# https://syzkaller.appspot.com/bug?id=7b765435e0b3227e40a8aab0cca847af63ca637a
# See https://goo.gl/kgGztJ for information about syzkaller reproducers.
#{Threaded:false Collide:false Repeat:true Procs:1 Sandbox: Fault:false FaultCall:-1 FaultNth:0 EnableTun:false UseTmpDir:true HandleSegv:false WaitRepeat:true Debug:false Repro:false}
r0 = socket(0x40000000015, 0x5, 0x0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00006dbffc), 0x4)
r1 = dup3(r0, r0, 0x80000)
ioctl$ASHMEM_GET_PIN_STATUS(r1, 0x7709, 0x0)
bind$inet(r0, &(0x7f00008a5ff0)={0x2, 0x0, @loopback=0x7f000001}, 0x10)
sendto$inet(r0, &(0x7f0000f7db7f)="ba671368d1010000004900000001000000018be49e9301442865319997d0efdb2f54b6a10c7327757482bfce945c2a91fb8dfafc1d3f56bc543ab87321e12cca08a744a2d128b00634bc882151d36809229a96bc3437ef159489384ade077ba295eac2882dbfd3781dd4d4e609c42628dbb709b3eb1fa030009045dd98b9e6d77b6cec9ceb685595d43995e0f04c32260943add79831e661c6a351dedc8b9d220fbf9fb6e44fb6a629ce9a82025124fec9f3ee751f7da0cd7e799be88ddbdac20b48e890ff81d7fa28c2d017d7932f2569038740461accd4582f576e4fdb6150a3399f8266bc19eb943648ad1ad81420ed6c382436e474390c8995e829e4f9df43eed85a60b9ee254e31eb62900857fa134e76cc64880334adbff069a2e5e647d2ed36a96b23834b6f6ca6b8113baf4cf30347fbb7ffc30aea99872cc0dba03b07d3347b2d257edbe2733c26b7337a79962d8ce85469e3bcbe0e4a48a6ae69d13f2d4b5155b390ef67aa714b82b6313ee277cb8986eca5db2e97cb1ae2243bba80274f614ece521baef443394b4c161cb9ae926e21892578b49cfd6efe1cb1572148c10d92218ed73ec116a18de80ac42d2726a4523a764fc6dc356c5fbbf9d2c947ae3bc9a3dc76099f3257c8d5952876151b0326d8cb1d5683ee4ab5ded9a34c00ac1b03f34627ec18a7c2e92c87b7896549cfab5eb55fa85a970994bd4b22b5f0d045e241256d06f485a47b4a55ed389bc1734541232cd41908b5cfa4b8fcfcafce500a0c7ae99767713a98e7927aa69f6ccd7daea62f19ceb82559f41899c9a9aee99113e7e64b5f8b9824be9fdbfa4dd4995673d882bb4daeb64413b334e114965d2ba3cea8051e692508701b9400cb12eae457f8b8549944091b729160939918d8fcae611a48ed665f770db637487a236da1a58ba7566668651a77171fc4fe506496d19059343dbe4f426625d3f2b705f54581372361770bf5a9098a9fafefaf546426b294239ac33e3186e4d58ad2fa995a6ad4dc074e7cca11aead109563b2076c7c6e9f57ec63df960804e2e7f9d8444de9550cca3df7834d864e9777291c2e1f6205de2e43dc995ab8bb1515a365efc2830fa3e7a1dd137f550d6035212bc1f51c3b4ceea430df49ffc9210084ef156ad7e0d219efd6c116693735b44521d389969a3a65617cd2fd6e14060601cee4cd054cf36fe048b57d1d9ee3cad2a73552449926b4a6b03fbe9c0ec68357e1fbe52ed77b67f5870c0aefb7ee8236747e0d67a26725fb515544cbbe8464da94cfd8c0b94bb4e51a263b1749bd0a7cf651931f806d1b928d1f9994f1ad4d50e6a5cd7a8e4e687f8564fdacc864013d095ba9d5709eced3c28eabda476d177a7836400a01e02beed5a6636d4064fdda344967ad8682d14b87c71727cb66be27d1d39191f4223c545b62fb5d60262ba8076a65dbc194cee1df846c584b7bbe9dce6e6895b2cbbb64b03b55548b845cc3de2f939ef918421af9a5e9157e837651245299c03992d0ddee06bd22a31522aca0f309b1feccebc0b1c0ed9d21c19bfd15cd313ff64394fd6a10904890c9f6d646b026f27253e8f584c3ffd20ad67e8b62ed7676706d40bc5c80e376980b81", 0x481, 0x0, &(0x7f000069affb)={0x2, 0x0, @loopback=0x7f000001}, 0x10)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f0000000000)={0x6}, 0x1)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x2, @local={0xac, 0x14, 0x0, 0xaa}}, 0x10)
getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000000)={<r2=>0x0, 0x5}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000080)={r2, 0xbb, 0x597a}, 0x8)
r3 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x80, 0x0)
ioctl$KVM_SET_CPUID(r3, 0x4008ae8a, &(0x7f0000000100)={0x4, 0x0, [{0x40000001, 0xfffffffffffffff8, 0x4b5, 0xff, 0x6}, {0xc0000001, 0x5, 0x100, 0xbdf, 0x3f}, {0xc000000f, 0x5, 0x6, 0x8001, 0x3}, {0xc0000019, 0x0, 0x4, 0x800, 0x2}]})
r4 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r0, &(0x7f0000f24000))
readv(r0, &(0x7f00007af000)=[{&(0x7f0000dd0fe6)=""/26, 0x1a}], 0x1)
openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x101100, 0x0)
ioctl$LOOP_SET_STATUS(0xffffffffffffffff, 0x4c02, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x16, 0x10, "48aaeb46476697e0da053a1e15570810420c0e074d47e4e135ffef1867ebdcc158d572874882f55f1d4791e2e9342f1dcd0c63d6b98e7d0745786f56310b8d4c", "54800f470a86bc8510f3ec376e46d31626d0ceaecf9874c15c32206765ab9ee9", [0x8, 0x6]})
getsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0xb)
socket$l2tp(0x18, 0x1, 0x1)
r5 = socket$inet(0x2, 0x2, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffffffff, 0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$l2tp(0xffffffffffffffff, &(0x7f0000e92000)=@pppol2tpv3={0x18, 0x1, {0x0, r5, {0x2, 0x1, @remote={0xac, 0x14, 0x0, 0xbb}}, 0x2, 0x0, 0x4}}, 0x2e)
mmap$binder(&(0x7f00000d8000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x57)
r6 = socket$can_bcm(0x1d, 0x2, 0x2)
sendmsg$can_raw(r6, &(0x7f0000001fc8)={&(0x7f0000010000)={0x1d}, 0xb, &(0x7f0000017ff0)={&(0x7f0000007000)=@canfd={{0x1}, 0x23, 0x0, 0x0, 0x0, "0327e19a2b0100000000000000f9030008990039966a7d5cb2bd00000000000000000007496e6866856b76b5010000000000000000060000000118fa1efd9b0b"}, 0x48}, 0x1}, 0x0)
accept4(r6, &(0x7f0000000000)=@vsock={0x0, 0x0, 0x0, @hyper}, &(0x7f0000000040)=0x10, 0x80800)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000004fc0)={0x9, 0xffffffffffffff9c})
r7 = socket$inet(0x2, 0x80001, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r7, 0x0, 0x40, &(0x7f0000000080)=@nat={'nat\x00', 0x1b, 0x5, 0x3e0, 0x16c, 0xa4, 0xffffffff, 0x16c, 0x16c, 0x34c, 0x34c, 0xffffffff, 0x34c, 0x34c, 0x5, &(0x7f0000000000), {[{{@uncond, 0x0, 0x70, 0xa4, 0x0, {}, []}, @SNAT0={0x34, 'SNAT\x00', 0x0, {0x1, {0x0, @multicast1=0xe0000001, @multicast1=0xe0000001, @port, @gre_key}}}}, {{@uncond, 0x0, 0x94, 0xc8, 0x0, {}, [@common=@inet=@socket1={0x24, 'socket\x00', 0x1}]}, @DNAT0={0x34, 'DNAT\x00', 0x0, {0x1, {0x0, @multicast1=0xe0000001, @dev={0xac, 0x14}, @icmp_id, @port}}}}, {{@ip={@multicast1=0xe0000001, @remote={0xac, 0x14, 0x0, 0xbb}, 0x0, 0x0, @syzn={0x73, 0x79, 0x7a}, @generic="d6f81fdf62da82eab014f97265d0ca68", {}, {0xff}}, 0x0, 0x94, 0xc8, 0x0, {}, [@common=@inet=@set1={0x24, 'set\x00', 0x1}]}, @NETMAP={0x34, 'NETMAP\x00', 0x0, {0x1, {0x0, @rand_addr, @rand_addr, @port, @icmp_id}}}}, {{@uncond, 0x0, 0xe4, 0x118, 0x0, {}, [@common=@icmp={0x24, 'icmp\x00'}, @common=@osf={0x50, 'osf\x00', 0x0, {'syz0\x00'}}]}, @SNAT0={0x34, 'SNAT\x00', 0x0, {0x1, {0x0, @multicast2=0xe0000002, @broadcast=0xffffffff, @port, @port}}}}], {{[], 0x0, 0x70, 0x94}, {0x24, '\x00', 0x0, 0xfffffffffffffffe}}}}, 0x43c)
perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f0000000100)={0x5958, 0x4, 0x1000, 0x0, 0xfffffffffffffffb, 0x4, 0x8, 0xe7, 0x7fff, 0x1000, 0x40, 0x1, 0x0, 0x7fffffff, 0x7, 0x7f, 0x4, 0x94, 0x5})
ioctl$KVM_SET_GUEST_DEBUG(0xffffffffffffffff, 0x4048ae9b, &(0x7f0000000100)={0x10001, 0x0, [0x9, 0x3e0000000, 0xffffffffffffffff, 0x9, 0x1ff, 0x40, 0x6, 0xcc]})
ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0086426, &(0x7f0000000180)={0x6, &(0x7f00000000c0)=[{}, {}, {}, {}, {}, {}]})
syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0x1, 0x40040)
r8 = socket(0x10, 0x3, 0x0)
socketpair$packet(0x11, 0x3, 0x300, &(0x7f0000000000)={<r9=>0x0})
setsockopt$inet6_icmp_ICMP_FILTER(r8, 0x1, 0x1, &(0x7f0000000000)={0xb24}, 0x4)
sendto(r9, &(0x7f0000000040)="4c63d701cde67bf39cd6fa04be9bafbea0640c4f9d49536fa2b78695", 0x1c, 0x10, &(0x7f0000000080)=@nfc_llcp={0x27, 0x4, 0x7, 0x0, 0xfc8b, 0x8, "5c4202ac718209d46ee0e834e3b4704f8c7a282d6ccfb027b63b76904bf0b7c468c45c0f60c53dff0933695dfc656b22ddd79efd950f31809446d40c9b8ef9", 0xed5}, 0x58)
socketpair(0x4, 0x801, 0xcb, &(0x7f0000000000)={<r10=>0x0, <r11=>0x0})
ioctl$EVIOCREVOKE(r10, 0x40044591, &(0x7f0000000040)=0x120000000000)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000e02000)={@syzn={0x73, 0x79, 0x7a}, <r12=>0x0})
ioctl$SIOCSIFHWADDR(r10, 0x8924, &(0x7f0000000080)={@syzn={0x73, 0x79, 0x7a, 0x0}, @ifru_flags=0x2})
sendmsg$nl_route(r11, &(0x7f00009e7000)={&(0x7f000077a000)={0x10, 0x0, 0x0, 0x4400000}, 0xc, &(0x7f00009ceff0)={&(0x7f0000000080)=@newneigh={0x24, 0x1c, 0x211, 0xffffffffffffffff, 0xffffffffffffffff, {0x2, 0x0, 0x0, r12}, [@NDA_DST_IPV4={0x8, 0x1, @loopback=0x7f000001}]}, 0x24}, 0x1}, 0x0)
r13 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000180)='/dev/hwrng\x00', 0x80, 0x0)
setsockopt$netrom_NETROM_T1(r11, 0x103, 0x1, &(0x7f00000010c0), 0x4)
sendmsg$can_bcm(r13, &(0x7f0000000140)={&(0x7f0000000040)={0x1d, r12}, 0x10, &(0x7f0000000100)={&(0x7f0000000080)={0x5, 0x100, 0x9ca, {0x77359400}, {}, {0x2, 0x5, 0x5, 0x6}, 0x1, @canfd={{0x3, 0x1, 0x5, 0x1}, 0x6, 0x2, 0x0, 0x0, "cb9ffba0d7642609424d8d049add3f5556a448404669c72de45de00ba2707cad77abfbad37a4428fcc0efcd76c16f0006201f888dd92c4dbdbad5c2d631a3833"}}, 0x6c}, 0x1, 0x0, 0x0, 0x20000001}, 0x40)
syz_open_dev$sndpcmc(&(0x7f0000001140)='/dev/snd/pcmC#D#c\x00', 0x1f914add, 0x42600)
r14 = openat$vnet(0xffffffffffffff9c, &(0x7f00003c6ff1)='/dev/vhost-net\x00', 0x2, 0x0)
ioctl$int_in(r14, 0xaf01, &(0x7f0000c97ff8))
ioctl$VHOST_SET_MEM_TABLE(r14, 0x4008af03, &(0x7f0000fd3000)={0x6, 0x0, [{0x0, 0xa6, &(0x7f000042af5a)=""/166}, {0x0, 0xcf, &(0x7f00001a2000)=""/207}, {0x0, 0x5d3490f7f8629b88, &(0x7f00003c9fec)=""/20}, {0x0, 0x15, &(0x7f0000384000)=""/21}, {0x0, 0xc2, &(0x7f000051e000)=""/194}, {0x0, 0x5, &(0x7f0000421000)=""/241}]})
ioctl$VHOST_NET_SET_BACKEND(r14, 0x4008af30, &(0x7f0000d7c000)={0x0, 0xffffffffffffffff})
r15 = dup(r14)
setsockopt$ARPT_SO_SET_REPLACE(r15, 0x0, 0x60, &(0x7f0000000040)={'filter\x00', 0x7, 0x4, 0x3e8, 0x0, 0x1f4, 0x1f4, 0x304, 0x304, 0x304, 0x4, &(0x7f0000000000), {[{{@arp={@local={0xac, 0x14, 0x0, 0xaa}, @local={0xac, 0x14, 0x0, 0xaa}, 0xffffff00, 0xffffffff, @empty, {[0xff, 0x0, 0xff, 0x0, 0xff]}, @empty, {[0xff, 0x0, 0xff, 0xff, 0xff]}, 0xfffffffffffffff8, 0x1ff, 0x7, 0x6, 0xfffffffffffff001, 0x1, @syzn={0x73, 0x79, 0x7a, 0x0}, @generic="51de7dccdac9b3eaa416d06704f748a7", {0x1675e3f80160d564}, {}, 0x0, 0x20}, 0xc0, 0xe4}, @unspec=@NFQUEUE1={0x24, 'NFQUEUE\x00', 0x1, {0x3, 0x4}}}, {{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@empty, @empty, @empty, @dev={0xac, 0x14, 0x0, 0xe}, 0x2}}}, {{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@local={[0xaa, 0xaa, 0xaa, 0xaa], 0x0, 0xaa}, @multicast2=0xe0000002, @dev={0xac, 0x14, 0x0, 0xf}, 0xf, 0x1}}}], {{[], 0xc0, 0xe4}, {0x24, '\x00', 0x0, 0xfffffffffffffffe}}}}, 0x434)
r16 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000240)='/dev/qat_adf_ctl\x00', 0xfe, 0x0)
ioctl$TUNSETIFINDEX(r16, 0x400454da, &(0x7f0000000040)=0x2)
epoll_create1(0x80000)
ioctl$PERF_EVENT_IOC_SET_FILTER(r16, 0x40042406, &(0x7f0000000080)='/dev/qat_adf_ctl\x00')
mkdir(&(0x7f0000632000)='./file0\x00', 0x0)
mount(&(0x7f000087a000)='./file0\x00', &(0x7f0000014ff8)='./file0\x00', &(0x7f0000014000)='proc\x00', 0x0, &(0x7f0000000000)='j')
execveat(0xffffffffffffffff, &(0x7f0000fd5000)='./file0\x00', &(0x7f0000393fc8)=[], &(0x7f0000000000)=[&(0x7f0000fd5000)="6e65742f0c0000000000040000"], 0x0)
r17 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x20, 0x400000)
r18 = socket$llc(0x1a, 0x3, 0x0)
r19 = accept4$vsock_stream(0xffffffffffffff9c, &(0x7f0000000080)={0x28, 0x0, 0xfffffffd, @any=0xffffffff}, 0x10, 0x7ff)
poll(&(0x7f0000000100)=[{r17, 0x200}, {0xffffffffffffffff, 0x80}, {r18, 0x8}, {r19, 0x1000}, {0xffffffffffffffff, 0x4}], 0x5, 0x200)
perf_event_open(&(0x7f000000a000)={0x2, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, @perf_config_ext={0xffffffffffffffff}, 0x200000400, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mkdir(&(0x7f0000935000)='./file0\x00', 0x0)
perf_event_open(&(0x7f0000d2af88)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
getsockopt$ax25_int(0xffffffffffffffff, 0x101, 0x7, &(0x7f0000000040), &(0x7f0000000080)=0x4)
ftruncate(0xffffffffffffffff, 0x0)