275c10f6b1972b8d25c38906720f5bf1b839b69c21eb6e9e856494c3ce090877ec92f1cef45063e3c1ef9e41b13906a51987916d23fd802b3e"}, 0xa9)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000)=""/102400)
r1 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
shmctl$IPC_RMID(r1, 0x0)
syz_emit_vhci(&(0x7f0000019000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x1, 0x1, 0x1a}, @l2cap_cid_signaling={{0x16}, [@l2cap_move_chan_req={{0xe, 0x3f, 0x3}, {0x6, 0xff}}, @l2cap_info_req={{0xa, 0x7, 0x2}, {0x1}}, @l2cap_create_chan_req={{0xc, 0x9, 0x5}, {0xfffe, 0x7f}}]}}, 0x1f)

10:24:35 executing program 2:
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {0x0, <r1=>0x0}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYRES32=r0, @ANYRES16, @ANYRESHEX=r1, @ANYRESDEC], 0x3b)
r2 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r2, 0xf, &(0x7f0000000000))

10:24:35 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0], 0x3b)
syz_emit_vhci(&(0x7f0000000000)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x39}, "b7480d319dd75147d7be3b4eea350db896d2869ad3b85c98938949a27546a10a788bd642e5a064eccbc9ca84ea40f069c73bd1e8895f91f9b8"}, 0x3d)

10:24:35 executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x1, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="050000000000000018100000ce2b1a16e2"], &(0x7f0000001400)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

10:24:36 executing program 5:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
syz_emit_vhci(&(0x7f0000019040)=@HCI_SCODATA_PKT={0x3, {0xc8, 0xa5}, "98ec417ec7d2e559a8a6561834c3e1a616505d53e3cf27af6e6d01d840e1517c865d7f7682f317440760bdb9151b9760180ab544f8e384dc31c9537044acca111edaf0798ef04508e97a281749620f2fa92e370bf18b4a091b25c6d0bca61e0a088abd2965443a0d0920a607275c10f6b1972b8d25c38906720f5bf1b839b69c21eb6e9e856494c3ce090877ec92f1cef45063e3c1ef9e41b13906a51987916d23fd802b3e"}, 0xa9)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000)=""/102400)
r1 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
shmctl$IPC_RMID(r1, 0x0)

[ 3359.539409][  T144] Bluetooth: hci2: SCO packet for unknown connection handle 0
[ 3359.601450][  T144] Bluetooth: hci2: SCO packet for unknown connection handle 0
10:24:36 executing program 0:
syz_open_dev$vivid(&(0x7f0000000000), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r0], 0x3b)

10:24:36 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0xa2c0, 0x0)

10:24:36 executing program 1:
ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(0xffffffffffffffff, 0x80083314, &(0x7f0000000040))
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02000100"], 0x4)
syz_emit_vhci(&(0x7f0000000080)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$BTRFS_IOC_SCRUB(r0, 0xc400941b, &(0x7f00000000c0)={0x0, 0x80000000, 0x7, 0x1})

10:24:36 executing program 4:
bpf$MAP_CREATE(0x12000000, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:36 executing program 3:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1}}}, 0x4)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x1a, 0x80000000, 0x3ff, 0x4, 0x84, 0xffffffffffffffff, 0x101, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x4}, 0x40)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0), 0x101000, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000080), &(0x7f0000000100)=@tcp=r1, 0x1}, 0x20)
socket$nl_generic(0x10, 0x3, 0x10)
openat$incfs(r1, &(0x7f0000000080)='.log\x00', 0x581000, 0x1d1)

10:24:36 executing program 5:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
syz_emit_vhci(&(0x7f0000019040)=@HCI_SCODATA_PKT={0x3, {0xc8, 0xa5}, "98ec417ec7d2e559a8a6561834c3e1a616505d53e3cf27af6e6d01d840e1517c865d7f7682f317440760bdb9151b9760180ab544f8e384dc31c9537044acca111edaf0798ef04508e97a281749620f2fa92e370bf18b4a091b25c6d0bca61e0a088abd2965443a0d0920a607275c10f6b1972b8d25c38906720f5bf1b839b69c21eb6e9e856494c3ce090877ec92f1cef45063e3c1ef9e41b13906a51987916d23fd802b3e"}, 0xa9)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000)=""/102400)
shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)

[ 3360.116798][  T144] Bluetooth: hci1: ACL packet for unknown connection handle 256
[ 3360.137420][  T144] Bluetooth: hci1: ACL packet for unknown connection handle 256
10:24:36 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r1)
ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000000c0)=ANY=[@ANYBLOB="0000000003000000", @ANYRES32, @ANYBLOB="0000000000000000ffffffff0000000000000000", @ANYRES32=r1, @ANYBLOB="00000000004000000000000000f0ffffffffffff", @ANYRES32, @ANYBLOB="0000000000f0ffffffffffff002000000000000050dded8bf01d4102520793314ef92f8dbe0e3590424602b5c0b2e6bbd154b841ea122e198f305a91f9de3624db1f00a1f17e8719389ab9d3f286a977aaedb6582e6034b5d3788783b22eddc4fa4354ea5317"])
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYRESHEX=r1], 0x3b)

10:24:36 executing program 2:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))
syz_emit_vhci(&(0x7f0000000000)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x1000}, "b76ef870ce54cc09f3a52743d51f2fe00131c0e3eedd29cbe1dab7ca77bcbc216a594bfb3f0b4a5112b0f32e15f254d11acc17d55f98abdbe890199a7b925a316a8a3fe0502866da8799ebfa2de2868feece7e004eb31c7af10dc0ef60e9a36cf214d3f1f9f643662b38a17fefdb07263e279f27662fc87e1490055c9954f8e084f54dd0a2b1a41ae7ac9cfdaeffd550e36a9a61ba9d18784e7365128bac7d834d54e3b58f158b46e47a875e4c9674291983467bf51e31d4f9086df8f3972387ce1a01d339713f3113e2d40eb8068f87be2fc65ab9005cd58ce8679c4864d355f66ffc60d377487e5fc080c02b6cd7d95eafb4d077443cbbe3d83f18357e411f261c62306edcd46cc4e5de12a31733a652e02871c1d28fc2305963909e25fb3ff2ebde98aa6dcab9d2aeeec3a71dfdb36df86a917217a1a9a81553e11f55f631c1a4f589d3cdf3c2ef3afe2dca73ffec41a9bda6a47868de7cc1a516923339bfa79a30e5f5a47d5f4d097da6364a28d6dd88725f9a2fb062285a50addccd7346b56265388aa339dcbbbfb81fe5ddaf8309884c78d20f479eaca416f7eafaab2ceb42f483ed7f797397a739d6b98b1a7900532a70681550a6dd029e5508258a910a12b80d312524ffb17e04f08e723571c8d81df76de2ec9c487876c01c05df2df530a968081af999bd7ed695974f7616e4a46e9c9344aa8afee3152c092a807663c5cbffdc4c6af21d1578169b80adf7ff703b5a6698791e63903c1a4c2f7d73ac6a48522f3f6e01e9809343cf7fc268ff97abc944573bececd92eb80eb9505ad402ea2892bf8658c8411631fa249ea251a465415bddc6e999f236c5c26202b75a39198bfa71815b84a4057a35c2143bf1677d1ec21f705e3905d4f563f26c932f2883b26ae580c2121b8966a0309f8d13cc37c4d1367e226cd45934b1400f190e49699da039eace37989e44d970899afa6a4342370afa6a8157969abf5cf80d8dd4452467ac7c7bdf7e828d300f4bc9b9aa391e3cfaa4388fb6da9d458752b96616a9bfa911fcd349e47524bff155c2978f9163062093480c2291614114d2c46bc85afeb11f8b8e05854162c27e5399f9aa40c11d0d2063fb8a0e6caebf077b12014375cca6c98d00389ff520dbb73ba372c401538c14faea501cdca8a2d4b8d8fcf87f418dd59bad6d995a24e592af0989d2626ccf7b6a3007594cb03b44c5beb4d4d31e30498acf7705daddf608559883abdb5e8934b2b4e834a39f31010726cf00288c8cd8420d28c87c1360a6d98c99baf6ca0c8f29d766fda9bb9662603108550b92c4f96d5c6b0224a7b12c50c2cbef0d1508186790dcae3178132f31342a4f38e7b5694874fffecce4e832d595ff33e054170ea4d62f2c5e5ba355012b1ee3c4c176d65ff848d6bf7bf40a5c42b38f7bcef0afa97760dc5f1f6b1d41058c137fe37f942aef45f94aec5c8dd3179639c31301c56891a4da49884d0f5eacb2b772e7410dd2e2ff7b9cdee330d0542ff8b157b843120576f9bbfaff08ac6c4cdacc1c4d26d279c0e6b42b1fb9b95d47988cc3eb17d47ec399a384a55bf675d589afaed7c2987fa81ef5cc5d324436fa0e3b6b974ead1b0c9251095a6ab4bfe0d6db1acc8b1e32482b03226299019fd1994480c779c41b3ce1d63563ba7bdb76c14db55164576aed97f7cd5a38b4059649b1e958ae92609230c486a9688789dc57ea7f96649c0b9557e4f38c4e2099b24912575713a24d48f461bf507b61fd18b29ec5d5da21c05f96cc8ffa3169cd63e3b4fa40984334517c87008a0e18a6ab502fb5b9bfe74116a5b5cfa90518ab48cf4b89dde9168286dfb8a6e4691ba75dbaa06f8f7da4e614320b59d417c909e6d0f46c8b7a9c89bc9dc023319d97e7fdeea2c3548b8df77b9bb9ad50c2a03cfeafe1edaf9532f40a2227c8fde32482b7454aab4f7a1d5abf255c22d83f55a1b596a6bdcf3bbd238e15ccb4d3d94445796fdbe135244ee6ba01b22dc0960d2683e129672ec7756f4f24d4a6f71b72fd9750dad155622731b59605bcc813c404aed92e1d31bb955fc33a4733111ff668d96a68e133e37d0a656c0eba8efe000b34b8b674b34918843f39f715f59475f099dad59f309921cb16c507c1652907fbb80e7cab54feb187be085163f15b6371226f7578f4adf4ae367523382cdad1e495b96638cd2050c4f0471ec9ffda3a43fb81b600f3265e158052c4a1d9bafe1bda3d0eb87d3453d413738dafafd543e7ecaa926b42ea72e55f7c18b42e8ee04b7679bd9272fd03eed3daba24cb91c82c4f7d926082da8478ee550f8456d1fbbabc7b584b71b70bc13409ada93237eb0759287de8caa11dbd9e2af3afe5a42d743e2ac69325472ac5df76fcb2366c02590150fd778d01413655044ff45fb178b9962314c5e92ae0eacb591bab17be88998e5e8705dfca3b3e7db806a5655655f07715d60030e0fe899cb776682443bee0e10fd283ffd27c61b0435c59aff633468ade5a9c19f5b55eacedfa6b7ce0057ebd06c4cd10ac689f1eb6d6ab9ba560fabbd358cd26860d87dffafccda0b364ae3c7f39fd9c6a2be61bd43aab172073ec8c0ed90d149574a609e112141c3bb817cd7902e3929ef5b36ae00287e018a2a7caa0a5d203861fc462e67ca3c347348c9ba62e76525a3f199389aa6329e33d10fc9a07704a985c0b58a6fcf4ee717858755ceae8c9169e20f3406282c1fb40d1d84e940963672ada5a5e4e254d7c8b2a62e0ee1b1fb23ea56098234c75d7a90109e23ead0cc0f64b587dcc4dd7843430fee0cf633f0784a010277bf4ea6d603d30341b56409cedc953496dda7eaa9bcf6052f60b257fc6b98b4fe436ff326942c20b77014b7541cb8585e9547422f4ca9765b0b0ff40276bf5b2a9c37e40e5b457eb23f689a50b2bd966e9e8cb920e3a6423b58bb0a49072f4edb58bcca1bf9866f3f3ec46b5ef6b1f13ea303f8d110dc761ae0aa735618b6c11a3783d243670264a2457e14425b3bcbc43f4e34389c5163f199980f834553a861fa97e942cc94502defc97a21f2f61b252a93e63263992b29afa97a8aedc5d1c48d5aeed8c53958415681d1debb19381ef115705e22d7c6ab9d7f4d54d8a5673137cb32dc701a42073601822a012801bbcefdd3d04f87e9c42c1879139e4a16701221ed23ef0ac572c401a4bc8b9a9bed1ad2bd674b966ae1de5f85e5a8cf346f9527eac1edafa27e51b534f44a62f87011ba3018b6b92bf8205028cac96cfd5794906eddb8aeeac2a9adae02bf2c4115dc18206d97312dff102c0c4e389e4e00c4f3e2182854f3a23e66caf2e2c2a6a56d9ce8a82a0a83876f3bfc217a0ae7c6c992672d39bec22fec7ff5c940d78677d205843a3f376ea1834044ae444699368de99433e44996f0d3f1f8e8013503653c05de24268497eff7b66c2893a039c5d6acab250b2476bbfaf900b4fb8be70306510660459cc9868a70613d056929509d02af9acadcd213dbd5d139aaf71d316d6c4e7b963a7d297c6bb583c349b2b7fe6d21b4e0093850d8d5ae39c918b9d5bef94972bb44d9640f557b86bbcf90c4092a86ca84c07fab7804d2338b4ea426c47ce0ad781bbe84204ce92f5a53e53d376f24c03954dd16c8fc6f8d804139c2251cd3a1ed96abd0f6aa15e803b194005482ee2440aa82e36319fad8d36d352ba8bf9daf1e3d7454649653368b97c0ea1550b38cc44ac1f3ac169008e9c2598d1e1bb1a3d6b009cd2fe0827c78abf222afb613ef7fadf9ae0a1da1076beab537b3471a77da2684efbbde4b001750105c220611c7aa85b3d6b4631562da84dedcc9cf7dbc01714f57666e5f196bbc962e86e8947d72aa4f1ef4aeb2cc78d12d589ec14b3bec3ece7bbbdb69269d435907c946bf0b1ff6686cf2e69da879ee6edd5be4af854e0b22e80a43508c0faadd37309dc20ebc03862ff5e12426afe3de81e97978b9924b7c1d2ab569aad8e27febf1f75960c7ba12e495b276ea475c1fb42b1b4f64581329092f421ffdc796c15bf41230c2aca3196fd2ab66a182af9eaee311ea39caab8c5132e90f939817dcda4393718b4eb0abc619a98aad997417d2a445797a45f042f243c4e15975e719fe1d7ce97a52b172b36adde34198c9b1de4ac023bb20adad09ca165be995b9eb8a2b956f42dccdd8c34676d12dd2bdf57df91aae3bc23e0d2302a0948f6dc25ba87f30fcb77ac3913bd75c379fe0f22468240b12c3a4e15bc26f494cf7130207bb4232f52f85732fa27db4c36a6b90b8950d976ad59fa7e650236f0f2158a3a43589f709aab9b4c72dd10b084c07f6ade388370e17ab758a0090571e398fc9446b8489043386746f57e30bff0491e623ed583062efab34e38f504b364a23fa140e115cc02f6d907401eecd8be906716c80554d94ec07761718c54e321271136397d979ec6f0a4a56f456151c8ae24c4ea1473430e996fd44cc12f2c8e4f17eb15f41c905a2df23071bfea35261aabfb94f0af11ec710fe82796d80c5f6f33cca166138f46455a3810023c4ff3f46cad59439b9447d7041223d59a9ad5cc593980acebca772869421b949a2b97e51b74f69b430d4c3678490c11c69c8b03be324c42e37fa9271ae8f65d00040a8e1d839baf25cbacf460a62db80b8c4daba7bfcda9b2f5f156b537e9ac348c1e9a637807e04f7b30b1c091c2d9c20147408ae1524cc1cb470c1fa948eaf5323870abd21d33ccfb4f06254e01b334c228c47fafded34074b82e603a1d675edf3a02882d76ff2b0e20e3a90787e453f598b83e3b89d2e274c40ff8da60d09f974d2064f954d1152238eba865781a9cfbff56d52383098909508a3b9e1da7e89ed10411122ec6a913d6db5f83c365e0ea119f87c0bad614bb3cb7a2a6e6514c422489691ebad385b62bf1fd204c3f92368975723951927ab44832e1c074bd6e44736d0dd763c503826ed62c986757e2afc2f657bb56ce6adbb2774ea480baeffab6179fdc16f9441f32b401eb8598c3be9d652cd526550519f879d1eddb95251d69788bfe9e5f5396b21437876814b57d82fac01d00faf01bf2ddebd34f389c3c005662d16493feee069522dbcf3c7ec5a46991268640621ef4a7392075ddff6b68e1d008ffb849eecdb2acc63d535750f4c53dcc85156fc6b9bc2f1be59895d8b518231c730d42c3ef7c6898e4664182304ab4abb29c62585b9f319de4a8d98c451db814f80610b80404d87494225a4d4011a552f44393ab0aafe39fa1b03d9e7a79b64fc60eaf637cb41814333b346e6936bfa39b52714ba6cf976c66ad915ae4ad395c4ec4d6894eb8062d81a4eafc948b5822cc80555db060079d57528c09ca6df1ecab06df574cc260753a58c64e6ae9e4404229888b648dec12edc1e7b7b30a128518c1e94cf0fc8bf5c2752ffae9c3b20cab8929cbbe1c57521c023f4d629e6eb7b944073c526b26f7e415d42840bf88af134813a815207d1839d0418853c1ed2dd6ac0c0f13544e67d880694c1610a19eb1b2ae3b4482ea967271df75eb573e44acd590a0787a4ef2f4a89adc193ff9766935d889cf0e25b083d9987af3db1cd2de7f98b15f81ee3350186b0251c4cc97e7387bc8e6643ef5dbf2019550c93e1b512051b48eb3b66b84f5a5d657b9b54021a8837372748e78e4d2d2828fce2f1474b074a9374e350f8702a990b1bad0bc66d7ce2614895724d56a42bb00a59e86e875932b3910e3ca03383c9ea8512eacc2bfc21b0eef6946c6879bebd7d3089f14c7e0b37c61"}, 0x1004)

10:24:36 executing program 1:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1}}}, 0x4)
socketpair(0x15, 0x6, 0x5, &(0x7f0000000040))

10:24:36 executing program 4:
bpf$MAP_CREATE(0x13000000, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:37 executing program 3:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1}}}, 0x4)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x1a, 0x80000000, 0x3ff, 0x4, 0x84, 0xffffffffffffffff, 0x101, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x4}, 0x40)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0), 0x101000, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000080), &(0x7f0000000100)=@tcp=r1, 0x1}, 0x20)
socket$nl_generic(0x10, 0x3, 0x10)
openat$incfs(r1, &(0x7f0000000080)='.log\x00', 0x581000, 0x1d1)

10:24:37 executing program 5:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
syz_emit_vhci(&(0x7f0000019040)=@HCI_SCODATA_PKT={0x3, {0xc8, 0xa5}, "98ec417ec7d2e559a8a6561834c3e1a616505d53e3cf27af6e6d01d840e1517c865d7f7682f317440760bdb9151b9760180ab544f8e384dc31c9537044acca111edaf0798ef04508e97a281749620f2fa92e370bf18b4a091b25c6d0bca61e0a088abd2965443a0d0920a607275c10f6b1972b8d25c38906720f5bf1b839b69c21eb6e9e856494c3ce090877ec92f1cef45063e3c1ef9e41b13906a51987916d23fd802b3e"}, 0xa9)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000)=""/102400)

10:24:37 executing program 0:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
ioctl$TUNSETIFINDEX(r0, 0x400454da, &(0x7f0000000000))
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_USER_PVERSION(r2, 0x40044104, &(0x7f0000000080)=0x5)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16=r1], 0x3b)

10:24:37 executing program 2:
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000000))

10:24:37 executing program 1:
ioctl$SNDRV_PCM_IOCTL_HWSYNC(0xffffffffffffffff, 0x4122, 0x0)
ioctl$SNDRV_PCM_IOCTL_DELAY(0xffffffffffffffff, 0x80084121, &(0x7f0000000040))
ioctl$SNDRV_PCM_IOCTL_PAUSE(0xffffffffffffffff, 0x40044145, &(0x7f00000005c0)=0x100)
ioctl$SNDRV_PCM_IOCTL_READN_FRAMES(0xffffffffffffffff, 0x80184153, &(0x7f0000000580)={0x0, &(0x7f0000000000)=[&(0x7f00000000c0)="e5a36323c0031d4e888e92dfee283da599388e3cba8546af29ce0e035a519506da777dc17fddc0f63abcc19e9892a69e6434bf80fe83c449cecad9289c25d8e378ae9e0bd321a140129d98", &(0x7f0000000140)="854dba705a17f8ad9774682bf64c3ea41470efa794e4017a6bc51a1516addab02f1cbc0993e725ea545903cd322d65a93b89a0fbe96323c4faffbb1be62cb12a21597c404a2d5f6700bec6b444af327e3021fbb4d876e974c41a584490ba36f041bb7e76c969962275f2daee50bec0fa69f8457e2a782576c5ed70fe470534953e63a48c47300f7d55ffc45b2c86b69407fc90de563fe332c5801261148b475781c38f6e469c", &(0x7f0000000200)="41a40de299f18b52c35a5c16d3a08b973e0a3da4286ecb996773069cf3476db7556958e37e07586139658b725112b19b15a51fde32f93c1c2557f8b4b10ebc59cd963394c8b303f0f2f454373519d5f4d1a3311b69e601e790b449f2c40df6078f4160a6f6bf03449fffaba6b8810ce823b9f8498ab89c5aec6a3e9f9d3c86860af509bca3c0eeb3d660a05a8f4e36f790a4ead31b2ce61ec90ce3cde5ead129f3d1dda46436d2b91969312b44e32271fd8d053ebf45613eaca60666f332dd5feb3f", &(0x7f0000000300)="2b6429bf7e4e018171085c430614243964bcb29357685e51ecbf82f62c998d4b365eddd40a6298e00471027b8bc1d2e88a2f7a07c061b1933c0fa890f00ad8c9d6a5725c5dde03650ebe617a25b695f99ce2a0a934d36031fec04ff26e8abe1300ca06307516111500c4072a033f949caed16d5272eece9e6742faa36276f2e28b94ce427a1a8a4491c09424f9aa1620bec41e4505f3563148b3db84b6bfdc4132c14ccd34186db2c72a448f1ed33f941ffca9ded78ee8603dc8bb12f2c8fc", &(0x7f00000003c0)="a23464e7001f7bfc7dc1c7b7a85435668d180a1f2158131280c65b7e126f4105c99677aaefa0068b123b916a975a0bbb1f7389c34924f17a97da2984517c645ad12d533beb676d9ea37901550f", &(0x7f0000000440)="81e6c81135276bc6615f1138428ae3a045538e41cc8215e6be3e1112c63f7558b85914558ff8480430c92fd0710567ba5075bb98d89a08012a00d580c50fba1761f1d32748998884b13c68757555f305dae5285f4c85a7c3adc0", &(0x7f00000004c0)="f3a83f2dabbdbd47219356c4cc8530c64a31b6cdfd30c82eb2d12cc20d0476013a3a0c585db0c1b7152d54013832dc4307ab108878a21bc6f7bde0f1e6c25be84b0dcc29c0d3d00bb5207e7faee8015247ed80360e6949dffa11d8dd6131d0faf6dff873f92d19980edcd5ca13f45b7f5c572558816c42553b2d08e423f876e7f97129957de0696efc960d1b539c37"]})
syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_phy_link_complete={{}, {0x81, 0xc9}}}, 0x4)

10:24:37 executing program 4:
bpf$MAP_CREATE(0x14000000, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40)

10:24:37 executing program 3:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_num_comp_pkts={{0x13, 0x1}}}, 0x4)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x1a, 0x80000000, 0x3ff, 0x4, 0x84, 0xffffffffffffffff, 0x101, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x4}, 0x40)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0), 0x101000, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000080), &(0x7f0000000100)=@tcp=r1, 0x1}, 0x20)
socket$nl_generic(0x10, 0x3, 0x10)
openat$incfs(r1, &(0x7f0000000080)='.log\x00', 0x581000, 0x1d1)

10:24:37 executing program 5:
syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x3b)
syz_emit_vhci(&(0x7f0000019040)=@HCI_SCODATA_PKT={0x3, {0xc8, 0xa5}, "98ec417ec7d2e559a8a6561834c3e1a616505d53e3cf27af6e6d01d840e1517c865d7f7682f317440760bdb9151b9760180ab544f8e384dc31c9537044acca111edaf0798ef04508e97a281749620f2fa92e370bf18b4a091b25c6d0bca61e0a088abd2965443a0d0920a607275c10f6b1972b8d25c38906720f5bf1b839b69c21eb6e9e856494c3ce090877ec92f1cef45063e3c1ef9e41b13906a51987916d23fd802b3e"}, 0xa9)
shmctl$SHM_STAT_ANY(0x0, 0xf, &(0x7f0000000000)=""/102400)

[ 3361.231798][ T6375] =====================================================
[ 3361.238874][ T6375] BUG: KMSAN: uninit-value in hci_phy_link_complete_evt+0x1a9/0x8b0
[ 3361.246879][ T6375]  hci_phy_link_complete_evt+0x1a9/0x8b0
[ 3361.252557][ T6375]  hci_event_packet+0x893/0x22e0
[ 3361.257516][ T6375]  hci_rx_work+0x6ae/0xd10
[ 3361.262110][ T6375]  process_one_work+0xdc7/0x1760
[ 3361.267143][ T6375]  worker_thread+0x1101/0x22b0
[ 3361.272015][ T6375]  kthread+0x66b/0x780
[ 3361.276095][ T6375]  ret_from_fork+0x1f/0x30
[ 3361.280676][ T6375] 
[ 3361.283006][ T6375] Uninit was created at:
[ 3361.287532][ T6375]  __kmalloc_node_track_caller+0x8d2/0x1340
[ 3361.293438][ T6375]  __alloc_skb+0x4db/0xe40
[ 3361.297867][ T6375]  vhci_write+0x182/0x8f0
[ 3361.302214][ T6375]  vfs_write+0x1295/0x1f20
[ 3361.306646][ T6375]  ksys_write+0x28c/0x520
[ 3361.311058][ T6375]  __x64_sys_write+0xdb/0x120
[ 3361.315838][ T6375]  do_syscall_64+0x54/0xd0
[ 3361.320259][ T6375]  entry_SYSCALL_64_after_hwframe+0x44/0xae
10:24:37 executing program 0:
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
ioctl$SNAPSHOT_FREE(r0, 0x3305)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYRES16], 0x3b)
r1 = syz_open_dev$vivid(&(0x7f0000000a80), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f0000000b40)={0x0, 0x4, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'U]N8'}, 0x0, 0x0, @planes=0x0})
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000200)={<r2=>0x0, 0x5, 0x8, 0x1})
ioctl$BTRFS_IOC_GET_DEV_STATS(r1, 0xc4089434, &(0x7f0000000600)={r2, 0x6, 0x1, [0x1, 0x7, 0x40, 0x7fffffff], [0x9, 0xc8, 0x7, 0x7f, 0x401, 0x7a4, 0xe3e, 0x6, 0xb6, 0x700c, 0x5, 0xffffffffffffffff, 0x8, 0x40, 0x2, 0xcb62, 0x2, 0x7fffffff, 0x3, 0x1, 0x8000, 0x1e01, 0x6, 0x7, 0x2, 0xa10, 0x217b, 0xff, 0x80, 0x80000000, 0x0, 0x1, 0x701, 0x100000000, 0x0, 0x5, 0x9, 0x6, 0x5, 0x4, 0xff, 0x1, 0x0, 0xffffffff, 0xa8, 0x0, 0x3, 0x6, 0x6, 0x101, 0x0, 0x101, 0x7fffffff, 0x99a, 0xd9c, 0x8, 0x7fffffff, 0x2, 0x7, 0xfffffffffffffff8, 0x8, 0x9, 0x8, 0x10001, 0x1, 0x8001, 0x5, 0xfff, 0x1, 0x7, 0xffffffff, 0x6, 0x4b, 0x4, 0x200, 0x9, 0x6, 0x401a, 0x8, 0x8000, 0x9, 0x800, 0x7, 0x5, 0x6, 0x7122, 0x10000, 0x4, 0xffff, 0x2, 0xffc0000000000000, 0x7fffffff, 0x4, 0x4d88c360, 0x1, 0x8, 0x8, 0x3, 0x7, 0xfffffffffffffeff, 0x6, 0x7, 0x8, 0x10000, 0x2, 0x2, 0xfffffffffffffbff, 0xffff, 0x0, 0x7, 0x0, 0x4a, 0x4, 0x9, 0x1, 0x6, 0xd2, 0x1, 0x2, 0x1, 0x401]})

[ 3361.326186][ T6375] =====================================================
[ 3361.333203][ T6375] Disabling lock debugging due to kernel taint
[ 3361.341756][ T6375] Kernel panic - not syncing: panic_on_kmsan set ...
[ 3361.348447][ T6375] CPU: 1 PID: 6375 Comm: kworker/u5:1 Tainted: G    B             5.15.0-rc2-syzkaller #0
[ 3361.358353][ T6375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3361.368421][ T6375] Workqueue: hci1 hci_rx_work
[ 3361.373128][ T6375] Call Trace:
[ 3361.376411][ T6375]  dump_stack_lvl+0x1ff/0x28e
[ 3361.381101][ T6375]  dump_stack+0x25/0x28
[ 3361.385273][ T6375]  panic+0x44f/0xdeb
[ 3361.389264][ T6375]  ? add_taint+0x187/0x210
[ 3361.393745][ T6375]  ? add_taint+0x187/0x210
[ 3361.398183][ T6375]  kmsan_report+0x2ee/0x300
[ 3361.402784][ T6375]  ? hci_rx_work+0x7f4/0xd10
[ 3361.407392][ T6375]  ? __msan_warning+0xa9/0xf0
[ 3361.412087][ T6375]  ? hci_phy_link_complete_evt+0x1a9/0x8b0
[ 3361.417916][ T6375]  ? hci_event_packet+0x893/0x22e0
[ 3361.423043][ T6375]  ? hci_rx_work+0x6ae/0xd10
[ 3361.427651][ T6375]  ? process_one_work+0xdc7/0x1760
[ 3361.432780][ T6375]  ? worker_thread+0x1101/0x22b0
[ 3361.437734][ T6375]  ? kthread+0x66b/0x780
[ 3361.441995][ T6375]  ? ret_from_fork+0x1f/0x30
[ 3361.446610][ T6375]  ? kmsan_internal_unpoison_memory+0x10/0x20
[ 3361.452705][ T6375]  ? kmsan_get_metadata+0x11b/0x180
[ 3361.457930][ T6375]  __msan_warning+0xa9/0xf0
[ 3361.462451][ T6375]  hci_phy_link_complete_evt+0x1a9/0x8b0
[ 3361.468107][ T6375]  ? __msan_instrument_asm_store+0x131/0x170
[ 3361.474207][ T6375]  hci_event_packet+0x893/0x22e0
[ 3361.479169][ T6375]  hci_rx_work+0x6ae/0xd10
[ 3361.483631][ T6375]  ? hci_alloc_dev_priv+0x2aa0/0x2aa0
[ 3361.489029][ T6375]  process_one_work+0xdc7/0x1760
[ 3361.494007][ T6375]  worker_thread+0x1101/0x22b0
[ 3361.498788][ T6375]  ? kmsan_get_metadata+0x11b/0x180
[ 3361.503999][ T6375]  kthread+0x66b/0x780
[ 3361.508073][ T6375]  ? worker_clr_flags+0x370/0x370
[ 3361.513109][ T6375]  ? kthread_blkcg+0x120/0x120
[ 3361.517881][ T6375]  ret_from_fork+0x1f/0x30
[ 3361.522542][ T6375] Kernel Offset: disabled
[ 3361.526851][ T6375] Rebooting in 86400 seconds..