)
ptrace$setopts(0x4200, r5, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r6 = socket$inet6(0xa, 0x400000000001, 0x0)
r7 = getpid()
process_vm_writev(r7, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
r8 = dup(r6)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000002c0)={<r9=>0x0, @in6={{0xa, 0x4e20, 0x5, @ipv4={[], [], @loopback}, 0x5}}, 0x1000, 0x3f, 0x3, 0x0, 0x8}, &(0x7f0000000380)=0x98)
setsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000003c0)={r9, 0x4}, 0x8)
setsockopt$inet6_tcp_int(r8, 0x6, 0xa, &(0x7f00007b1000)=0x81, 0x4)
bind$inet6(r6, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c)
connect$pptp(0xffffffffffffffff, 0x0, 0x0)
sendto$inet6(r6, 0x0, 0x0, 0x20000005, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
r10 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0)
ftruncate(r10, 0x7fff)
setsockopt$inet6_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x4)

00:14:06 executing program 3:
r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cachefiles\x00', 0x1, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
write$P9_RMKDIR(r0, 0x0, 0x0)

00:14:06 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x400000000, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
r1 = gettid()
process_vm_writev(r1, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1f80}], 0x32f, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x2034afa5}], 0x1, 0x0)
close(r0)

00:14:06 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000100))
r0 = gettid()
process_vm_writev(r0, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1f80}], 0x32f, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x2034afa5}], 0x1, 0x0)
close(0xffffffffffffffff)

00:14:06 executing program 3:
r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cachefiles\x00', 0x1, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
write$P9_RMKDIR(r0, 0x0, 0x0)

00:14:06 executing program 3:
r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cachefiles\x00', 0x1, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
write$P9_RMKDIR(r0, 0x0, 0x0)

00:14:06 executing program 5:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x800000000086, 0x0, &(0x7f0000000100)={0x77359400}, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r0, 0x1000000000016)

00:14:06 executing program 3:
r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cachefiles\x00', 0x1, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b0")
write$P9_RMKDIR(r0, 0x0, 0x0)

00:14:07 executing program 3:
r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cachefiles\x00', 0x1, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b0")
write$P9_RMKDIR(r0, 0x0, 0x0)

00:14:07 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rfkill\x00', 0x0, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
r1 = gettid()
process_vm_writev(r1, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1f80}], 0x32f, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x2034afa5}], 0x1, 0x0)
close(r0)

00:14:07 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$eventfd(r1, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r4, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000080)=<r5=>0x0)
ptrace$setopts(0x4200, r5, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r6 = socket$inet6(0xa, 0x400000000001, 0x0)
r7 = getpid()
process_vm_writev(r7, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
r8 = dup(r6)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000002c0)={<r9=>0x0, @in6={{0xa, 0x4e20, 0x5, @ipv4={[], [], @loopback}, 0x5}}, 0x1000, 0x3f, 0x3, 0x0, 0x8}, &(0x7f0000000380)=0x98)
setsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000003c0)={r9, 0x4}, 0x8)
setsockopt$inet6_tcp_int(r8, 0x6, 0xa, &(0x7f00007b1000)=0x81, 0x4)
bind$inet6(r6, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c)
connect$pptp(0xffffffffffffffff, 0x0, 0x0)
sendto$inet6(r6, 0x0, 0x0, 0x20000005, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
r10 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0)
ftruncate(r10, 0x7fff)

00:14:07 executing program 3:
r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cachefiles\x00', 0x1, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b0")
write$P9_RMKDIR(r0, 0x0, 0x0)

00:14:07 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000100))
r0 = gettid()
process_vm_writev(r0, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1f80}], 0x32f, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x2034afa5}], 0x1, 0x0)
close(0xffffffffffffffff)

[ 2456.849524][T15654] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[ 2456.903808][T15654] CPU: 0 PID: 15654 Comm: syz-executor.1 Not tainted 5.0.0+ #20
[ 2456.911523][T15654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2456.921612][T15654] Call Trace:
[ 2456.924917][T15654]  dump_stack+0x172/0x1f0
[ 2456.929265][T15654]  dump_header+0x10f/0xb6c
[ 2456.933698][T15654]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 2456.939525][T15654]  ? ___ratelimit+0x60/0x595
[ 2456.944130][T15654]  ? do_raw_spin_unlock+0x57/0x270
[ 2456.949271][T15654]  oom_kill_process.cold+0x10/0x15
[ 2456.954421][T15654]  out_of_memory+0x79a/0x1280
[ 2456.959201][T15654]  ? lock_downgrade+0x880/0x880
[ 2456.964082][T15654]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2456.970341][T15654]  ? oom_killer_disable+0x280/0x280
[ 2456.975572][T15654]  ? find_held_lock+0x35/0x130
[ 2456.980533][T15654]  mem_cgroup_out_of_memory+0x1ca/0x230
[ 2456.986092][T15654]  ? memcg_event_wake+0x230/0x230
[ 2456.991145][T15654]  ? do_raw_spin_unlock+0x57/0x270
[ 2456.996292][T15654]  ? _raw_spin_unlock+0x2d/0x50
[ 2457.001162][T15654]  try_charge+0x102c/0x15c0
[ 2457.005675][T15654]  ? find_held_lock+0x35/0x130
[ 2457.011164][T15654]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[ 2457.017257][T15654]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2457.023523][T15654]  ? kasan_check_read+0x11/0x20
[ 2457.028415][T15654]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[ 2457.034001][T15654]  mem_cgroup_try_charge+0x24d/0x5e0
[ 2457.039308][T15654]  mem_cgroup_try_charge_delay+0x1f/0xa0
[ 2457.044958][T15654]  __handle_mm_fault+0x1e1f/0x3ec0
[ 2457.050113][T15654]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2457.055691][T15654]  ? find_held_lock+0x35/0x130
[ 2457.060478][T15654]  ? handle_mm_fault+0x322/0xb30
[ 2457.065457][T15654]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2457.071721][T15654]  ? kasan_check_read+0x11/0x20
[ 2457.076590][T15654]  handle_mm_fault+0x43f/0xb30
[ 2457.081373][T15654]  __get_user_pages+0x7b6/0x1a40
[ 2457.086608][T15654]  ? follow_page_mask+0x19a0/0x19a0
[ 2457.092183][T15654]  ? kasan_check_write+0x14/0x20
[ 2457.097140][T15654]  ? __mutex_unlock_slowpath+0xf8/0x6b0
[ 2457.102722][T15654]  get_user_pages_remote+0x21d/0x440
[ 2457.108216][T15654]  process_vm_rw_core.isra.0+0x464/0xb10
[ 2457.113874][T15654]  ? alloc_vmap_area.cold+0x24/0x24
[ 2457.119093][T15654]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2457.125347][T15654]  ? _copy_from_user+0xdd/0x150
[ 2457.130244][T15654]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[ 2457.136175][T15654]  ? rw_copy_check_uvector+0x2a6/0x330
[ 2457.141660][T15654]  process_vm_rw+0x21f/0x240
[ 2457.146272][T15654]  ? process_vm_rw_core.isra.0+0xb10/0xb10
[ 2457.152101][T15654]  ? __might_fault+0x12b/0x1e0
[ 2457.156901][T15654]  ? kasan_check_read+0x11/0x20
[ 2457.161761][T15654]  ? _copy_to_user+0xc9/0x120
[ 2457.166447][T15654]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2457.172710][T15654]  ? nsecs_to_jiffies+0x30/0x30
[ 2457.177594][T15654]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 2457.183080][T15654]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 2457.188572][T15654]  ? do_syscall_64+0x26/0x610
[ 2457.193282][T15654]  __x64_sys_process_vm_writev+0xe3/0x1a0
[ 2457.199036][T15654]  do_syscall_64+0x103/0x610
[ 2457.203648][T15654]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2457.209553][T15654] RIP: 0033:0x457f29
[ 2457.213455][T15654] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 2457.233159][T15654] RSP: 002b:00007f4e0a86bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000137
[ 2457.242379][T15654] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457f29
00:14:07 executing program 3:
openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cachefiles\x00', 0x1, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
write$P9_RMKDIR(0xffffffffffffffff, 0x0, 0x0)

[ 2457.255229][T15654] RDX: 000000000000032f RSI: 0000000020c22000 RDI: 0000000000002427
[ 2457.263219][T15654] RBP: 000000000073bf00 R08: 0000000000000001 R09: 0000000000000000
[ 2457.271211][T15654] R10: 0000000020c22fa0 R11: 0000000000000246 R12: 00007f4e0a86c6d4
[ 2457.280729][T15654] R13: 00000000004c4a55 R14: 00000000004d8358 R15: 00000000ffffffff
[ 2457.371143][T15654] memory: usage 307200kB, limit 307200kB, failcnt 3140
[ 2457.385555][T15654] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2457.394332][T15654] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2457.403009][T15654] Memory cgroup stats for /syz1: cache:8KB rss:249024KB rss_huge:219136KB shmem:136KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:249196KB inactive_file:4KB active_file:0KB unevictable:0KB
[ 2457.426669][T15654] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=15653,uid=0
[ 2457.442590][T15654] Memory cgroup out of memory: Killed process 15653 (syz-executor.1) total-vm:72444kB, anon-rss:5840kB, file-rss:34944kB, shmem-rss:0kB
[ 2457.459936][ T1043] oom_reaper: reaped process 15653 (syz-executor.1), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB
00:14:08 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, 0x0, 0x0, 0x0, 0x0)

00:14:08 executing program 5:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x800000000086, 0x0, &(0x7f0000000100)={0x77359400}, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r0, 0x1000000000016)

00:14:08 executing program 3:
openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cachefiles\x00', 0x1, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
write$P9_RMKDIR(0xffffffffffffffff, 0x0, 0x0)

00:14:08 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rfkill\x00', 0x0, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
r1 = gettid()
process_vm_writev(r1, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1f80}], 0x32f, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x2034afa5}], 0x1, 0x0)
close(r0)

00:14:08 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$eventfd(r1, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r4, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000080)=<r5=>0x0)
ptrace$setopts(0x4200, r5, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r6 = socket$inet6(0xa, 0x400000000001, 0x0)
r7 = getpid()
process_vm_writev(r7, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
r8 = dup(r6)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000002c0)={<r9=>0x0, @in6={{0xa, 0x4e20, 0x5, @ipv4={[], [], @loopback}, 0x5}}, 0x1000, 0x3f, 0x3, 0x0, 0x8}, &(0x7f0000000380)=0x98)
setsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000003c0)={r9, 0x4}, 0x8)
setsockopt$inet6_tcp_int(r8, 0x6, 0xa, &(0x7f00007b1000)=0x81, 0x4)
bind$inet6(r6, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c)
connect$pptp(0xffffffffffffffff, 0x0, 0x0)
sendto$inet6(r6, 0x0, 0x0, 0x20000005, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0)

00:14:08 executing program 3:
openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cachefiles\x00', 0x1, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
write$P9_RMKDIR(0xffffffffffffffff, 0x0, 0x0)

00:14:08 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x400000000, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
process_vm_writev(0x0, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1f80}], 0x32f, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x2034afa5}], 0x1, 0x0)
close(r0)

00:14:08 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x400000000, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
process_vm_writev(0x0, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1f80}], 0x32f, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x2034afa5}], 0x1, 0x0)
close(r0)

[ 2457.774609][T15684] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[ 2457.822844][T15684] CPU: 1 PID: 15684 Comm: syz-executor.1 Not tainted 5.0.0+ #20
[ 2457.830557][T15684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2457.840728][T15684] Call Trace:
[ 2457.844047][T15684]  dump_stack+0x172/0x1f0
[ 2457.848428][T15684]  dump_header+0x10f/0xb6c
[ 2457.852872][T15684]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 2457.858701][T15684]  ? ___ratelimit+0x60/0x595
[ 2457.863316][T15684]  ? do_raw_spin_unlock+0x57/0x270
[ 2457.868454][T15684]  oom_kill_process.cold+0x10/0x15
[ 2457.873599][T15684]  out_of_memory+0x79a/0x1280
[ 2457.878319][T15684]  ? lock_downgrade+0x880/0x880
[ 2457.878337][T15684]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2457.878355][T15684]  ? oom_killer_disable+0x280/0x280
[ 2457.878368][T15684]  ? find_held_lock+0x35/0x130
[ 2457.878391][T15684]  mem_cgroup_out_of_memory+0x1ca/0x230
[ 2457.889514][T15684]  ? memcg_event_wake+0x230/0x230
[ 2457.889537][T15684]  ? do_raw_spin_unlock+0x57/0x270
[ 2457.889554][T15684]  ? _raw_spin_unlock+0x2d/0x50
[ 2457.889571][T15684]  try_charge+0x102c/0x15c0
[ 2457.889583][T15684]  ? find_held_lock+0x35/0x130
[ 2457.889605][T15684]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[ 2457.889623][T15684]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2457.889641][T15684]  ? kasan_check_read+0x11/0x20
[ 2457.889666][T15684]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[ 2457.951790][T15684]  mem_cgroup_try_charge+0x24d/0x5e0
[ 2457.957126][T15684]  mem_cgroup_try_charge_delay+0x1f/0xa0
[ 2457.962827][T15684]  __handle_mm_fault+0x1e1f/0x3ec0
[ 2457.967988][T15684]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2457.973568][T15684]  ? find_held_lock+0x35/0x130
[ 2457.978446][T15684]  ? handle_mm_fault+0x322/0xb30
[ 2457.983441][T15684]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2457.989720][T15684]  ? kasan_check_read+0x11/0x20
[ 2457.994604][T15684]  handle_mm_fault+0x43f/0xb30
[ 2457.999401][T15684]  __get_user_pages+0x7b6/0x1a40
[ 2458.004580][T15684]  ? follow_page_mask+0x19a0/0x19a0
[ 2458.009993][T15684]  ? kasan_check_write+0x14/0x20
[ 2458.014962][T15684]  ? __mutex_unlock_slowpath+0xf8/0x6b0
[ 2458.020543][T15684]  get_user_pages_remote+0x21d/0x440
[ 2458.025872][T15684]  process_vm_rw_core.isra.0+0x464/0xb10
[ 2458.031560][T15684]  ? alloc_vmap_area.cold+0x24/0x24
[ 2458.036905][T15684]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2458.043213][T15684]  ? _copy_from_user+0xdd/0x150
[ 2458.048098][T15684]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[ 2458.053854][T15684]  ? rw_copy_check_uvector+0x2a6/0x330
[ 2458.059348][T15684]  process_vm_rw+0x21f/0x240
[ 2458.063985][T15684]  ? process_vm_rw_core.isra.0+0xb10/0xb10
[ 2458.070055][T15684]  ? __might_fault+0x12b/0x1e0
[ 2458.074879][T15684]  ? kasan_check_read+0x11/0x20
[ 2458.079763][T15684]  ? _copy_to_user+0xc9/0x120
[ 2458.084561][T15684]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2458.090836][T15684]  ? nsecs_to_jiffies+0x30/0x30
[ 2458.095725][T15684]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 2458.101211][T15684]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 2458.106717][T15684]  ? do_syscall_64+0x26/0x610
[ 2458.111422][T15684]  __x64_sys_process_vm_writev+0xe3/0x1a0
[ 2458.117173][T15684]  do_syscall_64+0x103/0x610
00:14:08 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8), 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:14:08 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8), 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:14:08 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000100))
r0 = gettid()
process_vm_writev(r0, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1f80}], 0x32f, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x2034afa5}], 0x1, 0x0)
close(0xffffffffffffffff)

[ 2458.122622][T15684]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2458.128547][T15684] RIP: 0033:0x457f29
[ 2458.132462][T15684] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 2458.152090][T15684] RSP: 002b:00007f4e0a86bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000137
[ 2458.160508][T15684] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457f29
00:14:08 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8), 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:14:08 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rfkill\x00', 0x0, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
r1 = gettid()
process_vm_writev(r1, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1f80}], 0x32f, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x2034afa5}], 0x1, 0x0)
close(r0)

[ 2458.168601][T15684] RDX: 000000000000032f RSI: 0000000020c22000 RDI: 0000000000002429
[ 2458.168610][T15684] RBP: 000000000073bf00 R08: 0000000000000001 R09: 0000000000000000
[ 2458.168618][T15684] R10: 0000000020c22fa0 R11: 0000000000000246 R12: 00007f4e0a86c6d4
[ 2458.168625][T15684] R13: 00000000004c4a55 R14: 00000000004d8358 R15: 00000000ffffffff
00:14:08 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8), 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:14:08 executing program 5:
perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x800000000086, 0x0, &(0x7f0000000100)={0x77359400}, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r0, 0x1000000000016)

[ 2458.600433][T15684] memory: usage 307168kB, limit 307200kB, failcnt 3149
[ 2458.611500][T15684] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2458.623425][T15684] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2458.640026][T15684] Memory cgroup stats for /syz1: cache:8KB rss:249172KB rss_huge:221184KB shmem:136KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:249340KB inactive_file:0KB active_file:4KB unevictable:0KB
[ 2458.669455][T15684] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=15678,uid=0
00:14:09 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rfkill\x00', 0x0, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
r1 = gettid()
process_vm_writev(r1, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1f80}], 0x32f, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x2034afa5}], 0x1, 0x0)
close(r0)

00:14:09 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
r0 = gettid()
process_vm_writev(r0, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1f80}], 0x32f, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x2034afa5}], 0x1, 0x0)
close(0xffffffffffffffff)

00:14:09 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180))
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:14:09 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$eventfd(r1, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r4, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000080)=<r5=>0x0)
ptrace$setopts(0x4200, r5, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r6 = socket$inet6(0xa, 0x400000000001, 0x0)
r7 = getpid()
process_vm_writev(r7, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
r8 = dup(r6)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000002c0)={<r9=>0x0, @in6={{0xa, 0x4e20, 0x5, @ipv4={[], [], @loopback}, 0x5}}, 0x1000, 0x3f, 0x3, 0x0, 0x8}, &(0x7f0000000380)=0x98)
setsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000003c0)={r9, 0x4}, 0x8)
setsockopt$inet6_tcp_int(r8, 0x6, 0xa, &(0x7f00007b1000)=0x81, 0x4)
bind$inet6(r6, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c)
connect$pptp(0xffffffffffffffff, 0x0, 0x0)
sendto$inet6(r6, 0x0, 0x0, 0x20000005, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)

[ 2458.692431][T15684] Memory cgroup out of memory: Killed process 15678 (syz-executor.1) total-vm:72444kB, anon-rss:6040kB, file-rss:34944kB, shmem-rss:0kB
[ 2458.725050][ T1043] oom_reaper: reaped process 15678 (syz-executor.1), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB
00:14:09 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180))
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

[ 2458.937903][T15742] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[ 2458.971172][T15742] CPU: 1 PID: 15742 Comm: syz-executor.1 Not tainted 5.0.0+ #20
[ 2458.978860][T15742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2458.988933][T15742] Call Trace:
[ 2458.992258][T15742]  dump_stack+0x172/0x1f0
[ 2458.996611][T15742]  dump_header+0x10f/0xb6c
[ 2459.001053][T15742]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 2459.006884][T15742]  ? ___ratelimit+0x60/0x595
[ 2459.011509][T15742]  ? do_raw_spin_unlock+0x57/0x270
[ 2459.016649][T15742]  oom_kill_process.cold+0x10/0x15
[ 2459.021793][T15742]  out_of_memory+0x79a/0x1280
[ 2459.026514][T15742]  ? lock_downgrade+0x880/0x880
[ 2459.031397][T15742]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2459.037674][T15742]  ? oom_killer_disable+0x280/0x280
[ 2459.042893][T15742]  ? find_held_lock+0x35/0x130
[ 2459.047870][T15742]  mem_cgroup_out_of_memory+0x1ca/0x230
[ 2459.053467][T15742]  ? memcg_event_wake+0x230/0x230
[ 2459.058584][T15742]  ? do_raw_spin_unlock+0x57/0x270
[ 2459.063845][T15742]  ? _raw_spin_unlock+0x2d/0x50
[ 2459.068745][T15742]  try_charge+0x102c/0x15c0
[ 2459.073368][T15742]  ? find_held_lock+0x35/0x130
[ 2459.078171][T15742]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[ 2459.083839][T15742]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2459.090111][T15742]  ? kasan_check_read+0x11/0x20
[ 2459.094994][T15742]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[ 2459.100600][T15742]  mem_cgroup_try_charge+0x24d/0x5e0
[ 2459.105924][T15742]  mem_cgroup_try_charge_delay+0x1f/0xa0
[ 2459.111585][T15742]  __handle_mm_fault+0x1e1f/0x3ec0
[ 2459.116730][T15742]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2459.122299][T15742]  ? find_held_lock+0x35/0x130
[ 2459.127087][T15742]  ? handle_mm_fault+0x322/0xb30
[ 2459.132145][T15742]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2459.138426][T15742]  ? kasan_check_read+0x11/0x20
[ 2459.143426][T15742]  handle_mm_fault+0x43f/0xb30
[ 2459.148230][T15742]  __get_user_pages+0x7b6/0x1a40
[ 2459.153207][T15742]  ? follow_page_mask+0x19a0/0x19a0
[ 2459.158442][T15742]  get_user_pages_remote+0x21d/0x440
[ 2459.163813][T15742]  process_vm_rw_core.isra.0+0x464/0xb10
[ 2459.169493][T15742]  ? alloc_vmap_area.cold+0x24/0x24
[ 2459.174719][T15742]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2459.180995][T15742]  ? _copy_from_user+0xdd/0x150
[ 2459.185903][T15742]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[ 2459.191661][T15742]  ? rw_copy_check_uvector+0x2a6/0x330
[ 2459.197257][T15742]  process_vm_rw+0x21f/0x240
[ 2459.201880][T15742]  ? process_vm_rw_core.isra.0+0xb10/0xb10
[ 2459.207708][T15742]  ? __might_fault+0x12b/0x1e0
[ 2459.212670][T15742]  ? kasan_check_read+0x11/0x20
[ 2459.217567][T15742]  ? _copy_to_user+0xc9/0x120
[ 2459.222274][T15742]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2459.228562][T15742]  ? nsecs_to_jiffies+0x30/0x30
[ 2459.233466][T15742]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 2459.244886][T15742]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 2459.252374][T15742]  ? do_syscall_64+0x26/0x610
[ 2459.257103][T15742]  __x64_sys_process_vm_writev+0xe3/0x1a0
[ 2459.262868][T15742]  do_syscall_64+0x103/0x610
[ 2459.267602][T15742]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2459.273704][T15742] RIP: 0033:0x457f29
[ 2459.278391][T15742] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 2459.298121][T15742] RSP: 002b:00007f4e0a86bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000137
[ 2459.306728][T15742] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457f29
[ 2459.314918][T15742] RDX: 000000000000032f RSI: 0000000020c22000 RDI: 000000000000242b
[ 2459.322921][T15742] RBP: 000000000073bf00 R08: 0000000000000001 R09: 0000000000000000
[ 2459.330926][T15742] R10: 0000000020c22fa0 R11: 0000000000000246 R12: 00007f4e0a86c6d4
[ 2459.339118][T15742] R13: 00000000004c4a55 R14: 00000000004d8358 R15: 00000000ffffffff
00:14:09 executing program 5:
perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x800000000086, 0x0, &(0x7f0000000100)={0x77359400}, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r0, 0x1000000000016)

00:14:10 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180))
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

[ 2459.454557][T15742] memory: usage 307200kB, limit 307200kB, failcnt 3162
[ 2459.523538][T15742] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
00:14:10 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rfkill\x00', 0x0, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
r1 = gettid()
process_vm_writev(r1, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1f80}], 0x32f, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x2034afa5}], 0x1, 0x0)
close(r0)

00:14:10 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$eventfd(r1, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r4, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000080)=<r5=>0x0)
ptrace$setopts(0x4200, r5, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r6 = socket$inet6(0xa, 0x400000000001, 0x0)
r7 = getpid()
process_vm_writev(r7, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
r8 = dup(r6)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000002c0)={<r9=>0x0, @in6={{0xa, 0x4e20, 0x5, @ipv4={[], [], @loopback}, 0x5}}, 0x1000, 0x3f, 0x3, 0x0, 0x8}, &(0x7f0000000380)=0x98)
setsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000003c0)={r9, 0x4}, 0x8)
setsockopt$inet6_tcp_int(r8, 0x6, 0xa, &(0x7f00007b1000)=0x81, 0x4)
bind$inet6(r6, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c)
connect$pptp(0xffffffffffffffff, 0x0, 0x0)

[ 2459.569110][T15742] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2459.596036][T15742] Memory cgroup stats for /syz1: cache:8KB rss:249340KB rss_huge:219136KB shmem:136KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:249336KB inactive_file:4KB active_file:0KB unevictable:0KB
00:14:10 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$eventfd(r1, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r4, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000080)=<r5=>0x0)
ptrace$setopts(0x4200, r5, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r6 = socket$inet6(0xa, 0x400000000001, 0x0)
r7 = getpid()
process_vm_writev(r7, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
r8 = dup(r6)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000002c0)={<r9=>0x0, @in6={{0xa, 0x4e20, 0x5, @ipv4={[], [], @loopback}, 0x5}}, 0x1000, 0x3f, 0x3, 0x0, 0x8}, &(0x7f0000000380)=0x98)
setsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000003c0)={r9, 0x4}, 0x8)
setsockopt$inet6_tcp_int(r8, 0x6, 0xa, &(0x7f00007b1000)=0x81, 0x4)
bind$inet6(r6, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c)
connect$pptp(0xffffffffffffffff, 0x0, 0x0)
sendto$inet6(r6, 0x0, 0x0, 0x20000005, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0)

00:14:10 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
r0 = gettid()
process_vm_writev(r0, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1f80}], 0x32f, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x2034afa5}], 0x1, 0x0)
close(0xffffffffffffffff)

[ 2459.903674][T15742] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=15741,uid=0
00:14:10 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$eventfd(r1, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r4, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000080)=<r5=>0x0)
ptrace$setopts(0x4200, r5, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r6 = socket$inet6(0xa, 0x400000000001, 0x0)
r7 = getpid()
process_vm_writev(r7, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
r8 = dup(r6)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000002c0)={<r9=>0x0, @in6={{0xa, 0x4e20, 0x5, @ipv4={[], [], @loopback}, 0x5}}, 0x1000, 0x3f, 0x3, 0x0, 0x8}, &(0x7f0000000380)=0x98)
setsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000003c0)={r9, 0x4}, 0x8)
setsockopt$inet6_tcp_int(r8, 0x6, 0xa, &(0x7f00007b1000)=0x81, 0x4)
bind$inet6(r6, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c)

[ 2459.974096][T15742] Memory cgroup out of memory: Killed process 15741 (syz-executor.1) total-vm:72576kB, anon-rss:6092kB, file-rss:34944kB, shmem-rss:0kB
[ 2460.020836][T15771] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based  firewall rule not found. Use the iptables CT target to attach helpers instead.
00:14:10 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rfkill\x00', 0x0, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
r1 = gettid()
process_vm_writev(r1, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1f80}], 0x32f, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x2034afa5}], 0x1, 0x0)
close(r0)

00:14:10 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$eventfd(r1, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r4, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000080)=<r5=>0x0)
ptrace$setopts(0x4200, r5, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r6 = socket$inet6(0xa, 0x400000000001, 0x0)
r7 = getpid()
process_vm_writev(r7, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
r8 = dup(r6)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000002c0)={<r9=>0x0, @in6={{0xa, 0x4e20, 0x5, @ipv4={[], [], @loopback}, 0x5}}, 0x1000, 0x3f, 0x3, 0x0, 0x8}, &(0x7f0000000380)=0x98)
setsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000003c0)={r9, 0x4}, 0x8)
setsockopt$inet6_tcp_int(r8, 0x6, 0xa, &(0x7f00007b1000)=0x81, 0x4)

00:14:10 executing program 5:
perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x800000000086, 0x0, &(0x7f0000000100)={0x77359400}, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r0, 0x1000000000016)

00:14:11 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$eventfd(r1, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r4, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000080)=<r5=>0x0)
ptrace$setopts(0x4200, r5, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r6 = socket$inet6(0xa, 0x400000000001, 0x0)
r7 = getpid()
process_vm_writev(r7, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
r8 = dup(r6)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000002c0)={<r9=>0x0, @in6={{0xa, 0x4e20, 0x5, @ipv4={[], [], @loopback}, 0x5}}, 0x1000, 0x3f, 0x3, 0x0, 0x8}, &(0x7f0000000380)=0x98)
setsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000003c0)={r9, 0x4}, 0x8)
setsockopt$inet6_tcp_int(r8, 0x6, 0xa, &(0x7f00007b1000)=0x81, 0x4)
bind$inet6(r6, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c)
connect$pptp(0xffffffffffffffff, 0x0, 0x0)
sendto$inet6(r6, 0x0, 0x0, 0x20000005, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0)

00:14:11 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
r0 = gettid()
process_vm_writev(r0, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1f80}], 0x32f, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x2034afa5}], 0x1, 0x0)
close(0xffffffffffffffff)

00:14:11 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$eventfd(r1, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r4, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000080)=<r5=>0x0)
ptrace$setopts(0x4200, r5, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r6 = socket$inet6(0xa, 0x400000000001, 0x0)
r7 = getpid()
process_vm_writev(r7, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
dup(r6)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000002c0)={<r8=>0x0, @in6={{0xa, 0x4e20, 0x5, @ipv4={[], [], @loopback}, 0x5}}, 0x1000, 0x3f, 0x3, 0x0, 0x8}, &(0x7f0000000380)=0x98)
setsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000003c0)={r8, 0x4}, 0x8)

00:14:11 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rfkill\x00', 0x0, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
r1 = gettid()
process_vm_writev(r1, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1f80}], 0x32f, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x2034afa5}], 0x1, 0x0)
close(r0)

00:14:11 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$eventfd(r1, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r4, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000080)=<r5=>0x0)
ptrace$setopts(0x4200, r5, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r6 = socket$inet6(0xa, 0x400000000001, 0x0)
r7 = getpid()
process_vm_writev(r7, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
dup(r6)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000002c0)={0x0, @in6={{0xa, 0x4e20, 0x5, @ipv4={[], [], @loopback}, 0x5}}, 0x1000, 0x3f, 0x3, 0x0, 0x8}, &(0x7f0000000380)=0x98)

00:14:11 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$eventfd(r1, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r4, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000080)=<r5=>0x0)
ptrace$setopts(0x4200, r5, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r6 = socket$inet6(0xa, 0x400000000001, 0x0)
r7 = getpid()
process_vm_writev(r7, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
r8 = dup(r6)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000002c0)={<r9=>0x0, @in6={{0xa, 0x4e20, 0x5, @ipv4={[], [], @loopback}, 0x5}}, 0x1000, 0x3f, 0x3, 0x0, 0x8}, &(0x7f0000000380)=0x98)
setsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000003c0)={r9, 0x4}, 0x8)
setsockopt$inet6_tcp_int(r8, 0x6, 0xa, &(0x7f00007b1000)=0x81, 0x4)
bind$inet6(r6, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c)
connect$pptp(0xffffffffffffffff, 0x0, 0x0)
sendto$inet6(r6, 0x0, 0x0, 0x20000005, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0)

00:14:11 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rfkill\x00', 0x0, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
r1 = gettid()
process_vm_writev(r1, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1f80}], 0x32f, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x2034afa5}], 0x1, 0x0)
close(r0)

00:14:11 executing program 5:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x800000000086, 0x0, &(0x7f0000000100)={0x77359400}, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r0, 0x1000000000016)

00:14:12 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r3, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000080)=<r4=>0x0)
ptrace$setopts(0x4200, r4, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r5 = socket$inet6(0xa, 0x400000000001, 0x0)
r6 = getpid()
process_vm_writev(r6, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r2, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
dup(r5)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r1, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)

00:14:12 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$eventfd(r1, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r4, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000080)=<r5=>0x0)
ptrace$setopts(0x4200, r5, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r6 = socket$inet6(0xa, 0x400000000001, 0x0)
r7 = getpid()
process_vm_writev(r7, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
r8 = dup(r6)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000002c0)={<r9=>0x0, @in6={{0xa, 0x4e20, 0x5, @ipv4={[], [], @loopback}, 0x5}}, 0x1000, 0x3f, 0x3, 0x0, 0x8}, &(0x7f0000000380)=0x98)
setsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000003c0)={r9, 0x4}, 0x8)
setsockopt$inet6_tcp_int(r8, 0x6, 0xa, &(0x7f00007b1000)=0x81, 0x4)
bind$inet6(r6, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c)
connect$pptp(0xffffffffffffffff, 0x0, 0x0)
sendto$inet6(r6, 0x0, 0x0, 0x20000005, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)

00:14:12 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000100))
gettid()
process_vm_writev(0x0, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1f80}], 0x32f, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x2034afa5}], 0x1, 0x0)
close(0xffffffffffffffff)

00:14:12 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r3, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000080)=<r4=>0x0)
ptrace$setopts(0x4200, r4, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r5 = socket$inet6(0xa, 0x400000000001, 0x0)
r6 = getpid()
process_vm_writev(r6, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r2, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
dup(r5)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r1, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})

00:14:12 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000100))
gettid()
process_vm_writev(0x0, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1f80}], 0x32f, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x2034afa5}], 0x1, 0x0)
close(0xffffffffffffffff)

00:14:12 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$eventfd(r1, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r4, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000080)=<r5=>0x0)
ptrace$setopts(0x4200, r5, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r6 = socket$inet6(0xa, 0x400000000001, 0x0)
r7 = getpid()
process_vm_writev(r7, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
dup(r6)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000002c0)={0x0, @in6={{0xa, 0x4e20, 0x5, @ipv4={[], [], @loopback}, 0x5}}, 0x1000, 0x3f, 0x3, 0x0, 0x8}, &(0x7f0000000380)=0x98)

00:14:12 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$eventfd(r1, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r4, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000080)=<r5=>0x0)
ptrace$setopts(0x4200, r5, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r6 = socket$inet6(0xa, 0x400000000001, 0x0)
r7 = getpid()
process_vm_writev(r7, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
r8 = dup(r6)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000002c0)={<r9=>0x0, @in6={{0xa, 0x4e20, 0x5, @ipv4={[], [], @loopback}, 0x5}}, 0x1000, 0x3f, 0x3, 0x0, 0x8}, &(0x7f0000000380)=0x98)
setsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000003c0)={r9, 0x4}, 0x8)
setsockopt$inet6_tcp_int(r8, 0x6, 0xa, &(0x7f00007b1000)=0x81, 0x4)
bind$inet6(r6, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c)
connect$pptp(0xffffffffffffffff, 0x0, 0x0)

00:14:12 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=<r3=>0x0)
ptrace$setopts(0x4200, r3, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r4 = socket$inet6(0xa, 0x400000000001, 0x0)
r5 = getpid()
process_vm_writev(r5, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r1, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
dup(r4)

00:14:12 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000100))
gettid()
process_vm_writev(0x0, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1f80}], 0x32f, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x2034afa5}], 0x1, 0x0)
close(0xffffffffffffffff)

00:14:12 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000100))
r0 = gettid()
process_vm_writev(r0, 0x0, 0x0, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x1}], 0x1, 0x0)
close(0xffffffffffffffff)

00:14:13 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rfkill\x00', 0x0, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
r1 = gettid()
process_vm_writev(r1, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1f80}], 0x32f, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x2034afa5}], 0x1, 0x0)
close(r0)

00:14:13 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$eventfd(r1, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r4, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000080)=<r5=>0x0)
ptrace$setopts(0x4200, r5, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r6 = socket$inet6(0xa, 0x400000000001, 0x0)
r7 = getpid()
process_vm_writev(r7, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
dup(r6)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000002c0)={0x0, @in6={{0xa, 0x4e20, 0x5, @ipv4={[], [], @loopback}, 0x5}}, 0x1000, 0x3f, 0x3, 0x0, 0x8}, &(0x7f0000000380)=0x98)

00:14:13 executing program 5:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x800000000086, 0x0, &(0x7f0000000100)={0x77359400}, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r0, 0x1000000000016)

00:14:13 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=<r3=>0x0)
ptrace$setopts(0x4200, r3, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r4 = socket$inet6(0xa, 0x400000000001, 0x0)
r5 = getpid()
process_vm_writev(r5, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r1, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
dup(r4)

00:14:13 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$eventfd(r1, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r4, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000080)=<r5=>0x0)
ptrace$setopts(0x4200, r5, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r6 = socket$inet6(0xa, 0x400000000001, 0x0)
r7 = getpid()
process_vm_writev(r7, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
r8 = dup(r6)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000002c0)={<r9=>0x0, @in6={{0xa, 0x4e20, 0x5, @ipv4={[], [], @loopback}, 0x5}}, 0x1000, 0x3f, 0x3, 0x0, 0x8}, &(0x7f0000000380)=0x98)
setsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000003c0)={r9, 0x4}, 0x8)
setsockopt$inet6_tcp_int(r8, 0x6, 0xa, &(0x7f00007b1000)=0x81, 0x4)
bind$inet6(r6, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c)

00:14:13 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000100))
r0 = gettid()
process_vm_writev(r0, 0x0, 0x0, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x1}], 0x1, 0x0)
close(0xffffffffffffffff)

00:14:13 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=<r3=>0x0)
ptrace$setopts(0x4200, r3, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
socket$inet6(0xa, 0x400000000001, 0x0)
r4 = getpid()
process_vm_writev(r4, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r1, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)

00:14:13 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$eventfd(r1, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r4, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000080)=<r5=>0x0)
ptrace$setopts(0x4200, r5, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r6 = socket$inet6(0xa, 0x400000000001, 0x0)
r7 = getpid()
process_vm_writev(r7, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
r8 = dup(r6)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000002c0)={<r9=>0x0, @in6={{0xa, 0x4e20, 0x5, @ipv4={[], [], @loopback}, 0x5}}, 0x1000, 0x3f, 0x3, 0x0, 0x8}, &(0x7f0000000380)=0x98)
setsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000003c0)={r9, 0x4}, 0x8)
setsockopt$inet6_tcp_int(r8, 0x6, 0xa, &(0x7f00007b1000)=0x81, 0x4)

00:14:13 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$eventfd(r1, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r4, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000080)=<r5=>0x0)
ptrace$setopts(0x4200, r5, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r6 = socket$inet6(0xa, 0x400000000001, 0x0)
r7 = getpid()
process_vm_writev(r7, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
r8 = dup(r6)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000002c0)={<r9=>0x0, @in6={{0xa, 0x4e20, 0x5, @ipv4={[], [], @loopback}, 0x5}}, 0x1000, 0x3f, 0x3, 0x0, 0x8}, &(0x7f0000000380)=0x98)
setsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000003c0)={r9, 0x4}, 0x8)
setsockopt$inet6_tcp_int(r8, 0x6, 0xa, &(0x7f00007b1000)=0x81, 0x4)
bind$inet6(r6, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c)

00:14:13 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000100))
r0 = gettid()
process_vm_writev(r0, 0x0, 0x0, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x1}], 0x1, 0x0)
close(0xffffffffffffffff)

00:14:13 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=<r3=>0x0)
ptrace$setopts(0x4200, r3, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
socket$inet6(0xa, 0x400000000001, 0x0)
r4 = getpid()
process_vm_writev(r4, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)

00:14:13 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$eventfd(r1, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r4, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000080)=<r5=>0x0)
ptrace$setopts(0x4200, r5, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r6 = socket$inet6(0xa, 0x400000000001, 0x0)
r7 = getpid()
process_vm_writev(r7, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
dup(r6)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000002c0)={<r8=>0x0, @in6={{0xa, 0x4e20, 0x5, @ipv4={[], [], @loopback}, 0x5}}, 0x1000, 0x3f, 0x3, 0x0, 0x8}, &(0x7f0000000380)=0x98)
setsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000003c0)={r8, 0x4}, 0x8)

[ 2463.212737][T15863] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[ 2463.223484][T15863] CPU: 1 PID: 15863 Comm: syz-executor.1 Not tainted 5.0.0+ #20
[ 2463.231218][T15863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2463.241274][T15863] Call Trace:
[ 2463.244574][T15863]  dump_stack+0x172/0x1f0
[ 2463.244595][T15863]  dump_header+0x10f/0xb6c
[ 2463.244613][T15863]  ? _raw_spin_unlock_irqrestore+0xbd/0xe0
[ 2463.244626][T15863]  ? ___ratelimit+0x60/0x595
[ 2463.244641][T15863]  ? do_raw_spin_unlock+0x57/0x270
[ 2463.244657][T15863]  oom_kill_process.cold+0x10/0x15
[ 2463.244674][T15863]  out_of_memory+0x79a/0x1280
[ 2463.244691][T15863]  ? lock_downgrade+0x880/0x880
[ 2463.244706][T15863]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2463.244720][T15863]  ? oom_killer_disable+0x280/0x280
[ 2463.244731][T15863]  ? find_held_lock+0x35/0x130
[ 2463.244754][T15863]  mem_cgroup_out_of_memory+0x1ca/0x230
[ 2463.244768][T15863]  ? memcg_event_wake+0x230/0x230
[ 2463.244790][T15863]  ? do_raw_spin_unlock+0x57/0x270
[ 2463.244807][T15863]  ? _raw_spin_unlock+0x2d/0x50
[ 2463.244826][T15863]  try_charge+0x102c/0x15c0
[ 2463.244838][T15863]  ? find_held_lock+0x35/0x130
[ 2463.244861][T15863]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[ 2463.244878][T15863]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2463.244902][T15863]  ? kasan_check_read+0x11/0x20
[ 2463.347406][T15863]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[ 2463.352959][T15863]  mem_cgroup_try_charge+0x24d/0x5e0
[ 2463.358270][T15863]  mem_cgroup_try_charge_delay+0x1f/0xa0
[ 2463.363916][T15863]  __handle_mm_fault+0x1e1f/0x3ec0
[ 2463.369025][T15863]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2463.374576][T15863]  ? find_held_lock+0x35/0x130
[ 2463.379349][T15863]  ? handle_mm_fault+0x322/0xb30
[ 2463.384284][T15863]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2463.390525][T15863]  ? kasan_check_read+0x11/0x20
[ 2463.395390][T15863]  handle_mm_fault+0x43f/0xb30
[ 2463.400185][T15863]  __get_user_pages+0x7b6/0x1a40
[ 2463.405121][T15863]  ? follow_page_mask+0x19a0/0x19a0
[ 2463.410334][T15863]  ? lock_is_held_type+0x272/0x320
[ 2463.415466][T15863]  get_user_pages_remote+0x21d/0x440
[ 2463.421137][T15863]  process_vm_rw_core.isra.0+0x464/0xb10
[ 2463.426774][T15863]  ? alloc_vmap_area.cold+0x24/0x24
[ 2463.431966][T15863]  ? copy_user_generic_unrolled+0x81/0xc0
[ 2463.437694][T15863]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2463.443943][T15863]  ? _copy_from_user+0xdd/0x150
[ 2463.448783][T15863]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[ 2463.454506][T15863]  ? rw_copy_check_uvector+0x2a6/0x330
[ 2463.460087][T15863]  process_vm_rw+0x21f/0x240
[ 2463.464676][T15863]  ? process_vm_rw_core.isra.0+0xb10/0xb10
[ 2463.470474][T15863]  ? __might_fault+0x12b/0x1e0
[ 2463.475269][T15863]  ? kasan_check_read+0x11/0x20
[ 2463.480124][T15863]  ? _copy_to_user+0xc9/0x120
[ 2463.484795][T15863]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2463.491029][T15863]  ? nsecs_to_jiffies+0x30/0x30
[ 2463.495893][T15863]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 2463.501357][T15863]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 2463.506820][T15863]  ? do_syscall_64+0x26/0x610
[ 2463.511511][T15863]  __x64_sys_process_vm_writev+0xe3/0x1a0
[ 2463.517250][T15863]  do_syscall_64+0x103/0x610
[ 2463.521861][T15863]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2463.527747][T15863] RIP: 0033:0x457f29
[ 2463.531633][T15863] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 2463.551234][T15863] RSP: 002b:00007f4e0a86bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000137
[ 2463.559638][T15863] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457f29
[ 2463.567605][T15863] RDX: 000000000000032f RSI: 0000000020c22000 RDI: 0000000000002434
[ 2463.575577][T15863] RBP: 000000000073bf00 R08: 0000000000000001 R09: 0000000000000000
[ 2463.583557][T15863] R10: 0000000020c22fa0 R11: 0000000000000246 R12: 00007f4e0a86c6d4
[ 2463.591648][T15863] R13: 00000000004c4a55 R14: 00000000004d8358 R15: 00000000ffffffff
[ 2463.601471][T15863] memory: usage 307192kB, limit 307200kB, failcnt 3219
[ 2463.612100][T15863] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2463.628126][T15863] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2463.636153][T15863] Memory cgroup stats for /syz1: cache:8KB rss:249744KB rss_huge:223232KB shmem:136KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:249724KB inactive_file:0KB active_file:0KB unevictable:0KB
00:14:14 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$eventfd(r1, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r4, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000080)=<r5=>0x0)
ptrace$setopts(0x4200, r5, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r6 = socket$inet6(0xa, 0x400000000001, 0x0)
r7 = getpid()
process_vm_writev(r7, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
dup(r6)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000002c0)={<r8=>0x0, @in6={{0xa, 0x4e20, 0x5, @ipv4={[], [], @loopback}, 0x5}}, 0x1000, 0x3f, 0x3, 0x0, 0x8}, &(0x7f0000000380)=0x98)
setsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000003c0)={r8, 0x4}, 0x8)

00:14:14 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000100))
r0 = gettid()
process_vm_writev(r0, &(0x7f0000c22000), 0x0, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x1}], 0x1, 0x0)
close(0xffffffffffffffff)

00:14:14 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$eventfd(r1, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r4, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000080)=<r5=>0x0)
ptrace$setopts(0x4200, r5, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r6 = socket$inet6(0xa, 0x400000000001, 0x0)
r7 = getpid()
process_vm_writev(r7, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
r8 = dup(r6)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000002c0)={<r9=>0x0, @in6={{0xa, 0x4e20, 0x5, @ipv4={[], [], @loopback}, 0x5}}, 0x1000, 0x3f, 0x3, 0x0, 0x8}, &(0x7f0000000380)=0x98)
setsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000003c0)={r9, 0x4}, 0x8)
setsockopt$inet6_tcp_int(r8, 0x6, 0xa, &(0x7f00007b1000)=0x81, 0x4)
bind$inet6(r6, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c)

00:14:14 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=<r3=>0x0)
ptrace$setopts(0x4200, r3, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
socket$inet6(0xa, 0x400000000001, 0x0)
r4 = getpid()
process_vm_writev(r4, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)

00:14:14 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$eventfd(r1, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r4, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000080)=<r5=>0x0)
ptrace$setopts(0x4200, r5, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r6 = socket$inet6(0xa, 0x400000000001, 0x0)
r7 = getpid()
process_vm_writev(r7, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
dup(r6)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000002c0)={0x0, @in6={{0xa, 0x4e20, 0x5, @ipv4={[], [], @loopback}, 0x5}}, 0x1000, 0x3f, 0x3, 0x0, 0x8}, &(0x7f0000000380)=0x98)

00:14:14 executing program 5:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x800000000086, 0x0, &(0x7f0000000100)={0x77359400}, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r0, 0x1000000000016)

[ 2463.658302][T15863] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=15862,uid=0
[ 2463.674348][T15863] Memory cgroup out of memory: Killed process 15863 (syz-executor.1) total-vm:72576kB, anon-rss:6548kB, file-rss:35808kB, shmem-rss:0kB
[ 2463.692033][ T1043] oom_reaper: reaped process 15863 (syz-executor.1), now anon-rss:0kB, file-rss:34848kB, shmem-rss:0kB
00:14:14 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=<r3=>0x0)
ptrace$setopts(0x4200, r3, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
socket$inet6(0xa, 0x400000000001, 0x0)
r4 = getpid()
process_vm_writev(r4, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)

00:14:14 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000100))
r0 = gettid()
process_vm_writev(r0, &(0x7f0000c22000), 0x0, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x1}], 0x1, 0x0)
close(0xffffffffffffffff)

00:14:14 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r3, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000080)=<r4=>0x0)
ptrace$setopts(0x4200, r4, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r5 = socket$inet6(0xa, 0x400000000001, 0x0)
r6 = getpid()
process_vm_writev(r6, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r2, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
dup(r5)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r1, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)

00:14:14 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$eventfd(r1, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r4, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000080)=<r5=>0x0)
ptrace$setopts(0x4200, r5, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r6 = socket$inet6(0xa, 0x400000000001, 0x0)
r7 = getpid()
process_vm_writev(r7, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
r8 = dup(r6)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000002c0)={<r9=>0x0, @in6={{0xa, 0x4e20, 0x5, @ipv4={[], [], @loopback}, 0x5}}, 0x1000, 0x3f, 0x3, 0x0, 0x8}, &(0x7f0000000380)=0x98)
setsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000003c0)={r9, 0x4}, 0x8)
setsockopt$inet6_tcp_int(r8, 0x6, 0xa, &(0x7f00007b1000)=0x81, 0x4)
bind$inet6(r6, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c)

00:14:14 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$eventfd(r1, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r4, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000080)=<r5=>0x0)
ptrace$setopts(0x4200, r5, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r6 = socket$inet6(0xa, 0x400000000001, 0x0)
r7 = getpid()
process_vm_writev(r7, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
dup(r6)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000002c0)={<r8=>0x0, @in6={{0xa, 0x4e20, 0x5, @ipv4={[], [], @loopback}, 0x5}}, 0x1000, 0x3f, 0x3, 0x0, 0x8}, &(0x7f0000000380)=0x98)
setsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000003c0)={r8, 0x4}, 0x8)

00:14:14 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000100))
r0 = gettid()
process_vm_writev(r0, &(0x7f0000c22000), 0x0, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x1}], 0x1, 0x0)
close(0xffffffffffffffff)

00:14:14 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=<r3=>0x0)
ptrace$setopts(0x4200, r3, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
socket$inet6(0xa, 0x400000000001, 0x0)
getpid()

00:14:14 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$eventfd(r1, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r4, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000080)=<r5=>0x0)
ptrace$setopts(0x4200, r5, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r6 = socket$inet6(0xa, 0x400000000001, 0x0)
r7 = getpid()
process_vm_writev(r7, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
dup(r6)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000002c0)={<r8=>0x0, @in6={{0xa, 0x4e20, 0x5, @ipv4={[], [], @loopback}, 0x5}}, 0x1000, 0x3f, 0x3, 0x0, 0x8}, &(0x7f0000000380)=0x98)
setsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000003c0)={r8, 0x4}, 0x8)

00:14:14 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$eventfd(r1, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r4, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000080)=<r5=>0x0)
ptrace$setopts(0x4200, r5, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r6 = socket$inet6(0xa, 0x400000000001, 0x0)
r7 = getpid()
process_vm_writev(r7, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
r8 = dup(r6)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000002c0)={<r9=>0x0, @in6={{0xa, 0x4e20, 0x5, @ipv4={[], [], @loopback}, 0x5}}, 0x1000, 0x3f, 0x3, 0x0, 0x8}, &(0x7f0000000380)=0x98)
setsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000003c0)={r9, 0x4}, 0x8)
setsockopt$inet6_tcp_int(r8, 0x6, 0xa, &(0x7f00007b1000)=0x81, 0x4)

00:14:14 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r3, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000080)=<r4=>0x0)
ptrace$setopts(0x4200, r4, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r5 = socket$inet6(0xa, 0x400000000001, 0x0)
r6 = getpid()
process_vm_writev(r6, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r2, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
dup(r5)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r1, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})

00:14:14 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000100))
r0 = gettid()
process_vm_writev(r0, &(0x7f0000c22000)=[{0x0}], 0x1, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x1}], 0x1, 0x0)
close(0xffffffffffffffff)

00:14:15 executing program 5:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(0x0, 0x800000000086, 0x0, &(0x7f0000000100)={0x77359400}, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r0, 0x1000000000016)

00:14:15 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=<r3=>0x0)
ptrace$setopts(0x4200, r3, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
socket$inet6(0xa, 0x400000000001, 0x0)

00:14:15 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=<r3=>0x0)
ptrace$setopts(0x4200, r3, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
socket$inet6(0xa, 0x400000000001, 0x0)
r4 = getpid()
process_vm_writev(r4, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)

00:14:15 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000100))
r0 = gettid()
process_vm_writev(r0, &(0x7f0000c22000)=[{0x0}], 0x1, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x1}], 0x1, 0x0)
close(0xffffffffffffffff)

00:14:15 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=<r3=>0x0)
ptrace$setopts(0x4200, r3, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r4 = socket$inet6(0xa, 0x400000000001, 0x0)
r5 = getpid()
process_vm_writev(r5, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r1, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
dup(r4)

00:14:15 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$eventfd(r1, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r4, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000080)=<r5=>0x0)
ptrace$setopts(0x4200, r5, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r6 = socket$inet6(0xa, 0x400000000001, 0x0)
r7 = getpid()
process_vm_writev(r7, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
dup(r6)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000002c0)={<r8=>0x0, @in6={{0xa, 0x4e20, 0x5, @ipv4={[], [], @loopback}, 0x5}}, 0x1000, 0x3f, 0x3, 0x0, 0x8}, &(0x7f0000000380)=0x98)
setsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000003c0)={r8, 0x4}, 0x8)

00:14:15 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000100))
r0 = gettid()
process_vm_writev(r0, &(0x7f0000c22000)=[{0x0}], 0x1, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x1}], 0x1, 0x0)
close(0xffffffffffffffff)

00:14:15 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=<r3=>0x0)
ptrace$setopts(0x4200, r3, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
socket$inet6(0xa, 0x400000000001, 0x0)
r4 = getpid()
process_vm_writev(r4, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)

00:14:15 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=<r3=>0x0)
ptrace$setopts(0x4200, r3, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
socket$inet6(0xa, 0x400000000001, 0x0)
r4 = getpid()
process_vm_writev(r4, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r1, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)

00:14:15 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$eventfd(r1, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r4, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000080)=<r5=>0x0)
ptrace$setopts(0x4200, r5, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r6 = socket$inet6(0xa, 0x400000000001, 0x0)
r7 = getpid()
process_vm_writev(r7, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
dup(r6)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000002c0)={0x0, @in6={{0xa, 0x4e20, 0x5, @ipv4={[], [], @loopback}, 0x5}}, 0x1000, 0x3f, 0x3, 0x0, 0x8}, &(0x7f0000000380)=0x98)

00:14:15 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=<r3=>0x0)
ptrace$setopts(0x4200, r3, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)

00:14:15 executing program 5:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(0x0, 0x800000000086, 0x0, &(0x7f0000000100)={0x77359400}, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r0, 0x1000000000016)

00:14:15 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000100))
r0 = gettid()
process_vm_writev(r0, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1}], 0x1, 0x0, 0x0, 0x0)
close(0xffffffffffffffff)

00:14:15 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=<r3=>0x0)
ptrace$setopts(0x4200, r3, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
socket$inet6(0xa, 0x400000000001, 0x0)
r4 = getpid()
process_vm_writev(r4, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)

00:14:15 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=<r3=>0x0)
ptrace$setopts(0x4200, r3, 0x6, 0x100000)

00:14:15 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=<r3=>0x0)
ptrace$setopts(0x4200, r3, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
socket$inet6(0xa, 0x400000000001, 0x0)
r4 = getpid()
process_vm_writev(r4, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)

00:14:15 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r3, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000080)=<r4=>0x0)
ptrace$setopts(0x4200, r4, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r5 = socket$inet6(0xa, 0x400000000001, 0x0)
r6 = getpid()
process_vm_writev(r6, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r2, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
dup(r5)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r1, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)

00:14:15 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080))

00:14:15 executing program 5:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(0x0, 0x800000000086, 0x0, &(0x7f0000000100)={0x77359400}, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r0, 0x1000000000016)

00:14:15 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000100))
r0 = gettid()
process_vm_writev(r0, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1}], 0x1, 0x0, 0x0, 0x0)
close(0xffffffffffffffff)

00:14:15 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=<r3=>0x0)
ptrace$setopts(0x4200, r3, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
socket$inet6(0xa, 0x400000000001, 0x0)
getpid()

00:14:15 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=<r3=>0x0)
ptrace$setopts(0x4200, r3, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)

00:14:15 executing program 5:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(&(0x7f000000cffc), 0x800000000086, 0x0, &(0x7f0000000100)={0x77359400}, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r0, 0x1000000000016)

00:14:15 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000100))
r0 = gettid()
process_vm_writev(r0, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1}], 0x1, 0x0, 0x0, 0x0)
close(0xffffffffffffffff)

00:14:15 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100))
r1 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r1, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)

00:14:15 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r3, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000080)=<r4=>0x0)
ptrace$setopts(0x4200, r4, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r5 = socket$inet6(0xa, 0x400000000001, 0x0)
r6 = getpid()
process_vm_writev(r6, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r2, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
dup(r5)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r1, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})

00:14:16 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=<r3=>0x0)
ptrace$setopts(0x4200, r3, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
socket$inet6(0xa, 0x400000000001, 0x0)

00:14:16 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=<r3=>0x0)
ptrace$setopts(0x4200, r3, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
socket$inet6(0xa, 0x400000000001, 0x0)
r4 = getpid()
process_vm_writev(r4, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r1, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)

00:14:16 executing program 5:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(&(0x7f000000cffc), 0x800000000086, 0x0, &(0x7f0000000100)={0x77359400}, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r0, 0x1000000000016)

00:14:16 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000100))
r0 = gettid()
process_vm_writev(r0, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1}], 0x1, &(0x7f0000c22fa0), 0x0, 0x0)
close(0xffffffffffffffff)

00:14:16 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100))
r1 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r1, 0xc0485661, &(0x7f0000000100))

00:14:16 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=<r3=>0x0)
ptrace$setopts(0x4200, r3, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r4 = socket$inet6(0xa, 0x400000000001, 0x0)
r5 = getpid()
process_vm_writev(r5, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r1, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
dup(r4)

00:14:16 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=<r3=>0x0)
ptrace$setopts(0x4200, r3, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)

00:14:16 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000100))
r0 = gettid()
process_vm_writev(r0, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1}], 0x1, &(0x7f0000c22fa0), 0x0, 0x0)
close(0xffffffffffffffff)

00:14:16 executing program 5:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(&(0x7f000000cffc), 0x800000000086, 0x0, &(0x7f0000000100)={0x77359400}, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r0, 0x1000000000016)

00:14:16 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=<r3=>0x0)
ptrace$setopts(0x4200, r3, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
socket$inet6(0xa, 0x400000000001, 0x0)
r4 = getpid()
process_vm_writev(r4, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r1, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)

00:14:16 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100))
ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, &(0x7f0000000100))

00:14:16 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=<r3=>0x0)
ptrace$setopts(0x4200, r3, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r4 = socket$inet6(0xa, 0x400000000001, 0x0)
r5 = getpid()
process_vm_writev(r5, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r1, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
dup(r4)

00:14:16 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=<r3=>0x0)
ptrace$setopts(0x4200, r3, 0x6, 0x100000)

00:14:16 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000100))
r0 = gettid()
process_vm_writev(r0, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1}], 0x1, &(0x7f0000c22fa0), 0x0, 0x0)
close(0xffffffffffffffff)

00:14:16 executing program 5:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f0000000100)={0x77359400}, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r0, 0x1000000000016)

00:14:16 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100))
ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, &(0x7f0000000100))

00:14:16 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=<r3=>0x0)
ptrace$setopts(0x4200, r3, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
socket$inet6(0xa, 0x400000000001, 0x0)
r4 = getpid()
process_vm_writev(r4, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r1, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)

00:14:16 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080))

00:14:16 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000100))
r0 = gettid()
process_vm_writev(r0, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1}], 0x1, &(0x7f0000c22fa0)=[{0x0}], 0x1, 0x0)
close(0xffffffffffffffff)

00:14:16 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=<r3=>0x0)
ptrace$setopts(0x4200, r3, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
socket$inet6(0xa, 0x400000000001, 0x0)
r4 = getpid()
process_vm_writev(r4, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r1, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)

00:14:16 executing program 5:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f0000000100)={0x77359400}, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r0, 0x1000000000016)

00:14:16 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100))
ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, &(0x7f0000000100))

00:14:16 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100))
r1 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r1, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)

00:14:16 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=<r3=>0x0)
ptrace$setopts(0x4200, r3, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r4 = socket$inet6(0xa, 0x400000000001, 0x0)
r5 = getpid()
process_vm_writev(r5, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r1, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
dup(r4)

00:14:16 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000100))
r0 = gettid()
process_vm_writev(r0, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1}], 0x1, &(0x7f0000c22fa0)=[{0x0}], 0x1, 0x0)
close(0xffffffffffffffff)

00:14:16 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
r1 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r1, 0xc0485661, &(0x7f0000000100))

00:14:17 executing program 5:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f0000000100)={0x77359400}, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r0, 0x1000000000016)

00:14:17 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=<r3=>0x0)
ptrace$setopts(0x4200, r3, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
socket$inet6(0xa, 0x400000000001, 0x0)
r4 = getpid()
process_vm_writev(r4, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)

00:14:17 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100))
r1 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r1, 0xc0485661, &(0x7f0000000100))

00:14:17 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000100))
r0 = gettid()
process_vm_writev(r0, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1}], 0x1, &(0x7f0000c22fa0)=[{0x0}], 0x1, 0x0)
close(0xffffffffffffffff)

00:14:17 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=<r3=>0x0)
ptrace$setopts(0x4200, r3, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r4 = socket$inet6(0xa, 0x400000000001, 0x0)
r5 = getpid()
process_vm_writev(r5, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r1, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
dup(r4)

00:14:17 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240))
r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0485661, &(0x7f0000000100))

00:14:17 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=<r3=>0x0)
ptrace$setopts(0x4200, r3, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
socket$inet6(0xa, 0x400000000001, 0x0)
getpid()

00:14:17 executing program 5:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x800000000086, 0x0, 0x0, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r0, 0x1000000000016)

00:14:17 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$eventfd(r1, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r4, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000080)=<r5=>0x0)
ptrace$setopts(0x4200, r5, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r6 = socket$inet6(0xa, 0x400000000001, 0x0)
r7 = getpid()
process_vm_writev(r7, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
dup(r6)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000002c0)={<r8=>0x0, @in6={{0xa, 0x4e20, 0x5, @ipv4={[], [], @loopback}, 0x5}}, 0x1000, 0x3f, 0x3, 0x0, 0x8}, &(0x7f0000000380)=0x98)
setsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000003c0)={r8, 0x4}, 0x8)

00:14:17 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100))
ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, &(0x7f0000000100))

00:14:17 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=<r3=>0x0)
ptrace$setopts(0x4200, r3, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r4 = socket$inet6(0xa, 0x400000000001, 0x0)
r5 = getpid()
process_vm_writev(r5, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r1, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
dup(r4)

00:14:17 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0485661, &(0x7f0000000100))

00:14:17 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=<r3=>0x0)
ptrace$setopts(0x4200, r3, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
socket$inet6(0xa, 0x400000000001, 0x0)

00:14:17 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$eventfd(r1, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r4, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000080)=<r5=>0x0)
ptrace$setopts(0x4200, r5, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r6 = socket$inet6(0xa, 0x400000000001, 0x0)
r7 = getpid()
process_vm_writev(r7, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
dup(r6)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000002c0)={<r8=>0x0, @in6={{0xa, 0x4e20, 0x5, @ipv4={[], [], @loopback}, 0x5}}, 0x1000, 0x3f, 0x3, 0x0, 0x8}, &(0x7f0000000380)=0x98)
setsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000003c0)={r8, 0x4}, 0x8)

00:14:17 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100))
ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, &(0x7f0000000100))

00:14:17 executing program 4:
r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0485661, &(0x7f0000000100))

00:14:17 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r3, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000080)=<r4=>0x0)
ptrace$setopts(0x4200, r4, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r5 = socket$inet6(0xa, 0x400000000001, 0x0)
r6 = getpid()
process_vm_writev(r6, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r2, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
dup(r5)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r1, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})

00:14:17 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=<r3=>0x0)
ptrace$setopts(0x4200, r3, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
socket$inet6(0xa, 0x400000000001, 0x0)

00:14:17 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100))
ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, &(0x7f0000000100))

00:14:18 executing program 5:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x800000000086, 0x0, 0x0, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r0, 0x1000000000016)

00:14:18 executing program 4:
r0 = openat$vicodec1(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0485661, &(0x7f0000000100))

00:14:18 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=<r3=>0x0)
ptrace$setopts(0x4200, r3, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)

00:14:18 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r3, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000080)=<r4=>0x0)
ptrace$setopts(0x4200, r4, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r5 = socket$inet6(0xa, 0x400000000001, 0x0)
r6 = getpid()
process_vm_writev(r6, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r2, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
dup(r5)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r1, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})

00:14:18 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$eventfd(r1, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r4, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000080)=<r5=>0x0)
ptrace$setopts(0x4200, r5, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r6 = socket$inet6(0xa, 0x400000000001, 0x0)
r7 = getpid()
process_vm_writev(r7, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
dup(r6)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000002c0)={<r8=>0x0, @in6={{0xa, 0x4e20, 0x5, @ipv4={[], [], @loopback}, 0x5}}, 0x1000, 0x3f, 0x3, 0x0, 0x8}, &(0x7f0000000380)=0x98)
setsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000003c0)={r8, 0x4}, 0x8)

00:14:18 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
r1 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r1, 0xc0485661, &(0x7f0000000100))

00:14:18 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=<r3=>0x0)
ptrace$setopts(0x4200, r3, 0x6, 0x100000)

00:14:18 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240))
r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0485661, &(0x7f0000000100))

00:14:18 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r3, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000080)=<r4=>0x0)
ptrace$setopts(0x4200, r4, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r5 = socket$inet6(0xa, 0x400000000001, 0x0)
r6 = getpid()
process_vm_writev(r6, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r2, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
dup(r5)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r1, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})

00:14:18 executing program 4:
r0 = openat$vicodec1(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0485661, &(0x7f0000000100))

00:14:18 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$eventfd(r1, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r4, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000080)=<r5=>0x0)
ptrace$setopts(0x4200, r5, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r6 = socket$inet6(0xa, 0x400000000001, 0x0)
r7 = getpid()
process_vm_writev(r7, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
dup(r6)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000002c0)={0x0, @in6={{0xa, 0x4e20, 0x5, @ipv4={[], [], @loopback}, 0x5}}, 0x1000, 0x3f, 0x3, 0x0, 0x8}, &(0x7f0000000380)=0x98)

00:14:18 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$eventfd(r1, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r4, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000080)=<r5=>0x0)
ptrace$setopts(0x4200, r5, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r6 = socket$inet6(0xa, 0x400000000001, 0x0)
r7 = getpid()
process_vm_writev(r7, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
dup(r6)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000002c0)={0x0, @in6={{0xa, 0x4e20, 0x5, @ipv4={[], [], @loopback}, 0x5}}, 0x1000, 0x3f, 0x3, 0x0, 0x8}, &(0x7f0000000380)=0x98)

00:14:19 executing program 5:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x800000000086, 0x0, 0x0, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r0, 0x1000000000016)

00:14:19 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080))

00:14:19 executing program 4:
r0 = openat$vicodec1(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0485661, &(0x7f0000000100))

00:14:19 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0485661, &(0x7f0000000100))

00:14:19 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r3, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000080)=<r4=>0x0)
ptrace$setopts(0x4200, r4, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r5 = socket$inet6(0xa, 0x400000000001, 0x0)
r6 = getpid()
process_vm_writev(r6, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r2, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
dup(r5)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r1, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)

00:14:19 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$eventfd(r1, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r4, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000080)=<r5=>0x0)
ptrace$setopts(0x4200, r5, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r6 = socket$inet6(0xa, 0x400000000001, 0x0)
r7 = getpid()
process_vm_writev(r7, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
dup(r6)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000002c0)={0x0, @in6={{0xa, 0x4e20, 0x5, @ipv4={[], [], @loopback}, 0x5}}, 0x1000, 0x3f, 0x3, 0x0, 0x8}, &(0x7f0000000380)=0x98)

00:14:19 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100))
r1 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r1, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)

00:14:19 executing program 4:
openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, &(0x7f0000000100))

00:14:19 executing program 3:
r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0485661, &(0x7f0000000100))

00:14:19 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r3, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000080)=<r4=>0x0)
ptrace$setopts(0x4200, r4, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r5 = socket$inet6(0xa, 0x400000000001, 0x0)
r6 = getpid()
process_vm_writev(r6, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r2, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
dup(r5)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r1, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})

00:14:19 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$eventfd(r1, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r4, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000080)=<r5=>0x0)
ptrace$setopts(0x4200, r5, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r6 = socket$inet6(0xa, 0x400000000001, 0x0)
r7 = getpid()
process_vm_writev(r7, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
dup(r6)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000002c0)={0x0, @in6={{0xa, 0x4e20, 0x5, @ipv4={[], [], @loopback}, 0x5}}, 0x1000, 0x3f, 0x3, 0x0, 0x8}, &(0x7f0000000380)=0x98)

00:14:19 executing program 4:
openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, &(0x7f0000000100))

00:14:19 executing program 5:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x800000000086, 0x0, 0x0, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, 0x0, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r0, 0x1000000000016)

00:14:19 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100))
r1 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r1, 0xc0485661, &(0x7f0000000100))

00:14:19 executing program 3:
r0 = openat$vicodec1(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0485661, &(0x7f0000000100))

00:14:19 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=<r3=>0x0)
ptrace$setopts(0x4200, r3, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r4 = socket$inet6(0xa, 0x400000000001, 0x0)
r5 = getpid()
process_vm_writev(r5, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r1, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
dup(r4)

00:14:19 executing program 4:
openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, &(0x7f0000000100))

00:14:19 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r3, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000080)=<r4=>0x0)
ptrace$setopts(0x4200, r4, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r5 = socket$inet6(0xa, 0x400000000001, 0x0)
r6 = getpid()
process_vm_writev(r6, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r2, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
dup(r5)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r1, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)

00:14:20 executing program 4:
r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0485661, 0x0)

00:14:20 executing program 3:
r0 = openat$vicodec1(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0485661, &(0x7f0000000100))

00:14:20 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=<r3=>0x0)
ptrace$setopts(0x4200, r3, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
socket$inet6(0xa, 0x400000000001, 0x0)
r4 = getpid()
process_vm_writev(r4, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r1, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)

00:14:20 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100))
ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, &(0x7f0000000100))

00:14:20 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r3, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000080)=<r4=>0x0)
ptrace$setopts(0x4200, r4, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r5 = socket$inet6(0xa, 0x400000000001, 0x0)
r6 = getpid()
process_vm_writev(r6, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r2, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
dup(r5)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r1, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)

00:14:20 executing program 3:
r0 = openat$vicodec1(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0485661, &(0x7f0000000100))

00:14:20 executing program 5:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x800000000086, 0x0, 0x0, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, 0x0, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r0, 0x1000000000016)

00:14:20 executing program 4:
r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0485661, 0x0)

00:14:20 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100))
ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, &(0x7f0000000100))

00:14:20 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=<r3=>0x0)
ptrace$setopts(0x4200, r3, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
socket$inet6(0xa, 0x400000000001, 0x0)
r4 = getpid()
process_vm_writev(r4, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)

00:14:20 executing program 3:
openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, &(0x7f0000000100))

00:14:20 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r3, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000080)=<r4=>0x0)
ptrace$setopts(0x4200, r4, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r5 = socket$inet6(0xa, 0x400000000001, 0x0)
r6 = getpid()
process_vm_writev(r6, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r2, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
dup(r5)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r1, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)

00:14:20 executing program 4:
r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0485661, 0x0)

00:14:20 executing program 5:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x800000000086, 0x0, 0x0, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, 0x0, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r0, 0x1000000000016)

00:14:20 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100))
ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, &(0x7f0000000100))

00:14:20 executing program 3:
openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, &(0x7f0000000100))

00:14:20 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=<r3=>0x0)
ptrace$setopts(0x4200, r3, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
socket$inet6(0xa, 0x400000000001, 0x0)
getpid()

00:14:20 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$eventfd(r1, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r4, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000080)=<r5=>0x0)
ptrace$setopts(0x4200, r5, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r6 = socket$inet6(0xa, 0x400000000001, 0x0)
r7 = getpid()
process_vm_writev(r7, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
dup(r6)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000002c0)={0x0, @in6={{0xa, 0x4e20, 0x5, @ipv4={[], [], @loopback}, 0x5}}, 0x1000, 0x3f, 0x3, 0x0, 0x8}, &(0x7f0000000380)=0x98)

00:14:20 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=<r3=>0x0)
ptrace$setopts(0x4200, r3, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
socket$inet6(0xa, 0x400000000001, 0x0)
r4 = getpid()
process_vm_writev(r4, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)

00:14:20 executing program 3:
openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, &(0x7f0000000100))

00:14:20 executing program 5:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x800000000086, 0x0, 0x0, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000044000), &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r0, 0x1000000000016)

00:14:20 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
r1 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r1, 0xc0485661, &(0x7f0000000100))

00:14:20 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=<r3=>0x0)
ptrace$setopts(0x4200, r3, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
socket$inet6(0xa, 0x400000000001, 0x0)

00:14:21 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=<r3=>0x0)
ptrace$setopts(0x4200, r3, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
socket$inet6(0xa, 0x400000000001, 0x0)
r4 = getpid()
process_vm_writev(r4, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)

00:14:21 executing program 3:
r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0485661, 0x0)

00:14:21 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240))
r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0485661, &(0x7f0000000100))

00:14:21 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=<r3=>0x0)
ptrace$setopts(0x4200, r3, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r4 = socket$inet6(0xa, 0x400000000001, 0x0)
r5 = getpid()
process_vm_writev(r5, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r1, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
dup(r4)

00:14:21 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=<r3=>0x0)
ptrace$setopts(0x4200, r3, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
socket$inet6(0xa, 0x400000000001, 0x0)
r4 = getpid()
process_vm_writev(r4, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)

00:14:21 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=<r3=>0x0)
ptrace$setopts(0x4200, r3, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)

00:14:21 executing program 3:
r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0485661, 0x0)

00:14:21 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0485661, &(0x7f0000000100))

00:14:21 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=<r3=>0x0)
ptrace$setopts(0x4200, r3, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
socket$inet6(0xa, 0x400000000001, 0x0)
r4 = getpid()
process_vm_writev(r4, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)

00:14:24 executing program 5:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x800000000086, 0x0, 0x0, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000044000), &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r0, 0x1000000000016)

00:14:24 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=<r3=>0x0)
ptrace$setopts(0x4200, r3, 0x6, 0x100000)

00:14:24 executing program 2:
r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0485661, &(0x7f0000000100))

00:14:24 executing program 3:
r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0485661, 0x0)

00:14:24 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$eventfd(r1, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r4, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000080)=<r5=>0x0)
ptrace$setopts(0x4200, r5, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r6 = socket$inet6(0xa, 0x400000000001, 0x0)
r7 = getpid()
process_vm_writev(r7, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
r8 = dup(r6)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000002c0)={<r9=>0x0, @in6={{0xa, 0x4e20, 0x5, @ipv4={[], [], @loopback}, 0x5}}, 0x1000, 0x3f, 0x3, 0x0, 0x8}, &(0x7f0000000380)=0x98)
setsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000003c0)={r9, 0x4}, 0x8)
setsockopt$inet6_tcp_int(r8, 0x6, 0xa, &(0x7f00007b1000)=0x81, 0x4)
bind$inet6(r6, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c)
connect$pptp(0xffffffffffffffff, 0x0, 0x0)

00:14:24 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$eventfd(r1, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r4, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000080)=<r5=>0x0)
ptrace$setopts(0x4200, r5, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r6 = socket$inet6(0xa, 0x400000000001, 0x0)
r7 = getpid()
process_vm_writev(r7, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
r8 = dup(r6)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000002c0)={<r9=>0x0, @in6={{0xa, 0x4e20, 0x5, @ipv4={[], [], @loopback}, 0x5}}, 0x1000, 0x3f, 0x3, 0x0, 0x8}, &(0x7f0000000380)=0x98)
setsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000003c0)={r9, 0x4}, 0x8)
setsockopt$inet6_tcp_int(r8, 0x6, 0xa, &(0x7f00007b1000)=0x81, 0x4)
bind$inet6(r6, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c)
connect$pptp(0xffffffffffffffff, 0x0, 0x0)

00:14:24 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r3, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000080)=<r4=>0x0)
ptrace$setopts(0x4200, r4, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r5 = socket$inet6(0xa, 0x400000000001, 0x0)
r6 = getpid()
process_vm_writev(r6, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r2, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
dup(r5)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r1, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})

00:14:24 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080))

00:14:24 executing program 2:
r0 = openat$vicodec1(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0485661, &(0x7f0000000100))

00:14:24 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$eventfd(r1, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r4, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000080)=<r5=>0x0)
ptrace$setopts(0x4200, r5, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r6 = socket$inet6(0xa, 0x400000000001, 0x0)
r7 = getpid()
process_vm_writev(r7, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
r8 = dup(r6)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000002c0)={<r9=>0x0, @in6={{0xa, 0x4e20, 0x5, @ipv4={[], [], @loopback}, 0x5}}, 0x1000, 0x3f, 0x3, 0x0, 0x8}, &(0x7f0000000380)=0x98)
setsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000003c0)={r9, 0x4}, 0x8)
setsockopt$inet6_tcp_int(r8, 0x6, 0xa, &(0x7f00007b1000)=0x81, 0x4)
bind$inet6(r6, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c)
connect$pptp(0xffffffffffffffff, 0x0, 0x0)
sendto$inet6(r6, 0x0, 0x0, 0x20000005, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)

00:14:24 executing program 4:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4)
msgsnd(0x0, &(0x7f0000000100)=ANY=[@ANYRESOCT], 0x1, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:14:24 executing program 2:
r0 = openat$vicodec1(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0485661, &(0x7f0000000100))

00:14:24 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4)
msgsnd(0x0, &(0x7f0000000100)=ANY=[@ANYRESOCT], 0x1, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:14:27 executing program 5:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x800000000086, 0x0, 0x0, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000044000), &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r0, 0x1000000000016)

00:14:27 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100))
r1 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r1, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)

00:14:27 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$eventfd(r1, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r4, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000080)=<r5=>0x0)
ptrace$setopts(0x4200, r5, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r6 = socket$inet6(0xa, 0x400000000001, 0x0)
r7 = getpid()
process_vm_writev(r7, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
r8 = dup(r6)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000002c0)={<r9=>0x0, @in6={{0xa, 0x4e20, 0x5, @ipv4={[], [], @loopback}, 0x5}}, 0x1000, 0x3f, 0x3, 0x0, 0x8}, &(0x7f0000000380)=0x98)
setsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000003c0)={r9, 0x4}, 0x8)
setsockopt$inet6_tcp_int(r8, 0x6, 0xa, &(0x7f00007b1000)=0x81, 0x4)
bind$inet6(r6, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c)
connect$pptp(0xffffffffffffffff, 0x0, 0x0)
sendto$inet6(r6, 0x0, 0x0, 0x20000005, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)

00:14:27 executing program 2:
r0 = openat$vicodec1(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0485661, &(0x7f0000000100))

00:14:27 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4)
msgsnd(0x0, &(0x7f0000000100)=ANY=[@ANYRESOCT], 0x1, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:14:27 executing program 4:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4)
msgsnd(0x0, &(0x7f0000000100)=ANY=[@ANYRESOCT], 0x1, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:14:27 executing program 2:
openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, &(0x7f0000000100))

00:14:27 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100))
r1 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r1, 0xc0485661, &(0x7f0000000100))

00:14:27 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4)
msgsnd(0x0, &(0x7f0000000100)=ANY=[@ANYRESOCT], 0x1, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:14:27 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$eventfd(r1, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r4, 0xc0485661, &(0x7f0000000100))
lseek(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000080)=<r5=>0x0)
ptrace$setopts(0x4200, r5, 0x6, 0x100000)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0)
r6 = socket$inet6(0xa, 0x400000000001, 0x0)
r7 = getpid()
process_vm_writev(r7, &(0x7f0000001780)=[{0x0}, {&(0x7f00000016c0)=""/145, 0x91}], 0x2, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x43, &(0x7f0000000140)={'HL\x00'}, &(0x7f0000000180)=0x1e)
r8 = dup(r6)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f00000001c0)={0x8000, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffff8001, 0x0, 0x2}})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000002c0)={<r9=>0x0, @in6={{0xa, 0x4e20, 0x5, @ipv4={[], [], @loopback}, 0x5}}, 0x1000, 0x3f, 0x3, 0x0, 0x8}, &(0x7f0000000380)=0x98)
setsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000003c0)={r9, 0x4}, 0x8)
setsockopt$inet6_tcp_int(r8, 0x6, 0xa, &(0x7f00007b1000)=0x81, 0x4)
bind$inet6(r6, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c)
connect$pptp(0xffffffffffffffff, 0x0, 0x0)
sendto$inet6(r6, 0x0, 0x0, 0x20000005, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)

00:14:27 executing program 2:
openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, &(0x7f0000000100))

00:14:27 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100))
ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, &(0x7f0000000100))

00:14:30 executing program 5:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x800000000086, 0x0, 0x0, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, 0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r0, 0x1000000000016)

00:14:30 executing program 2:
openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, &(0x7f0000000100))

00:14:30 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180))
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:14:30 executing program 1:
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x400000000, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rfkill\x00', 0x0, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
r1 = gettid()
process_vm_writev(r1, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1f80}], 0x32f, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x2034afa5}], 0x1, 0x0)
close(r0)

00:14:30 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100))
ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, &(0x7f0000000100))

00:14:30 executing program 4:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x0, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4)
msgsnd(0x0, &(0x7f0000000100)=ANY=[@ANYRESOCT], 0x1, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:14:30 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
pipe(&(0x7f0000000100))
ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, &(0x7f0000000100))

00:14:30 executing program 2:
r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0485661, 0x0)

00:14:30 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180))
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:14:30 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180))
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

[ 2479.920371][T16424] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
00:14:30 executing program 2:
r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0485661, 0x0)

[ 2479.975207][T16424] CPU: 1 PID: 16424 Comm: syz-executor.1 Not tainted 5.0.0+ #20
[ 2479.982911][T16424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2479.992988][T16424] Call Trace:
[ 2479.996306][T16424]  dump_stack+0x172/0x1f0
[ 2480.000698][T16424]  dump_header+0x10f/0xb6c
[ 2480.005139][T16424]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 2480.010999][T16424]  ? ___ratelimit+0x60/0x595
[ 2480.015733][T16424]  ? do_raw_spin_unlock+0x57/0x270
[ 2480.020879][T16424]  oom_kill_process.cold+0x10/0x15
[ 2480.026037][T16424]  out_of_memory+0x79a/0x1280
[ 2480.030773][T16424]  ? lock_downgrade+0x880/0x880
[ 2480.035653][T16424]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2480.041921][T16424]  ? oom_killer_disable+0x280/0x280
[ 2480.047152][T16424]  ? find_held_lock+0x35/0x130
[ 2480.051954][T16424]  mem_cgroup_out_of_memory+0x1ca/0x230
[ 2480.057538][T16424]  ? memcg_event_wake+0x230/0x230
[ 2480.062596][T16424]  ? do_raw_spin_unlock+0x57/0x270
[ 2480.067733][T16424]  ? _raw_spin_unlock+0x2d/0x50
00:14:30 executing program 2:
r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0485661, 0x0)

[ 2480.072617][T16424]  try_charge+0x102c/0x15c0
[ 2480.077151][T16424]  ? find_held_lock+0x35/0x130
[ 2480.081949][T16424]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[ 2480.087559][T16424]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2480.093838][T16424]  ? kasan_check_read+0x11/0x20
[ 2480.098722][T16424]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[ 2480.104301][T16424]  mem_cgroup_try_charge+0x24d/0x5e0
[ 2480.109623][T16424]  mem_cgroup_try_charge_delay+0x1f/0xa0
[ 2480.115292][T16424]  __handle_mm_fault+0x1e1f/0x3ec0
[ 2480.120440][T16424]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2480.126014][T16424]  ? find_held_lock+0x35/0x130
[ 2480.130808][T16424]  ? handle_mm_fault+0x322/0xb30
[ 2480.135779][T16424]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2480.142050][T16424]  ? kasan_check_read+0x11/0x20
[ 2480.146936][T16424]  handle_mm_fault+0x43f/0xb30
[ 2480.151725][T16424]  __get_user_pages+0x7b6/0x1a40
[ 2480.156700][T16424]  ? follow_page_mask+0x19a0/0x19a0
[ 2480.162028][T16424]  get_user_pages_remote+0x21d/0x440
[ 2480.167449][T16424]  process_vm_rw_core.isra.0+0x464/0xb10
[ 2480.173148][T16424]  ? alloc_vmap_area.cold+0x24/0x24
[ 2480.178378][T16424]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2480.184736][T16424]  ? _copy_from_user+0xdd/0x150
[ 2480.189604][T16424]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[ 2480.195352][T16424]  ? rw_copy_check_uvector+0x2a6/0x330
[ 2480.200849][T16424]  process_vm_rw+0x21f/0x240
[ 2480.205559][T16424]  ? process_vm_rw_core.isra.0+0xb10/0xb10
[ 2480.211390][T16424]  ? __might_fault+0x12b/0x1e0
[ 2480.216231][T16424]  ? kasan_check_read+0x11/0x20
[ 2480.221115][T16424]  ? _copy_to_user+0xc9/0x120
[ 2480.225813][T16424]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2480.232518][T16424]  ? nsecs_to_jiffies+0x30/0x30
[ 2480.237485][T16424]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 2480.242965][T16424]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 2480.242981][T16424]  ? do_syscall_64+0x26/0x610
[ 2480.243004][T16424]  __x64_sys_process_vm_writev+0xe3/0x1a0
[ 2480.243025][T16424]  do_syscall_64+0x103/0x610
[ 2480.243048][T16424]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2480.243060][T16424] RIP: 0033:0x457f29
[ 2480.243083][T16424] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 2480.293238][T16424] RSP: 002b:00007f4e0a86bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000137
[ 2480.293254][T16424] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457f29
[ 2480.293262][T16424] RDX: 000000000000032f RSI: 0000000020c22000 RDI: 0000000000002473
[ 2480.293269][T16424] RBP: 000000000073bf00 R08: 0000000000000001 R09: 0000000000000000
[ 2480.293277][T16424] R10: 0000000020c22fa0 R11: 0000000000000246 R12: 00007f4e0a86c6d4
[ 2480.293286][T16424] R13: 00000000004c4a55 R14: 00000000004d8358 R15: 00000000ffffffff
[ 2480.316862][T16424] memory: usage 307200kB, limit 307200kB, failcnt 3256
[ 2480.342410][T16424] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2480.410953][T16424] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2480.429729][T16424] Memory cgroup stats for /syz1: cache:8KB rss:250472KB rss_huge:223232KB shmem:136KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:250484KB inactive_file:0KB active_file:0KB unevictable:0KB
[ 2480.455610][T16424] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=16421,uid=0
[ 2480.471705][T16424] Memory cgroup out of memory: Killed process 16421 (syz-executor.1) total-vm:72576kB, anon-rss:7024kB, file-rss:34944kB, shmem-rss:0kB
[ 2480.491316][ T1043] oom_reaper: reaped process 16421 (syz-executor.1), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB
00:14:33 executing program 5:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x800000000086, 0x0, 0x0, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, 0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r0, 0x1000000000016)

00:14:33 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$eventfd(r0, &(0x7f0000000280)=0x8b6e, 0x8)
r1 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r1, 0xc0485661, &(0x7f0000000100))

00:14:33 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4)
msgsnd(0x0, &(0x7f0000000100)=ANY=[@ANYRESOCT], 0x1, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:14:33 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x400000000, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
r1 = gettid()
process_vm_writev(r1, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1f80}], 0x32f, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x2034afa5}], 0x1, 0x0)
close(r0)

00:14:33 executing program 1:
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x400000000, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rfkill\x00', 0x0, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
r1 = gettid()
process_vm_writev(r1, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1f80}], 0x32f, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x2034afa5}], 0x1, 0x0)
close(r0)

00:14:33 executing program 4:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200), 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:14:33 executing program 4:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200), 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:14:33 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, 0x0, 0x0)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:14:33 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240))
r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0485661, &(0x7f0000000100))

00:14:33 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, 0x0, 0x0)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

[ 2483.107314][T16466] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[ 2483.170210][T16466] CPU: 1 PID: 16466 Comm: syz-executor.1 Not tainted 5.0.0+ #20
[ 2483.179135][T16466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2483.190608][T16466] Call Trace:
[ 2483.195938][T16466]  dump_stack+0x172/0x1f0
[ 2483.200577][T16466]  dump_header+0x10f/0xb6c
[ 2483.205064][T16466]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 2483.210924][T16466]  ? ___ratelimit+0x60/0x595
[ 2483.215548][T16466]  ? do_raw_spin_unlock+0x57/0x270
[ 2483.220876][T16466]  oom_kill_process.cold+0x10/0x15
[ 2483.226024][T16466]  out_of_memory+0x79a/0x1280
[ 2483.232962][T16466]  ? lock_downgrade+0x880/0x880
[ 2483.238145][T16466]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2483.244891][T16466]  ? oom_killer_disable+0x280/0x280
[ 2483.250670][T16466]  ? find_held_lock+0x35/0x130
[ 2483.256098][T16466]  mem_cgroup_out_of_memory+0x1ca/0x230
[ 2483.261682][T16466]  ? memcg_event_wake+0x230/0x230
[ 2483.269467][T16466]  ? do_raw_spin_unlock+0x57/0x270
[ 2483.276356][T16466]  ? _raw_spin_unlock+0x2d/0x50
[ 2483.282195][T16466]  try_charge+0x102c/0x15c0
[ 2483.286975][T16466]  ? find_held_lock+0x35/0x130
[ 2483.291789][T16466]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[ 2483.298068][T16466]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2483.304555][T16466]  ? kasan_check_read+0x11/0x20
[ 2483.309453][T16466]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[ 2483.315059][T16466]  mem_cgroup_try_charge+0x24d/0x5e0
[ 2483.320483][T16466]  mem_cgroup_try_charge_delay+0x1f/0xa0
[ 2483.326255][T16466]  __handle_mm_fault+0x1e1f/0x3ec0
[ 2483.332019][T16466]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2483.337609][T16466]  ? find_held_lock+0x35/0x130
[ 2483.342965][T16466]  ? handle_mm_fault+0x322/0xb30
[ 2483.348452][T16466]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2483.354780][T16466]  ? kasan_check_read+0x11/0x20
[ 2483.359999][T16466]  handle_mm_fault+0x43f/0xb30
[ 2483.364821][T16466]  __get_user_pages+0x7b6/0x1a40
[ 2483.370159][T16466]  ? follow_page_mask+0x19a0/0x19a0
[ 2483.375592][T16466]  get_user_pages_remote+0x21d/0x440
[ 2483.381023][T16466]  process_vm_rw_core.isra.0+0x464/0xb10
[ 2483.386713][T16466]  ? alloc_vmap_area.cold+0x24/0x24
[ 2483.391948][T16466]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2483.398234][T16466]  ? _copy_from_user+0xdd/0x150
[ 2483.403122][T16466]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[ 2483.409310][T16466]  ? rw_copy_check_uvector+0x2a6/0x330
[ 2483.414823][T16466]  process_vm_rw+0x21f/0x240
[ 2483.419456][T16466]  ? process_vm_rw_core.isra.0+0xb10/0xb10
[ 2483.425315][T16466]  ? __might_fault+0x12b/0x1e0
[ 2483.430147][T16466]  ? kasan_check_read+0x11/0x20
[ 2483.435237][T16466]  ? _copy_to_user+0xc9/0x120
[ 2483.440038][T16466]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2483.446314][T16466]  ? nsecs_to_jiffies+0x30/0x30
[ 2483.451216][T16466]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 2483.456710][T16466]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 2483.462218][T16466]  ? do_syscall_64+0x26/0x610
[ 2483.466943][T16466]  __x64_sys_process_vm_writev+0xe3/0x1a0
[ 2483.472807][T16466]  do_syscall_64+0x103/0x610
[ 2483.477527][T16466]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2483.483471][T16466] RIP: 0033:0x457f29
[ 2483.487395][T16466] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 2483.507279][T16466] RSP: 002b:00007f4e0a86bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000137
00:14:34 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, 0x0, 0x0)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:14:34 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0485661, &(0x7f0000000100))

[ 2483.515716][T16466] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457f29
[ 2483.523710][T16466] RDX: 000000000000032f RSI: 0000000020c22000 RDI: 0000000000002476
[ 2483.531705][T16466] RBP: 000000000073bf00 R08: 0000000000000001 R09: 0000000000000000
[ 2483.539970][T16466] R10: 0000000020c22fa0 R11: 0000000000000246 R12: 00007f4e0a86c6d4
[ 2483.548320][T16466] R13: 00000000004c4a55 R14: 00000000004d8358 R15: 00000000ffffffff
[ 2483.701849][T16466] memory: usage 307132kB, limit 307200kB, failcnt 3288
[ 2483.723187][T16466] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2483.740948][T16466] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2483.757277][T16466] Memory cgroup stats for /syz1: cache:8KB rss:250588KB rss_huge:219136KB shmem:136KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:250668KB inactive_file:0KB active_file:0KB unevictable:0KB
[ 2483.781773][T16466] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=16457,uid=0
[ 2483.803987][T16466] Memory cgroup out of memory: Killed process 16466 (syz-executor.1) total-vm:72576kB, anon-rss:7464kB, file-rss:35812kB, shmem-rss:0kB
[ 2483.841218][ T1043] oom_reaper: reaped process 16466 (syz-executor.1), now anon-rss:0kB, file-rss:34852kB, shmem-rss:0kB
00:14:36 executing program 5:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x800000000086, 0x0, 0x0, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, 0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r0, 0x1000000000016)

00:14:36 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4)
msgsnd(0x0, &(0x7f0000000100)=ANY=[@ANYRESOCT], 0x1, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:14:36 executing program 0:
r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0485661, &(0x7f0000000100))

00:14:36 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, 0x0, 0x0)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:14:36 executing program 4:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200), 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:14:36 executing program 1:
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x400000000, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rfkill\x00', 0x0, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
r1 = gettid()
process_vm_writev(r1, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1f80}], 0x32f, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x2034afa5}], 0x1, 0x0)
close(r0)

00:14:36 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, 0x0, 0x0)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:14:36 executing program 4:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4)
msgsnd(0x0, &(0x7f0000000100)=ANY=[@ANYRESOCT], 0x1, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:14:36 executing program 0:
r0 = openat$vicodec1(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0485661, &(0x7f0000000100))

00:14:36 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x0, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:14:36 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, 0x0, 0x0)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:14:36 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

[ 2486.326710][T16515] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[ 2486.355462][T16515] CPU: 1 PID: 16515 Comm: syz-executor.1 Not tainted 5.0.0+ #20
[ 2486.363234][T16515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2486.373311][T16515] Call Trace:
[ 2486.376623][T16515]  dump_stack+0x172/0x1f0
[ 2486.380983][T16515]  dump_header+0x10f/0xb6c
[ 2486.388031][T16515]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 2486.393862][T16515]  ? ___ratelimit+0x60/0x595
[ 2486.398473][T16515]  ? do_raw_spin_unlock+0x57/0x270
[ 2486.403613][T16515]  oom_kill_process.cold+0x10/0x15
[ 2486.408757][T16515]  out_of_memory+0x79a/0x1280
[ 2486.413469][T16515]  ? lock_downgrade+0x880/0x880
[ 2486.418352][T16515]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2486.424709][T16515]  ? oom_killer_disable+0x280/0x280
[ 2486.429930][T16515]  ? find_held_lock+0x35/0x130
[ 2486.434738][T16515]  mem_cgroup_out_of_memory+0x1ca/0x230
[ 2486.434754][T16515]  ? memcg_event_wake+0x230/0x230
[ 2486.434777][T16515]  ? do_raw_spin_unlock+0x57/0x270
[ 2486.434795][T16515]  ? _raw_spin_unlock+0x2d/0x50
[ 2486.434814][T16515]  try_charge+0x102c/0x15c0
[ 2486.434828][T16515]  ? find_held_lock+0x35/0x130
[ 2486.434850][T16515]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[ 2486.434868][T16515]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2486.434887][T16515]  ? kasan_check_read+0x11/0x20
[ 2486.434907][T16515]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[ 2486.434928][T16515]  mem_cgroup_try_charge+0x24d/0x5e0
[ 2486.434951][T16515]  mem_cgroup_try_charge_delay+0x1f/0xa0
[ 2486.434984][T16515]  __handle_mm_fault+0x1e1f/0x3ec0
[ 2486.435007][T16515]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2486.435022][T16515]  ? find_held_lock+0x35/0x130
[ 2486.435039][T16515]  ? handle_mm_fault+0x322/0xb30
[ 2486.435070][T16515]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2486.445831][T16515]  ? kasan_check_read+0x11/0x20
[ 2486.529769][T16515]  handle_mm_fault+0x43f/0xb30
[ 2486.534637][T16515]  __get_user_pages+0x7b6/0x1a40
[ 2486.539654][T16515]  ? follow_page_mask+0x19a0/0x19a0
[ 2486.544903][T16515]  get_user_pages_remote+0x21d/0x440
[ 2486.550443][T16515]  process_vm_rw_core.isra.0+0x464/0xb10
[ 2486.556150][T16515]  ? alloc_vmap_area.cold+0x24/0x24
[ 2486.561370][T16515]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2486.567875][T16515]  ? _copy_from_user+0xdd/0x150
[ 2486.572791][T16515]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[ 2486.578526][T16515]  ? rw_copy_check_uvector+0x2a6/0x330
[ 2486.584098][T16515]  process_vm_rw+0x21f/0x240
[ 2486.589226][T16515]  ? process_vm_rw_core.isra.0+0xb10/0xb10
[ 2486.595232][T16515]  ? __might_fault+0x12b/0x1e0
[ 2486.600057][T16515]  ? kasan_check_read+0x11/0x20
[ 2486.604920][T16515]  ? _copy_to_user+0xc9/0x120
[ 2486.609605][T16515]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2486.616042][T16515]  ? nsecs_to_jiffies+0x30/0x30
[ 2486.620932][T16515]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 2486.626407][T16515]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 2486.632117][T16515]  ? do_syscall_64+0x26/0x610
[ 2486.636820][T16515]  __x64_sys_process_vm_writev+0xe3/0x1a0
[ 2486.642560][T16515]  do_syscall_64+0x103/0x610
[ 2486.647174][T16515]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2486.653079][T16515] RIP: 0033:0x457f29
[ 2486.656976][T16515] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 2486.676620][T16515] RSP: 002b:00007f4e0a86bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000137
[ 2486.685308][T16515] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457f29
[ 2486.693290][T16515] RDX: 000000000000032f RSI: 0000000020c22000 RDI: 0000000000002479
[ 2486.701297][T16515] RBP: 000000000073bf00 R08: 0000000000000001 R09: 0000000000000000
[ 2486.709276][T16515] R10: 0000000020c22fa0 R11: 0000000000000246 R12: 00007f4e0a86c6d4
[ 2486.717245][T16515] R13: 00000000004c4a55 R14: 00000000004d8358 R15: 00000000ffffffff
[ 2486.726754][T16515] memory: usage 307200kB, limit 307200kB, failcnt 3310
[ 2486.734100][T16515] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2486.741729][T16515] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2486.750092][T16515] Memory cgroup stats for /syz1: cache:8KB rss:250784KB rss_huge:219136KB shmem:136KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4KB active_anon:250844KB inactive_file:0KB active_file:0KB unevictable:0KB
[ 2486.771767][T16515] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=16510,uid=0
[ 2486.787352][T16515] Memory cgroup out of memory: Killed process 16510 (syz-executor.1) total-vm:72576kB, anon-rss:7420kB, file-rss:34944kB, shmem-rss:0kB
[ 2486.809454][ T1043] oom_reaper: reaped process 16510 (syz-executor.1), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB
00:14:39 executing program 5:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x800000000086, 0x0, 0x0, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, 0x0, &(0x7f0000040000))
tkill(r0, 0x1000000000016)

00:14:39 executing program 0:
r0 = openat$vicodec1(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0485661, &(0x7f0000000100))

00:14:39 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x400000000, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rfkill\x00', 0x0, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
r1 = gettid()
process_vm_writev(r1, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1f80}], 0x32f, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x2034afa5}], 0x1, 0x0)
close(r0)

00:14:39 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:14:39 executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:14:39 executing program 4:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, 0x0, 0x0)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:14:39 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, 0x0, 0x0)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:14:39 executing program 0:
r0 = openat$vicodec1(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0485661, &(0x7f0000000100))

00:14:39 executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:14:39 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x400000000, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rfkill\x00', 0x0, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
r1 = gettid()
process_vm_writev(r1, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1f80}], 0x32f, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x2034afa5}], 0x1, 0x0)
close(r0)

00:14:39 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:14:39 executing program 0:
openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, &(0x7f0000000100))

[ 2490.169842][ T1043] oom_reaper: reaped process 16582 (syz-executor.1), now anon-rss:0kB, file-rss:34852kB, shmem-rss:0kB
00:14:42 executing program 5:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x800000000086, 0x0, 0x0, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, 0x0, &(0x7f0000040000))
tkill(r0, 0x1000000000016)

00:14:42 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:14:42 executing program 0:
openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, &(0x7f0000000100))

00:14:42 executing program 4:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, 0x0, 0x0)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:14:42 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x400000000, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rfkill\x00', 0x0, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
r1 = gettid()
process_vm_writev(r1, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1f80}], 0x32f, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x2034afa5}], 0x1, 0x0)
close(r0)

00:14:42 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x400000000, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rfkill\x00', 0x0, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
r1 = gettid()
process_vm_writev(r1, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1f80}], 0x32f, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x2034afa5}], 0x1, 0x0)
close(r0)

00:14:42 executing program 2:
r0 = socket$inet(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip_tables_names\x00')
sendfile(r0, r2, &(0x7f0000000280)=0xdf, 0x80000003)

00:14:42 executing program 4:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, 0x0, 0x0)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:14:42 executing program 0:
openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, &(0x7f0000000100))

00:14:43 executing program 4:
socket(0x10, 0x3, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00')

00:14:43 executing program 0:
r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0485661, 0x0)

00:14:43 executing program 2:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/udp\x00')
lseek(r0, 0x20400000, 0x0)

00:14:45 executing program 5:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x800000000086, 0x0, 0x0, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, 0x0, &(0x7f0000040000))
tkill(r0, 0x1000000000016)

00:14:45 executing program 0:
r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0485661, 0x0)

00:14:45 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xee67, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone(0x100002102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={<r0=>0xffffffffffffffff})
ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, 0x0)
write$binfmt_misc(r0, &(0x7f00000000c0)=ANY=[], 0x7fffffff)

00:14:45 executing program 2:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
setsockopt$llc_int(r0, 0x10c, 0x3, &(0x7f0000000a00)=0xc000000000000000, 0x4)
connect$llc(r0, &(0x7f0000000000)={0x1a, 0x1, 0x0, 0x0, 0x0, 0xff, @dev}, 0x10)

00:14:45 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x400000000, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rfkill\x00', 0x0, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
r1 = gettid()
process_vm_writev(r1, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1f80}], 0x32f, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x2034afa5}], 0x1, 0x0)
close(r0)

00:14:45 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x400000000, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rfkill\x00', 0x0, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
r1 = gettid()
process_vm_writev(r1, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1f80}], 0x32f, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x2034afa5}], 0x1, 0x0)
close(r0)

00:14:45 executing program 0:
r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0485661, 0x0)

00:14:46 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = syz_open_dev$usbmon(&(0x7f00000000c0)='/dev/usbmon#\x00', 0x0, 0x101000)
ioctl$LOOP_GET_STATUS(r1, 0x4c03, &(0x7f0000000200))
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000080)={'lo\x00@\x00'})
socket$inet_tcp(0x2, 0x1, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0)
fcntl$setstatus(r3, 0x4, 0xc00)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
getpeername$packet(0xffffffffffffffff, 0x0, 0x0)
getresuid(0x0, 0x0, 0x0)
setsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0xffffff9f)
getpgrp(0x0)
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0)
write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x6c0b14fc)
write(0xffffffffffffffff, 0x0, 0x0)
setsockopt$bt_BT_SECURITY(0xffffffffffffffff, 0x112, 0x4, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0xffffffffffffffc1)
ioctl$sock_TIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0)
sendto$inet6(r3, 0x0, 0x0, 0x20000001, &(0x7f0000000040), 0x1c)
splice(r3, 0x0, r2, 0x0, 0x1000000000000003, 0x0)

00:14:46 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

[ 2495.558472][T16663] device lo left promiscuous mode
00:14:46 executing program 0:
r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0)
syncfs(r0)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)

00:14:46 executing program 2:
syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={[{@codepage={'codepage', 0x3d, 'cp8-0'}}]})

00:14:46 executing program 0:
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uinput\x00', 0x100002, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000880)={'syz0\x00'}, 0x45c)
ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0)

[ 2496.025255][T16679] input: syz0 as /devices/virtual/input/input12
[ 2496.086633][T16681] input: syz0 as /devices/virtual/input/input13
00:14:49 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280)='/dev/fuse\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)

00:14:49 executing program 5:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x800000000086, 0x0, 0x0, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r0, 0x1000000000016)

00:14:49 executing program 2:
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_open_procfs(0x0, &(0x7f0000000180)='mountstats\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/4\x00')
lseek(r0, 0x20400000, 0x0)

00:14:49 executing program 0:
syz_genetlink_get_family_id$tipc2(&(0x7f0000000200)='TIPCv2\x00')
creat(0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
epoll_create(0x2)
pipe(&(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0)
recvmsg(r0, &(0x7f00000008c0)={&(0x7f00000003c0)=@ethernet={0x0, @remote}, 0x80, 0x0}, 0x99147de9abf155d)
setsockopt$IP_VS_SO_SET_STARTDAEMON(0xffffffffffffffff, 0x0, 0x48b, &(0x7f00000001c0)={0x0, 'vcan0\x00'}, 0x18)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cpuset.effective_mems\x00', 0x26e1, 0x0)
ioctl$FS_IOC_FSSETXATTR(r1, 0x40086602, &(0x7f0000000340))
write$cgroup_int(r1, &(0x7f0000000140), 0xffffff35)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r1, 0x660c)

00:14:49 executing program 3:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)={0xf97cff8c, 0x8, 'SE Linux', "1200000000c46f0006000000070000003c9f0300000000000000c27ed0e81f00030000000000000067681bfdd451e6f43d45c932246169a1c20407"}, 0x4b)

00:14:49 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

[ 2498.536162][T16699] SELinux: failed to load policy
00:14:49 executing program 2:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(r0, r1, 0x0)

00:14:49 executing program 1:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
gettid()
ioctl$FS_IOC_GET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x400c6615, 0x0)
timer_create(0x0, 0x0, &(0x7f0000044000))
ioctl$FS_IOC_GET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x400c6615, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0xffab)
open(&(0x7f0000000040)='./file0\x00', 0x0, 0x20)
getsockopt$IP_VS_SO_GET_TIMEOUT(r0, 0x0, 0x486, &(0x7f0000000100), &(0x7f00000000c0)=0xfffffffffffffe18)

00:14:49 executing program 3:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, 0x0, &(0x7f0000000440))
r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x20)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r0, 0x0)
write$tun(r0, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)

00:14:49 executing program 1:
perf_event_open(&(0x7f0000000440)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x10)
r1 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0xffffffffffffffff, 0x2}, 0xc)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000280)={r1, &(0x7f0000000100), 0x0}, 0x18)
sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e0000002e008183ad5de0713c444d000d0001000000000000ff39a0053582c137153e3776f969de76012885ba60", 0x2e}], 0x1}, 0x0)
bpf$OBJ_GET_PROG(0x7, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)

00:14:49 executing program 2:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(r0, r1, 0x0)

00:14:49 executing program 2:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(r0, r1, 0x0)

00:14:49 executing program 3:
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='\x00\x00\x00\x00\x00egy\xc5\x8e\xcb\x1c\xf8\x8f\xca\x0f.?\xad\xae\x0f\xb5\xa3P\x8c\xea\x9c\xc7\x00\xeb\xedX#\xe34\x80O]\x87\xdd\x894\xdal;w\xf8\xf8\x03?v\xe8$\xfc\xf0\xb8\xda=\x8aWT2\x99?$\xb7FW\x19\xa0\xdbX\t\x10\x8f\xac\xbd')
ioctl$sock_inet_tcp_SIOCINQ(r0, 0x541b, &(0x7f0000000100))
r1 = openat$cgroup_ro(r0, &(0x7f00000003c0)='mem\x00\x01y7SwaS.\x06ur\x89\xc9B\xab\xe3\xfarent\x00\xaa\x1a\xfd\xae\v\xbf\xd8d\xbb\xaf9Q\xde\xfb\x1fY\x8do\xd1\x16\xce(\x82\xf1\xbf{5Z\x13\x15\x14\xd7\xb8\xce\xf20\x1e\xc0\xc2\xed<?\xc7\xb6s\xca\xff\x96\x9a}+Q\xd2\xd9{\xca\x86Vw\xde\xb3\x86\x91\xfd\xb5p\xdb$ j\xfb\xf8\xedw\xf4\x161a.\xc7\n\xe0X?\xc4\xf4BW\x01\x1f-\xcc\x01\xd0W\xc8\xf09\fV\x1b|A)\xb8\xda#NP\x1c\x9d\x93#V\x9f\"v\x19n{\x96\xaa\xbd0\x8ef\x9d\xb88CP(}w\x8c\xbb\xdc%\ax \x10\xd1\n(\xa8=\xf54\xa9\xcb\xe9\x97T\xcf\xcf\x87t', 0x0, 0x0)
openat$uhid(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
r2 = open(&(0x7f00000003c0)='./file0\x00', 0x141042, 0x30)
write$binfmt_elf64(r2, &(0x7f0000000480)=ANY=[], 0x2e7)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KDSKBMODE(r1, 0x4b45, &(0x7f00000000c0)=0x101)
ioctl$PERF_EVENT_IOC_RESET(r1, 0x2403, 0x9)
sendfile(r2, r2, &(0x7f00000001c0), 0xa198)
ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x401, 0x5, 0x1, <r3=>r0})
fcntl$getflags(r3, 0x40b)
r4 = syz_open_procfs(0x0, &(0x7f0000000140)='\x00\x00\x00\x00\x00')
writev(r4, &(0x7f0000000000)=[{&(0x7f00000002c0)='O', 0x1}], 0x1)
ioctl$BLKBSZSET(r2, 0x40081271, &(0x7f0000000080)=0x1)

00:14:49 executing program 5:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x800000000086, 0x0, 0x0, 0x0, 0x0)
gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(0x0, 0x1000000000016)

00:14:49 executing program 2:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(r0, r1, 0x0)

00:14:49 executing program 1:
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sched_setattr(0x0, &(0x7f0000000000)={0x0, 0x6, 0x0, 0x0, 0x0, 0x9917, 0xffff}, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/self/net/pfkey\x00', 0x2, 0x0)
ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f0000000140)=0x4)
arch_prctl$ARCH_GET_CPUID(0x1011)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f00000001c0)=0x1000)
getpgrp(0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', <r2=>0x0})
ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8936, &(0x7f0000000200)={@mcast2, 0x62, r2})
setsockopt$RDS_CONG_MONITOR(0xffffffffffffffff, 0x114, 0x6, &(0x7f0000000280), 0x4)
ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, &(0x7f00000000c0)=r1)
ioctl$DRM_IOCTL_IRQ_BUSID(0xffffffffffffffff, 0xc0106403, &(0x7f0000000040)={0x0, 0x800, 0x8000, 0x7})
ioctl$sock_inet6_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000180))
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
pipe2(&(0x7f0000000080), 0x4000)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.cpu/syz1\x00', 0x1ff)
unshare(0x40000000)

00:14:49 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

00:14:49 executing program 0:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x3a002, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
ioctl$sock_TIOCINQ(0xffffffffffffffff, 0x541b, 0x0)
add_key$user(&(0x7f0000000240)='user\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r0, 0x0)
write$tun(r0, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r1 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$TIOCLINUX7(r0, 0x541c, 0x0)
close(r1)

[ 2499.478103][T16736] sched: DL replenish lagged too much
[ 2499.570084][T16736] IPVS: ftp: loaded support on port[0] = 21
00:14:50 executing program 2:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
dup3(r0, 0xffffffffffffffff, 0x0)

00:14:50 executing program 2:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
dup3(r0, 0xffffffffffffffff, 0x0)

00:14:50 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)

[ 2500.107492][T16736] IPVS: ftp: loaded support on port[0] = 21
00:14:50 executing program 2:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
dup3(r0, 0xffffffffffffffff, 0x0)

00:14:50 executing program 1:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f0006000000070000003c9f0300000000000000c27ed0e81f00030070103c83000067681bfdd451e6f43d45c932246169a1"], 0x48)

00:14:50 executing program 1:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000100)={0xf97cff8c, 0x8, 'SE Linux', "1200000000c46f000600000007000000e958cb8e76426aa4"}, 0x28)

00:14:50 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

00:14:50 executing program 5:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x800000000086, 0x0, 0x0, 0x0, 0x0)
gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(0x0, 0x1000000000016)

00:14:50 executing program 1:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x2, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={'nr0\x01\x00', 0x3})
r1 = socket$kcm(0x29, 0x5, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&')
write$cgroup_subtree(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="70cf8100"], 0x4)

00:14:50 executing program 2:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(r0, r1, 0x0)

00:14:51 executing program 2:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(r0, r1, 0x0)

00:14:51 executing program 0:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

00:14:51 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$TIOCLINUX7(r1, 0x541c, &(0x7f0000000100))
close(r2)

00:14:51 executing program 2:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(r0, r1, 0x0)

[ 2500.662070][T16794] SELinux: failed to load policy
00:14:51 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)

00:14:51 executing program 0:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

00:14:51 executing program 2:
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r0 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(0xffffffffffffffff, r0, 0x0)

00:14:51 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$TIOCLINUX7(r1, 0x541c, &(0x7f0000000100))
close(r2)

[ 2501.028432][T16810] SELinux: failed to load policy
00:14:51 executing program 2:
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r0 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(0xffffffffffffffff, r0, 0x0)

00:14:51 executing program 5:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x800000000086, 0x0, 0x0, 0x0, 0x0)
gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(0x0, 0x1000000000016)

00:14:51 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040), &(0x7f0000000140)=0x8)

00:14:51 executing program 0:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

00:14:51 executing program 2:
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r0 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(0xffffffffffffffff, r0, 0x0)

00:14:51 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$TIOCLINUX7(r1, 0x541c, &(0x7f0000000100))
close(r2)

[ 2501.424547][T16827] SELinux: failed to load policy
00:14:52 executing program 2:
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(r0, r1, 0x0)

00:14:52 executing program 0:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

[ 2501.599581][T16839] SELinux: failed to load policy
00:14:52 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)

00:14:52 executing program 2:
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(r0, r1, 0x0)

00:14:52 executing program 0:
write$selinux_load(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

00:14:52 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$TIOCLINUX7(r1, 0x541c, &(0x7f0000000100))
close(r2)

00:14:52 executing program 0:
write$selinux_load(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

00:14:52 executing program 5:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x800000000086, 0x0, 0x0, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r0, 0x0)

00:14:52 executing program 2:
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(r0, r1, 0x0)

00:14:52 executing program 0:
write$selinux_load(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

00:14:52 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040), &(0x7f0000000140)=0x8)

00:14:52 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:14:53 executing program 2:
socketpair$unix(0x1, 0x2, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r0 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(0xffffffffffffffff, r0, 0x0)

00:14:53 executing program 0:
r0 = openat$selinux_load(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

00:14:53 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)

00:14:53 executing program 2:
socketpair$unix(0x1, 0x2, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r0 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(0xffffffffffffffff, r0, 0x0)

00:14:53 executing program 0:
r0 = openat$selinux_load(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

00:14:53 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:14:53 executing program 2:
socketpair$unix(0x1, 0x2, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r0 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(0xffffffffffffffff, r0, 0x0)

00:14:53 executing program 5:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x800000000086, 0x0, 0x0, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r0, 0x0)

00:14:53 executing program 0:
r0 = openat$selinux_load(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

00:14:53 executing program 2:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r1 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(r0, r1, 0x0)

00:14:53 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040), &(0x7f0000000140)=0x8)

00:14:53 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:14:53 executing program 2:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r1 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(r0, r1, 0x0)

00:14:53 executing program 0:
openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

00:14:54 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

00:14:54 executing program 0:
openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

00:14:54 executing program 2:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r1 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(r0, r1, 0x0)

00:14:54 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
close(0xffffffffffffffff)

00:14:54 executing program 0:
openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

00:14:54 executing program 5:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x800000000086, 0x0, 0x0, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r0, 0x0)

00:14:54 executing program 2:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x0)
r1 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(r0, r1, 0x0)

00:14:54 executing program 0:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, 0x0, 0x0)

00:14:54 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
close(0xffffffffffffffff)

00:14:54 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

[ 2504.264263][T16946] syz-executor.0: vmalloc: allocation failure: 0 bytes, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz0,mems_allowed=0-1
[ 2504.290578][T16946] CPU: 1 PID: 16946 Comm: syz-executor.0 Not tainted 5.0.0+ #20
[ 2504.298469][T16946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2504.308551][T16946] Call Trace:
00:14:54 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

00:14:54 executing program 2:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x0)
r1 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(r0, r1, 0x0)

[ 2504.311880][T16946]  dump_stack+0x172/0x1f0
[ 2504.316236][T16946]  warn_alloc.cold+0x87/0x17f
[ 2504.320964][T16946]  ? zone_watermark_ok_safe+0x260/0x260
[ 2504.326568][T16946]  ? lock_downgrade+0x880/0x880
[ 2504.331527][T16946]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2504.337794][T16946]  ? avc_has_perm+0x404/0x610
[ 2504.342673][T16946]  __vmalloc_node_range+0x48a/0x790
[ 2504.348001][T16946]  ? sel_write_load+0x1de/0x470
[ 2504.352882][T16946]  vmalloc+0x6b/0x90
[ 2504.356793][T16946]  ? sel_write_load+0x1de/0x470
[ 2504.361668][T16946]  sel_write_load+0x1de/0x470
[ 2504.366367][T16946]  __vfs_write+0x8d/0x110
[ 2504.370730][T16946]  ? sel_make_policy_nodes+0x1540/0x1540
[ 2504.376387][T16946]  vfs_write+0x20c/0x580
[ 2504.380665][T16946]  ksys_write+0xea/0x1f0
[ 2504.384932][T16946]  ? __ia32_sys_read+0xb0/0xb0
[ 2504.391222][T16946]  ? do_syscall_64+0x26/0x610
[ 2504.396028][T16946]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2504.402228][T16946]  ? do_syscall_64+0x26/0x610
[ 2504.406937][T16946]  __x64_sys_write+0x73/0xb0
[ 2504.411562][T16946]  do_syscall_64+0x103/0x610
[ 2504.416182][T16946]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2504.422096][T16946] RIP: 0033:0x457f29
[ 2504.426024][T16946] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 2504.445678][T16946] RSP: 002b:00007f5d497c7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 2504.454197][T16946] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29
[ 2504.462272][T16946] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 2504.471234][T16946] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[ 2504.479252][T16946] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5d497c86d4
[ 2504.487508][T16946] R13: 00000000004c7481 R14: 00000000004dd080 R15: 00000000ffffffff
[ 2504.534225][T16946] Mem-Info:
[ 2504.542334][T16946] active_anon:348334 inactive_anon:210 isolated_anon:0
[ 2504.542334][T16946]  active_file:8744 inactive_file:44888 isolated_file:0
[ 2504.542334][T16946]  unevictable:0 dirty:238 writeback:0 unstable:0
[ 2504.542334][T16946]  slab_reclaimable:17004 slab_unreclaimable:115535
[ 2504.542334][T16946]  mapped:58790 shmem:262 pagetables:14153 bounce:0
[ 2504.542334][T16946]  free:975272 free_pcp:451 free_cma:0
00:14:55 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

00:14:55 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

00:14:55 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
close(0xffffffffffffffff)

00:14:55 executing program 2:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x0)
r1 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(r0, r1, 0x0)

[ 2504.660719][T16946] Node 0 active_anon:1391116kB inactive_anon:832kB active_file:34832kB inactive_file:179560kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235276kB dirty:1056kB writeback:0kB shmem:1048kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 970752kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
00:14:55 executing program 4:
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r0=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000040)={r0}, &(0x7f0000000140)=0x8)

[ 2504.731687][T16946] Node 1 active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 2504.900965][T16946] Node 0 DMA free:11812kB min:220kB low:272kB high:324kB active_anon:4096kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2505.003034][T16946] lowmem_reserve[]: 0 2553 2555 2555
[ 2505.025033][T16946] Node 0 DMA32 free:105452kB min:36232kB low:45288kB high:54344kB active_anon:1387100kB inactive_anon:832kB active_file:34832kB inactive_file:179560kB unevictable:0kB writepending:1056kB present:3129332kB managed:2617996kB mlocked:0kB kernel_stack:23488kB pagetables:56428kB bounce:0kB free_pcp:2492kB local_pcp:996kB free_cma:0kB
[ 2505.067167][T16946] lowmem_reserve[]: 0 0 2 2
[ 2505.071965][T16946] Node 0 Normal free:8kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2505.106131][T16946] lowmem_reserve[]: 0 0 0 0
[ 2505.116728][T16946] Node 1 Normal free:3784972kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2505.154208][T16946] lowmem_reserve[]: 0 0 0 0
[ 2505.159029][T16946] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 2*4096kB (M) = 11812kB
[ 2505.181370][T16946] Node 0 DMA32: 1051*4kB (UME) 579*8kB (UME) 434*16kB (UME) 208*32kB (UME) 91*64kB (UME) 41*128kB (UME) 31*256kB (UME) 31*512kB (UME) 45*1024kB (UM) 1*2048kB (M) 0*4096kB = 105444kB
[ 2505.203785][T16946] Node 0 Normal: 0*4kB 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB
[ 2505.216080][T16946] Node 1 Normal: 69*4kB (UE) 233*8kB (UE) 241*16kB (UE) 59*32kB (UME) 17*64kB (UME) 8*128kB (UE) 8*256kB (UME) 5*512kB (UM) 4*1024kB (UME) 1*2048kB (U) 919*4096kB (M) = 3784972kB
[ 2505.234763][T16946] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 2505.245086][T16946] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 2505.255126][T16946] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 2505.267007][T16946] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 2505.283090][T16946] 53894 total pagecache pages
[ 2505.288575][T16946] 0 pages in swap cache
[ 2505.293031][T16946] Swap cache stats: add 0, delete 0, find 0/0
[ 2505.299798][T16946] Free swap  = 0kB
[ 2505.304254][T16946] Total swap = 0kB
[ 2505.308539][T16946] 1965979 pages RAM
[ 2505.312687][T16946] 0 pages HighMem/MovableOnly
[ 2505.318158][T16946] 339406 pages reserved
[ 2505.322557][T16946] 0 pages cma reserved
00:14:55 executing program 0:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, 0x0, 0x0)

00:14:55 executing program 2:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$selinux_access(0xffffffffffffff9c, 0x0, 0x2, 0x0)
dup3(r0, r1, 0x0)

00:14:55 executing program 4:
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r0=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000040)={r0}, &(0x7f0000000140)=0x8)

00:14:55 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:14:55 executing program 5:
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, 0x0, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r0, 0x0)
write$tun(r0, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r1 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)

[ 2505.449114][T16984] syz-executor.0: vmalloc: allocation failure: 0 bytes, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz0,mems_allowed=0-1
00:14:56 executing program 4:
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r0=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000040)={r0}, &(0x7f0000000140)=0x8)

[ 2505.541213][T16984] CPU: 1 PID: 16984 Comm: syz-executor.0 Not tainted 5.0.0+ #20
[ 2505.548899][T16984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2505.559169][T16984] Call Trace:
[ 2505.559202][T16984]  dump_stack+0x172/0x1f0
[ 2505.559224][T16984]  warn_alloc.cold+0x87/0x17f
[ 2505.559243][T16984]  ? zone_watermark_ok_safe+0x260/0x260
[ 2505.559261][T16984]  ? lock_downgrade+0x880/0x880
[ 2505.559290][T16984]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2505.559307][T16984]  ? avc_has_perm+0x404/0x610
[ 2505.559335][T16984]  __vmalloc_node_range+0x48a/0x790
[ 2505.598140][T16984]  ? sel_write_load+0x1de/0x470
[ 2505.603037][T16984]  vmalloc+0x6b/0x90
[ 2505.607230][T16984]  ? sel_write_load+0x1de/0x470
[ 2505.612116][T16984]  sel_write_load+0x1de/0x470
[ 2505.616822][T16984]  __vfs_write+0x8d/0x110
[ 2505.621169][T16984]  ? sel_make_policy_nodes+0x1540/0x1540
[ 2505.626834][T16984]  vfs_write+0x20c/0x580
[ 2505.631121][T16984]  ksys_write+0xea/0x1f0
[ 2505.635377][T16984]  ? __ia32_sys_read+0xb0/0xb0
00:14:56 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x0, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

[ 2505.640163][T16984]  ? do_syscall_64+0x26/0x610
[ 2505.644888][T16984]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2505.650971][T16984]  ? do_syscall_64+0x26/0x610
[ 2505.655706][T16984]  __x64_sys_write+0x73/0xb0
[ 2505.660317][T16984]  do_syscall_64+0x103/0x610
[ 2505.664929][T16984]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2505.670845][T16984] RIP: 0033:0x457f29
[ 2505.670861][T16984] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 2505.670868][T16984] RSP: 002b:00007f5d497c7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 2505.694393][T16984] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29
[ 2505.694402][T16984] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 2505.694409][T16984] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[ 2505.694416][T16984] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5d497c86d4
00:14:56 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

00:14:56 executing program 2:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$selinux_access(0xffffffffffffff9c, 0x0, 0x2, 0x0)
dup3(r0, r1, 0x0)

[ 2505.694423][T16984] R13: 00000000004c7481 R14: 00000000004dd080 R15: 00000000ffffffff
[ 2505.742418][T16984] Mem-Info:
[ 2505.748876][T16984] active_anon:348314 inactive_anon:210 isolated_anon:0
[ 2505.748876][T16984]  active_file:8743 inactive_file:44899 isolated_file:0
[ 2505.748876][T16984]  unevictable:0 dirty:275 writeback:0 unstable:0
[ 2505.748876][T16984]  slab_reclaimable:16986 slab_unreclaimable:115765
[ 2505.748876][T16984]  mapped:58790 shmem:262 pagetables:14082 bounce:0
[ 2505.748876][T16984]  free:975023 free_pcp:648 free_cma:0
00:14:56 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:14:56 executing program 5:
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x1ed)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0xa7, 0x40, 0x0, 0xffffff21)
ioctl$PPPIOCGL2TPSTATS(0xffffffffffffffff, 0x80487436, &(0x7f0000000080))
ioctl$KVM_RUN(r2, 0xae80, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x0)

00:14:56 executing program 2:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$selinux_access(0xffffffffffffff9c, 0x0, 0x2, 0x0)
dup3(r0, r1, 0x0)

[ 2506.037081][T16984] Node 0 active_anon:1393240kB inactive_anon:840kB active_file:34832kB inactive_file:179596kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235160kB dirty:1100kB writeback:0kB shmem:1048kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 970752kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 2506.104122][T16984] Node 1 active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 2506.214529][T16984] Node 0 DMA free:11812kB min:220kB low:272kB high:324kB active_anon:4096kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2506.306252][T16984] lowmem_reserve[]: 0 2553 2555 2555
[ 2506.322322][T16984] Node 0 DMA32 free:102160kB min:36232kB low:45288kB high:54344kB active_anon:1389344kB inactive_anon:840kB active_file:34832kB inactive_file:179596kB unevictable:0kB writepending:1100kB present:3129332kB managed:2617996kB mlocked:0kB kernel_stack:23616kB pagetables:56476kB bounce:0kB free_pcp:1796kB local_pcp:1096kB free_cma:0kB
[ 2506.522517][T16984] lowmem_reserve[]: 0 0 2 2
[ 2506.551983][T16984] Node 0 Normal free:8kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2506.622953][T16984] lowmem_reserve[]: 0 0 0 0
[ 2506.668662][T16984] Node 1 Normal free:3784972kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2506.754730][T16984] lowmem_reserve[]: 0 0 0 0
[ 2506.769111][T16984] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 2*4096kB (M) = 11812kB
[ 2506.814292][T16984] Node 0 DMA32: 1228*4kB (UME) 916*8kB (UME) 435*16kB (UME) 221*32kB (UME) 91*64kB (UME) 25*128kB (UME) 25*256kB (UME) 31*512kB (UME) 45*1024kB (UM) 1*2048kB (M) 0*4096kB = 105696kB
[ 2506.853214][T16984] Node 0 Normal: 0*4kB 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB
[ 2506.889849][T16984] Node 1 Normal: 69*4kB (UE) 233*8kB (UE) 241*16kB (UE) 59*32kB (UME) 17*64kB (UME) 8*128kB (UE) 8*256kB (UME) 5*512kB (UM) 4*1024kB (UME) 1*2048kB (U) 919*4096kB (M) = 3784972kB
[ 2506.914553][T16984] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 2506.929641][T16984] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 2506.940652][T16984] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 2506.956966][T16984] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 2506.970153][T16984] 53905 total pagecache pages
[ 2506.978570][T16984] 0 pages in swap cache
[ 2506.982916][T16984] Swap cache stats: add 0, delete 0, find 0/0
00:14:57 executing program 0:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, 0x0, 0x0)

00:14:57 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x0, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

00:14:57 executing program 2:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(0xffffffffffffffff, r1, 0x0)

00:14:57 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:14:57 executing program 5:
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x1ed)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0xa7, 0x40, 0x0, 0xffffff21)
ioctl$PPPIOCGL2TPSTATS(0xffffffffffffffff, 0x80487436, &(0x7f0000000080))
ioctl$KVM_RUN(r2, 0xae80, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x0)

00:14:57 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

[ 2506.990854][T16984] Free swap  = 0kB
[ 2506.996331][T16984] Total swap = 0kB
[ 2507.000123][T16984] 1965979 pages RAM
[ 2507.005996][T16984] 0 pages HighMem/MovableOnly
[ 2507.010857][T16984] 339406 pages reserved
[ 2507.016821][T16984] 0 pages cma reserved
00:14:57 executing program 2:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(0xffffffffffffffff, r1, 0x0)

[ 2507.142609][T17038] syz-executor.0: vmalloc: allocation failure: 0 bytes, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz0,mems_allowed=0-1
[ 2507.245601][T17038] CPU: 1 PID: 17038 Comm: syz-executor.0 Not tainted 5.0.0+ #20
[ 2507.254682][T17038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2507.264752][T17038] Call Trace:
[ 2507.268078][T17038]  dump_stack+0x172/0x1f0
[ 2507.272439][T17038]  warn_alloc.cold+0x87/0x17f
[ 2507.277140][T17038]  ? zone_watermark_ok_safe+0x260/0x260
[ 2507.283601][T17038]  ? lock_downgrade+0x880/0x880
[ 2507.288484][T17038]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2507.294753][T17038]  ? avc_has_perm+0x404/0x610
[ 2507.299500][T17038]  __vmalloc_node_range+0x48a/0x790
[ 2507.304778][T17038]  ? sel_write_load+0x1de/0x470
[ 2507.309737][T17038]  vmalloc+0x6b/0x90
[ 2507.313685][T17038]  ? sel_write_load+0x1de/0x470
[ 2507.318549][T17038]  sel_write_load+0x1de/0x470
[ 2507.323334][T17038]  __vfs_write+0x8d/0x110
[ 2507.327687][T17038]  ? sel_make_policy_nodes+0x1540/0x1540
[ 2507.333336][T17038]  vfs_write+0x20c/0x580
[ 2507.337600][T17038]  ksys_write+0xea/0x1f0
[ 2507.341859][T17038]  ? __ia32_sys_read+0xb0/0xb0
00:14:57 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x0, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

00:14:57 executing program 2:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(0xffffffffffffffff, r1, 0x0)

[ 2507.346645][T17038]  ? do_syscall_64+0x26/0x610
[ 2507.351617][T17038]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2507.357709][T17038]  ? do_syscall_64+0x26/0x610
[ 2507.362590][T17038]  __x64_sys_write+0x73/0xb0
[ 2507.367211][T17038]  do_syscall_64+0x103/0x610
[ 2507.371843][T17038]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2507.377746][T17038] RIP: 0033:0x457f29
00:14:57 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

[ 2507.381656][T17038] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 2507.401723][T17038] RSP: 002b:00007f5d497c7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 2507.401738][T17038] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29
[ 2507.401745][T17038] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 2507.401751][T17038] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[ 2507.401759][T17038] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5d497c86d4
[ 2507.401766][T17038] R13: 00000000004c7481 R14: 00000000004dd080 R15: 00000000ffffffff
00:14:58 executing program 2:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(r0, 0xffffffffffffffff, 0x0)

00:14:58 executing program 5:
syz_mount_image$minix(&(0x7f00000000c0)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000240)=[{&(0x7f0000000100)="600084e002000a00900cda40ff1ad5c98f13", 0x12, 0x400}], 0x0, 0x0)

[ 2507.659281][T17061] MINIX-fs: bad superblock or unable to read bitmaps
[ 2507.747456][T17061] MINIX-fs: bad superblock or unable to read bitmaps
[ 2507.766334][T17038] Mem-Info:
[ 2507.769705][T17038] active_anon:348312 inactive_anon:209 isolated_anon:0
[ 2507.769705][T17038]  active_file:8743 inactive_file:44908 isolated_file:0
[ 2507.769705][T17038]  unevictable:0 dirty:302 writeback:0 unstable:0
[ 2507.769705][T17038]  slab_reclaimable:17044 slab_unreclaimable:116223
[ 2507.769705][T17038]  mapped:58815 shmem:262 pagetables:14091 bounce:0
[ 2507.769705][T17038]  free:974516 free_pcp:621 free_cma:0
[ 2507.809108][T17038] Node 0 active_anon:1393248kB inactive_anon:836kB active_file:34832kB inactive_file:179632kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235360kB dirty:1208kB writeback:0kB shmem:1048kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 972800kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 2507.843366][T17038] Node 1 active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 2507.870908][T17038] Node 0 DMA free:11812kB min:220kB low:272kB high:324kB active_anon:4096kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2507.898831][T17038] lowmem_reserve[]: 0 2553 2555 2555
[ 2507.905013][T17038] Node 0 DMA32 free:103456kB min:36232kB low:45288kB high:54344kB active_anon:1386968kB inactive_anon:836kB active_file:34832kB inactive_file:179632kB unevictable:0kB writepending:1208kB present:3129332kB managed:2617996kB mlocked:0kB kernel_stack:23360kB pagetables:56364kB bounce:0kB free_pcp:2368kB local_pcp:1040kB free_cma:0kB
[ 2507.940347][T17038] lowmem_reserve[]: 0 0 2 2
[ 2507.945273][T17038] Node 0 Normal free:8kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2507.972424][T17038] lowmem_reserve[]: 0 0 0 0
[ 2507.977136][T17038] Node 1 Normal free:3784972kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2508.012506][T17038] lowmem_reserve[]: 0 0 0 0
[ 2508.022953][T17038] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 2*4096kB (M) = 11812kB
[ 2508.044451][T17038] Node 0 DMA32: 1123*4kB (UME) 931*8kB (UME) 521*16kB (UME) 226*32kB (UME) 89*64kB (UME) 24*128kB (ME) 15*256kB (ME) 30*512kB (UME) 45*1024kB (UM) 1*2048kB (M) 0*4096kB = 103604kB
[ 2508.068287][T17038] Node 0 Normal: 0*4kB 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB
[ 2508.080897][T17038] Node 1 Normal: 69*4kB (UE) 233*8kB (UE) 241*16kB (UE) 59*32kB (UME) 17*64kB (UME) 8*128kB (UE) 8*256kB (UME) 5*512kB (UM) 4*1024kB (UME) 1*2048kB (U) 919*4096kB (M) = 3784972kB
[ 2508.098866][T17038] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 2508.109370][T17038] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 2508.118813][T17038] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 2508.129366][T17038] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 2508.138754][T17038] 53912 total pagecache pages
[ 2508.143455][T17038] 0 pages in swap cache
00:14:58 executing program 0:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[], 0x0)

00:14:58 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

00:14:58 executing program 2:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(r0, 0xffffffffffffffff, 0x0)

00:14:58 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:14:58 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

00:14:58 executing program 5:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$FS_IOC_GETVERSION(0xffffffffffffffff, 0x80087601, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, 0x0, 0x0)
geteuid()
r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000280)='/dev/full\x00', 0x0, 0x0)
setuid(0x0)
r2 = dup3(r0, r1, 0x0)
readv(0xffffffffffffffff, 0x0, 0x0)
setsockopt$ARPT_SO_SET_ADD_COUNTERS(r2, 0x0, 0x61, &(0x7f0000000140)={'filter\x00', 0x4}, 0x68)
setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0)
setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, 0x0, 0x0)
ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, 0x0)

[ 2508.147798][T17038] Swap cache stats: add 0, delete 0, find 0/0
[ 2508.154408][T17038] Free swap  = 0kB
[ 2508.158122][T17038] Total swap = 0kB
[ 2508.161842][T17038] 1965979 pages RAM
[ 2508.165745][T17038] 0 pages HighMem/MovableOnly
[ 2508.170426][T17038] 339406 pages reserved
[ 2508.174652][T17038] 0 pages cma reserved
00:14:58 executing program 5:
socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0)
syz_open_dev$evdev(0x0, 0x0, 0x0)
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xfffffdc6)
r3 = socket$inet(0x2, 0x3, 0x1)
getsockopt$IP_VS_SO_GET_SERVICE(r0, 0x0, 0x483, 0x0, 0x0)
setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000000c0)={@rand_addr, @dev}, 0x14)
getresuid(0x0, &(0x7f0000000280), &(0x7f0000000340))
connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10)
listen(r3, 0x1)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
splice(r0, 0x0, r2, 0x0, 0x810005, 0x0)

00:14:58 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

00:14:58 executing program 2:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(r0, 0xffffffffffffffff, 0x0)

[ 2508.283904][T17085] syz-executor.0: vmalloc: allocation failure: 0 bytes, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz0,mems_allowed=0-1
[ 2508.379025][T17085] CPU: 0 PID: 17085 Comm: syz-executor.0 Not tainted 5.0.0+ #20
[ 2508.388160][T17085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2508.398352][T17085] Call Trace:
[ 2508.402069][T17085]  dump_stack+0x172/0x1f0
[ 2508.406455][T17085]  warn_alloc.cold+0x87/0x17f
[ 2508.411170][T17085]  ? zone_watermark_ok_safe+0x260/0x260
[ 2508.416737][T17085]  ? lock_downgrade+0x880/0x880
[ 2508.421625][T17085]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2508.427964][T17085]  ? avc_has_perm+0x404/0x610
[ 2508.432695][T17085]  __vmalloc_node_range+0x48a/0x790
[ 2508.438029][T17085]  ? sel_write_load+0x1de/0x470
[ 2508.442919][T17085]  vmalloc+0x6b/0x90
[ 2508.446845][T17085]  ? sel_write_load+0x1de/0x470
[ 2508.451726][T17085]  sel_write_load+0x1de/0x470
[ 2508.456457][T17085]  __vfs_write+0x8d/0x110
[ 2508.460994][T17085]  ? sel_make_policy_nodes+0x1540/0x1540
[ 2508.466840][T17085]  vfs_write+0x20c/0x580
[ 2508.471110][T17085]  ksys_write+0xea/0x1f0
[ 2508.475485][T17085]  ? __ia32_sys_read+0xb0/0xb0
[ 2508.480271][T17085]  ? do_syscall_64+0x26/0x610
[ 2508.484970][T17085]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2508.491081][T17085]  ? do_syscall_64+0x26/0x610
[ 2508.495791][T17085]  __x64_sys_write+0x73/0xb0
[ 2508.500496][T17085]  do_syscall_64+0x103/0x610
[ 2508.505125][T17085]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2508.511040][T17085] RIP: 0033:0x457f29
00:14:58 executing program 2:
r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r0)
socket$kcm(0x29, 0x5, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0xe, 0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB="8500000007000000c5000000000008a0950000000000000084ae819e86f415df029977ed1caf7c0103ee8e6a7fe45cbda3d734faf56017453a0120903e2a62baf48b399b408c6365ad2adb0edf26214bd35eb286824337a5656ae3c66e991a4f5f0089ee0f514a203dc65d0b30b7951cea3cdf2ab96616b6e8f799191578ad88afd8d28c0d76aa16fd24bb6b0698f2534750770deca705ba3f7212e766f18282915b91b4a914cd406c86e24f72a4a620fca17b3a4f29d5ebdeedc4a9327f639b091bde9cfe094c24ff4cf3c60a48aef9c496b41afeb943221467b99f46bb70707c"], 0x0, 0x6, 0x1000, &(0x7f0000014000)=""/4096, 0x40f00}, 0x48)

00:14:59 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

[ 2508.514945][T17085] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 2508.534568][T17085] RSP: 002b:00007f5d497c7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 2508.534583][T17085] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29
[ 2508.534590][T17085] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
[ 2508.534597][T17085] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[ 2508.534605][T17085] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5d497c86d4
00:14:59 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

[ 2508.534613][T17085] R13: 00000000004c7481 R14: 00000000004dd080 R15: 00000000ffffffff
00:14:59 executing program 0:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[], 0x0)

00:14:59 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

00:14:59 executing program 2:
r0 = syz_open_dev$sndtimer(&(0x7f0000000180)='/dev/snd/timer\x00', 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_TREAD(r0, 0x40045402, &(0x7f00000001c0))

[ 2508.711150][T17113] syz-executor.0: vmalloc: allocation failure: 0 bytes, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz0,mems_allowed=0-1
[ 2508.734394][T17113] CPU: 1 PID: 17113 Comm: syz-executor.0 Not tainted 5.0.0+ #20
[ 2508.742066][T17113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2508.752147][T17113] Call Trace:
[ 2508.755459][T17113]  dump_stack+0x172/0x1f0
[ 2508.759847][T17113]  warn_alloc.cold+0x87/0x17f
[ 2508.764554][T17113]  ? zone_watermark_ok_safe+0x260/0x260
[ 2508.770111][T17113]  ? lock_downgrade+0x880/0x880
[ 2508.770138][T17113]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2508.770160][T17113]  ? avc_has_perm+0x404/0x610
[ 2508.785938][T17113]  __vmalloc_node_range+0x48a/0x790
[ 2508.791172][T17113]  ? sel_write_load+0x1de/0x470
[ 2508.796077][T17113]  vmalloc+0x6b/0x90
[ 2508.800008][T17113]  ? sel_write_load+0x1de/0x470
[ 2508.804880][T17113]  sel_write_load+0x1de/0x470
[ 2508.809625][T17113]  __vfs_write+0x8d/0x110
[ 2508.813985][T17113]  ? sel_make_policy_nodes+0x1540/0x1540
[ 2508.819825][T17113]  vfs_write+0x20c/0x580
[ 2508.824095][T17113]  ksys_write+0xea/0x1f0
[ 2508.828367][T17113]  ? __ia32_sys_read+0xb0/0xb0
[ 2508.833156][T17113]  ? do_syscall_64+0x26/0x610
[ 2508.837854][T17113]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2508.844066][T17113]  ? do_syscall_64+0x26/0x610
[ 2508.848959][T17113]  __x64_sys_write+0x73/0xb0
[ 2508.853674][T17113]  do_syscall_64+0x103/0x610
[ 2508.858297][T17113]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2508.864207][T17113] RIP: 0033:0x457f29
[ 2508.864223][T17113] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 2508.864230][T17113] RSP: 002b:00007f5d497c7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 2508.864244][T17113] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29
00:14:59 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

[ 2508.864251][T17113] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
[ 2508.864259][T17113] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[ 2508.864267][T17113] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5d497c86d4
[ 2508.864275][T17113] R13: 00000000004c7481 R14: 00000000004dd080 R15: 00000000ffffffff
[ 2508.874168][T17113] warn_alloc_show_mem: 1 callbacks suppressed
[ 2508.874182][T17113] Mem-Info:
[ 2508.960271][T17113] active_anon:348302 inactive_anon:210 isolated_anon:0
[ 2508.960271][T17113]  active_file:8743 inactive_file:44918 isolated_file:0
[ 2508.960271][T17113]  unevictable:0 dirty:315 writeback:0 unstable:0
[ 2508.960271][T17113]  slab_reclaimable:17049 slab_unreclaimable:116128
[ 2508.960271][T17113]  mapped:58815 shmem:262 pagetables:14095 bounce:0
[ 2508.960271][T17113]  free:974657 free_pcp:453 free_cma:0
[ 2509.006293][T17113] Node 0 active_anon:1393308kB inactive_anon:840kB active_file:34832kB inactive_file:179672kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235260kB dirty:1260kB writeback:0kB shmem:1048kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 970752kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
00:14:59 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

00:14:59 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

[ 2509.040182][T17113] Node 1 active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 2509.077591][T17113] Node 0 DMA free:11812kB min:220kB low:272kB high:324kB active_anon:4096kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2509.108680][T17113] lowmem_reserve[]: 0 2553 2555 2555
[ 2509.116319][T17113] Node 0 DMA32 free:100896kB min:36232kB low:45288kB high:54344kB active_anon:1389212kB inactive_anon:840kB active_file:34832kB inactive_file:179672kB unevictable:0kB writepending:1260kB present:3129332kB managed:2617996kB mlocked:0kB kernel_stack:23648kB pagetables:56528kB bounce:0kB free_pcp:1992kB local_pcp:1360kB free_cma:0kB
[ 2509.166543][T17113] lowmem_reserve[]: 0 0 2 2
[ 2509.171427][T17113] Node 0 Normal free:8kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2509.198481][T17113] lowmem_reserve[]: 0 0 0 0
[ 2509.210376][T17113] Node 1 Normal free:3784972kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2509.239196][T17113] lowmem_reserve[]: 0 0 0 0
[ 2509.245250][T17113] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 2*4096kB (M) = 11812kB
[ 2509.262185][T17113] Node 0 DMA32: 928*4kB (UME) 653*8kB (UME) 570*16kB (UME) 241*32kB (UME) 89*64kB (UME) 24*128kB (ME) 15*256kB (ME) 30*512kB (UME) 45*1024kB (UM) 0*2048kB 0*4096kB = 99816kB
[ 2509.281256][T17113] Node 0 Normal: 0*4kB 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB
[ 2509.293268][T17113] Node 1 Normal: 69*4kB (UE) 233*8kB (UE) 241*16kB (UE) 59*32kB (UME) 17*64kB (UME) 8*128kB (UE) 8*256kB (UME) 5*512kB (UM) 4*1024kB (UME) 1*2048kB (U) 919*4096kB (M) = 3784972kB
[ 2509.311209][T17113] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 2509.321588][T17113] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 2509.331078][T17113] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 2509.340789][T17113] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 2509.350255][T17113] 53922 total pagecache pages
[ 2509.355127][T17113] 0 pages in swap cache
[ 2509.359381][T17113] Swap cache stats: add 0, delete 0, find 0/0
00:14:59 executing program 5:
perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
clone(0x0, 0x0, 0x0, 0x0, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x8000000000000014)
wait4(0x0, 0x0, 0x0, 0x0)

00:14:59 executing program 2:
syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = memfd_create(&(0x7f0000000040)='/dev/autofs\x00', 0x0)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0)
syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x800)

00:14:59 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

00:14:59 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240), 0x0)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

00:14:59 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

[ 2509.368285][T17113] Free swap  = 0kB
[ 2509.372184][T17113] Total swap = 0kB
[ 2509.380401][T17113] 1965979 pages RAM
[ 2509.388569][T17113] 0 pages HighMem/MovableOnly
[ 2509.393423][T17113] 339406 pages reserved
[ 2509.401260][T17113] 0 pages cma reserved
00:15:00 executing program 0:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[], 0x0)

00:15:00 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

[ 2509.510924][   T25] audit: type=1400 audit(1552522500.058:129): avc:  denied  { map } for  pid=17132 comm="syz-executor.2" path=2F6D656D66643A2F6465762F6175746F6673202864656C6574656429 dev="tmpfs" ino=309193 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:tmpfs_t:s0 tclass=file permissive=1
00:15:00 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240), 0x0)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

00:15:00 executing program 2:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

[ 2509.610457][T17151] syz-executor.0: vmalloc: allocation failure: 0 bytes, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz0,mems_allowed=0-1
00:15:00 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

[ 2509.669405][T17151] CPU: 1 PID: 17151 Comm: syz-executor.0 Not tainted 5.0.0+ #20
[ 2509.677084][T17151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2509.687159][T17151] Call Trace:
[ 2509.690473][T17151]  dump_stack+0x172/0x1f0
[ 2509.690500][T17151]  warn_alloc.cold+0x87/0x17f
[ 2509.690534][T17151]  ? zone_watermark_ok_safe+0x260/0x260
[ 2509.699598][T17151]  ? lock_downgrade+0x880/0x880
[ 2509.699627][T17151]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2509.699642][T17151]  ? avc_has_perm+0x404/0x610
[ 2509.699668][T17151]  __vmalloc_node_range+0x48a/0x790
[ 2509.726355][T17151]  ? sel_write_load+0x1de/0x470
[ 2509.731236][T17151]  vmalloc+0x6b/0x90
[ 2509.735164][T17151]  ? sel_write_load+0x1de/0x470
[ 2509.740230][T17151]  sel_write_load+0x1de/0x470
[ 2509.744953][T17151]  __vfs_write+0x8d/0x110
[ 2509.749321][T17151]  ? sel_make_policy_nodes+0x1540/0x1540
[ 2509.755257][T17151]  vfs_write+0x20c/0x580
[ 2509.759543][T17151]  ksys_write+0xea/0x1f0
[ 2509.763821][T17151]  ? __ia32_sys_read+0xb0/0xb0
00:15:00 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240), 0x0)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

[ 2509.768619][T17151]  ? do_syscall_64+0x26/0x610
[ 2509.773336][T17151]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2509.779455][T17151]  ? do_syscall_64+0x26/0x610
[ 2509.784189][T17151]  __x64_sys_write+0x73/0xb0
[ 2509.789346][T17151]  do_syscall_64+0x103/0x610
[ 2509.793966][T17151]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2509.800176][T17151] RIP: 0033:0x457f29
[ 2509.804099][T17151] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 2509.824101][T17151] RSP: 002b:00007f5d497c7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 2509.832546][T17151] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29
[ 2509.832567][T17151] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
[ 2509.849362][T17151] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[ 2509.857357][T17151] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5d497c86d4
[ 2509.865538][T17151] R13: 00000000004c7481 R14: 00000000004dd080 R15: 00000000ffffffff
[ 2509.888048][T17151] Mem-Info:
[ 2509.891634][T17151] active_anon:348339 inactive_anon:208 isolated_anon:0
[ 2509.891634][T17151]  active_file:8743 inactive_file:44928 isolated_file:0
[ 2509.891634][T17151]  unevictable:0 dirty:327 writeback:1 unstable:0
[ 2509.891634][T17151]  slab_reclaimable:17048 slab_unreclaimable:116344
00:15:00 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

[ 2509.891634][T17151]  mapped:58790 shmem:262 pagetables:14171 bounce:0
[ 2509.891634][T17151]  free:974331 free_pcp:455 free_cma:0
[ 2509.940692][T17151] Node 0 active_anon:1393356kB inactive_anon:832kB active_file:34832kB inactive_file:179712kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235160kB dirty:1308kB writeback:4kB shmem:1048kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 972800kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 2509.973098][T17151] Node 1 active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 2510.006300][T17151] Node 0 DMA free:11812kB min:220kB low:272kB high:324kB active_anon:4096kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2510.034401][T17151] lowmem_reserve[]: 0 2553 2555 2555
[ 2510.046217][T17151] Node 0 DMA32 free:99700kB min:36232kB low:45288kB high:54344kB active_anon:1389260kB inactive_anon:832kB active_file:34832kB inactive_file:179712kB unevictable:0kB writepending:1312kB present:3129332kB managed:2617996kB mlocked:0kB kernel_stack:23648kB pagetables:56536kB bounce:0kB free_pcp:2060kB local_pcp:1060kB free_cma:0kB
[ 2510.078171][T17151] lowmem_reserve[]: 0 0 2 2
[ 2510.096277][T17151] Node 0 Normal free:8kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2510.129775][T17151] lowmem_reserve[]: 0 0 0 0
[ 2510.137532][T17151] Node 1 Normal free:3784972kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2510.167281][T17151] lowmem_reserve[]: 0 0 0 0
[ 2510.172003][T17151] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 2*4096kB (M) = 11812kB
[ 2510.186424][T17151] Node 0 DMA32: 903*4kB (ME) 654*8kB (UME) 613*16kB (UME) 266*32kB (UME) 89*64kB (UME) 24*128kB (ME) 15*256kB (ME) 30*512kB (UME) 45*1024kB (UM) 0*2048kB 0*4096kB = 101212kB
[ 2510.203914][T17151] Node 0 Normal: 0*4kB 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB
[ 2510.215848][T17151] Node 1 Normal: 69*4kB (UE) 233*8kB (UE) 241*16kB (UE) 59*32kB (UME) 17*64kB (UME) 8*128kB (UE) 8*256kB (UME) 5*512kB (UM) 4*1024kB (UME) 1*2048kB (U) 919*4096kB (M) = 3784972kB
[ 2510.233753][T17151] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 2510.243298][T17151] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 2510.252657][T17151] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 2510.262869][T17151] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 2510.272245][T17151] 53933 total pagecache pages
[ 2510.277068][T17151] 0 pages in swap cache
[ 2510.281217][T17151] Swap cache stats: add 0, delete 0, find 0/0
[ 2510.287356][T17151] Free swap  = 0kB
[ 2510.291088][T17151] Total swap = 0kB
[ 2510.294901][T17151] 1965979 pages RAM
[ 2510.298727][T17151] 0 pages HighMem/MovableOnly
[ 2510.303424][T17151] 339406 pages reserved
[ 2510.307675][T17151] 0 pages cma reserved
00:15:03 executing program 5:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:03 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

00:15:03 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:03 executing program 2:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:03 executing program 0:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x0)

00:15:03 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

[ 2512.572996][T17183] syz-executor.0: vmalloc: allocation failure: 0 bytes, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz0,mems_allowed=0-1
00:15:03 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

[ 2512.671575][T17183] CPU: 0 PID: 17183 Comm: syz-executor.0 Not tainted 5.0.0+ #20
[ 2512.679251][T17183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2512.689721][T17183] Call Trace:
[ 2512.693074][T17183]  dump_stack+0x172/0x1f0
[ 2512.697718][T17183]  warn_alloc.cold+0x87/0x17f
[ 2512.702534][T17183]  ? zone_watermark_ok_safe+0x260/0x260
[ 2512.708305][T17183]  ? lock_downgrade+0x880/0x880
[ 2512.713200][T17183]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2512.719553][T17183]  ? avc_has_perm+0x404/0x610
[ 2512.724279][T17183]  __vmalloc_node_range+0x48a/0x790
[ 2512.729521][T17183]  ? sel_write_load+0x1de/0x470
[ 2512.734413][T17183]  vmalloc+0x6b/0x90
[ 2512.738336][T17183]  ? sel_write_load+0x1de/0x470
[ 2512.743591][T17183]  sel_write_load+0x1de/0x470
[ 2512.748304][T17183]  __vfs_write+0x8d/0x110
[ 2512.752662][T17183]  ? sel_make_policy_nodes+0x1540/0x1540
[ 2512.758333][T17183]  vfs_write+0x20c/0x580
[ 2512.762880][T17183]  ksys_write+0xea/0x1f0
[ 2512.767159][T17183]  ? __ia32_sys_read+0xb0/0xb0
[ 2512.771950][T17183]  ? do_syscall_64+0x26/0x610
[ 2512.776653][T17183]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2512.782916][T17183]  ? do_syscall_64+0x26/0x610
[ 2512.788247][T17183]  __x64_sys_write+0x73/0xb0
[ 2512.792871][T17183]  do_syscall_64+0x103/0x610
[ 2512.797513][T17183]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2512.803538][T17183] RIP: 0033:0x457f29
00:15:03 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

[ 2512.808766][T17183] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 2512.828577][T17183] RSP: 002b:00007f5d497c7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 2512.837103][T17183] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29
[ 2512.845178][T17183] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
[ 2512.853251][T17183] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[ 2512.861250][T17183] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5d497c86d4
[ 2512.869242][T17183] R13: 00000000004c7481 R14: 00000000004dd080 R15: 00000000ffffffff
00:15:03 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

[ 2512.908439][T17183] Mem-Info:
[ 2512.922190][T17183] active_anon:348366 inactive_anon:208 isolated_anon:0
[ 2512.922190][T17183]  active_file:8743 inactive_file:44936 isolated_file:0
[ 2512.922190][T17183]  unevictable:0 dirty:363 writeback:0 unstable:0
[ 2512.922190][T17183]  slab_reclaimable:16995 slab_unreclaimable:116333
[ 2512.922190][T17183]  mapped:58815 shmem:262 pagetables:14127 bounce:0
[ 2512.922190][T17183]  free:974488 free_pcp:376 free_cma:0
[ 2512.963464][T17183] Node 0 active_anon:1393464kB inactive_anon:832kB active_file:34832kB inactive_file:179744kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235160kB dirty:1452kB writeback:0kB shmem:1048kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 972800kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
00:15:03 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

[ 2512.994373][T17183] Node 1 active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 2513.021826][T17183] Node 0 DMA free:11812kB min:220kB low:272kB high:324kB active_anon:4096kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2513.057034][T17183] lowmem_reserve[]: 0 2553 2555 2555
[ 2513.068663][T17183] Node 0 DMA32 free:101744kB min:36232kB low:45288kB high:54344kB active_anon:1389368kB inactive_anon:832kB active_file:34832kB inactive_file:179744kB unevictable:0kB writepending:1452kB present:3129332kB managed:2617996kB mlocked:0kB kernel_stack:23744kB pagetables:56656kB bounce:0kB free_pcp:1528kB local_pcp:792kB free_cma:0kB
[ 2513.111148][T17183] lowmem_reserve[]: 0 0 2 2
[ 2513.118881][T17183] Node 0 Normal free:8kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2513.151945][T17183] lowmem_reserve[]: 0 0 0 0
00:15:03 executing program 2:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

[ 2513.156820][T17183] Node 1 Normal free:3784972kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2513.191230][T17183] lowmem_reserve[]: 0 0 0 0
[ 2513.197151][T17183] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 2*4096kB (M) = 11812kB
00:15:03 executing program 5:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

[ 2513.230401][T17183] Node 0 DMA32: 1064*4kB (UME) 624*8kB (UME) 577*16kB (UME) 273*32kB (UME) 91*64kB (UME) 24*128kB (ME) 15*256kB (ME) 30*512kB (UME) 45*1024kB (UM) 0*2048kB 0*4096kB = 101392kB
[ 2513.274438][T17183] Node 0 Normal: 0*4kB 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB
00:15:03 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:03 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

[ 2513.365068][T17183] Node 1 Normal: 69*4kB (UE) 233*8kB (UE) 241*16kB (UE) 59*32kB (UME) 17*64kB (UME) 8*128kB (UE) 8*256kB (UME) 5*512kB (UM) 4*1024kB (UME) 1*2048kB (U) 919*4096kB (M) = 3784972kB
[ 2513.386880][T17183] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 2513.412910][T17183] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 2513.465424][T17183] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
00:15:04 executing program 2:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

[ 2513.517420][T17183] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 2513.543764][T17183] 53940 total pagecache pages
[ 2513.553102][T17183] 0 pages in swap cache
00:15:04 executing program 0:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x0)

[ 2513.563890][T17183] Swap cache stats: add 0, delete 0, find 0/0
[ 2513.570606][T17183] Free swap  = 0kB
[ 2513.575589][T17183] Total swap = 0kB
[ 2513.579603][T17183] 1965979 pages RAM
[ 2513.586916][T17183] 0 pages HighMem/MovableOnly
[ 2513.592285][T17183] 339406 pages reserved
[ 2513.596791][T17183] 0 pages cma reserved
00:15:04 executing program 5:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:04 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

[ 2513.725094][T17226] syz-executor.0: vmalloc: allocation failure: 0 bytes, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz0,mems_allowed=0-1
[ 2513.740205][T17226] CPU: 0 PID: 17226 Comm: syz-executor.0 Not tainted 5.0.0+ #20
[ 2513.747873][T17226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2513.758323][T17226] Call Trace:
[ 2513.761639][T17226]  dump_stack+0x172/0x1f0
[ 2513.766020][T17226]  warn_alloc.cold+0x87/0x17f
[ 2513.770729][T17226]  ? zone_watermark_ok_safe+0x260/0x260
[ 2513.776298][T17226]  ? lock_downgrade+0x880/0x880
[ 2513.781180][T17226]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2513.787449][T17226]  ? avc_has_perm+0x404/0x610
[ 2513.792158][T17226]  __vmalloc_node_range+0x48a/0x790
[ 2513.797392][T17226]  ? sel_write_load+0x1de/0x470
[ 2513.802271][T17226]  vmalloc+0x6b/0x90
[ 2513.806362][T17226]  ? sel_write_load+0x1de/0x470
[ 2513.812364][T17226]  sel_write_load+0x1de/0x470
[ 2513.817072][T17226]  __vfs_write+0x8d/0x110
[ 2513.821717][T17226]  ? sel_make_policy_nodes+0x1540/0x1540
[ 2513.827385][T17226]  vfs_write+0x20c/0x580
[ 2513.831765][T17226]  ksys_write+0xea/0x1f0
[ 2513.836241][T17226]  ? __ia32_sys_read+0xb0/0xb0
[ 2513.841223][T17226]  ? do_syscall_64+0x26/0x610
[ 2513.845936][T17226]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2513.852025][T17226]  ? do_syscall_64+0x26/0x610
[ 2513.858117][T17226]  __x64_sys_write+0x73/0xb0
[ 2513.862823][T17226]  do_syscall_64+0x103/0x610
[ 2513.867436][T17226]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2513.873348][T17226] RIP: 0033:0x457f29
[ 2513.877278][T17226] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 2513.900928][T17226] RSP: 002b:00007f5d497c7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 2513.909615][T17226] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29
[ 2513.917612][T17226] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
[ 2513.925779][T17226] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[ 2513.933769][T17226] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5d497c86d4
[ 2513.941774][T17226] R13: 00000000004c7481 R14: 00000000004dd080 R15: 00000000ffffffff
[ 2513.960487][T17226] Mem-Info:
[ 2513.963980][T17226] active_anon:348378 inactive_anon:210 isolated_anon:0
00:15:04 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

[ 2513.963980][T17226]  active_file:8743 inactive_file:44945 isolated_file:0
[ 2513.963980][T17226]  unevictable:0 dirty:372 writeback:0 unstable:0
[ 2513.963980][T17226]  slab_reclaimable:16998 slab_unreclaimable:116163
[ 2513.963980][T17226]  mapped:58790 shmem:262 pagetables:14165 bounce:0
[ 2513.963980][T17226]  free:974577 free_pcp:419 free_cma:0
[ 2514.008203][T17226] Node 0 active_anon:1393512kB inactive_anon:840kB active_file:34832kB inactive_file:179780kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235160kB dirty:1488kB writeback:0kB shmem:1048kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 970752kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 2514.066719][T17226] Node 1 active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
00:15:04 executing program 2:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

[ 2514.103765][T17226] Node 0 DMA free:11812kB min:220kB low:272kB high:324kB active_anon:4096kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2514.136015][T17226] lowmem_reserve[]: 0 2553 2555 2555
00:15:04 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

[ 2514.168558][T17226] Node 0 DMA32 free:101476kB min:36232kB low:45288kB high:54344kB active_anon:1389316kB inactive_anon:840kB active_file:34832kB inactive_file:179780kB unevictable:0kB writepending:1488kB present:3129332kB managed:2617996kB mlocked:0kB kernel_stack:23712kB pagetables:56660kB bounce:0kB free_pcp:1520kB local_pcp:1164kB free_cma:0kB
00:15:04 executing program 5:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

[ 2514.226993][T17226] lowmem_reserve[]: 0 0 2 2
[ 2514.231771][T17226] Node 0 Normal free:8kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
00:15:04 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

00:15:04 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x400000000, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rfkill\x00', 0x0, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0)
r1 = gettid()
process_vm_writev(r1, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1f80}], 0x32f, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x2034afa5}], 0x1, 0x0)
close(r0)

[ 2514.370569][T17226] lowmem_reserve[]: 0 0 0 0
[ 2514.381541][T17226] Node 1 Normal free:3784972kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2514.466466][T17226] lowmem_reserve[]: 0 0 0 0
[ 2514.471225][T17226] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 2*4096kB (M) = 11812kB
[ 2514.487313][T17255] binder: 17249:17255 Release 1 refcount change on invalid ref 0 ret -22
00:15:05 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4)
msgsnd(0x0, &(0x7f0000000100)=ANY=[@ANYRESOCT], 0x1, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

[ 2514.503306][T17226] Node 0 DMA32: 954*4kB (UME) 543*8kB (UME) 592*16kB (UME) 289*32kB (UME) 91*64kB (UME) 24*128kB (ME) 15*256kB (ME) 30*512kB (UME) 45*1024kB (UM) 0*2048kB 0*4096kB = 101056kB
[ 2514.528274][T17226] Node 0 Normal: 0*4kB 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB
[ 2514.553252][T17226] Node 1 Normal: 69*4kB (UE) 233*8kB (UE) 241*16kB (UE) 59*32kB (UME) 17*64kB (UME) 8*128kB (UE) 8*256kB (UME) 5*512kB (UM) 4*1024kB (UME) 1*2048kB (U) 919*4096kB (M) = 3784972kB
[ 2514.606140][T17226] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 2514.624235][T17226] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 2514.640019][T17226] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
00:15:05 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

[ 2514.650559][T17226] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 2514.666559][T17226] 53955 total pagecache pages
[ 2514.678086][T17226] 0 pages in swap cache
[ 2514.683123][T17226] Swap cache stats: add 0, delete 0, find 0/0
[ 2514.692741][T17226] Free swap  = 0kB
[ 2514.699960][T17226] Total swap = 0kB
00:15:05 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4)
msgsnd(0x0, &(0x7f0000000100)=ANY=[@ANYRESOCT], 0x1, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

[ 2514.708264][T17226] 1965979 pages RAM
[ 2514.712301][T17226] 0 pages HighMem/MovableOnly
[ 2514.723013][T17226] 339406 pages reserved
[ 2514.735848][T17226] 0 pages cma reserved
00:15:05 executing program 0:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x0)

00:15:05 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

00:15:05 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

[ 2514.952618][T17271] syz-executor.0: vmalloc: allocation failure: 0 bytes, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz0,mems_allowed=0-1
00:15:05 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

[ 2515.091691][T17271] CPU: 0 PID: 17271 Comm: syz-executor.0 Not tainted 5.0.0+ #20
[ 2515.099670][T17271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2515.109850][T17271] Call Trace:
[ 2515.113170][T17271]  dump_stack+0x172/0x1f0
[ 2515.117623][T17271]  warn_alloc.cold+0x87/0x17f
[ 2515.122768][T17271]  ? zone_watermark_ok_safe+0x260/0x260
[ 2515.128341][T17271]  ? lock_downgrade+0x880/0x880
[ 2515.133227][T17271]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2515.143418][T17271]  ? avc_has_perm+0x404/0x610
[ 2515.153078][T17271]  __vmalloc_node_range+0x48a/0x790
[ 2515.158307][T17271]  ? sel_write_load+0x1de/0x470
[ 2515.163188][T17271]  vmalloc+0x6b/0x90
[ 2515.167109][T17271]  ? sel_write_load+0x1de/0x470
[ 2515.171991][T17271]  sel_write_load+0x1de/0x470
[ 2515.176728][T17271]  __vfs_write+0x8d/0x110
[ 2515.181172][T17271]  ? sel_make_policy_nodes+0x1540/0x1540
[ 2515.186862][T17271]  vfs_write+0x20c/0x580
[ 2515.191136][T17271]  ksys_write+0xea/0x1f0
[ 2515.195449][T17271]  ? __ia32_sys_read+0xb0/0xb0
[ 2515.200302][T17271]  ? do_syscall_64+0x26/0x610
[ 2515.205125][T17271]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2515.211236][T17271]  ? do_syscall_64+0x26/0x610
[ 2515.215947][T17271]  __x64_sys_write+0x73/0xb0
[ 2515.220842][T17271]  do_syscall_64+0x103/0x610
[ 2515.225465][T17271]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2515.231410][T17271] RIP: 0033:0x457f29
[ 2515.235327][T17271] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 2515.254955][T17271] RSP: 002b:00007f5d497c7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 2515.263399][T17271] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29
[ 2515.271397][T17271] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
[ 2515.280928][T17271] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
00:15:05 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:15:05 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

[ 2515.288920][T17271] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5d497c86d4
[ 2515.296908][T17271] R13: 00000000004c7481 R14: 00000000004dd080 R15: 00000000ffffffff
00:15:05 executing program 5:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

[ 2515.398623][T17271] Mem-Info:
[ 2515.403083][T17271] active_anon:348431 inactive_anon:210 isolated_anon:0
[ 2515.403083][T17271]  active_file:8744 inactive_file:44950 isolated_file:0
[ 2515.403083][T17271]  unevictable:0 dirty:386 writeback:0 unstable:0
[ 2515.403083][T17271]  slab_reclaimable:16979 slab_unreclaimable:116051
[ 2515.403083][T17271]  mapped:58790 shmem:262 pagetables:14216 bounce:0
[ 2515.403083][T17271]  free:974536 free_pcp:436 free_cma:0
00:15:06 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

[ 2515.443152][T17271] Node 0 active_anon:1393924kB inactive_anon:840kB active_file:34836kB inactive_file:179800kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235160kB dirty:1544kB writeback:0kB shmem:1048kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 972800kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 2515.474777][T17296] binder: 17289:17296 Release 1 refcount change on invalid ref 0 ret -22
00:15:06 executing program 5:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4)
msgsnd(0x0, &(0x7f0000000100)=ANY=[@ANYRESOCT], 0x1, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:15:06 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

[ 2515.491743][T17271] Node 1 active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 2515.538823][T17271] Node 0 DMA free:11812kB min:220kB low:272kB high:324kB active_anon:4096kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2515.632068][T17271] lowmem_reserve[]: 0 2553 2555 2555
[ 2515.638937][T17271] Node 0 DMA32 free:99876kB min:36232kB low:45288kB high:54344kB active_anon:1389724kB inactive_anon:840kB active_file:34844kB inactive_file:179824kB unevictable:0kB writepending:1520kB present:3129332kB managed:2617996kB mlocked:0kB kernel_stack:23840kB pagetables:57164kB bounce:0kB free_pcp:2272kB local_pcp:1468kB free_cma:0kB
[ 2515.673991][T17271] lowmem_reserve[]: 0 0 2 2
00:15:06 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0), 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

[ 2515.678750][T17271] Node 0 Normal free:8kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2515.712172][T17271] lowmem_reserve[]: 0 0 0 0
[ 2515.720624][T17271] Node 1 Normal free:3784972kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2515.772383][T17271] lowmem_reserve[]: 0 0 0 0
00:15:06 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0), 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

[ 2515.777692][T17271] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 2*4096kB (M) = 11812kB
[ 2515.819793][T17271] Node 0 DMA32: 966*4kB (UME) 644*8kB (UME) 465*16kB (UME) 313*32kB (UME) 91*64kB (UME) 24*128kB (ME) 15*256kB (ME) 30*512kB (UME) 45*1024kB (UM) 0*2048kB 0*4096kB = 100648kB
[ 2515.920248][T17271] Node 0 Normal: 0*4kB 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB
[ 2515.939299][T17271] Node 1 Normal: 69*4kB (UE) 233*8kB (UE) 241*16kB (UE) 59*32kB (UME) 17*64kB (UME) 8*128kB (UE) 8*256kB (UME) 5*512kB (UM) 4*1024kB (UME) 1*2048kB (U) 919*4096kB (M) = 3784972kB
[ 2515.958382][T17271] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 2515.968523][T17271] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 2515.978905][T17271] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 2515.988924][T17271] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 2515.998337][T17271] 53963 total pagecache pages
[ 2516.003032][T17271] 0 pages in swap cache
[ 2516.007292][T17271] Swap cache stats: add 0, delete 0, find 0/0
[ 2516.013387][T17271] Free swap  = 0kB
[ 2516.017182][T17271] Total swap = 0kB
00:15:06 executing program 0:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f0006000000070000003c9f0300"], 0x24)

00:15:06 executing program 5:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0), 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:15:06 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:06 executing program 2:
mount(0x0, 0x0, 0x0, 0x0, 0x0)
lsetxattr$trusted_overlay_redirect(0x0, 0x0, 0x0, 0x0, 0x2)
perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
setxattr$security_selinux(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='security.selinux\x00', &(0x7f0000000180)='system_u:object_r:audisp_var_run_t:s0\x00', 0x26, 0x0)
mount$bpf(0x20000000, &(0x7f0000000100)='./file0\x00', 0x0, 0x2001001, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000080)='./file0\x00', 0xffffffffffffffff, 0x0, 0x0, 0x100020, 0x0)

00:15:06 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, 0x0, &(0x7f000095dffc))
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040), &(0x7f0000000140)=0x8)

[ 2516.020936][T17271] 1965979 pages RAM
[ 2516.024836][T17271] 0 pages HighMem/MovableOnly
[ 2516.029544][T17271] 339406 pages reserved
[ 2516.033960][T17271] 0 pages cma reserved
[ 2516.124594][T17333] SELinux: failed to load policy
00:15:06 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

00:15:06 executing program 0:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f0006000000070000003c9f0300"], 0x24)

00:15:06 executing program 5:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:15:06 executing program 2:
mount(0x0, 0x0, 0x0, 0x0, 0x0)
lsetxattr$trusted_overlay_redirect(0x0, 0x0, 0x0, 0x0, 0x2)
perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
setxattr$security_selinux(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='security.selinux\x00', &(0x7f0000000180)='system_u:object_r:audisp_var_run_t:s0\x00', 0x26, 0x0)
mount$bpf(0x20000000, &(0x7f0000000100)='./file0\x00', 0x0, 0x2001001, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000080)='./file0\x00', 0xffffffffffffffff, 0x0, 0x0, 0x100020, 0x0)

[ 2516.314343][T17339] SELinux: failed to load policy
00:15:06 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:06 executing program 5:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:15:06 executing program 0:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f0006000000070000003c9f0300"], 0x24)

[ 2516.376131][T17350] binder: 17343:17350 Release 1 refcount change on invalid ref 0 ret -22
[ 2516.477898][T17359] SELinux: failed to load policy
00:15:07 executing program 2:
mount(0x0, 0x0, 0x0, 0x0, 0x0)
lsetxattr$trusted_overlay_redirect(0x0, 0x0, 0x0, 0x0, 0x2)
perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
setxattr$security_selinux(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='security.selinux\x00', &(0x7f0000000180)='system_u:object_r:audisp_var_run_t:s0\x00', 0x26, 0x0)
mount$bpf(0x20000000, &(0x7f0000000100)='./file0\x00', 0x0, 0x2001001, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000080)='./file0\x00', 0xffffffffffffffff, 0x0, 0x0, 0x100020, 0x0)

00:15:07 executing program 5:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:15:07 executing program 0:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef00000000"], 0x36)

[ 2516.630420][T17368] SELinux: failed to load policy
00:15:07 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, 0xffffffffffffffff, 0x0)
write$tun(0xffffffffffffffff, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r1 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)

00:15:07 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, 0x0, &(0x7f000095dffc))
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040), &(0x7f0000000140)=0x8)

00:15:07 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

00:15:07 executing program 5:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:07 executing program 0:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef00000000"], 0x36)

00:15:07 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x400000000, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rfkill\x00', 0x0, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
process_vm_writev(0x0, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1f80}], 0x32f, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x2034afa5}], 0x1, 0x0)
close(r0)

00:15:07 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, 0xffffffffffffffff, 0x0)
write$tun(0xffffffffffffffff, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r1 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)

[ 2517.175976][T17387] SELinux: failed to load policy
00:15:07 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x400000000, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rfkill\x00', 0x0, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
process_vm_writev(0x0, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1f80}], 0x32f, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x2034afa5}], 0x1, 0x0)
close(r0)

00:15:07 executing program 0:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef00000000"], 0x36)

00:15:07 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, 0xffffffffffffffff, 0x0)
write$tun(0xffffffffffffffff, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r1 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)

[ 2517.299841][T17398] binder: 17392:17398 Release 1 refcount change on invalid ref 0 ret -22
[ 2517.321123][T17401] SELinux: failed to load policy
00:15:07 executing program 2:
mount(0x0, 0x0, 0x0, 0x0, 0x0)
lsetxattr$trusted_overlay_redirect(0x0, 0x0, 0x0, 0x0, 0x2)
perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
setxattr$security_selinux(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='security.selinux\x00', 0x0, 0x0, 0x2)
mount$bpf(0x20000000, &(0x7f0000000100)='./file0\x00', 0x0, 0x2001001, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000080)='./file0\x00', 0xffffffffffffffff, 0x0, 0x0, 0x100020, 0x0)

00:15:07 executing program 0:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef00000000000000000000000000"], 0x3f)

00:15:08 executing program 0:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef00000000000000000000000000"], 0x3f)

[ 2517.482614][T17411] SELinux: failed to load policy
[ 2517.588485][T17415] SELinux: failed to load policy
00:15:08 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, 0x0, &(0x7f000095dffc))
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040), &(0x7f0000000140)=0x8)

00:15:08 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

00:15:08 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x400000000, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rfkill\x00', 0x0, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
process_vm_writev(0x0, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1f80}], 0x32f, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x2034afa5}], 0x1, 0x0)
close(r0)

00:15:08 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:08 executing program 2:
mount(0x0, 0x0, 0x0, 0x0, 0x0)
lsetxattr$trusted_overlay_redirect(0x0, 0x0, 0x0, 0x0, 0x2)
perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
setxattr$security_selinux(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='security.selinux\x00', 0x0, 0x0, 0x2)
mount$bpf(0x20000000, &(0x7f0000000100)='./file0\x00', 0x0, 0x2001001, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000080)='./file0\x00', 0xffffffffffffffff, 0x0, 0x0, 0x100020, 0x0)

00:15:08 executing program 0:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef00000000000000000000000000"], 0x3f)

[ 2518.059148][T17425] SELinux: failed to load policy
00:15:08 executing program 0:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef0000000000000000000000000000000000"], 0x43)

00:15:08 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x400000000, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rfkill\x00', 0x0, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
process_vm_writev(0x0, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1f80}], 0x32f, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x2034afa5}], 0x1, 0x0)
close(r0)

[ 2518.154293][T17437] binder: 17431:17437 Release 1 refcount change on invalid ref 0 ret -22
00:15:08 executing program 2:
mount(0x0, 0x0, 0x0, 0x0, 0x0)
lsetxattr$trusted_overlay_redirect(0x0, 0x0, 0x0, 0x0, 0x2)
perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
setxattr$security_selinux(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='security.selinux\x00', 0x0, 0x0, 0x2)
mount$bpf(0x20000000, &(0x7f0000000100)='./file0\x00', 0x0, 0x2001001, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000080)='./file0\x00', 0xffffffffffffffff, 0x0, 0x0, 0x100020, 0x0)

[ 2518.261882][T17442] SELinux: failed to load policy
00:15:08 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x400000000, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rfkill\x00', 0x0, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
r1 = gettid()
process_vm_writev(r1, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1f80}], 0x32f, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x2034afa5}], 0x1, 0x0)
close(r0)

00:15:08 executing program 0:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef0000000000000000000000000000000000"], 0x43)

00:15:08 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:09 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8), &(0x7f000095dffc)=0x4)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040), &(0x7f0000000140)=0x8)

00:15:09 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

00:15:09 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x0, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:15:09 executing program 0:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef0000000000000000000000000000000000"], 0x43)

00:15:09 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:09 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgsnd(0x0, &(0x7f0000000100)=ANY=[@ANYRESOCT], 0x1, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:15:09 executing program 0:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef00000000000000000000000000000000000000"], 0x45)

00:15:09 executing program 0:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef00000000000000000000000000000000000000"], 0x45)

00:15:09 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

[ 2519.128206][T17479] binder: 17471:17479 Release 1 refcount change on invalid ref 0 ret -22
00:15:09 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x400000000, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rfkill\x00', 0x0, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
r1 = gettid()
process_vm_writev(r1, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1f80}], 0x32f, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x2034afa5}], 0x1, 0x0)
close(r0)

00:15:09 executing program 0:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef00000000000000000000000000000000000000"], 0x45)

00:15:09 executing program 2:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:10 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8), &(0x7f000095dffc)=0x4)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040), &(0x7f0000000140)=0x8)

00:15:10 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

00:15:10 executing program 0:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef0000000000000000000000000000000000000000"], 0x46)

00:15:10 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:10 executing program 2:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:10 executing program 0:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef0000000000000000000000000000000000000000"], 0x46)

00:15:10 executing program 0:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef0000000000000000000000000000000000000000"], 0x46)

00:15:10 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

00:15:10 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:10 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x400000000, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rfkill\x00', 0x0, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
r1 = gettid()
process_vm_writev(r1, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1f80}], 0x32f, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x2034afa5}], 0x1, 0x0)
close(r0)

00:15:10 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgsnd(0x0, &(0x7f0000000100)=ANY=[@ANYRESOCT], 0x1, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:15:10 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

00:15:10 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8), &(0x7f000095dffc)=0x4)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040), &(0x7f0000000140)=0x8)

00:15:10 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:15:11 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:15:11 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:11 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

00:15:11 executing program 2:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

[ 2520.648977][T17557] binder: 17556:17557 Acquire 1 refcount change on invalid ref 0 ret -22
[ 2520.810702][T17563] binder: 17556:17563 Release 1 refcount change on invalid ref 0 ret -22
00:15:11 executing program 2:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:11 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:11 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

00:15:11 executing program 5:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:11 executing program 0:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:11 executing program 2:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:11 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:12 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

[ 2521.588351][T17594] binder: 17593:17594 Acquire 1 refcount change on invalid ref 0 ret -22
00:15:12 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgsnd(0x0, &(0x7f0000000100)=ANY=[@ANYRESOCT], 0x1, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:15:12 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:12 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgsnd(0x0, &(0x7f0000000100)=ANY=[@ANYRESOCT], 0x1, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

[ 2521.715155][T17599] binder: 17593:17599 Release 1 refcount change on invalid ref 0 ret -22
00:15:12 executing program 0:
mount(0x0, 0x0, 0x0, 0x0, 0x0)
lsetxattr$trusted_overlay_redirect(0x0, 0x0, 0x0, 0x0, 0x2)
perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
setxattr$security_selinux(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='security.selinux\x00', 0x0, 0x0, 0x2)
mount$bpf(0x20000000, &(0x7f0000000100)='./file0\x00', 0x0, 0x2001001, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000080)='./file0\x00', 0xffffffffffffffff, 0x0, 0x0, 0x100020, 0x0)

00:15:12 executing program 2:
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:15:12 executing program 5:
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

[ 2521.957842][T17610] EXT4-fs (sda1): re-mounted. Opts: 
00:15:12 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

00:15:12 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:12 executing program 2:
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:15:12 executing program 5:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:15:12 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:15:12 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

00:15:12 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:15:12 executing program 5:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:15:12 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:15:12 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:13 executing program 2:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

[ 2522.475016][T17655] binder: 17654:17655 Acquire 1 refcount change on invalid ref 0 ret -22
00:15:13 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

[ 2522.572782][T17658] binder: 17654:17658 Release 1 refcount change on invalid ref 0 ret -22
00:15:13 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

00:15:13 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x400000000, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rfkill\x00', 0x0, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
r1 = gettid()
process_vm_writev(r1, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1f80}], 0x32f, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x2034afa5}], 0x1, 0x0)
semget(0x3, 0x3, 0x20)

00:15:13 executing program 0:
mount(0x0, 0x0, 0x0, 0x0, 0x0)
lsetxattr$trusted_overlay_redirect(0x0, 0x0, 0x0, 0x0, 0x2)
perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
setxattr$security_selinux(0x0, &(0x7f0000000140)='security.selinux\x00', &(0x7f0000000180)='system_u:object_r:audisp_var_run_t:s0\x00', 0x26, 0x2)
mount$bpf(0x20000000, &(0x7f0000000100)='./file0\x00', 0x0, 0x2001001, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000080)='./file0\x00', 0xffffffffffffffff, 0x0, 0x0, 0x100020, 0x0)

00:15:13 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:13 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

[ 2523.144907][T17671] EXT4-fs (sda1): re-mounted. Opts: 
00:15:13 executing program 3:
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

00:15:13 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:15:13 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:15:13 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:14 executing program 3:
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

00:15:14 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x400000000, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rfkill\x00', 0x0, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
r1 = gettid()
process_vm_writev(r1, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1f80}], 0x32f, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x2034afa5}], 0x1, 0x0)
semget(0x3, 0x3, 0x20)

00:15:14 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:15:14 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

00:15:14 executing program 3:
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

00:15:14 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:14 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:15:14 executing program 5:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:15:14 executing program 5:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:15:14 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:15:14 executing program 5:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:15:14 executing program 3:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

00:15:14 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:15:14 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:15:14 executing program 3:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

00:15:15 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

00:15:15 executing program 5:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:15:15 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:15:15 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:15 executing program 3:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

00:15:15 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4)
msgsnd(0x0, &(0x7f0000000100)=ANY=[@ANYRESOCT], 0x1, 0x0)
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:15:15 executing program 5:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4)
msgsnd(0x0, &(0x7f0000000100)=ANY=[@ANYRESOCT], 0x1, 0x0)
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:15:15 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

00:15:15 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:15:15 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

[ 2525.115615][T17786] binder: 17784:17786 Acquire 1 refcount change on invalid ref 0 ret -22
00:15:15 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

[ 2525.195892][T17792] binder: 17784:17792 Release 1 refcount change on invalid ref 0 ret -22
00:15:15 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:15:16 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

00:15:16 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:15:16 executing program 5:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgsnd(0x0, &(0x7f0000000100)=ANY=[@ANYRESOCT], 0x1, 0x0)
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:15:16 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgsnd(0x0, &(0x7f0000000100)=ANY=[@ANYRESOCT], 0x1, 0x0)
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:15:16 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:16 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgsnd(0x0, &(0x7f0000000100)=ANY=[@ANYRESOCT], 0x1, 0x0)
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:15:16 executing program 5:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgsnd(0x0, &(0x7f0000000100)=ANY=[@ANYRESOCT], 0x1, 0x0)
msgsnd(0x0, &(0x7f0000c40ff8)={0x1}, 0x8, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:15:16 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

00:15:16 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgsnd(0x0, &(0x7f0000000100)=ANY=[@ANYRESOCT], 0x1, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:15:16 executing program 5:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgsnd(0x0, &(0x7f0000000100)=ANY=[@ANYRESOCT], 0x1, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:15:16 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgsnd(0x0, &(0x7f0000000100)=ANY=[@ANYRESOCT], 0x1, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:15:16 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r0, 0x0)
write$tun(r0, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r1 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)

[ 2526.097962][T17842] binder: 17840:17842 Acquire 1 refcount change on invalid ref 0 ret -22
[ 2526.225708][T17848] binder: 17840:17848 Release 1 refcount change on invalid ref 0 ret -22
00:15:17 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, 0x0, &(0x7f0000000140))

00:15:17 executing program 5:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:17 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgsnd(0x0, &(0x7f0000000100)=ANY=[@ANYRESOCT], 0x1, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:15:17 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4)
r1 = msgget$private(0x0, 0x0)
msgsnd(r1, &(0x7f0000000100)=ANY=[@ANYRESOCT], 0x1, 0x0)
msgctl$IPC_SET(r1, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgrcv(r1, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:15:17 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r0, 0x0)
write$tun(r0, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r1 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)

00:15:17 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4)
r1 = msgget$private(0x0, 0x0)
msgsnd(r1, &(0x7f0000000100)=ANY=[@ANYRESOCT], 0x1, 0x0)
msgctl$IPC_SET(r1, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgrcv(r1, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:15:17 executing program 0:
socket$inet6(0xa, 0x3, 0x8806)
fdatasync(0xffffffffffffff9c)
socket$inet6(0xa, 0x3, 0xb8d)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYRES16=r0], 0x1}, 0x1, 0x0, 0x0, 0x90}, 0xfffffffffffffffd)
r1 = syz_open_procfs(0x0, &(0x7f0000000200)='net\x00')
fcntl$setstatus(r1, 0x4, 0x4800)
r2 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r2, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c)
syz_open_dev$binder(&(0x7f0000000280)='/dev/binder#\x00', 0x0, 0x107fe)
mq_open(&(0x7f0000000000)='..\x00', 0x0, 0x0, &(0x7f0000000040))
r3 = socket$inet_dccp(0x2, 0x6, 0x0)
listen(r2, 0x6)
setsockopt(r3, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1)
connect$inet(r3, &(0x7f0000e5c000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10)
connect$netlink(r1, &(0x7f00000001c0)=@unspec, 0xc)
ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r0)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000440)={'bcsh0\x00', &(0x7f00000007c0)=ANY=[@ANYBLOB="200000006900002f70056977f532a6b82a29b37471c2335f9efe2f6853a7431dadbb66a0a63e7eb8801772f37289412b769e87e04cdea2e149004df07a48aed39bdf1f681271e92dbceff91524497acfe6d5cd22d44e62d88c82211ef49cfd0e7743bc7a055821ff1cfce9728d3390897cd2cc1a155a9e0e293c7418aa2bdccd406d6010bbe2e82e4ef71f6ce0c76c1063c5d6e571c179fd983269ca450090f9d9aa5468e20dd9185714bf7dbefb79cf422e91eef29d66d34a21e1f74ebc981e2896b53bbd23d776ac47a06bc24334a3e8ee5c8d29b7af06448a44eae6b02015045c344681090293d8b1ad8698ae0d3a7e4e3283cee645b02899b8932057b813f34a9102511149000000000000000000002ec92e26cce99a990fd194abc2022e086d27e0550c034841a848fa49213838c30f0135a9c8937df2688206b5ad890c0ac5"]})
r4 = accept(r2, 0x0, &(0x7f0000000080)=0xfe0f)
connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback}, 0x1c)
read(r3, &(0x7f0000000380)=""/144, 0x90)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000340)='tls\x00', 0x4)
clock_gettime(0x0, &(0x7f00000002c0)={<r5=>0x0, <r6=>0x0})
setsockopt$sock_timeval(r1, 0x1, 0x10, &(0x7f0000000300)={r5, r6/1000+10000}, 0xb6)
syz_open_dev$adsp(&(0x7f0000000240)='/dev/adsp#\x00', 0x101, 0x40000)
inotify_add_watch(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x9)
write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffffffffffd45)
socket$inet6(0xa, 0x100008, 0x8)
sendmmsg(r3, &(0x7f0000005700)=[{{&(0x7f0000003900)=@pptp, 0x80, &(0x7f0000003b80), 0x3a5, &(0x7f0000003bc0)}}], 0x3a6, 0x0)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='erspan0\x00', 0xfc)
sendmmsg(r1, &(0x7f000000a080)=[{{&(0x7f0000005440)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2, {0xa, 0x0, 0x0, @ipv4={[], [], @local}}}}, 0x80, &(0x7f0000005640)=[{&(0x7f00000097c0)="bf", 0x1}], 0x1, 0x0, 0x0, 0x1}}], 0x1, 0x0)

00:15:17 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

00:15:17 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r0, 0x0)
write$tun(r0, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r1 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)

00:15:17 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4)
r1 = msgget$private(0x0, 0x0)
msgsnd(r1, &(0x7f0000000100)=ANY=[@ANYRESOCT], 0x1, 0x0)
msgctl$IPC_SET(r1, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgrcv(r1, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

00:15:17 executing program 5:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:17 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0x7fffffffff, 0x4)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4)
r1 = msgget$private(0x0, 0x0)
msgsnd(r1, &(0x7f0000000100)=ANY=[@ANYRESOCT], 0x1, 0x0)
msgctl$IPC_SET(r1, 0x1, &(0x7f0000000180)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
msgrcv(r1, &(0x7f0000000040)={0x0, ""/4}, 0xc, 0x0, 0x0)

[ 2527.029896][T17888] binder: 17884:17888 Acquire 1 refcount change on invalid ref 0 ret -22
[ 2527.097131][T17893] binder: 17884:17893 Release 1 refcount change on invalid ref 0 ret -22
[ 2527.365074][T17886] dccp_check_seqno: Step 6 failed for RESET packet, (LSWL(272860935867998) <= P.seqno(0) <= S.SWH(272860935868072)) and (P.ackno exists or LAWL(13003140038115) <= P.ackno(13003140038116) <= S.AWH(13003140038116), sending SYNC...
[ 2527.410819][T17877] dccp_close: ABORT with 1061 bytes unread
00:15:18 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, 0x0, &(0x7f0000000140))

00:15:18 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:18 executing program 5:
socket$inet6(0xa, 0x3, 0x8806)
fdatasync(0xffffffffffffff9c)
socket$inet6(0xa, 0x3, 0xb8d)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYRES16=r0], 0x1}, 0x1, 0x0, 0x0, 0x90}, 0xfffffffffffffffd)
r1 = syz_open_procfs(0x0, &(0x7f0000000200)='net\x00')
fcntl$setstatus(r1, 0x4, 0x4800)
r2 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r2, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c)
syz_open_dev$binder(&(0x7f0000000280)='/dev/binder#\x00', 0x0, 0x107fe)
mq_open(&(0x7f0000000000)='..\x00', 0x0, 0x0, &(0x7f0000000040))
r3 = socket$inet_dccp(0x2, 0x6, 0x0)
listen(r2, 0x6)
setsockopt(r3, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1)
connect$inet(r3, &(0x7f0000e5c000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10)
connect$netlink(r1, &(0x7f00000001c0)=@unspec, 0xc)
ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r0)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000440)={'bcsh0\x00', &(0x7f00000007c0)=ANY=[@ANYBLOB="200000006900002f70056977f532a6b82a29b37471c2335f9efe2f6853a7431dadbb66a0a63e7eb8801772f37289412b769e87e04cdea2e149004df07a48aed39bdf1f681271e92dbceff91524497acfe6d5cd22d44e62d88c82211ef49cfd0e7743bc7a055821ff1cfce9728d3390897cd2cc1a155a9e0e293c7418aa2bdccd406d6010bbe2e82e4ef71f6ce0c76c1063c5d6e571c179fd983269ca450090f9d9aa5468e20dd9185714bf7dbefb79cf422e91eef29d66d34a21e1f74ebc981e2896b53bbd23d776ac47a06bc24334a3e8ee5c8d29b7af06448a44eae6b02015045c344681090293d8b1ad8698ae0d3a7e4e3283cee645b02899b8932057b813f34a9102511149000000000000000000002ec92e26cce99a990fd194abc2022e086d27e0550c034841a848fa49213838c30f0135a9c8937df2688206b5ad890c0ac5"]})
r4 = accept(r2, 0x0, &(0x7f0000000080)=0xfe0f)
connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback}, 0x1c)
read(r3, &(0x7f0000000380)=""/144, 0x90)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000340)='tls\x00', 0x4)
clock_gettime(0x0, &(0x7f00000002c0)={<r5=>0x0, <r6=>0x0})
setsockopt$sock_timeval(r1, 0x1, 0x10, &(0x7f0000000300)={r5, r6/1000+10000}, 0xb6)
syz_open_dev$adsp(0x0, 0x101, 0x40000)
inotify_add_watch(r3, &(0x7f0000000180)='./file0\x00', 0x9)
write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffffffffffd45)
socket$inet6(0xa, 0x100008, 0x8)
sendmmsg(r3, &(0x7f0000005700)=[{{&(0x7f0000003900)=@pptp, 0x80, &(0x7f0000003b80), 0x3a5, &(0x7f0000003bc0)}}], 0x3a6, 0x0)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='erspan0\x00', 0xfc)
sendmmsg(r1, &(0x7f000000a080)=[{{&(0x7f0000005440)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2, {0xa, 0x0, 0x0, @ipv4={[], [], @local}}}}, 0x80, &(0x7f0000005640)=[{&(0x7f00000097c0)="bf", 0x1}], 0x1, 0x0, 0x0, 0x1}}], 0x1, 0x0)

00:15:18 executing program 2:
socket$inet6(0xa, 0x3, 0x8806)
fdatasync(0xffffffffffffff9c)
socket$inet6(0xa, 0x3, 0xb8d)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYRES16=r0], 0x1}, 0x1, 0x0, 0x0, 0x90}, 0xfffffffffffffffd)
r1 = syz_open_procfs(0x0, &(0x7f0000000200)='net\x00')
fcntl$setstatus(r1, 0x4, 0x4800)
r2 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r2, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c)
syz_open_dev$binder(&(0x7f0000000280)='/dev/binder#\x00', 0x0, 0x107fe)
mq_open(&(0x7f0000000000)='..\x00', 0x0, 0x0, &(0x7f0000000040))
r3 = socket$inet_dccp(0x2, 0x6, 0x0)
listen(r2, 0x6)
setsockopt(r3, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1)
connect$inet(r3, &(0x7f0000e5c000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10)
connect$netlink(r1, &(0x7f00000001c0)=@unspec, 0xc)
ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r0)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000440)={'bcsh0\x00', &(0x7f00000007c0)=ANY=[@ANYBLOB="200000006900002f70056977f532a6b82a29b37471c2335f9efe2f6853a7431dadbb66a0a63e7eb8801772f37289412b769e87e04cdea2e149004df07a48aed39bdf1f681271e92dbceff91524497acfe6d5cd22d44e62d88c82211ef49cfd0e7743bc7a055821ff1cfce9728d3390897cd2cc1a155a9e0e293c7418aa2bdccd406d6010bbe2e82e4ef71f6ce0c76c1063c5d6e571c179fd983269ca450090f9d9aa5468e20dd9185714bf7dbefb79cf422e91eef29d66d34a21e1f74ebc981e2896b53bbd23d776ac47a06bc24334a3e8ee5c8d29b7af06448a44eae6b02015045c344681090293d8b1ad8698ae0d3a7e4e3283cee645b02899b8932057b813f34a9102511149000000000000000000002ec92e26cce99a990fd194abc2022e086d27e0550c034841a848fa49213838c30f0135a9c8937df2688206b5ad890c0ac5"]})
r4 = accept(r2, 0x0, &(0x7f0000000080)=0xfe0f)
connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback}, 0x1c)
read(r3, &(0x7f0000000380)=""/144, 0x90)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000340)='tls\x00', 0x4)
clock_gettime(0x0, &(0x7f00000002c0)={<r5=>0x0, <r6=>0x0})
setsockopt$sock_timeval(r1, 0x1, 0x10, &(0x7f0000000300)={r5, r6/1000+10000}, 0xb6)
syz_open_dev$adsp(0x0, 0x101, 0x40000)
inotify_add_watch(r3, &(0x7f0000000180)='./file0\x00', 0x9)
write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffffffffffd45)
socket$inet6(0xa, 0x100008, 0x8)
sendmmsg(r3, &(0x7f0000005700)=[{{&(0x7f0000003900)=@pptp, 0x80, &(0x7f0000003b80), 0x3a5, &(0x7f0000003bc0)}}], 0x3a6, 0x0)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='erspan0\x00', 0xfc)
sendmmsg(r1, &(0x7f000000a080)=[{{&(0x7f0000005440)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2, {0xa, 0x0, 0x0, @ipv4={[], [], @local}}}}, 0x80, &(0x7f0000005640)=[{&(0x7f00000097c0)="bf", 0x1}], 0x1, 0x0, 0x0, 0x1}}], 0x1, 0x0)

00:15:18 executing program 0:
socket$inet6(0xa, 0x3, 0x8806)
fdatasync(0xffffffffffffff9c)
socket$inet6(0xa, 0x3, 0xb8d)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYRES16=r0], 0x1}, 0x1, 0x0, 0x0, 0x90}, 0xfffffffffffffffd)
r1 = syz_open_procfs(0x0, &(0x7f0000000200)='net\x00')
fcntl$setstatus(r1, 0x4, 0x4800)
r2 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r2, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c)
syz_open_dev$binder(&(0x7f0000000280)='/dev/binder#\x00', 0x0, 0x107fe)
mq_open(&(0x7f0000000000)='..\x00', 0x0, 0x0, &(0x7f0000000040))
r3 = socket$inet_dccp(0x2, 0x6, 0x0)
listen(r2, 0x6)
setsockopt(r3, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1)
connect$inet(r3, &(0x7f0000e5c000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10)
connect$netlink(r1, &(0x7f00000001c0)=@unspec, 0xc)
ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r0)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000440)={'bcsh0\x00', &(0x7f00000007c0)=ANY=[@ANYBLOB="200000006900002f70056977f532a6b82a29b37471c2335f9efe2f6853a7431dadbb66a0a63e7eb8801772f37289412b769e87e04cdea2e149004df07a48aed39bdf1f681271e92dbceff91524497acfe6d5cd22d44e62d88c82211ef49cfd0e7743bc7a055821ff1cfce9728d3390897cd2cc1a155a9e0e293c7418aa2bdccd406d6010bbe2e82e4ef71f6ce0c76c1063c5d6e571c179fd983269ca450090f9d9aa5468e20dd9185714bf7dbefb79cf422e91eef29d66d34a21e1f74ebc981e2896b53bbd23d776ac47a06bc24334a3e8ee5c8d29b7af06448a44eae6b02015045c344681090293d8b1ad8698ae0d3a7e4e3283cee645b02899b8932057b813f34a9102511149000000000000000000002ec92e26cce99a990fd194abc2022e086d27e0550c034841a848fa49213838c30f0135a9c8937df2688206b5ad890c0ac5"]})
r4 = accept(r2, 0x0, &(0x7f0000000080)=0xfe0f)
connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback}, 0x1c)
read(r3, &(0x7f0000000380)=""/144, 0x90)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000340)='tls\x00', 0x4)
clock_gettime(0x0, &(0x7f00000002c0)={<r5=>0x0, <r6=>0x0})
setsockopt$sock_timeval(r1, 0x1, 0x0, &(0x7f0000000300)={r5, r6/1000+10000}, 0xb6)
syz_open_dev$adsp(&(0x7f0000000240)='/dev/adsp#\x00', 0x101, 0x40000)
inotify_add_watch(r3, &(0x7f0000000180)='./file0\x00', 0x9)
write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffffffffffd45)
socket$inet6(0xa, 0x100008, 0x8)
sendmmsg(r3, &(0x7f0000005700)=[{{&(0x7f0000003900)=@pptp, 0x80, &(0x7f0000003b80), 0x3a5, &(0x7f0000003bc0)}}], 0x3a6, 0x0)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='erspan0\x00', 0xfc)
sendmmsg(r1, &(0x7f000000a080)=[{{&(0x7f0000005440)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2, {0xa, 0x0, 0x0, @ipv4={[], [], @local}}}}, 0x80, &(0x7f0000005640)=[{&(0x7f00000097c0)="bf", 0x1}], 0x1, 0x0, 0x0, 0x1}}], 0x1, 0x0)

00:15:18 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

00:15:18 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

[ 2527.899208][T17929] binder: 17925:17929 Release 1 refcount change on invalid ref 0 ret -22
00:15:18 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:18 executing program 2:
socket$inet6(0xa, 0x3, 0x8806)
fdatasync(0xffffffffffffff9c)
socket$inet6(0xa, 0x3, 0xb8d)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYRES16=r0], 0x1}, 0x1, 0x0, 0x0, 0x90}, 0xfffffffffffffffd)
r1 = syz_open_procfs(0x0, &(0x7f0000000200)='net\x00')
fcntl$setstatus(r1, 0x4, 0x4800)
r2 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r2, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c)
syz_open_dev$binder(&(0x7f0000000280)='/dev/binder#\x00', 0x0, 0x107fe)
mq_open(&(0x7f0000000000)='..\x00', 0x0, 0x0, &(0x7f0000000040))
r3 = socket$inet_dccp(0x2, 0x6, 0x0)
listen(r2, 0x6)
setsockopt(r3, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1)
connect$inet(r3, &(0x7f0000e5c000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10)
connect$netlink(r1, &(0x7f00000001c0)=@unspec, 0xc)
ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r0)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000440)={'bcsh0\x00', &(0x7f00000007c0)=ANY=[@ANYBLOB="200000006900002f70056977f532a6b82a29b37471c2335f9efe2f6853a7431dadbb66a0a63e7eb8801772f37289412b769e87e04cdea2e149004df07a48aed39bdf1f681271e92dbceff91524497acfe6d5cd22d44e62d88c82211ef49cfd0e7743bc7a055821ff1cfce9728d3390897cd2cc1a155a9e0e293c7418aa2bdccd406d6010bbe2e82e4ef71f6ce0c76c1063c5d6e571c179fd983269ca450090f9d9aa5468e20dd9185714bf7dbefb79cf422e91eef29d66d34a21e1f74ebc981e2896b53bbd23d776ac47a06bc24334a3e8ee5c8d29b7af06448a44eae6b02015045c344681090293d8b1ad8698ae0d3a7e4e3283cee645b02899b8932057b813f34a9102511149000000000000000000002ec92e26cce99a990fd194abc2022e086d27e0550c034841a848fa49213838c30f0135a9c8937df2688206b5ad890c0ac5"]})
r4 = accept(r2, 0x0, &(0x7f0000000080)=0xfe0f)
connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback}, 0x1c)
read(r3, &(0x7f0000000380)=""/144, 0x90)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000340)='tls\x00', 0x4)
clock_gettime(0x0, 0x0)
setsockopt$sock_timeval(r1, 0x1, 0x10, &(0x7f0000000300), 0xb6)
syz_open_dev$adsp(&(0x7f0000000240)='/dev/adsp#\x00', 0x101, 0x40000)
inotify_add_watch(r3, &(0x7f0000000180)='./file0\x00', 0x9)
write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffffffffffd45)
socket$inet6(0xa, 0x100008, 0x8)
sendmmsg(r3, &(0x7f0000005700)=[{{&(0x7f0000003900)=@pptp, 0x80, &(0x7f0000003b80), 0x3a5, &(0x7f0000003bc0)}}], 0x3a6, 0x0)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='erspan0\x00', 0xfc)
sendmmsg(r1, &(0x7f000000a080)=[{{&(0x7f0000005440)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2, {0xa, 0x0, 0x0, @ipv4={[], [], @local}}}}, 0x80, &(0x7f0000005640)=[{&(0x7f00000097c0)="bf", 0x1}], 0x1, 0x0, 0x0, 0x1}}], 0x1, 0x0)

00:15:19 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, 0x0, &(0x7f0000000140))

00:15:19 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r0, 0x0)
write$tun(r0, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r1 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)

00:15:19 executing program 5:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

[ 2528.467730][T17906] dccp_close: ABORT with 1061 bytes unread
00:15:19 executing program 0:
socket$inet6(0xa, 0x3, 0x8806)
fdatasync(0xffffffffffffff9c)
socket$inet6(0xa, 0x3, 0xb8d)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYRES16=r0], 0x1}, 0x1, 0x0, 0x0, 0x90}, 0xfffffffffffffffd)
r1 = syz_open_procfs(0x0, &(0x7f0000000200)='net\x00')
fcntl$setstatus(r1, 0x4, 0x4800)
r2 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r2, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c)
syz_open_dev$binder(&(0x7f0000000280)='/dev/binder#\x00', 0x0, 0x107fe)
mq_open(&(0x7f0000000000)='..\x00', 0x0, 0x0, &(0x7f0000000040))
r3 = socket$inet_dccp(0x2, 0x6, 0x0)
listen(r2, 0x6)
setsockopt(r3, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1)
connect$inet(r3, &(0x7f0000e5c000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10)
connect$netlink(r1, &(0x7f00000001c0)=@unspec, 0xc)
ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r0)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000440)={'bcsh0\x00', &(0x7f00000007c0)=ANY=[@ANYBLOB="200000006900002f70056977f532a6b82a29b37471c2335f9efe2f6853a7431dadbb66a0a63e7eb8801772f37289412b769e87e04cdea2e149004df07a48aed39bdf1f681271e92dbceff91524497acfe6d5cd22d44e62d88c82211ef49cfd0e7743bc7a055821ff1cfce9728d3390897cd2cc1a155a9e0e293c7418aa2bdccd406d6010bbe2e82e4ef71f6ce0c76c1063c5d6e571c179fd983269ca450090f9d9aa5468e20dd9185714bf7dbefb79cf422e91eef29d66d34a21e1f74ebc981e2896b53bbd23d776ac47a06bc24334a3e8ee5c8d29b7af06448a44eae6b02015045c344681090293d8b1ad8698ae0d3a7e4e3283cee645b02899b8932057b813f34a9102511149000000000000000000002ec92e26cce99a990fd194abc2022e086d27e0550c034841a848fa49213838c30f0135a9c8937df2688206b5ad890c0ac5"]})
r4 = accept(r2, 0x0, &(0x7f0000000080)=0xfe0f)
connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback}, 0x1c)
read(0xffffffffffffffff, &(0x7f0000000380)=""/144, 0x90)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000340)='tls\x00', 0x4)
clock_gettime(0x0, &(0x7f00000002c0)={<r5=>0x0, <r6=>0x0})
setsockopt$sock_timeval(r1, 0x1, 0x10, &(0x7f0000000300)={r5, r6/1000+10000}, 0xb6)
syz_open_dev$adsp(&(0x7f0000000240)='/dev/adsp#\x00', 0x101, 0x40000)
inotify_add_watch(r3, &(0x7f0000000180)='./file0\x00', 0x9)
write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffffffffffd45)
socket$inet6(0xa, 0x100008, 0x8)
sendmmsg(r3, &(0x7f0000005700)=[{{&(0x7f0000003900)=@pptp, 0x80, &(0x7f0000003b80), 0x3a5, &(0x7f0000003bc0)}}], 0x3a6, 0x0)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='erspan0\x00', 0xfc)
sendmmsg(r1, &(0x7f000000a080)=[{{&(0x7f0000005440)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2, {0xa, 0x0, 0x0, @ipv4={[], [], @local}}}}, 0x80, &(0x7f0000005640)=[{&(0x7f00000097c0)="bf", 0x1}], 0x1, 0x0, 0x0, 0x1}}], 0x1, 0x0)

00:15:19 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

00:15:19 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r0, 0x0)
write$tun(r0, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r1 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)

00:15:19 executing program 5:
socket$inet6(0xa, 0x3, 0x8806)
fdatasync(0xffffffffffffff9c)
socket$inet6(0xa, 0x3, 0xb8d)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYRES16=r0], 0x1}, 0x1, 0x0, 0x0, 0x90}, 0xfffffffffffffffd)
r1 = syz_open_procfs(0x0, &(0x7f0000000200)='net\x00')
fcntl$setstatus(r1, 0x4, 0x4800)
r2 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r2, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c)
syz_open_dev$binder(&(0x7f0000000280)='/dev/binder#\x00', 0x0, 0x107fe)
mq_open(&(0x7f0000000000)='..\x00', 0x0, 0x0, &(0x7f0000000040))
r3 = socket$inet_dccp(0x2, 0x6, 0x0)
listen(r2, 0x6)
setsockopt(r3, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1)
connect$inet(r3, &(0x7f0000e5c000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10)
connect$netlink(r1, &(0x7f00000001c0)=@unspec, 0xc)
ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r0)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000440)={'bcsh0\x00', &(0x7f00000007c0)=ANY=[@ANYBLOB="200000006900002f70056977f532a6b82a29b37471c2335f9efe2f6853a7431dadbb66a0a63e7eb8801772f37289412b769e87e04cdea2e149004df07a48aed39bdf1f681271e92dbceff91524497acfe6d5cd22d44e62d88c82211ef49cfd0e7743bc7a055821ff1cfce9728d3390897cd2cc1a155a9e0e293c7418aa2bdccd406d6010bbe2e82e4ef71f6ce0c76c1063c5d6e571c179fd983269ca450090f9d9aa5468e20dd9185714bf7dbefb79cf422e91eef29d66d34a21e1f74ebc981e2896b53bbd23d776ac47a06bc24334a3e8ee5c8d29b7af06448a44eae6b02015045c344681090293d8b1ad8698ae0d3a7e4e3283cee645b02899b8932057b813f34a9102511149000000000000000000002ec92e26cce99a990fd194abc2022e086d27e0550c034841a848fa49213838c30f0135a9c8937df2688206b5ad890c0ac5"]})
r4 = accept(r2, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback}, 0x1c)
read(r3, &(0x7f0000000380)=""/144, 0x90)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000340)='tls\x00', 0x4)
clock_gettime(0x0, &(0x7f00000002c0)={<r5=>0x0, <r6=>0x0})
setsockopt$sock_timeval(r1, 0x1, 0x10, &(0x7f0000000300)={r5, r6/1000+10000}, 0xb6)
syz_open_dev$adsp(&(0x7f0000000240)='/dev/adsp#\x00', 0x101, 0x40000)
inotify_add_watch(r3, &(0x7f0000000180)='./file0\x00', 0x9)
write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffffffffffd45)
socket$inet6(0xa, 0x100008, 0x8)
sendmmsg(r3, &(0x7f0000005700)=[{{&(0x7f0000003900)=@pptp, 0x80, &(0x7f0000003b80), 0x3a5, &(0x7f0000003bc0)}}], 0x3a6, 0x0)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='erspan0\x00', 0xfc)
sendmmsg(r1, &(0x7f000000a080)=[{{&(0x7f0000005440)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2, {0xa, 0x0, 0x0, @ipv4={[], [], @local}}}}, 0x80, &(0x7f0000005640)=[{&(0x7f00000097c0)="bf", 0x1}], 0x1, 0x0, 0x0, 0x1}}], 0x1, 0x0)

00:15:19 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r0, 0x0)
write$tun(r0, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r1 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)

[ 2528.850775][T17965] binder: 17956:17965 Release 1 refcount change on invalid ref 0 ret -22
00:15:19 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

[ 2529.090910][T17950] dccp_check_seqno: Step 6 failed for RESET packet, (LSWL(244306146814073) <= P.seqno(0) <= S.SWH(244306146814147)) and (P.ackno exists or LAWL(201919128875013) <= P.ackno(201919128875014) <= S.AWH(201919128875014), sending SYNC...
00:15:19 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, 0x0, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000001c0)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
pipe(&(0x7f0000000640))
io_setup(0x1ff, &(0x7f0000000040)=<r2=>0x0)
io_getevents(r2, 0x6, 0x2, &(0x7f00000000c0)=[{}, {}], &(0x7f0000000140)={0x0, 0x989680})
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000480)='tls\x00', 0x101)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000100), 0x28)

[ 2529.137473][T17948] dccp_close: ABORT with 1061 bytes unread
00:15:19 executing program 0:
socket$inet6(0xa, 0x3, 0x8806)
fdatasync(0xffffffffffffff9c)
socket$inet6(0xa, 0x3, 0xb8d)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYRES16=r0], 0x1}, 0x1, 0x0, 0x0, 0x90}, 0xfffffffffffffffd)
r1 = syz_open_procfs(0x0, &(0x7f0000000200)='net\x00')
fcntl$setstatus(r1, 0x4, 0x4800)
r2 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r2, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c)
syz_open_dev$binder(&(0x7f0000000280)='/dev/binder#\x00', 0x0, 0x107fe)
mq_open(&(0x7f0000000000)='..\x00', 0x0, 0x0, &(0x7f0000000040))
r3 = socket$inet_dccp(0x2, 0x6, 0x0)
listen(r2, 0x6)
setsockopt(r3, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1)
connect$inet(r3, &(0x7f0000e5c000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10)
connect$netlink(r1, &(0x7f00000001c0)=@unspec, 0xc)
ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r0)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000440)={'bcsh0\x00', &(0x7f00000007c0)=ANY=[@ANYBLOB="200000006900002f70056977f532a6b82a29b37471c2335f9efe2f6853a7431dadbb66a0a63e7eb8801772f37289412b769e87e04cdea2e149004df07a48aed39bdf1f681271e92dbceff91524497acfe6d5cd22d44e62d88c82211ef49cfd0e7743bc7a055821ff1cfce9728d3390897cd2cc1a155a9e0e293c7418aa2bdccd406d6010bbe2e82e4ef71f6ce0c76c1063c5d6e571c179fd983269ca450090f9d9aa5468e20dd9185714bf7dbefb79cf422e91eef29d66d34a21e1f74ebc981e2896b53bbd23d776ac47a06bc24334a3e8ee5c8d29b7af06448a44eae6b02015045c344681090293d8b1ad8698ae0d3a7e4e3283cee645b02899b8932057b813f34a9102511149000000000000000000002ec92e26cce99a990fd194abc2022e086d27e0550c034841a848fa49213838c30f0135a9c8937df2688206b5ad890c0a"]})
r4 = accept(r2, 0x0, &(0x7f0000000080)=0xfe0f)
connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback}, 0x1c)
read(r3, &(0x7f0000000380)=""/144, 0x90)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000340)='tls\x00', 0x4)
clock_gettime(0x0, &(0x7f00000002c0)={<r5=>0x0, <r6=>0x0})
setsockopt$sock_timeval(r1, 0x1, 0x10, &(0x7f0000000300)={r5, r6/1000+10000}, 0xb6)
syz_open_dev$adsp(&(0x7f0000000240)='/dev/adsp#\x00', 0x101, 0x40000)
inotify_add_watch(r3, &(0x7f0000000180)='./file0\x00', 0x9)
write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffffffffffd45)
socket$inet6(0xa, 0x100008, 0x8)
sendmmsg(r3, &(0x7f0000005700)=[{{&(0x7f0000003900)=@pptp, 0x80, &(0x7f0000003b80), 0x3a5, &(0x7f0000003bc0)}}], 0x3a6, 0x0)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='erspan0\x00', 0xfc)
sendmmsg(r1, &(0x7f000000a080)=[{{&(0x7f0000005440)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2, {0xa, 0x0, 0x0, @ipv4={[], [], @local}}}}, 0x80, &(0x7f0000005640)=[{&(0x7f00000097c0)="bf", 0x1}], 0x1, 0x0, 0x0, 0x1}}], 0x1, 0x0)

00:15:19 executing program 2:
socket$inet6(0xa, 0x3, 0x8806)
fdatasync(0xffffffffffffff9c)
socket$inet6(0xa, 0x3, 0xb8d)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYRES16=r0], 0x1}, 0x1, 0x0, 0x0, 0x90}, 0xfffffffffffffffd)
r1 = syz_open_procfs(0x0, &(0x7f0000000200)='net\x00')
fcntl$setstatus(r1, 0x4, 0x4800)
r2 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r2, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c)
syz_open_dev$binder(&(0x7f0000000280)='/dev/binder#\x00', 0x0, 0x107fe)
mq_open(&(0x7f0000000000)='..\x00', 0x0, 0x0, &(0x7f0000000040))
r3 = socket$inet_dccp(0x2, 0x6, 0x0)
listen(r2, 0x6)
setsockopt(r3, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1)
connect$inet(r3, &(0x7f0000e5c000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10)
connect$netlink(r1, &(0x7f00000001c0)=@unspec, 0xc)
ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r0)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000440)={'bcsh0\x00', &(0x7f00000007c0)=ANY=[@ANYBLOB="200000006900002f70056977f532a6b82a29b37471c2335f9efe2f6853a7431dadbb66a0a63e7eb8801772f37289412b769e87e04cdea2e149004df07a48aed39bdf1f681271e92dbceff91524497acfe6d5cd22d44e62d88c82211ef49cfd0e7743bc7a055821ff1cfce9728d3390897cd2cc1a155a9e0e293c7418aa2bdccd406d6010bbe2e82e4ef71f6ce0c76c1063c5d6e571c179fd983269ca450090f9d9aa5468e20dd9185714bf7dbefb79cf422e91eef29d66d34a21e1f74ebc981e2896b53bbd23d776ac47a06bc24334a3e8ee5c8d29b7af06448a44eae6b02015045c344681090293d8b1ad8698ae0d3a7e4e3283cee645b02899b8932057b813f34a9102511149000000000000000000002ec92e26cce99a990fd194abc2022e086d27e0550c034841a848fa4921"]})
r4 = accept(r2, 0x0, &(0x7f0000000080)=0xfe0f)
connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback}, 0x1c)
read(r3, &(0x7f0000000380)=""/144, 0x90)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000340)='tls\x00', 0x4)
clock_gettime(0x0, &(0x7f00000002c0)={<r5=>0x0, <r6=>0x0})
setsockopt$sock_timeval(r1, 0x1, 0x10, &(0x7f0000000300)={r5, r6/1000+10000}, 0xb6)
syz_open_dev$adsp(&(0x7f0000000240)='/dev/adsp#\x00', 0x101, 0x40000)
inotify_add_watch(r3, &(0x7f0000000180)='./file0\x00', 0x9)
write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffffffffffd45)
socket$inet6(0xa, 0x100008, 0x8)
sendmmsg(r3, &(0x7f0000005700)=[{{&(0x7f0000003900)=@pptp, 0x80, &(0x7f0000003b80), 0x3a5, &(0x7f0000003bc0)}}], 0x3a6, 0x0)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='erspan0\x00', 0xfc)
sendmmsg(r1, &(0x7f000000a080)=[{{&(0x7f0000005440)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2, {0xa, 0x0, 0x0, @ipv4={[], [], @local}}}}, 0x80, &(0x7f0000005640)=[{&(0x7f00000097c0)="bf", 0x1}], 0x1, 0x0, 0x0, 0x1}}], 0x1, 0x0)

00:15:19 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040), &(0x7f0000000140)=0x8)

00:15:19 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:20 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

[ 2529.555405][T17984] dccp_check_seqno: Step 6 failed for RESET packet, (LSWL(278377695227313) <= P.seqno(0) <= S.SWH(278377695227387)) and (P.ackno exists or LAWL(190654405798203) <= P.ackno(190654405798204) <= S.AWH(190654405798204), sending SYNC...
00:15:20 executing program 5:
socket$inet6(0xa, 0x3, 0x8806)
fdatasync(0xffffffffffffff9c)
socket$inet6(0xa, 0x3, 0xb8d)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYRES16=r0], 0x1}, 0x1, 0x0, 0x0, 0x90}, 0xfffffffffffffffd)
r1 = syz_open_procfs(0x0, &(0x7f0000000200)='net\x00')
fcntl$setstatus(r1, 0x4, 0x4800)
r2 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r2, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c)
syz_open_dev$binder(&(0x7f0000000280)='/dev/binder#\x00', 0x0, 0x107fe)
mq_open(&(0x7f0000000000)='..\x00', 0x0, 0x0, &(0x7f0000000040))
r3 = socket$inet_dccp(0x2, 0x6, 0x0)
listen(r2, 0x6)
setsockopt(r3, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1)
connect$inet(r3, &(0x7f0000e5c000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10)
connect$netlink(r1, &(0x7f00000001c0)=@unspec, 0xc)
ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r0)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000440)={'bcsh0\x00', &(0x7f00000007c0)=ANY=[@ANYBLOB="200000006900002f70056977f532a6b82a29b37471c2335f9efe2f6853a7431dadbb66a0a63e7eb8801772f37289412b769e87e04cdea2e149004df07a48aed39bdf1f681271e92dbceff91524497acfe6d5cd22d44e62d88c82211ef49cfd0e7743bc7a055821ff1cfce9728d3390897cd2cc1a155a9e0e293c7418aa2bdccd406d6010bbe2e82e4ef71f6ce0c76c1063c5d6e571c179fd983269ca450090f9d9aa5468e20dd9185714bf7dbefb79cf422e91eef29d66d34a21e1f74ebc981e2896b53bbd23d776ac47a06bc24334a3e8ee5c8d29b7af06448a44eae6b02015045c344681090293d8b1ad8698ae0d3a7e4e3283cee645b02899b8932057b813f34a9102511149000000000000000000002ec92e26cce99a990fd194abc2022e086d27e0550c034841a848fa49213838c30f0135a9c8937df2688206b5ad890c0ac5"]})
r4 = accept(r2, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback}, 0x1c)
read(r3, &(0x7f0000000380)=""/144, 0x90)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000340)='tls\x00', 0x4)
clock_gettime(0x0, &(0x7f00000002c0)={<r5=>0x0, <r6=>0x0})
setsockopt$sock_timeval(r1, 0x1, 0x10, &(0x7f0000000300)={r5, r6/1000+10000}, 0xb6)
syz_open_dev$adsp(&(0x7f0000000240)='/dev/adsp#\x00', 0x101, 0x40000)
inotify_add_watch(r3, &(0x7f0000000180)='./file0\x00', 0x9)
write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffffffffffd45)
socket$inet6(0xa, 0x100008, 0x8)
sendmmsg(r3, &(0x7f0000005700)=[{{&(0x7f0000003900)=@pptp, 0x80, &(0x7f0000003b80), 0x3a5, &(0x7f0000003bc0)}}], 0x3a6, 0x0)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='erspan0\x00', 0xfc)
sendmmsg(r1, &(0x7f000000a080)=[{{&(0x7f0000005440)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2, {0xa, 0x0, 0x0, @ipv4={[], [], @local}}}}, 0x80, &(0x7f0000005640)=[{&(0x7f00000097c0)="bf", 0x1}], 0x1, 0x0, 0x0, 0x1}}], 0x1, 0x0)

[ 2529.617109][T17979] dccp_close: ABORT with 1061 bytes unread
00:15:20 executing program 0:
openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000001c0)=0x100000001, 0x4)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
pipe(&(0x7f0000000640))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
getresgid(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000001680)={0x0, <r1=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x900000000000000, 0x528}, 0x0, &(0x7f0000000140)={0x1b9}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000480)='tls\x00', 0x101)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000100), 0x28)

00:15:20 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

[ 2529.692654][T18002] binder: 17998:18002 Release 1 refcount change on invalid ref 0 ret -22
[ 2529.804502][T18009] tls_set_device_offload_rx: netdev lo with no TLS offload
00:15:20 executing program 1:
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:20 executing program 0:
openat$dsp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0xd7)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000000)='vcan0\x00', 0x1000001c3)
connect$inet(r4, &(0x7f0000000140)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x26}}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r4, 0x6, 0x1d, &(0x7f0000000240)={0x0, 0x8d9c, 0x10001}, 0x14)
write$binfmt_misc(r3, &(0x7f0000000100)=ANY=[], 0x4f3d1d6e)
splice(r2, 0x0, r4, 0x0, 0x10005, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000001c0)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
pipe(&(0x7f0000000640))
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e24, 0x0, @mcast2, 0x7fffffff}, 0x1c)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
io_setup(0x1ff, &(0x7f0000000040))
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000480)='tls\x00', 0x101)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000100), 0x28)

00:15:20 executing program 1:
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:20 executing program 2:
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:20 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040), &(0x7f0000000140)=0x8)

[ 2530.284313][T18027] tls_set_device_offload_rx: netdev lo with no TLS offload
00:15:21 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

00:15:21 executing program 2:
openat$dsp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0xd7)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000000)='vcan0\x00', 0x1000001c3)
connect$inet(r4, &(0x7f0000000140)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x26}}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r4, 0x6, 0x1d, &(0x7f0000000240)={0x0, 0x8d9c, 0x10001}, 0x14)
write$binfmt_misc(r3, &(0x7f0000000100)=ANY=[], 0x4f3d1d6e)
splice(r2, 0x0, r4, 0x0, 0x10005, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000001c0)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
pipe(&(0x7f0000000640))
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e24, 0x0, @mcast2, 0x7fffffff}, 0x1c)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
io_setup(0x1ff, &(0x7f0000000040)=<r5=>0x0)
io_getevents(r5, 0x6, 0x2, &(0x7f00000000c0)=[{}, {}], &(0x7f0000000140)={0x0, 0x989680})
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000100), 0x28)

00:15:21 executing program 1:
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

[ 2530.485832][T18036] binder: 18035:18036 ioctl c0306201 0 returned -14
00:15:21 executing program 5:
r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x0, 0x40000)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffff9c, 0x84, 0x7b, &(0x7f0000000040)={<r1=>0x0, 0x3}, 0x0)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f00000000c0)={r1}, 0x8)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000001c0)=0x100000001, 0x4)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0)
connect$inet6(r3, &(0x7f0000000080), 0x1c)
pipe(&(0x7f0000000640)={<r4=>0xffffffffffffffff})
r5 = semget(0x3, 0x0, 0x420)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000280)={0x0, <r6=>0x0}, &(0x7f00000002c0)=0xc)
getresgid(&(0x7f0000000300)=<r7=>0x0, &(0x7f0000000340), &(0x7f0000000380))
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f00000003c0)={0x0, <r8=>0x0}, &(0x7f0000000400)=0xc)
r9 = getgid()
semctl$IPC_SET(r5, 0x0, 0x1, &(0x7f00000004c0)={{0x7, r6, r7, r8, r9, 0x0, 0x7fff}, 0xcc77, 0x5, 0x10001})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x528}, 0x0, &(0x7f0000000140)={0x1b9, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000}, &(0x7f0000000200), 0x0)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000480)='tls\x00', 0x101)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x2, &(0x7f0000000100), 0x28)

[ 2530.554361][T18040] binder: 18035:18040 Release 1 refcount change on invalid ref 0 ret -22
00:15:21 executing program 5:
r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x0, 0x40000)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffff9c, 0x84, 0x7b, &(0x7f0000000040)={<r1=>0x0, 0x3}, 0x0)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f00000000c0)={r1}, 0x8)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000001c0)=0x100000001, 0x4)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0)
connect$inet6(r3, &(0x7f0000000080), 0x1c)
pipe(&(0x7f0000000640)={<r4=>0xffffffffffffffff})
r5 = semget(0x3, 0x0, 0x420)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000280)={0x0, <r6=>0x0}, &(0x7f00000002c0)=0xc)
getresgid(&(0x7f0000000300)=<r7=>0x0, &(0x7f0000000340), &(0x7f0000000380))
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f00000003c0)={0x0, <r8=>0x0}, &(0x7f0000000400)=0xc)
r9 = getgid()
semctl$IPC_SET(r5, 0x0, 0x1, &(0x7f00000004c0)={{0x7, r6, r7, r8, r9, 0x0, 0x7fff}, 0xcc77, 0x5, 0x10001})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x528}, 0x0, &(0x7f0000000140)={0x1b9, 0x0, 0x0, 0x0, 0x0, 0x100000000000000}, &(0x7f0000000200), 0x0)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000480)='tls\x00', 0x101)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x2, &(0x7f0000000100), 0x28)

[ 2530.683131][T18046] tls_set_device_offload_rx: netdev sit0 with no TLS offload
00:15:21 executing program 5:
r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x0, 0x40000)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffff9c, 0x84, 0x7b, &(0x7f0000000040)={<r1=>0x0, 0x3}, 0x0)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f00000000c0)={r1}, 0x8)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000001c0)=0x100000001, 0x4)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0)
connect$inet6(r3, &(0x7f0000000080), 0x1c)
pipe(&(0x7f0000000640)={<r4=>0xffffffffffffffff})
r5 = semget(0x3, 0x0, 0x420)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000280)={0x0, <r6=>0x0}, &(0x7f00000002c0)=0xc)
getresgid(&(0x7f0000000300)=<r7=>0x0, &(0x7f0000000340), &(0x7f0000000380))
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f00000003c0)={0x0, <r8=>0x0}, &(0x7f0000000400)=0xc)
r9 = getgid()
semctl$IPC_SET(r5, 0x0, 0x1, &(0x7f00000004c0)={{0x7, r6, r7, r8, r9, 0x0, 0x7fff}, 0xcc77, 0x5, 0x10001})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x528}, 0x0, &(0x7f0000000140)={0x1b9, 0x0, 0x0, 0x0, 0x0, 0x20000000000000}, &(0x7f0000000200), 0x0)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000480)='tls\x00', 0x101)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x2, &(0x7f0000000100), 0x28)

00:15:21 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

[ 2530.761639][T18051] tls_set_device_offload_rx: netdev sit0 with no TLS offload
00:15:21 executing program 5:
r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x0, 0x40000)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffff9c, 0x84, 0x7b, &(0x7f0000000040)={<r1=>0x0, 0x3}, 0x0)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f00000000c0)={r1}, 0x8)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000001c0)=0x100000001, 0x4)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0)
connect$inet6(r3, &(0x7f0000000080), 0x1c)
pipe(&(0x7f0000000640)={<r4=>0xffffffffffffffff})
r5 = semget(0x3, 0x0, 0x420)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000280)={0x0, <r6=>0x0}, &(0x7f00000002c0)=0xc)
getresgid(&(0x7f0000000300)=<r7=>0x0, &(0x7f0000000340), &(0x7f0000000380))
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f00000003c0)={0x0, <r8=>0x0}, &(0x7f0000000400)=0xc)
r9 = getgid()
semctl$IPC_SET(r5, 0x0, 0x1, &(0x7f00000004c0)={{0x7, r6, r7, r8, r9, 0x0, 0x7fff}, 0xcc77, 0x5, 0x10001})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x528}, 0x0, &(0x7f0000000140)={0x1b9, 0x0, 0x0, 0x0, 0x0, 0x7000000}, &(0x7f0000000200), 0x0)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000480)='tls\x00', 0x101)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x2, &(0x7f0000000100), 0x28)

[ 2530.867062][T18056] tls_set_device_offload_rx: netdev sit0 with no TLS offload
00:15:21 executing program 0:
openat$dsp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0xd7)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000000)='vcan0\x00', 0x1000001c3)
connect$inet(r4, &(0x7f0000000140)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x26}}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r4, 0x6, 0x1d, &(0x7f0000000240)={0x0, 0x8d9c, 0x10001}, 0x14)
write$binfmt_misc(r3, &(0x7f0000000100)=ANY=[], 0x4f3d1d6e)
splice(r2, 0x0, r4, 0x0, 0x10005, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000001c0)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
pipe(&(0x7f0000000640))
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e24, 0x0, @mcast2, 0x7fffffff}, 0x1c)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
io_setup(0x1ff, &(0x7f0000000040))
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000480)='tls\x00', 0x101)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000100), 0x28)

[ 2530.959454][T18059] tls_set_device_offload_rx: netdev sit0 with no TLS offload
00:15:21 executing program 5:
r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x0, 0x40000)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffff9c, 0x84, 0x7b, &(0x7f0000000040)={<r1=>0x0, 0x3}, 0x0)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f00000000c0)={r1}, 0x8)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000001c0)=0x100000001, 0x4)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0)
connect$inet6(r3, &(0x7f0000000080), 0x1c)
pipe(&(0x7f0000000640)={<r4=>0xffffffffffffffff})
r5 = semget(0x3, 0x0, 0x420)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000280)={0x0, <r6=>0x0}, &(0x7f00000002c0)=0xc)
getresgid(&(0x7f0000000300)=<r7=>0x0, &(0x7f0000000340), &(0x7f0000000380))
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f00000003c0)={0x0, <r8=>0x0}, &(0x7f0000000400)=0xc)
r9 = getgid()
semctl$IPC_SET(r5, 0x0, 0x1, &(0x7f00000004c0)={{0x7, r6, r7, r8, r9, 0x0, 0x7fff}, 0xcc77, 0x5, 0x10001})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x528}, 0x0, &(0x7f0000000140)={0x1b9, 0x0, 0x0, 0x0, 0x0, 0xe00}, &(0x7f0000000200), 0x0)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000480)='tls\x00', 0x101)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x2, &(0x7f0000000100), 0x28)

00:15:21 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

[ 2531.088719][T18066] tls_set_device_offload_rx: netdev sit0 with no TLS offload
00:15:21 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040), &(0x7f0000000140)=0x8)

[ 2531.157908][T18071] tls_set_device_offload_rx: netdev lo with no TLS offload
00:15:21 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

00:15:21 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x0, 0x40000)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffff9c, 0x84, 0x7b, &(0x7f0000000040)={<r1=>0x0, 0x3}, 0x0)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f00000000c0)={r1}, 0x8)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000001c0)=0x100000001, 0x4)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0)
connect$inet6(r3, &(0x7f0000000080), 0x1c)
pipe(&(0x7f0000000640)={<r4=>0xffffffffffffffff})
r5 = semget(0x3, 0x0, 0x420)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000280)={0x0, <r6=>0x0}, &(0x7f00000002c0)=0xc)
getresgid(&(0x7f0000000300)=<r7=>0x0, &(0x7f0000000340), &(0x7f0000000380))
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f00000003c0)={0x0, <r8=>0x0}, &(0x7f0000000400)=0xc)
r9 = getgid()
semctl$IPC_SET(r5, 0x0, 0x1, &(0x7f00000004c0)={{0x7, r6, r7, r8, r9, 0x0, 0x7fff}, 0xcc77, 0x5, 0x10001})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x528}, 0x0, &(0x7f0000000140)={0x1b9, 0x0, 0x0, 0x0, 0x40000000}, &(0x7f0000000200), 0x0)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000480)='tls\x00', 0x101)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x2, &(0x7f0000000100), 0x28)

00:15:21 executing program 5:
r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x0, 0x40000)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffff9c, 0x84, 0x7b, &(0x7f0000000040)={<r1=>0x0, 0x3}, 0x0)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f00000000c0)={r1}, 0x8)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000001c0)=0x100000001, 0x4)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0)
connect$inet6(r3, &(0x7f0000000080), 0x1c)
pipe(&(0x7f0000000640)={<r4=>0xffffffffffffffff})
r5 = semget(0x3, 0x0, 0x420)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000280)={0x0, <r6=>0x0}, &(0x7f00000002c0)=0xc)
getresgid(&(0x7f0000000300)=<r7=>0x0, &(0x7f0000000340), &(0x7f0000000380))
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f00000003c0)={0x0, <r8=>0x0}, &(0x7f0000000400)=0xc)
r9 = getgid()
semctl$IPC_SET(r5, 0x0, 0x1, &(0x7f00000004c0)={{0x7, r6, r7, r8, r9, 0x0, 0x7fff}, 0xcc77, 0x5, 0x10001})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x528}, 0x0, &(0x7f0000000140)={0x1b9, 0x0, 0x0, 0x0, 0xe00000000000000}, &(0x7f0000000200), 0x0)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000480)='tls\x00', 0x101)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x2, &(0x7f0000000100), 0x28)

[ 2531.321981][T18079] binder: 18078:18079 ioctl c0306201 0 returned -14
00:15:21 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

[ 2531.382144][T18084] binder: 18078:18084 Release 1 refcount change on invalid ref 0 ret -22
[ 2531.410466][T18082] tls_set_device_offload_rx: netdev sit0 with no TLS offload
[ 2531.428699][T18085] tls_set_device_offload_rx: netdev sit0 with no TLS offload
00:15:22 executing program 2:
socket$inet6(0xa, 0x3, 0x8806)
fdatasync(0xffffffffffffff9c)
socket$inet6(0xa, 0x3, 0xb8d)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x90}, 0xfffffffffffffffd)
r1 = syz_open_procfs(0x0, &(0x7f0000000200)='net\x00')
fcntl$setstatus(r1, 0x4, 0x4800)
r2 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r2, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c)
syz_open_dev$binder(&(0x7f0000000280)='/dev/binder#\x00', 0x0, 0x107fe)
mq_open(&(0x7f0000000000)='..\x00', 0x0, 0x0, &(0x7f0000000040))
r3 = socket$inet_dccp(0x2, 0x6, 0x0)
listen(r2, 0x6)
setsockopt(r3, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1)
connect$inet(r3, &(0x7f0000e5c000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10)
connect$netlink(r1, &(0x7f00000001c0)=@unspec, 0xc)
ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r0)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000440)={'bcsh0\x00', &(0x7f00000007c0)=ANY=[@ANYBLOB="200000006900002f70056977f532a6b82a29b37471c2335f9efe2f6853a7431dadbb66a0a63e7eb8801772f37289412b769e87e04cdea2e149004df07a48aed39bdf1f681271e92dbceff91524497acfe6d5cd22d44e62d88c82211ef49cfd0e7743bc7a055821ff1cfce9728d3390897cd2cc1a155a9e0e293c7418aa2bdccd406d6010bbe2e82e4ef71f6ce0c76c1063c5d6e571c179fd983269ca450090f9d9aa5468e20dd9185714bf7dbefb79cf422e91eef29d66d34a21e1f74ebc981e2896b53bbd23d776ac47a06bc24334a3e8ee5c8d29b7af06448a44eae6b02015045c344681090293d8b1ad8698ae0d3a7e4e3283cee645b02899b8932057b813f34a9102511149000000000000000000002ec92e26cce99a990fd194abc2022e086d27e0550c034841a848fa49213838c30f0135a9c8937df2688206b5ad890c0ac5"]})
r4 = accept(r2, 0x0, &(0x7f0000000080)=0xfe0f)
connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback}, 0x1c)
read(r3, &(0x7f0000000380)=""/144, 0x90)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000340)='tls\x00', 0x4)
clock_gettime(0x0, &(0x7f00000002c0)={<r5=>0x0, <r6=>0x0})
setsockopt$sock_timeval(r1, 0x1, 0x10, &(0x7f0000000300)={r5, r6/1000+10000}, 0xb6)
syz_open_dev$adsp(&(0x7f0000000240)='/dev/adsp#\x00', 0x101, 0x40000)
inotify_add_watch(r3, &(0x7f0000000180)='./file0\x00', 0x9)
write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffffffffffd45)
socket$inet6(0xa, 0x100008, 0x8)
sendmmsg(r3, &(0x7f0000005700)=[{{&(0x7f0000003900)=@pptp, 0x80, &(0x7f0000003b80), 0x3a5, &(0x7f0000003bc0)}}], 0x3a6, 0x0)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='erspan0\x00', 0xfc)
sendmmsg(r1, &(0x7f000000a080)=[{{&(0x7f0000005440)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2, {0xa, 0x0, 0x0, @ipv4={[], [], @local}}}}, 0x80, &(0x7f0000005640)=[{&(0x7f00000097c0)="bf", 0x1}], 0x1, 0x0, 0x0, 0x1}}], 0x1, 0x0)

00:15:22 executing program 5:
r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x0, 0x40000)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffff9c, 0x84, 0x7b, &(0x7f0000000040)={<r1=>0x0, 0x3}, 0x0)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f00000000c0)={r1}, 0x8)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000001c0)=0x100000001, 0x4)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0)
connect$inet6(r3, &(0x7f0000000080), 0x1c)
pipe(&(0x7f0000000640)={<r4=>0xffffffffffffffff})
r5 = semget(0x3, 0x0, 0x420)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000280)={0x0, <r6=>0x0}, &(0x7f00000002c0)=0xc)
getresgid(&(0x7f0000000300)=<r7=>0x0, &(0x7f0000000340), &(0x7f0000000380))
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f00000003c0)={0x0, <r8=>0x0}, &(0x7f0000000400)=0xc)
r9 = getgid()
semctl$IPC_SET(r5, 0x0, 0x1, &(0x7f00000004c0)={{0x7, r6, r7, r8, r9, 0x0, 0x7fff}, 0xcc77, 0x5, 0x10001})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x528}, 0x0, &(0x7f0000000140)={0x1b9, 0x0, 0x0, 0x0, 0xb400}, &(0x7f0000000200), 0x0)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000480)='tls\x00', 0x101)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x2, &(0x7f0000000100), 0x28)

00:15:22 executing program 5:
r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x0, 0x40000)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffff9c, 0x84, 0x7b, &(0x7f0000000040)={<r1=>0x0, 0x3}, 0x0)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f00000000c0)={r1}, 0x8)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000001c0)=0x100000001, 0x4)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0)
connect$inet6(r3, &(0x7f0000000080), 0x1c)
pipe(&(0x7f0000000640)={<r4=>0xffffffffffffffff})
r5 = semget(0x3, 0x0, 0x420)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000280)={0x0, <r6=>0x0}, &(0x7f00000002c0)=0xc)
getresgid(&(0x7f0000000300)=<r7=>0x0, &(0x7f0000000340), &(0x7f0000000380))
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f00000003c0)={0x0, <r8=>0x0}, &(0x7f0000000400)=0xc)
r9 = getgid()
semctl$IPC_SET(r5, 0x0, 0x1, &(0x7f00000004c0)={{0x7, r6, r7, r8, r9, 0x0, 0x7fff}, 0xcc77, 0x5, 0x10001})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x528}, 0x0, &(0x7f0000000140)={0x1b9, 0x0, 0x0, 0x0, 0x4d01}, &(0x7f0000000200), 0x0)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000480)='tls\x00', 0x101)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x2, &(0x7f0000000100), 0x28)

00:15:22 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, 0x0, 0x0)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:22 executing program 0:
openat$dsp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0xd7)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000000)='vcan0\x00', 0x1000001c3)
connect$inet(r4, &(0x7f0000000140)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x26}}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r4, 0x6, 0x1d, &(0x7f0000000240)={0x0, 0x8d9c, 0x10001}, 0x14)
write$binfmt_misc(r3, &(0x7f0000000100)=ANY=[], 0x4f3d1d6e)
splice(r2, 0x0, r4, 0x0, 0x10005, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000001c0)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
pipe(&(0x7f0000000640))
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e24, 0x0, @mcast2, 0x7fffffff}, 0x1c)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
io_setup(0x1ff, &(0x7f0000000040))
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000480)='tls\x00', 0x101)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000100), 0x28)

00:15:22 executing program 5:
r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x0, 0x40000)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffff9c, 0x84, 0x7b, &(0x7f0000000040)={<r1=>0x0, 0x3}, 0x0)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f00000000c0)={r1}, 0x8)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000001c0)=0x100000001, 0x4)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0)
connect$inet6(r3, &(0x7f0000000080), 0x1c)
pipe(&(0x7f0000000640)={<r4=>0xffffffffffffffff})
r5 = semget(0x3, 0x0, 0x420)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000280)={0x0, <r6=>0x0}, &(0x7f00000002c0)=0xc)
getresgid(&(0x7f0000000300)=<r7=>0x0, &(0x7f0000000340), &(0x7f0000000380))
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f00000003c0)={0x0, <r8=>0x0}, &(0x7f0000000400)=0xc)
r9 = getgid()
semctl$IPC_SET(r5, 0x0, 0x1, &(0x7f00000004c0)={{0x7, r6, r7, r8, r9, 0x0, 0x7fff}, 0xcc77, 0x5, 0x10001})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x528}, 0x0, &(0x7f0000000140)={0x1b9, 0x0, 0x0, 0x0, 0xb00}, &(0x7f0000000200), 0x0)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000480)='tls\x00', 0x101)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x2, &(0x7f0000000100), 0x28)

00:15:22 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, 0x0, 0x0)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:22 executing program 5:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, 0x0, 0x0)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:22 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, 0x0)

00:15:22 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

00:15:22 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, 0x0, 0x0)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

[ 2532.187843][T18124] binder: 18123:18124 ioctl c0306201 0 returned -14
00:15:22 executing program 5:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, 0x0, 0x0)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

[ 2532.243196][T18128] binder: 18123:18128 Release 1 refcount change on invalid ref 0 ret -22
00:15:22 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x0, 0x40000)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffff9c, 0x84, 0x7b, &(0x7f0000000040)={<r1=>0x0, 0x3}, 0x0)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f00000000c0)={r1}, 0x8)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000001c0)=0x100000001, 0x4)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0)
connect$inet6(r3, &(0x7f0000000080), 0x1c)
pipe(&(0x7f0000000640)={<r4=>0xffffffffffffffff})
r5 = semget(0x3, 0x0, 0x420)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000280)={0x0, <r6=>0x0}, &(0x7f00000002c0)=0xc)
getresgid(&(0x7f0000000300)=<r7=>0x0, &(0x7f0000000340), &(0x7f0000000380))
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f00000003c0)={0x0, <r8=>0x0}, &(0x7f0000000400)=0xc)
r9 = getgid()
semctl$IPC_SET(r5, 0x0, 0x1, &(0x7f00000004c0)={{0x7, r6, r7, r8, r9, 0x0, 0x7fff}, 0xcc77, 0x5, 0x10001})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x528}, 0x0, &(0x7f0000000140)={0x1b9, 0x0, 0x0, 0x0, 0x11}, &(0x7f0000000200), 0x0)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000480)='tls\x00', 0x101)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x2, &(0x7f0000000100), 0x28)

00:15:23 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280), 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:23 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x0, 0x40000)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffff9c, 0x84, 0x7b, &(0x7f0000000040)={<r1=>0x0, 0x3}, 0x0)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f00000000c0)={r1}, 0x8)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000001c0)=0x100000001, 0x4)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0)
connect$inet6(r3, &(0x7f0000000080), 0x1c)
pipe(&(0x7f0000000640)={<r4=>0xffffffffffffffff})
r5 = semget(0x3, 0x0, 0x420)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000280)={0x0, <r6=>0x0}, &(0x7f00000002c0)=0xc)
getresgid(&(0x7f0000000300)=<r7=>0x0, &(0x7f0000000340), &(0x7f0000000380))
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f00000003c0)={0x0, <r8=>0x0}, &(0x7f0000000400)=0xc)
r9 = getgid()
semctl$IPC_SET(r5, 0x0, 0x1, &(0x7f00000004c0)={{0x7, r6, r7, r8, r9, 0x0, 0x7fff}, 0xcc77, 0x5, 0x10001})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x528}, 0x0, &(0x7f0000000140)={0x1b9, 0x0, 0x0, 0x0, 0x5}, &(0x7f0000000200), 0x0)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000480)='tls\x00', 0x101)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x2, &(0x7f0000000100), 0x28)

00:15:23 executing program 5:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, 0x0, 0x0)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:23 executing program 0:
openat$dsp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0xd7)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000000)='vcan0\x00', 0x1000001c3)
connect$inet(r4, &(0x7f0000000140)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x26}}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r4, 0x6, 0x1d, &(0x7f0000000240)={0x0, 0x8d9c, 0x10001}, 0x14)
write$binfmt_misc(r3, &(0x7f0000000100)=ANY=[], 0x4f3d1d6e)
splice(r2, 0x0, r4, 0x0, 0x10005, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000001c0)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
pipe(&(0x7f0000000640))
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e24, 0x0, @mcast2, 0x7fffffff}, 0x1c)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
io_setup(0x1ff, &(0x7f0000000040))
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000480)='tls\x00', 0x101)

00:15:23 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x0, 0x40000)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffff9c, 0x84, 0x7b, &(0x7f0000000040)={<r1=>0x0, 0x3}, 0x0)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f00000000c0)={r1}, 0x8)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000001c0)=0x100000001, 0x4)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0)
connect$inet6(r3, &(0x7f0000000080), 0x1c)
pipe(&(0x7f0000000640)={<r4=>0xffffffffffffffff})
r5 = semget(0x3, 0x0, 0x420)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000280)={0x0, <r6=>0x0}, &(0x7f00000002c0)=0xc)
getresgid(&(0x7f0000000300)=<r7=>0x0, &(0x7f0000000340), &(0x7f0000000380))
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f00000003c0)={0x0, <r8=>0x0}, &(0x7f0000000400)=0xc)
r9 = getgid()
semctl$IPC_SET(r5, 0x0, 0x1, &(0x7f00000004c0)={{0x7, r6, r7, r8, r9, 0x0, 0x7fff}, 0xcc77, 0x5, 0x10001})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x528}, 0x0, &(0x7f0000000140)={0x1b9, 0x0, 0x0, 0xb00020000000000}, &(0x7f0000000200), 0x0)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000480)='tls\x00', 0x101)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x2, &(0x7f0000000100), 0x28)

00:15:23 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280), 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:23 executing program 2:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280), 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:23 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, 0x0)

00:15:23 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

00:15:23 executing program 5:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, 0x0, 0x0)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:23 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280), 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:23 executing program 2:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280), 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

[ 2533.166204][T18173] binder: 18168:18173 Release 1 refcount change on invalid ref 0 ret -22
00:15:23 executing program 5:
r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x0, 0x40000)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffff9c, 0x84, 0x7b, &(0x7f0000000040)={<r1=>0x0, 0x3}, 0x0)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f00000000c0)={r1}, 0x8)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000001c0)=0x100000001, 0x4)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0)
connect$inet6(r3, &(0x7f0000000080), 0x1c)
pipe(&(0x7f0000000640)={<r4=>0xffffffffffffffff})
r5 = semget(0x3, 0x0, 0x420)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000280)={0x0, <r6=>0x0}, &(0x7f00000002c0)=0xc)
getresgid(&(0x7f0000000300)=<r7=>0x0, &(0x7f0000000340), &(0x7f0000000380))
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f00000003c0)={0x0, <r8=>0x0}, &(0x7f0000000400)=0xc)
r9 = getgid()
semctl$IPC_SET(r5, 0x0, 0x1, &(0x7f00000004c0)={{0x7, r6, r7, r8, r9, 0x0, 0x7fff}, 0xcc77, 0x5, 0x10001})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x528}, 0x0, &(0x7f0000000140)={0x1b9, 0x0, 0x0, 0x200000000000000}, &(0x7f0000000200), 0x0)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000480)='tls\x00', 0x101)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x2, &(0x7f0000000100), 0x28)

00:15:23 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:23 executing program 5:
r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x0, 0x40000)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffff9c, 0x84, 0x7b, &(0x7f0000000040)={<r1=>0x0, 0x3}, 0x0)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f00000000c0)={r1}, 0x8)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000001c0)=0x100000001, 0x4)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0)
connect$inet6(r3, &(0x7f0000000080), 0x1c)
pipe(&(0x7f0000000640)={<r4=>0xffffffffffffffff})
r5 = semget(0x3, 0x0, 0x420)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000280)={0x0, <r6=>0x0}, &(0x7f00000002c0)=0xc)
getresgid(&(0x7f0000000300)=<r7=>0x0, &(0x7f0000000340), &(0x7f0000000380))
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f00000003c0)={0x0, <r8=>0x0}, &(0x7f0000000400)=0xc)
r9 = getgid()
semctl$IPC_SET(r5, 0x0, 0x1, &(0x7f00000004c0)={{0x7, r6, r7, r8, r9, 0x0, 0x7fff}, 0xcc77, 0x5, 0x10001})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x528}, 0x0, &(0x7f0000000140)={0x1b9, 0x0, 0x0, 0x10000000000000}, &(0x7f0000000200), 0x0)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000480)='tls\x00', 0x101)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x2, &(0x7f0000000100), 0x28)

00:15:24 executing program 0:
openat$dsp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0xd7)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000000)='vcan0\x00', 0x1000001c3)
connect$inet(r4, &(0x7f0000000140)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x26}}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r4, 0x6, 0x1d, &(0x7f0000000240)={0x0, 0x8d9c, 0x10001}, 0x14)
write$binfmt_misc(r3, &(0x7f0000000100)=ANY=[], 0x4f3d1d6e)
splice(r2, 0x0, r4, 0x0, 0x10005, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000001c0)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
pipe(&(0x7f0000000640))
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e24, 0x0, @mcast2, 0x7fffffff}, 0x1c)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
io_setup(0x1ff, &(0x7f0000000040))

00:15:24 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x0, 0x40000)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffff9c, 0x84, 0x7b, &(0x7f0000000040)={<r1=>0x0, 0x3}, 0x0)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f00000000c0)={r1}, 0x8)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000001c0)=0x100000001, 0x4)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0)
connect$inet6(r3, &(0x7f0000000080), 0x1c)
pipe(&(0x7f0000000640)={<r4=>0xffffffffffffffff})
r5 = semget(0x3, 0x0, 0x420)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000280)={0x0, <r6=>0x0}, &(0x7f00000002c0)=0xc)
getresgid(&(0x7f0000000300)=<r7=>0x0, &(0x7f0000000340), &(0x7f0000000380))
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f00000003c0)={0x0, <r8=>0x0}, &(0x7f0000000400)=0xc)
r9 = getgid()
semctl$IPC_SET(r5, 0x0, 0x1, &(0x7f00000004c0)={{0x7, r6, r7, r8, r9, 0x0, 0x7fff}, 0xcc77, 0x5, 0x10001})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x528}, 0x0, &(0x7f0000000140)={0x1b9, 0x0, 0x0, 0xb000200}, &(0x7f0000000200), 0x0)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000480)='tls\x00', 0x101)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x2, &(0x7f0000000100), 0x28)

00:15:24 executing program 5:
r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x0, 0x40000)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffff9c, 0x84, 0x7b, &(0x7f0000000040)={<r1=>0x0, 0x3}, 0x0)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f00000000c0)={r1}, 0x8)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000001c0)=0x100000001, 0x4)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0)
connect$inet6(r3, &(0x7f0000000080), 0x1c)
pipe(&(0x7f0000000640)={<r4=>0xffffffffffffffff})
r5 = semget(0x3, 0x0, 0x420)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000280)={0x0, <r6=>0x0}, &(0x7f00000002c0)=0xc)
getresgid(&(0x7f0000000300)=<r7=>0x0, &(0x7f0000000340), &(0x7f0000000380))
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f00000003c0)={0x0, <r8=>0x0}, &(0x7f0000000400)=0xc)
r9 = getgid()
semctl$IPC_SET(r5, 0x0, 0x1, &(0x7f00000004c0)={{0x7, r6, r7, r8, r9, 0x0, 0x7fff}, 0xcc77, 0x5, 0x10001})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x528}, 0x0, &(0x7f0000000140)={0x1b9, 0x0, 0x0, 0x7c15}, &(0x7f0000000200), 0x0)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000480)='tls\x00', 0x101)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x2, &(0x7f0000000100), 0x28)

00:15:24 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:24 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, 0x0)

00:15:24 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

00:15:24 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x0, 0x40000)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffff9c, 0x84, 0x7b, &(0x7f0000000040)={<r1=>0x0, 0x3}, 0x0)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f00000000c0)={r1}, 0x8)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000001c0)=0x100000001, 0x4)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0)
connect$inet6(r3, &(0x7f0000000080), 0x1c)
pipe(&(0x7f0000000640)={<r4=>0xffffffffffffffff})
r5 = semget(0x3, 0x0, 0x420)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000280)={0x0, <r6=>0x0}, &(0x7f00000002c0)=0xc)
getresgid(&(0x7f0000000300)=<r7=>0x0, &(0x7f0000000340), &(0x7f0000000380))
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f00000003c0)={0x0, <r8=>0x0}, &(0x7f0000000400)=0xc)
r9 = getgid()
semctl$IPC_SET(r5, 0x0, 0x1, &(0x7f00000004c0)={{0x7, r6, r7, r8, r9, 0x0, 0x7fff}, 0xcc77, 0x5, 0x10001})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x528}, 0x0, &(0x7f0000000140)={0x1b9, 0x0, 0x9a02000000000000}, &(0x7f0000000200), 0x0)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000480)='tls\x00', 0x101)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x2, &(0x7f0000000100), 0x28)

00:15:24 executing program 5:
openat$dsp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000001c0)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
pipe(&(0x7f0000000640))
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000480)='tls\x00', 0x101)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000100)={0x303, 0x9}, 0x28)

00:15:24 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:24 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x0, 0x40000)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffff9c, 0x84, 0x7b, &(0x7f0000000040)={<r1=>0x0, 0x3}, 0x0)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f00000000c0)={r1}, 0x8)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000001c0)=0x100000001, 0x4)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0)
connect$inet6(r3, &(0x7f0000000080), 0x1c)
pipe(&(0x7f0000000640)={<r4=>0xffffffffffffffff})
r5 = semget(0x3, 0x0, 0x420)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000280)={0x0, <r6=>0x0}, &(0x7f00000002c0)=0xc)
getresgid(&(0x7f0000000300)=<r7=>0x0, &(0x7f0000000340), &(0x7f0000000380))
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f00000003c0)={0x0, <r8=>0x0}, &(0x7f0000000400)=0xc)
r9 = getgid()
semctl$IPC_SET(r5, 0x0, 0x1, &(0x7f00000004c0)={{0x7, r6, r7, r8, r9, 0x0, 0x7fff}, 0xcc77, 0x5, 0x10001})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x528}, 0x0, &(0x7f0000000140)={0x1b9, 0x0, 0x401f0000}, &(0x7f0000000200), 0x0)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000480)='tls\x00', 0x101)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x2, &(0x7f0000000100), 0x28)

00:15:24 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x0, 0x40000)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffff9c, 0x84, 0x7b, &(0x7f0000000040)={<r1=>0x0, 0x3}, 0x0)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f00000000c0)={r1}, 0x8)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000001c0)=0x100000001, 0x4)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0)
connect$inet6(r3, &(0x7f0000000080), 0x1c)
pipe(&(0x7f0000000640)={<r4=>0xffffffffffffffff})
r5 = semget(0x3, 0x0, 0x420)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000280)={0x0, <r6=>0x0}, &(0x7f00000002c0)=0xc)
getresgid(&(0x7f0000000300)=<r7=>0x0, &(0x7f0000000340), &(0x7f0000000380))
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f00000003c0)={0x0, <r8=>0x0}, &(0x7f0000000400)=0xc)
r9 = getgid()
semctl$IPC_SET(r5, 0x0, 0x1, &(0x7f00000004c0)={{0x7, r6, r7, r8, r9, 0x0, 0x7fff}, 0xcc77, 0x5, 0x10001})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x528}, 0x0, &(0x7f0000000140)={0x1b9, 0x0, 0x5000000}, &(0x7f0000000200), 0x0)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000480)='tls\x00', 0x101)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x2, &(0x7f0000000100), 0x28)

[ 2534.014778][T18219] binder: 18214:18219 Release 1 refcount change on invalid ref 0 ret -22
00:15:24 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:25 executing program 0:
openat$dsp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0xd7)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000000)='vcan0\x00', 0x1000001c3)
connect$inet(r4, &(0x7f0000000140)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x26}}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r4, 0x6, 0x1d, &(0x7f0000000240)={0x0, 0x8d9c, 0x10001}, 0x14)
write$binfmt_misc(r3, &(0x7f0000000100)=ANY=[], 0x4f3d1d6e)
splice(r2, 0x0, r4, 0x0, 0x10005, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000001c0)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
pipe(&(0x7f0000000640))
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e24, 0x0, @mcast2, 0x7fffffff}, 0x1c)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:15:25 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x0, 0x40000)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffff9c, 0x84, 0x7b, &(0x7f0000000040)={<r1=>0x0, 0x3}, 0x0)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f00000000c0)={r1}, 0x8)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000001c0)=0x100000001, 0x4)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0)
connect$inet6(r3, &(0x7f0000000080), 0x1c)
pipe(&(0x7f0000000640)={<r4=>0xffffffffffffffff})
r5 = semget(0x3, 0x0, 0x420)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000280)={0x0, <r6=>0x0}, &(0x7f00000002c0)=0xc)
getresgid(&(0x7f0000000300)=<r7=>0x0, &(0x7f0000000340), &(0x7f0000000380))
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f00000003c0)={0x0, <r8=>0x0}, &(0x7f0000000400)=0xc)
r9 = getgid()
semctl$IPC_SET(r5, 0x0, 0x1, &(0x7f00000004c0)={{0x7, r6, r7, r8, r9, 0x0, 0x7fff}, 0xcc77, 0x5, 0x10001})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x528}, 0x0, &(0x7f0000000140)={0x1b9, 0xb00000000000000}, &(0x7f0000000200), 0x0)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000480)='tls\x00', 0x101)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x2, &(0x7f0000000100), 0x28)

00:15:25 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:25 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x0, 0x40000)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffff9c, 0x84, 0x7b, &(0x7f0000000040)={<r1=>0x0, 0x3}, 0x0)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f00000000c0)={r1}, 0x8)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000001c0)=0x100000001, 0x4)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0)
connect$inet6(r3, &(0x7f0000000080), 0x1c)
pipe(&(0x7f0000000640)={<r4=>0xffffffffffffffff})
r5 = semget(0x3, 0x0, 0x420)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000280)={0x0, <r6=>0x0}, &(0x7f00000002c0)=0xc)
getresgid(&(0x7f0000000300)=<r7=>0x0, &(0x7f0000000340), &(0x7f0000000380))
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f00000003c0)={0x0, <r8=>0x0}, &(0x7f0000000400)=0xc)
r9 = getgid()
semctl$IPC_SET(r5, 0x0, 0x1, &(0x7f00000004c0)={{0x7, r6, r7, r8, r9, 0x0, 0x7fff}, 0xcc77, 0x5, 0x10001})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x528}, 0x0, &(0x7f0000000140)={0x1b9, 0x100000000000000}, &(0x7f0000000200), 0x0)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000480)='tls\x00', 0x101)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x2, &(0x7f0000000100), 0x28)

00:15:25 executing program 2:
socket$inet6(0xa, 0x3, 0x8806)
fdatasync(0xffffffffffffff9c)
socket$inet6(0xa, 0x3, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYRES16=r0], 0x1}, 0x1, 0x0, 0x0, 0x90}, 0xfffffffffffffffd)
r1 = syz_open_procfs(0x0, &(0x7f0000000200)='net\x00')
fcntl$setstatus(r1, 0x4, 0x4800)
r2 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r2, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c)
syz_open_dev$binder(&(0x7f0000000280)='/dev/binder#\x00', 0x0, 0x107fe)
mq_open(&(0x7f0000000000)='..\x00', 0x0, 0x0, &(0x7f0000000040))
r3 = socket$inet_dccp(0x2, 0x6, 0x0)
listen(r2, 0x6)
setsockopt(r3, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1)
connect$inet(r3, &(0x7f0000e5c000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10)
connect$netlink(r1, &(0x7f00000001c0)=@unspec, 0xc)
ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r0)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000440)={'bcsh0\x00', &(0x7f00000007c0)=ANY=[@ANYBLOB="200000006900002f70056977f532a6b82a29b37471c2335f9efe2f6853a7431dadbb66a0a63e7eb8801772f37289412b769e87e04cdea2e149004df07a48aed39bdf1f681271e92dbceff91524497acfe6d5cd22d44e62d88c82211ef49cfd0e7743bc7a055821ff1cfce9728d3390897cd2cc1a155a9e0e293c7418aa2bdccd406d6010bbe2e82e4ef71f6ce0c76c1063c5d6e571c179fd983269ca450090f9d9aa5468e20dd9185714bf7dbefb79cf422e91eef29d66d34a21e1f74ebc981e2896b53bbd23d776ac47a06bc24334a3e8ee5c8d29b7af06448a44eae6b02015045c344681090293d8b1ad8698ae0d3a7e4e3283cee645b02899b8932057b813f34a9102511149000000000000000000002ec92e26cce99a990fd194abc2022e086d27e0550c034841a848fa49213838c30f0135a9c8937df2688206b5ad890c0ac5"]})
r4 = accept(r2, 0x0, &(0x7f0000000080)=0xfe0f)
connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback}, 0x1c)
read(r3, &(0x7f0000000380)=""/144, 0x90)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000340)='tls\x00', 0x4)
clock_gettime(0x0, &(0x7f00000002c0)={<r5=>0x0, <r6=>0x0})
setsockopt$sock_timeval(r1, 0x1, 0x10, &(0x7f0000000300)={r5, r6/1000+10000}, 0xb6)
syz_open_dev$adsp(&(0x7f0000000240)='/dev/adsp#\x00', 0x101, 0x40000)
inotify_add_watch(r3, &(0x7f0000000180)='./file0\x00', 0x9)
write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffffffffffd45)
socket$inet6(0xa, 0x100008, 0x8)
sendmmsg(r3, &(0x7f0000005700)=[{{&(0x7f0000003900)=@pptp, 0x80, &(0x7f0000003b80), 0x3a5, &(0x7f0000003bc0)}}], 0x3a6, 0x0)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='erspan0\x00', 0xfc)
sendmmsg(r1, &(0x7f000000a080)=[{{&(0x7f0000005440)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2, {0xa, 0x0, 0x0, @ipv4={[], [], @local}}}}, 0x80, &(0x7f0000005640)=[{&(0x7f00000097c0)="bf", 0x1}], 0x1, 0x0, 0x0, 0x1}}], 0x1, 0x0)

00:15:25 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

00:15:25 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:25 executing program 4 (fault-call:3 fault-nth:0):
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

00:15:25 executing program 5:
openat$dsp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000001c0)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
pipe(&(0x7f0000000640))
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000480)='tls\x00', 0x101)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000100)={0x303, 0x9}, 0x28)

[ 2534.868878][T18257] FAULT_INJECTION: forcing a failure.
[ 2534.868878][T18257] name failslab, interval 1, probability 0, space 0, times 0
[ 2534.882464][T18257] CPU: 0 PID: 18257 Comm: syz-executor.4 Not tainted 5.0.0+ #20
[ 2534.890106][T18257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2534.900247][T18257] Call Trace:
[ 2534.903575][T18257]  dump_stack+0x172/0x1f0
[ 2534.907932][T18257]  should_fail.cold+0xa/0x15
[ 2534.912543][T18257]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 2534.918990][T18257]  ? __save_stack_trace+0x99/0x100
[ 2534.924132][T18257]  __should_failslab+0x121/0x190
[ 2534.929099][T18257]  should_failslab+0x9/0x14
[ 2534.933616][T18257]  kmem_cache_alloc+0x47/0x6f0
[ 2534.938413][T18257]  ebitmap_cpy+0xcd/0x270
[ 2534.942753][T18257]  ? hashtab_search+0x1c2/0x250
[ 2534.947632][T18257]  mls_compute_sid+0x5d0/0xf80
[ 2534.952419][T18257]  ? mls_convert_context+0x6d0/0x6d0
[ 2534.957757][T18257]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2534.965146][T18257]  ? sidtab_search_core+0x164/0x210
[ 2534.970358][T18257]  ? __sanitizer_cov_trace_cmp2+0x18/0x20
[ 2534.976132][T18257]  security_compute_sid.part.0+0xed5/0x1620
[ 2534.982120][T18257]  ? security_context_to_sid_core.isra.0+0x620/0x620
[ 2534.988926][T18257]  ? process_measurement+0xd5d/0x1570
[ 2534.994346][T18257]  ? mark_held_locks+0xa4/0xf0
[ 2534.999148][T18257]  security_transition_sid+0x126/0x190
[ 2535.004627][T18257]  selinux_socket_create+0x35d/0x610
[ 2535.009946][T18257]  ? selinux_sctp_assoc_request+0x5c0/0x5c0
[ 2535.015878][T18257]  ? retint_kernel+0x2d/0x2d
[ 2535.020516][T18257]  security_socket_create+0x81/0xc0
[ 2535.025770][T18257]  __sock_create+0x8e/0x750
[ 2535.030305][T18257]  ? __local_bh_enable_ip+0x18e/0x270
[ 2535.035706][T18257]  sock_create+0x7f/0xa0
[ 2535.040063][T18257]  sctp_do_peeloff+0x1a0/0x470
[ 2535.044863][T18257]  ? sctp_copy_sock+0xe50/0xe50
[ 2535.049742][T18257]  ? lock_downgrade+0x880/0x880
[ 2535.054628][T18257]  sctp_getsockopt_peeloff_common.isra.0+0x8e/0x270
[ 2535.061250][T18257]  ? sctp_do_peeloff+0x470/0x470
[ 2535.066197][T18257]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2535.072471][T18257]  ? _copy_from_user+0xdd/0x150
[ 2535.077343][T18257]  sctp_getsockopt+0x1ec1/0x673d
[ 2535.082312][T18257]  ? lock_downgrade+0x880/0x880
[ 2535.087449][T18257]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2535.094078][T18257]  ? kasan_check_read+0x11/0x20
[ 2535.098984][T18257]  ? sctp_getsockopt_peeloff_common.isra.0+0x270/0x270
[ 2535.105874][T18257]  ? avc_has_perm+0x404/0x610
[ 2535.110587][T18257]  ? __fget+0x35a/0x550
[ 2535.114778][T18257]  ? lock_downgrade+0x880/0x880
[ 2535.119646][T18257]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2535.125977][T18257]  ? sock_has_perm+0x209/0x2a0
[ 2535.130780][T18257]  ? selinux_secmark_relabel_packet+0xe0/0xe0
[ 2535.136915][T18257]  ? kasan_check_write+0x14/0x20
[ 2535.141884][T18257]  sock_common_getsockopt+0x9a/0xe0
[ 2535.147138][T18257]  ? sock_common_getsockopt+0x9a/0xe0
[ 2535.152535][T18257]  __sys_getsockopt+0x168/0x250
[ 2535.157478][T18257]  ? kernel_setsockopt+0x1e0/0x1e0
[ 2535.162611][T18257]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 2535.168150][T18257]  ? do_syscall_64+0x26/0x610
[ 2535.172988][T18257]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2535.179413][T18257]  ? do_syscall_64+0x26/0x610
[ 2535.184109][T18257]  __x64_sys_getsockopt+0xbe/0x150
[ 2535.189349][T18257]  do_syscall_64+0x103/0x610
[ 2535.193955][T18257]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2535.199885][T18257] RIP: 0033:0x457f29
[ 2535.203827][T18257] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 2535.224317][T18257] RSP: 002b:00007f6ffeed5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[ 2535.232840][T18257] RAX: ffffffffffffffda RBX: 00007f6ffeed5c90 RCX: 0000000000457f29
[ 2535.240826][T18257] RDX: 0000000000000066 RSI: 0000000000000084 RDI: 0000000000000003
[ 2535.248907][T18257] RBP: 000000000073bfa0 R08: 0000000020000140 R09: 0000000000000000
[ 2535.257068][T18257] R10: 0000000020000040 R11: 0000000000000246 R12: 00007f6ffeed66d4
[ 2535.265100][T18257] R13: 00000000004c9868 R14: 00000000004d02b8 R15: 0000000000000004
[ 2535.275203][T18262] binder: 18254:18262 Release 1 refcount change on invalid ref 0 ret -22
00:15:25 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:25 executing program 0:
openat$dsp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0xd7)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000000)='vcan0\x00', 0x1000001c3)
connect$inet(r4, &(0x7f0000000140)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x26}}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r4, 0x6, 0x1d, &(0x7f0000000240)={0x0, 0x8d9c, 0x10001}, 0x14)
write$binfmt_misc(r3, &(0x7f0000000100)=ANY=[], 0x4f3d1d6e)
splice(r2, 0x0, r4, 0x0, 0x10005, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000001c0)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
pipe(&(0x7f0000000640))
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e24, 0x0, @mcast2, 0x7fffffff}, 0x1c)

00:15:25 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:26 executing program 2 (fault-call:1 fault-nth:0):
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

[ 2535.561749][T18273] FAULT_INJECTION: forcing a failure.
[ 2535.561749][T18273] name failslab, interval 1, probability 0, space 0, times 0
[ 2535.574926][T18273] CPU: 0 PID: 18273 Comm: syz-executor.2 Not tainted 5.0.0+ #20
[ 2535.582582][T18273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2535.592655][T18273] Call Trace:
[ 2535.595941][T18273]  dump_stack+0x172/0x1f0
[ 2535.600288][T18273]  should_fail.cold+0xa/0x15
[ 2535.604899][T18273]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 2535.610751][T18273]  ? ___might_sleep+0x163/0x280
[ 2535.615632][T18273]  __should_failslab+0x121/0x190
[ 2535.620600][T18273]  should_failslab+0x9/0x14
[ 2535.625125][T18273]  kmem_cache_alloc_node_trace+0x270/0x720
[ 2535.631056][T18273]  ? kasan_check_read+0x11/0x20
[ 2535.636204][T18273]  __get_vm_area_node+0x12b/0x3a0
[ 2535.641256][T18273]  __vmalloc_node_range+0xd4/0x790
[ 2535.641275][T18273]  ? sel_write_load+0x1de/0x470
[ 2535.641295][T18273]  ? sel_write_load+0x1de/0x470
[ 2535.656130][T18273]  vmalloc+0x6b/0x90
[ 2535.660077][T18273]  ? sel_write_load+0x1de/0x470
[ 2535.664936][T18273]  sel_write_load+0x1de/0x470
[ 2535.669710][T18273]  __vfs_write+0x8d/0x110
[ 2535.674067][T18273]  ? sel_make_policy_nodes+0x1540/0x1540
[ 2535.679926][T18273]  vfs_write+0x20c/0x580
[ 2535.684404][T18273]  ksys_write+0xea/0x1f0
[ 2535.688703][T18273]  ? __ia32_sys_read+0xb0/0xb0
[ 2535.693766][T18273]  ? do_syscall_64+0x26/0x610
[ 2535.698940][T18273]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2535.710937][T18273]  ? do_syscall_64+0x26/0x610
[ 2535.718722][T18273]  __x64_sys_write+0x73/0xb0
[ 2535.725401][T18273]  do_syscall_64+0x103/0x610
[ 2535.730000][T18273]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2535.735984][T18273] RIP: 0033:0x457f29
[ 2535.739889][T18273] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
00:15:26 executing program 5:
openat$dsp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000001c0)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
pipe(&(0x7f0000000640))
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000480)='tls\x00', 0x101)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000100)={0x303, 0x9}, 0x28)

[ 2535.760002][T18273] RSP: 002b:00007ff6a5826c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 2535.768610][T18273] RAX: ffffffffffffffda RBX: 00007ff6a5826c90 RCX: 0000000000457f29
[ 2535.776585][T18273] RDX: 0000000000000047 RSI: 0000000020000000 RDI: 0000000000000003
[ 2535.784568][T18273] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[ 2535.792538][T18273] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff6a58276d4
[ 2535.800520][T18273] R13: 00000000004c7481 R14: 00000000004dd080 R15: 0000000000000004
00:15:26 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x0, 0x0, &(0x7f0000005fd4), 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

[ 2535.824803][T18273] syz-executor.2: vmalloc: allocation failure: 71 bytes, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz2,mems_allowed=0-1
[ 2535.845881][T18273] CPU: 0 PID: 18273 Comm: syz-executor.2 Not tainted 5.0.0+ #20
[ 2535.853568][T18273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2535.863635][T18273] Call Trace:
[ 2535.866942][T18273]  dump_stack+0x172/0x1f0
[ 2535.871324][T18273]  warn_alloc.cold+0x87/0x17f
[ 2535.876029][T18273]  ? zone_watermark_ok_safe+0x260/0x260
[ 2535.881604][T18273]  ? rcu_read_lock_sched_held+0x110/0x130
[ 2535.887358][T18273]  ? __get_vm_area_node+0x2df/0x3a0
[ 2535.892688][T18273]  __vmalloc_node_range+0x48a/0x790
[ 2535.897913][T18273]  ? sel_write_load+0x1de/0x470
[ 2535.902787][T18273]  vmalloc+0x6b/0x90
[ 2535.906710][T18273]  ? sel_write_load+0x1de/0x470
[ 2535.911576][T18273]  sel_write_load+0x1de/0x470
[ 2535.916274][T18273]  __vfs_write+0x8d/0x110
[ 2535.920631][T18273]  ? sel_make_policy_nodes+0x1540/0x1540
[ 2535.926287][T18273]  vfs_write+0x20c/0x580
[ 2535.930563][T18273]  ksys_write+0xea/0x1f0
[ 2535.934835][T18273]  ? __ia32_sys_read+0xb0/0xb0
[ 2535.939632][T18273]  ? do_syscall_64+0x26/0x610
[ 2535.944340][T18273]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2535.950467][T18273]  ? do_syscall_64+0x26/0x610
[ 2535.955366][T18273]  __x64_sys_write+0x73/0xb0
[ 2535.959980][T18273]  do_syscall_64+0x103/0x610
[ 2535.964654][T18273]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2535.970648][T18273] RIP: 0033:0x457f29
00:15:26 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:26 executing program 4 (fault-call:3 fault-nth:1):
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

[ 2535.974652][T18273] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 2535.994266][T18273] RSP: 002b:00007ff6a5826c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 2536.002699][T18273] RAX: ffffffffffffffda RBX: 00007ff6a5826c90 RCX: 0000000000457f29
[ 2536.010689][T18273] RDX: 0000000000000047 RSI: 0000000020000000 RDI: 0000000000000003
[ 2536.018681][T18273] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[ 2536.026760][T18273] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff6a58276d4
[ 2536.034746][T18273] R13: 00000000004c7481 R14: 00000000004dd080 R15: 0000000000000004
[ 2536.043143][T18285] binder: 18278:18285 Release 1 refcount change on invalid ref 0 ret -22
[ 2536.051475][T18273] Mem-Info:
[ 2536.052530][T18287] FAULT_INJECTION: forcing a failure.
[ 2536.052530][T18287] name failslab, interval 1, probability 0, space 0, times 0
[ 2536.060814][T18273] active_anon:348874 inactive_anon:210 isolated_anon:0
[ 2536.060814][T18273]  active_file:8759 inactive_file:45019 isolated_file:0
[ 2536.060814][T18273]  unevictable:0 dirty:222 writeback:0 unstable:0
[ 2536.060814][T18273]  slab_reclaimable:16699 slab_unreclaimable:116574
[ 2536.060814][T18273]  mapped:58790 shmem:262 pagetables:14624 bounce:0
[ 2536.060814][T18273]  free:973257 free_pcp:440 free_cma:0
[ 2536.067447][T18287] CPU: 0 PID: 18287 Comm: syz-executor.4 Not tainted 5.0.0+ #20
[ 2536.067458][T18287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2536.067464][T18287] Call Trace:
[ 2536.067492][T18287]  dump_stack+0x172/0x1f0
[ 2536.067516][T18287]  should_fail.cold+0xa/0x15
[ 2536.067536][T18287]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 2536.067564][T18287]  __should_failslab+0x121/0x190
[ 2536.067585][T18287]  should_failslab+0x9/0x14
[ 2536.067601][T18287]  kmem_cache_alloc+0x47/0x6f0
[ 2536.067624][T18287]  ebitmap_cpy+0xcd/0x270
[ 2536.067639][T18287]  ? hashtab_search+0x1c2/0x250
[ 2536.067659][T18287]  mls_compute_sid+0x5d0/0xf80
[ 2536.067679][T18287]  ? mls_convert_context+0x6d0/0x6d0
[ 2536.067699][T18287]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2536.067716][T18287]  ? sidtab_search_core+0x164/0x210
[ 2536.067744][T18287]  ? __sanitizer_cov_trace_cmp2+0x18/0x20
[ 2536.109365][T18273] Node 0 active_anon:1395496kB inactive_anon:840kB active_file:34896kB inactive_file:180076kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235160kB dirty:888kB writeback:0kB shmem:1048kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 972800kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 2536.113694][T18287]  security_compute_sid.part.0+0xed5/0x1620
[ 2536.113723][T18287]  ? security_context_to_sid_core.isra.0+0x620/0x620
[ 2536.113743][T18287]  ? process_measurement+0xd5d/0x1570
[ 2536.113779][T18287]  security_transition_sid+0x126/0x190
[ 2536.113799][T18287]  selinux_socket_create+0x35d/0x610
[ 2536.113814][T18287]  ? selinux_sctp_assoc_request+0x5c0/0x5c0
[ 2536.113828][T18287]  ? find_held_lock+0x35/0x130
[ 2536.113850][T18287]  security_socket_create+0x81/0xc0
00:15:26 executing program 0:
openat$dsp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0xd7)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000000)='vcan0\x00', 0x1000001c3)
connect$inet(r4, &(0x7f0000000140)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x26}}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r4, 0x6, 0x1d, &(0x7f0000000240)={0x0, 0x8d9c, 0x10001}, 0x14)
write$binfmt_misc(r3, &(0x7f0000000100)=ANY=[], 0x4f3d1d6e)
splice(r2, 0x0, r4, 0x0, 0x10005, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000001c0)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
pipe(&(0x7f0000000640))

[ 2536.113869][T18287]  __sock_create+0x8e/0x750
[ 2536.113891][T18287]  ? sctp_id2assoc+0x203/0x2c0
[ 2536.125931][T18273] Node 1 active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 2536.127265][T18287]  sock_create+0x7f/0xa0
[ 2536.127287][T18287]  sctp_do_peeloff+0x1a0/0x470
[ 2536.127304][T18287]  ? sctp_copy_sock+0xe50/0xe50
[ 2536.127325][T18287]  ? lock_downgrade+0x880/0x880
[ 2536.127346][T18287]  sctp_getsockopt_peeloff_common.isra.0+0x8e/0x270
[ 2536.127361][T18287]  ? sctp_do_peeloff+0x470/0x470
[ 2536.127383][T18287]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2536.132112][T18273] Node 0 DMA free:11812kB min:220kB low:272kB high:324kB active_anon:4096kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2536.136298][T18287]  ? _copy_from_user+0xdd/0x150
[ 2536.136318][T18287]  sctp_getsockopt+0x1ec1/0x673d
[ 2536.136334][T18287]  ? lock_downgrade+0x880/0x880
[ 2536.136349][T18287]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2536.136370][T18287]  ? kasan_check_read+0x11/0x20
[ 2536.136389][T18287]  ? sctp_getsockopt_peeloff_common.isra.0+0x270/0x270
[ 2536.136403][T18287]  ? avc_has_perm+0x404/0x610
[ 2536.136428][T18287]  ? __fget+0x35a/0x550
[ 2536.136448][T18287]  ? lock_downgrade+0x880/0x880
[ 2536.136463][T18287]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2536.136481][T18287]  ? sock_has_perm+0x209/0x2a0
[ 2536.136503][T18287]  ? selinux_secmark_relabel_packet+0xe0/0xe0
[ 2536.144461][T18273] lowmem_reserve[]: 0 2553 2555 2555
[ 2536.155423][T18287]  ? kasan_check_write+0x14/0x20
[ 2536.155451][T18287]  sock_common_getsockopt+0x9a/0xe0
[ 2536.155466][T18287]  ? sock_common_getsockopt+0x9a/0xe0
[ 2536.155485][T18287]  __sys_getsockopt+0x168/0x250
[ 2536.155500][T18287]  ? kernel_setsockopt+0x1e0/0x1e0
[ 2536.155519][T18287]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 2536.156031][T18287]  ? do_syscall_64+0x26/0x610
[ 2536.162116][T18273] Node 0 DMA32 free:96132kB min:36232kB low:45288kB high:54344kB active_anon:1391400kB inactive_anon:840kB active_file:34896kB inactive_file:180076kB unevictable:0kB writepending:888kB present:3129332kB managed:2617996kB mlocked:0kB kernel_stack:24288kB pagetables:58496kB bounce:0kB free_pcp:1684kB local_pcp:940kB free_cma:0kB
[ 2536.164904][T18287]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2536.164922][T18287]  ? do_syscall_64+0x26/0x610
[ 2536.164944][T18287]  __x64_sys_getsockopt+0xbe/0x150
[ 2536.164964][T18287]  do_syscall_64+0x103/0x610
[ 2536.164986][T18287]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2536.165009][T18287] RIP: 0033:0x457f29
[ 2536.165031][T18287] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 2536.165038][T18287] RSP: 002b:00007f6ffeed5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[ 2536.165052][T18287] RAX: ffffffffffffffda RBX: 00007f6ffeed5c90 RCX: 0000000000457f29
[ 2536.165060][T18287] RDX: 0000000000000066 RSI: 0000000000000084 RDI: 0000000000000003
[ 2536.165076][T18287] RBP: 000000000073bfa0 R08: 0000000020000140 R09: 0000000000000000
[ 2536.170694][T18273] lowmem_reserve[]: 0 0 2 2
[ 2536.174256][T18287] R10: 0000000020000040 R11: 0000000000000246 R12: 00007f6ffeed66d4
[ 2536.174265][T18287] R13: 00000000004c9868 R14: 00000000004d02b8 R15: 0000000000000004
00:15:27 executing program 5 (fault-call:3 fault-nth:0):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(r0, r1, 0x0)

[ 2536.333221][T18273] Node 0 Normal free:8kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2536.388569][T18273] lowmem_reserve[]: 0 0 0 0
[ 2536.650286][T18273] Node 1 Normal free:3784972kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
00:15:27 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(r0, r1, 0x0)

[ 2536.686762][T18273] lowmem_reserve[]: 0 0 0 0
[ 2536.704043][T18273] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 2*4096kB (M) = 11812kB
00:15:27 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x0, 0x0, &(0x7f0000005fd4), 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

[ 2536.733806][T18273] Node 0 DMA32: 885*4kB (UME) 763*8kB (UME) 328*16kB (UME) 217*32kB (UME) 105*64kB (UME) 25*128kB (ME) 16*256kB (UME) 30*512kB (UME) 45*1024kB (UM) 0*2048kB 0*4096kB = 97292kB
00:15:27 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

[ 2536.781046][T18273] Node 0 Normal: 0*4kB 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB
[ 2536.804132][T18273] Node 1 Normal: 69*4kB (UE) 233*8kB (UE) 241*16kB (UE) 59*32kB (UME) 17*64kB (UME) 8*128kB (UE) 8*256kB (UME) 5*512kB (UM) 4*1024kB (UME) 1*2048kB (U) 919*4096kB (M) = 3784972kB
00:15:27 executing program 4 (fault-call:3 fault-nth:2):
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

[ 2536.829158][T18305] binder: 18301:18305 Release 1 refcount change on invalid ref 0 ret -22
[ 2536.868039][T18273] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
00:15:27 executing program 5:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(r0, r1, 0x0)

[ 2536.889574][T18273] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 2536.910677][T18273] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 2536.946576][T18273] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 2536.967279][T18273] 54051 total pagecache pages
[ 2536.975429][T18273] 0 pages in swap cache
[ 2536.984660][T18315] FAULT_INJECTION: forcing a failure.
[ 2536.984660][T18315] name failslab, interval 1, probability 0, space 0, times 0
[ 2536.997507][T18315] CPU: 1 PID: 18315 Comm: syz-executor.4 Not tainted 5.0.0+ #20
[ 2537.005192][T18315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2537.013698][T18273] Swap cache stats: add 0, delete 0, find 0/0
[ 2537.015336][T18315] Call Trace:
[ 2537.015367][T18315]  dump_stack+0x172/0x1f0
[ 2537.015392][T18315]  should_fail.cold+0xa/0x15
[ 2537.015414][T18315]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 2537.015453][T18315]  __should_failslab+0x121/0x190
[ 2537.021878][T18273] Free swap  = 0kB
[ 2537.024809][T18315]  should_failslab+0x9/0x14
[ 2537.024827][T18315]  kmem_cache_alloc+0x47/0x6f0
[ 2537.024854][T18315]  ebitmap_cpy+0xcd/0x270
[ 2537.024869][T18315]  ? hashtab_search+0x1c2/0x250
[ 2537.024888][T18315]  mls_compute_sid+0x5d0/0xf80
[ 2537.024906][T18315]  ? mls_convert_context+0x6d0/0x6d0
[ 2537.024925][T18315]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2537.024940][T18315]  ? sidtab_search_core+0x164/0x210
[ 2537.024953][T18315]  ? __sanitizer_cov_trace_cmp2+0x18/0x20
[ 2537.024970][T18315]  security_compute_sid.part.0+0xed5/0x1620
[ 2537.024996][T18315]  ? security_context_to_sid_core.isra.0+0x620/0x620
[ 2537.025015][T18315]  ? process_measurement+0xd5d/0x1570
[ 2537.025051][T18315]  security_transition_sid+0x126/0x190
[ 2537.033113][T18273] Total swap = 0kB
[ 2537.033977][T18315]  selinux_socket_create+0x35d/0x610
[ 2537.033994][T18315]  ? selinux_sctp_assoc_request+0x5c0/0x5c0
[ 2537.034008][T18315]  ? find_held_lock+0x35/0x130
00:15:27 executing program 2:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

00:15:27 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x80, 0x0)
r3 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/avc/hash_stats\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400203)
r4 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000000c0)=<r5=>0x0)
syz_open_procfs(r5, &(0x7f0000000100)='clear_refs\x00')
r6 = dup3(r1, r4, 0x0)
getsockopt$inet_IP_XFRM_POLICY(r6, 0x0, 0x11, &(0x7f0000000240)={{{@in=@empty, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000340)=0xe8)
stat(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0})
mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='fuseblk\x00', 0x4848, &(0x7f0000000440)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {'user_id', 0x3d, r7}, 0x2c, {'group_id', 0x3d, r8}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x7}}, {@max_read={'max_read', 0x3d, 0x200}}, {@max_read={'max_read', 0x3d, 0x891}}, {@max_read={'max_read', 0x3d, 0x2}}, {@blksize={'blksize', 0x3d, 0x1200}}, {@default_permissions='default_permissions'}], [{@permit_directio='permit_directio'}, {@context={'context', 0x3d, 'unconfined_u'}}]}})

[ 2537.034030][T18315]  security_socket_create+0x81/0xc0
[ 2537.034051][T18315]  __sock_create+0x8e/0x750
[ 2537.034064][T18315]  ? sctp_id2assoc+0x203/0x2c0
[ 2537.034083][T18315]  sock_create+0x7f/0xa0
[ 2537.034100][T18315]  sctp_do_peeloff+0x1a0/0x470
[ 2537.034116][T18315]  ? sctp_copy_sock+0xe50/0xe50
[ 2537.034135][T18315]  ? lock_downgrade+0x880/0x880
[ 2537.034159][T18315]  sctp_getsockopt_peeloff_common.isra.0+0x8e/0x270
[ 2537.044325][T18273] 1965979 pages RAM
[ 2537.044901][T18315]  ? sctp_do_peeloff+0x470/0x470
[ 2537.057538][T18273] 0 pages HighMem/MovableOnly
[ 2537.057876][T18315]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2537.057895][T18315]  ? _copy_from_user+0xdd/0x150
[ 2537.057918][T18315]  sctp_getsockopt+0x1ec1/0x673d
[ 2537.063124][T18273] 339406 pages reserved
[ 2537.067097][T18315]  ? lock_downgrade+0x880/0x880
[ 2537.067115][T18315]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2537.067136][T18315]  ? kasan_check_read+0x11/0x20
[ 2537.067155][T18315]  ? sctp_getsockopt_peeloff_common.isra.0+0x270/0x270
[ 2537.067169][T18315]  ? avc_has_perm+0x404/0x610
[ 2537.067194][T18315]  ? __fget+0x35a/0x550
[ 2537.067216][T18315]  ? lock_downgrade+0x880/0x880
[ 2537.067231][T18315]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2537.067252][T18315]  ? sock_has_perm+0x209/0x2a0
[ 2537.067267][T18315]  ? selinux_secmark_relabel_packet+0xe0/0xe0
[ 2537.067293][T18315]  ? kasan_check_write+0x14/0x20
[ 2537.067319][T18315]  sock_common_getsockopt+0x9a/0xe0
[ 2537.067340][T18315]  ? sock_common_getsockopt+0x9a/0xe0
[ 2537.079243][T18273] 0 pages cma reserved
[ 2537.083637][T18315]  __sys_getsockopt+0x168/0x250
00:15:27 executing program 0:
openat$dsp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0xd7)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000000)='vcan0\x00', 0x1000001c3)
connect$inet(r4, &(0x7f0000000140)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x26}}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r4, 0x6, 0x1d, &(0x7f0000000240)={0x0, 0x8d9c, 0x10001}, 0x14)
write$binfmt_misc(r3, &(0x7f0000000100)=ANY=[], 0x4f3d1d6e)
splice(r2, 0x0, r4, 0x0, 0x10005, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000001c0)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)

[ 2537.083657][T18315]  ? kernel_setsockopt+0x1e0/0x1e0
[ 2537.083679][T18315]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 2537.083695][T18315]  ? do_syscall_64+0x26/0x610
[ 2537.083718][T18315]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2537.083731][T18315]  ? do_syscall_64+0x26/0x610
[ 2537.083755][T18315]  __x64_sys_getsockopt+0xbe/0x150
[ 2537.083772][T18315]  do_syscall_64+0x103/0x610
[ 2537.083790][T18315]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2537.083801][T18315] RIP: 0033:0x457f29
[ 2537.083822][T18315] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 2537.147891][T18315] RSP: 002b:00007f6ffeed5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[ 2537.147907][T18315] RAX: ffffffffffffffda RBX: 00007f6ffeed5c90 RCX: 0000000000457f29
[ 2537.147915][T18315] RDX: 0000000000000066 RSI: 0000000000000084 RDI: 0000000000000003
[ 2537.147934][T18315] RBP: 000000000073bfa0 R08: 0000000020000140 R09: 0000000000000000
00:15:27 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vga_arbiter\x00', 0x400, 0x0)
getsockopt$inet6_mreq(0xffffffffffffff9c, 0x29, 0x1c, &(0x7f0000000180)={@rand_addr, <r2=>0x0}, &(0x7f00000001c0)=0x14)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000240)={{{@in6=@mcast1, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in=@empty}, 0x0, @in6=@dev}}, &(0x7f0000000340)=0xe8)
sendmsg$nl_xfrm(r1, &(0x7f0000000680)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8010}, 0xc, &(0x7f0000000640)={&(0x7f0000000380)=@delsa={0x29c, 0x11, 0x200, 0x70bd25, 0x25dfdbff, {@in6=@mcast1, 0x4d6, 0xa, 0xff}, [@lifetime_val={0x24, 0x9, {0x8, 0xfffffffffffffffa, 0x1, 0x400}}, @algo_aead={0x6c, 0x12, {{'morus1280-avx2\x00'}, 0xf0, 0x40, "217481e5afa0ba0aed3f7587831761e3b652e3de7fc55e2186c4ab7b9670"}}, @policy={0xac, 0x7, {{@in6=@dev={0xfe, 0x80, [], 0x1c}, @in6=@mcast1, 0x4e21, 0x0, 0x4e21, 0x54, 0xa, 0x2aabd15fd870cf17, 0x20, 0x0, r2, r3}, {0x1, 0x4, 0x61, 0xffff, 0x15, 0x3, 0xfffffffffffffffa, 0x2}, {0x480000000000000, 0x10000, 0xffffffffffffffc8, 0x1}, 0x8, 0x6e6bc0, 0x2, 0x0, 0x1, 0x1}}, @replay_thresh={0x8, 0xb, 0x2}, @algo_auth_trunc={0x128, 0x14, {{'tgr192\x00'}, 0x6e0, 0x200, "fd9b5aeaf32dba89d13bb50d79bb72519d74e15b50a956ef8335afbc614e9d2c4a9bce8d04ff68772ec0c97bc7e2e51bf6f03a804890784b4e4251aea7de557c686d07af44aab21117d3511f19ae152904db19ac81a4c69c4d3502941cfceadbea87d75ac21f3ba71a5c148e66ba183b46af6673e08190b907aa49a6a9c5eb9fd1f64c41eb64bddd63437112e6dac7cdec9e68c29547e3cf76be4a5b8f6b2de7db7bafa6583eb1034b8e39334f798a652cc7f6326eabe6206f5ebf6698d38dd27812788d42ce720cca51bc1e408b7a28a7345089d85b196fe74e118b"}}, @etimer_thresh={0x8, 0xc, 0x401}]}, 0x29c}, 0x1, 0x0, 0x0, 0x40800}, 0x8000)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r4 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(r0, r4, 0x0)

00:15:27 executing program 2:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9020000005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

[ 2537.157210][T18315] R10: 0000000020000040 R11: 0000000000000246 R12: 00007f6ffeed66d4
[ 2537.157219][T18315] R13: 00000000004c9868 R14: 00000000004d02b8 R15: 0000000000000004
[ 2537.193310][T18322] sel_write_load: 8 callbacks suppressed
[ 2537.193320][T18322] SELinux: failed to load policy
00:15:28 executing program 5:
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x80000, 0x0)
ioctl$sock_bt_bnep_BNEPCONNDEL(r0, 0x400442c9, &(0x7f00000000c0)={0x2, @local})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(r1, r2, 0x0)
openat$vfio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vfio/vfio\x00', 0x109000, 0x0)

00:15:28 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

[ 2537.455328][T18332] SELinux:  policydb string length 2 does not match expected length 8
00:15:28 executing program 2:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9030000005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

[ 2537.508570][T18332] SELinux: failed to load policy
00:15:28 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x0, 0x0, &(0x7f0000005fd4), 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

00:15:28 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r0, 0x660c)
r2 = syz_open_dev$dspn(&(0x7f0000001280)='/dev/dsp#\x00', 0x8, 0x503101)
syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x9, 0x400)
recvfrom$netrom(r2, &(0x7f00000012c0)=""/164, 0xa4, 0x10020, &(0x7f0000001380)={{0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x7}, [@default, @default, @null, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}]}, 0x48)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r3 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(r1, r3, 0x0)

[ 2537.565274][T18341] SELinux:  policydb string length 3 does not match expected length 8
[ 2537.586635][T18341] SELinux: failed to load policy
00:15:28 executing program 4 (fault-call:3 fault-nth:3):
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

00:15:28 executing program 2:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9040000005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

00:15:28 executing program 5:
socketpair$unix(0x1, 0xfffffffffffffffc, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(r0, r1, 0x0)

00:15:28 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

[ 2537.759716][T18354] binder: 18350:18354 Release 1 refcount change on invalid ref 0 ret -22
[ 2537.788447][T18359] SELinux:  policydb string length 4 does not match expected length 8
[ 2537.802601][T18359] SELinux: failed to load policy
[ 2537.843009][T18362] FAULT_INJECTION: forcing a failure.
[ 2537.843009][T18362] name failslab, interval 1, probability 0, space 0, times 0
[ 2537.873822][T18362] CPU: 0 PID: 18362 Comm: syz-executor.4 Not tainted 5.0.0+ #20
[ 2537.881632][T18362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2537.891795][T18362] Call Trace:
[ 2537.895120][T18362]  dump_stack+0x172/0x1f0
[ 2537.899465][T18362]  should_fail.cold+0xa/0x15
[ 2537.904078][T18362]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 2537.909931][T18362]  ? ___might_sleep+0x163/0x280
[ 2537.915346][T18362]  __should_failslab+0x121/0x190
[ 2537.920471][T18362]  ? sock_destroy_inode+0x60/0x60
[ 2537.925932][T18362]  should_failslab+0x9/0x14
[ 2537.925949][T18362]  kmem_cache_alloc+0x2b2/0x6f0
[ 2537.925965][T18362]  ? selinux_socket_create+0x210/0x610
[ 2537.925983][T18362]  ? sock_destroy_inode+0x60/0x60
[ 2537.925998][T18362]  sock_alloc_inode+0x1d/0x260
[ 2537.926012][T18362]  alloc_inode+0x66/0x190
[ 2537.926034][T18362]  new_inode_pseudo+0x19/0xf0
[ 2537.926049][T18362]  sock_alloc+0x41/0x270
[ 2537.926063][T18362]  __sock_create+0xc0/0x750
[ 2537.926075][T18362]  ? sctp_id2assoc+0x203/0x2c0
[ 2537.926092][T18362]  sock_create+0x7f/0xa0
[ 2537.926106][T18362]  sctp_do_peeloff+0x1a0/0x470
[ 2537.926119][T18362]  ? sctp_copy_sock+0xe50/0xe50
[ 2537.926138][T18362]  ? lock_downgrade+0x880/0x880
[ 2537.926155][T18362]  sctp_getsockopt_peeloff_common.isra.0+0x8e/0x270
[ 2537.926168][T18362]  ? sctp_do_peeloff+0x470/0x470
[ 2537.926186][T18362]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2537.926201][T18362]  ? _copy_from_user+0xdd/0x150
[ 2537.926222][T18362]  sctp_getsockopt+0x1ec1/0x673d
[ 2538.019858][T18362]  ? lock_downgrade+0x880/0x880
[ 2538.024700][T18362]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2538.030945][T18362]  ? kasan_check_read+0x11/0x20
[ 2538.035820][T18362]  ? sctp_getsockopt_peeloff_common.isra.0+0x270/0x270
[ 2538.042717][T18362]  ? avc_has_perm+0x404/0x610
[ 2538.047644][T18362]  ? __fget+0x35a/0x550
[ 2538.051819][T18362]  ? lock_downgrade+0x880/0x880
[ 2538.056697][T18362]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2538.062942][T18362]  ? sock_has_perm+0x209/0x2a0
[ 2538.067755][T18362]  ? selinux_secmark_relabel_packet+0xe0/0xe0
[ 2538.073841][T18362]  ? kasan_check_write+0x14/0x20
[ 2538.078924][T18362]  sock_common_getsockopt+0x9a/0xe0
[ 2538.084146][T18362]  ? sock_common_getsockopt+0x9a/0xe0
[ 2538.089655][T18362]  __sys_getsockopt+0x168/0x250
[ 2538.094540][T18362]  ? kernel_setsockopt+0x1e0/0x1e0
[ 2538.099767][T18362]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 2538.105238][T18362]  ? do_syscall_64+0x26/0x610
[ 2538.109933][T18362]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2538.109956][T18362]  ? do_syscall_64+0x26/0x610
[ 2538.120772][T18362]  __x64_sys_getsockopt+0xbe/0x150
[ 2538.125911][T18362]  do_syscall_64+0x103/0x610
[ 2538.130547][T18362]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2538.136460][T18362] RIP: 0033:0x457f29
00:15:28 executing program 0:
openat$dsp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0xd7)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000000)='vcan0\x00', 0x1000001c3)
connect$inet(r4, &(0x7f0000000140)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x26}}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r4, 0x6, 0x1d, &(0x7f0000000240)={0x0, 0x8d9c, 0x10001}, 0x14)
write$binfmt_misc(r3, &(0x7f0000000100)=ANY=[], 0x4f3d1d6e)
splice(r2, 0x0, r4, 0x0, 0x10005, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000001c0)=0x100000001, 0x4)

00:15:28 executing program 2:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9050000005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

00:15:28 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(r0, r0, 0x3)
fgetxattr(r1, &(0x7f0000000000)=@known='system.posix_acl_default\x00', &(0x7f0000000080)=""/215, 0xd7)

[ 2538.140368][T18362] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 2538.160425][T18362] RSP: 002b:00007f6ffeed5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[ 2538.168866][T18362] RAX: ffffffffffffffda RBX: 00007f6ffeed5c90 RCX: 0000000000457f29
[ 2538.174185][T18372] SELinux:  policydb string length 5 does not match expected length 8
[ 2538.176856][T18362] RDX: 0000000000000066 RSI: 0000000000000084 RDI: 0000000000000003
00:15:28 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/access\x00', 0x2, 0x0)
r1 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/access\x00', 0x2, 0x0)
r2 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x400, 0x0)
write$FUSE_NOTIFY_POLL(r2, &(0x7f00000000c0)={0x18, 0x1, 0x0, {0x80000000}}, 0x18)
dup3(r0, r1, 0x0)

00:15:28 executing program 2:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9060000005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

[ 2538.176865][T18362] RBP: 000000000073bfa0 R08: 0000000020000140 R09: 0000000000000000
[ 2538.176873][T18362] R10: 0000000020000040 R11: 0000000000000246 R12: 00007f6ffeed66d4
[ 2538.176881][T18362] R13: 00000000004c9868 R14: 00000000004d02b8 R15: 0000000000000004
[ 2538.198670][T18362] socket: no more sockets
[ 2538.205852][T18372] SELinux: failed to load policy
00:15:28 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r0, 0x0)
write$tun(r0, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r1 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)

[ 2538.344456][T18385] SELinux:  policydb string length 6 does not match expected length 8
[ 2538.352983][T18385] SELinux: failed to load policy
00:15:29 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

00:15:29 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
ioctl$FICLONE(r0, 0x40049409, r2)
openat$urandom(0xffffffffffffff9c, &(0x7f0000000000)='/dev/urandom\x00', 0xf1dc98ada9eb495b, 0x0)
dup3(r1, r2, 0x0)

00:15:29 executing program 4 (fault-call:3 fault-nth:4):
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

00:15:29 executing program 2:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9070000005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

00:15:29 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
pipe2(&(0x7f0000000000)={<r1=>0xffffffffffffffff}, 0x800)
ioctl$KVM_GET_MSRS(r1, 0xc008ae88, &(0x7f0000000080)=ANY=[@ANYBLOB="0700000000000000000000000000000000000000de7f0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"])
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r2 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(r0, r2, 0x0)

00:15:29 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r0, 0x0)
write$tun(r0, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r1 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)

[ 2538.601120][T18397] binder: 18394:18397 Release 1 refcount change on invalid ref 0 ret -22
[ 2538.632042][T18399] SELinux:  policydb string length 7 does not match expected length 8
[ 2538.651886][T18399] SELinux: failed to load policy
[ 2538.745096][T18409] FAULT_INJECTION: forcing a failure.
[ 2538.745096][T18409] name failslab, interval 1, probability 0, space 0, times 0
[ 2538.763170][T18409] CPU: 1 PID: 18409 Comm: syz-executor.4 Not tainted 5.0.0+ #20
[ 2538.770873][T18409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2538.781994][T18409] Call Trace:
[ 2538.785516][T18409]  dump_stack+0x172/0x1f0
[ 2538.789895][T18409]  should_fail.cold+0xa/0x15
[ 2538.794512][T18409]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 2538.800582][T18409]  ? ___might_sleep+0x163/0x280
[ 2538.806026][T18409]  __should_failslab+0x121/0x190
[ 2538.811023][T18409]  ? sock_destroy_inode+0x60/0x60
[ 2538.816066][T18409]  should_failslab+0x9/0x14
[ 2538.820574][T18409]  kmem_cache_alloc_trace+0x2d1/0x760
[ 2538.826171][T18409]  ? kmem_cache_alloc+0x32e/0x6f0
[ 2538.831457][T18409]  ? selinux_socket_create+0x210/0x610
[ 2538.837005][T18409]  ? sock_destroy_inode+0x60/0x60
[ 2538.842139][T18409]  sock_alloc_inode+0x63/0x260
[ 2538.847791][T18409]  alloc_inode+0x66/0x190
[ 2538.852761][T18409]  new_inode_pseudo+0x19/0xf0
[ 2538.858069][T18409]  sock_alloc+0x41/0x270
[ 2538.862329][T18409]  __sock_create+0xc0/0x750
[ 2538.867007][T18409]  ? sctp_id2assoc+0x203/0x2c0
[ 2538.871810][T18409]  sock_create+0x7f/0xa0
[ 2538.876141][T18409]  sctp_do_peeloff+0x1a0/0x470
[ 2538.880914][T18409]  ? sctp_copy_sock+0xe50/0xe50
[ 2538.885781][T18409]  ? lock_downgrade+0x880/0x880
[ 2538.890641][T18409]  sctp_getsockopt_peeloff_common.isra.0+0x8e/0x270
[ 2538.897226][T18409]  ? sctp_do_peeloff+0x470/0x470
[ 2538.902181][T18409]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2538.908452][T18409]  ? _copy_from_user+0xdd/0x150
[ 2538.913308][T18409]  sctp_getsockopt+0x1ec1/0x673d
[ 2538.918418][T18409]  ? lock_downgrade+0x880/0x880
[ 2538.923286][T18409]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2538.929632][T18409]  ? kasan_check_read+0x11/0x20
[ 2538.934594][T18409]  ? sctp_getsockopt_peeloff_common.isra.0+0x270/0x270
[ 2538.941537][T18409]  ? avc_has_perm+0x404/0x610
[ 2538.946234][T18409]  ? __fget+0x35a/0x550
[ 2538.950411][T18409]  ? lock_downgrade+0x880/0x880
[ 2538.955266][T18409]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2538.961557][T18409]  ? sock_has_perm+0x209/0x2a0
[ 2538.966343][T18409]  ? selinux_secmark_relabel_packet+0xe0/0xe0
[ 2538.972514][T18409]  ? kasan_check_write+0x14/0x20
[ 2538.977456][T18409]  sock_common_getsockopt+0x9a/0xe0
[ 2538.982660][T18409]  ? sock_common_getsockopt+0x9a/0xe0
[ 2538.988034][T18409]  __sys_getsockopt+0x168/0x250
[ 2538.992963][T18409]  ? kernel_setsockopt+0x1e0/0x1e0
[ 2538.999433][T18409]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 2539.004919][T18409]  ? do_syscall_64+0x26/0x610
[ 2539.009604][T18409]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2539.015689][T18409]  ? do_syscall_64+0x26/0x610
[ 2539.020402][T18409]  __x64_sys_getsockopt+0xbe/0x150
[ 2539.025537][T18409]  do_syscall_64+0x103/0x610
[ 2539.030141][T18409]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2539.036054][T18409] RIP: 0033:0x457f29
[ 2539.039951][T18409] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 2539.059569][T18409] RSP: 002b:00007f6ffeed5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[ 2539.067994][T18409] RAX: ffffffffffffffda RBX: 00007f6ffeed5c90 RCX: 0000000000457f29
[ 2539.075962][T18409] RDX: 0000000000000066 RSI: 0000000000000084 RDI: 0000000000000003
[ 2539.083942][T18409] RBP: 000000000073bfa0 R08: 0000000020000140 R09: 0000000000000000
00:15:29 executing program 0:
openat$dsp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
pipe(&(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0xd7)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000000)='vcan0\x00', 0x1000001c3)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x26}}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000240)={0x0, 0x8d9c, 0x10001}, 0x14)
write$binfmt_misc(r2, &(0x7f0000000100)=ANY=[], 0x4f3d1d6e)
splice(r1, 0x0, r3, 0x0, 0x10005, 0x0)

00:15:29 executing program 2:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9090000005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

00:15:29 executing program 5:
r0 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x9, 0x200200)
write$binfmt_script(r0, &(0x7f0000000240)={'#! ', './file0', [{0x20, '%/'}, {0x20, '/selinux/access\x00'}, {0x20, '#security/usernodevvboxnet0'}, {0x20, '.securityem0'}, {0x20, '-bdevvmnet0\x1cmime_type'}, {0x20, '&]@(&em1em1*bdev\x82wlan0-em0mime_typekeyringsystemvmnet0md5sumkeyringtrusted-eth1lo'}, {0x20, '^self'}, {0x20, 'GPLuservboxnet0em0system'}, {0x20, '/selinux/access\x00'}], 0xa, "e0b1816d7042e8646e1c089ed839e0441f1b2641a0e854320bc84b7b95a570654517a81f343be2313d297091715f14cd5086dd19a20c745ef1ebcbf90108a1654640d55a725632bee125629af5a2e2cdf799df9f4bff8b5a56947e1cdc67bb12be938f786d7eb11cf00372079bfecfbd6e1257f2e201037058ba65888d6825a00dd9ae5e0383d74772e433487c4cfaa3e4973e3afcbf39c9f7f218f4ae67b9589d630359dc070344f212a26641f6ddb4e6053a"}, 0x193)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = openat$selinux_access(0xffffffffffffff9c, &(0x7f00000004c0)='/selinux/access\x00', 0x2, 0x0)
dup3(r1, r2, 0x0)

[ 2539.091927][T18409] R10: 0000000020000040 R11: 0000000000000246 R12: 00007f6ffeed66d4
[ 2539.099907][T18409] R13: 00000000004c9868 R14: 00000000004d02b8 R15: 0000000000000004
[ 2539.120049][T18409] socket: no more sockets
00:15:29 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r0, 0x0)
write$tun(r0, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r1 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)

00:15:29 executing program 2:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf90a0000005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

[ 2539.157014][T18417] SELinux:  policydb string length 9 does not match expected length 8
[ 2539.175954][T18417] SELinux: failed to load policy
00:15:29 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
vmsplice(r1, &(0x7f0000001340)=[{&(0x7f0000000080)="a81746176197629b469b8c363f1f17c333600dee502ad7d7c1b9ed45ea3a9c03bd9f569c235b2002223f9014304e47cde0b0c0e2f791c89d4f0a1010f745dba448bac394506ce7d8f6ceb56c58e5dd59fa4b99f9d2a57f77fc53215baf9ee7642d93a7e5fd9871e551ecc3c46282efeb3364f870e1b2f9176fefad4af0b83ff9c02b2a9d238e7bfe2d87df53835f", 0x8e}, {&(0x7f0000000000)="9aedc1", 0x3}, {&(0x7f0000000140)="9603f1c0475d7aeb699fd53505edb2749c5383ba0f1f0fc56a8f6343bd1df0f59d817d267569e561191e59ac54fb9667dec9e126b14b987d3e48653ae0fa88a2f90a9d37c38ba6ee23a5d5bb50dbadc8cea21433d9f3d73d84e183cf2be77f07c1cec76547cf74f96ce654e35c38bc44e0f10ba63f95dd25ae2c369856adba7ff07bdf96b7697a9385e07445e4d00deb5a5cb39f9090c860", 0x98}, {&(0x7f0000000240)="50a3d104e35ad4942d1fcc765819c672131f3fc5725c646f00347f640f1833077377b59a53bc8a735ec541c5ce8cffb2c323bd8336ba5bcaec0877437663b0634688977f05e128395031e16b20c72414a8178c07f499ffc322b8133b34d49f31916fb5ccaeaf3910b91d7df3f1f68917673d48331b3ba27750b2322974ed71403b7b46c20ce7f285419b3482aaba0d71303b56fd90419d0dd87c09e7023d81d96c6ae88b0fd55c7afe17b5be9f183c1822a9f3517a84fb0e0d8f7df02f7b8bca75c82a890bcc517a5ca6bd261fbad1dc26b4c325b9038008915d3ae768a7d49fac80bf3b1521e7f5509852384466a50aeb7f5ce83eb70b9913da2670928560a64145d7a469b162b74207310f2d0fd8650b09de1abbd1a06d47fbfc69bd52932633b189a24544cc1f15d36520f2b8307a1fd40e1735995817a99ee4588802ec0ca1134d955bf8734810d7431346340307ff6ae4b7812821b84d808028380178e4f6a0a954a544a30fd419feeee07c8e63c6e1db9ca4a47eef7c11035a4deb4222103ae3c7aa178ec4d3ff51198da18019263813b7a85dd4b649a41e246dde1f05e212ee4f14ff304a57c83549e1c369ab7790f964893d5c3cce81773ae7a2b229d977ab8be87e75bb556b096959cf51c0d0627b9f255e4f0c897bb58391ae1d149944a4b8c33a81a67dfb439b01870080f4a817271adf030ea69c31cf768ccbe0eae607fee14955425c9e811593385b1bf71cf2a0730bc5969036df6f930e92a891f288e5dc899906b5166ff5d5a4a776826b6dce823750725eaab18ace1feec8d0cd8f8d07b178eecf121878de687631f1722139f0b7ab13d9a0a0a4a8cb4f53aad16fc71156bc4fd71af7d842fe738c0335661cb109b4a344547d0e07138402da7b7b2e582e17dcb4bdd7d1e64c9e0645cebe1a8206e27bcd4a43c77d3e04c6a2bdb71999d09724e72a0f3eeb91f2c81d6e1ae2e813c352026a04691e81f4fa1a2d5ca714c24d16594b75683170ba1a6722aac7c78bf5c56d88947d56cb0f8c3b1625888618e391a8befd603d9e204e4fef4134f960485a2387e345d982616debdd3326fc765901255c5bd1e7b2a5ed89dd378182dc5863d1d98fb1901e02d1e422a5fe6cc586223c4e5cfe2964eab95c551842e95c922b63effed89caa4353f742a782f06a2ca10ab0e3f5f17429d9472db5ce45124a8cc8f582abfe3e0fb877c8178aeb536eee1b0ab0cdb381315a5d89ec2a99b2c3044bd383b52bd524a73d8dd8ab607d29c977aa7470c6378da3d6e993b1c8b045c07a991660d4d3593f1993641912f64ff253105e89fb8045043186753941ba88e5a5675347406476e869c6c3c0278c23976b0059e5e6ade5bbdbf6c9004c92b1ca285ca6c2537393cb544be955de564fc8c5bfa1211ed6e536c54fcdcde65ace2d35c6e36a3e5da402613d3f56342aaaa02358d0c508422dd8fde541bc6459b328839c9642749adc7f65356920fff898adcedb42e980e2dfd33460c1cb5cbcd2109df2d1edad477984fd000ddb7d6b020f26a68bff5f9d2b38fc0e69c161f378d33d3c7f5982bc5414bf4f2c96189b54a72b490a16e3595a07d56a698a96b1e9ff24fa7943dc4529c24ce56fc8b432b8791abac9595ad24ca713aa5b5be2b0f087742835438fb5005e7166779a63409f14d39312f4c94b044ab23bcd55d1be092893f3b406544bd4f0d5a04d878ffe0a60ff9d409546b3f07a1ecfe274cadb3068ece90e61f86aafbf365725222e636f6687ff2e8c0ff179d99913656c5bc1d21c1309871f60229d87f37d68669d7d7fb6574405cffc3025c1707b20276af77dad0b28c2ee46fd3c4806598c557fb16f0c74f805c8b32eb444a10ffc31abf5be0535625999b4906f1ae959e848e4404d7acf9b520f8ccd96c8733f35073cc5c525960aec6481c00a16152f356638bbf59d2f980d660c27aadef2f7d1af7370fe2680bafb9b35e52a3f2a7b68d6501dd3254e81f8a3a8c6fe861764285924465e1c69199366039d2644e9ba2d4bc50e51fb38571d26b7b98f488b2634bcadadcc670a563e1033d9037c13c9c6b8a840ac243343c0678885a5317ac2cae6395302553483536c6b6b5b2d07f67a42f2f3a4a7126159d598850e86a8ca09edd37424e9009e5f025f6831936dfe2c7862aab3252d7192839fa627ce0d68b7aa212662251eab8c463373188e87343b47b48d8fe9ae640da89b2bb8183fd059d8e8317b97691abb583b47f9098f8b65db87fabe84c5d784776f9ac6356ab727cea2b36d8341b206906c31cff706b2966932e766e87e67cff4a6af9908fb57ec99bfebe3783ac6db8101e9a60f145c18d1a70b1ecc02c3a37b7e14b95e9feb46c592222d7017206fa5eb214bfc862540a5c4275585c3f418f2042ed62252537c8e3f3de28f37b7b09fe20ccd4f97b7bd4d580254f8b1156c216a8de0d8e67d545d699140d11fad879dadb248f217e98b7e19f1cd1c10fedcad3eb8126ed863515df3e27a19d047a4e88a99e47fec20646c2d7289f77c1292284d64b3e3cf3a53fe366bd34618e278e7ce7496fc6e5af047a82c8761c25e41d2f923ed375e69a80522e5f57bd2bcc505134aebef6f64f2883c5798039797a6ca4ab520931cf5f7c19c5a17d18d4cf6e49a0c21bab2d21ec44b226ac5c8478103c092f2407226da0060af947110415515f2e3f89f6188ac6b4b2ff858713f8e8fafb52d471f118dc3c66611532f5b5c580bed2fa2b887342b06e09dfc0c692ffc7381eabe3cbc2d7c6b8a4dec8faf599ab30f45eb5188b9b54a34db1128441ebdc78debc047686731bd5628d5b2acb1a20794cc0b534f53a47a3cb68e5218512f63ac3860573f42b0c4770d3636a364df4b65fcfc2805af166c45deb370ed6e5ca119e170a621dd1119fada934dbb23c60151e0c7ad95f3fc3ee2900789d94a006d73a511bf3841299aaa81bce516cbac3e5451f52dd8ac9bf9c78d07dc2b925e8b21d094b97851c6fd604198a2f69a06337c488e91496d596b507f444320cf968bc1db2f236a7d40ebae478870548db476d9217a74ae6e8f8def9942d61ee9f141aafb376fbb61959dc7c661722c98cad6a8bebdd384ec15be85ebd62bb4d2ccf2d222995adf56d7df7364deaf13fa9c2d4278f171d2255f64d172cc535ea400494c1741423e2178a02ead15d703c61fa66d9cff1c5f390e3cdb232b9955282fb7c0f36cf79a15e6c6a7adceafc2be3c51aea8bf8697e506d71afcd12b4e96690e21874f50a594ee544ed5156a218d51696f687828646e35146ef28ba8badc8d53e22ac74401f35c8d7fb4afb51076f7b3b666bcfa4ab75a1a67c792bac1c3096450c32a587f36a07e74e15d4f81141cf770a1bdb41ee47f398657beab351fe86ae66018c8e547a3c43f979726bb089d0a21be498a13b1256c73100ae7b22687d864107fe41cb49074836a6cff9c23fc3c2d9a6a9c62449dec36cb5df818f6e27ff73cdbb3ca458970d557782221996dd9138cd56c79a4a2f94a392c253016ba2f2082eb174cd2860ff843830da87496e342eb78c9efaa6ca798861e55669375d5d3b5bb10aa2200754d2f5286f6ad331de663acf32bc61bc763a4ba38dfbe31bd3c6de57cb314509125068c8084e84978530dd8d7095ade222f60fd5a89de54de542fafe18f952c8b3c44a5385a5ce42120ed7d1798a66d99440e07c70640daa3ec17bdfc3cfa7cd2289efd351fa10e6f604deb2f0896a3e55c27514abdddb536d8e047de9130fe7a131aa579cefb21394aae0dadbbe286865547217070bc7611af337e82cb3c4cd0ee2ff520b25e64dc2a5a3e5890b8ad58018b479792faaf1e0dc153e3ed2841fd2dce6d54921e295fc886ce242023b1daef1a9a99f1b8242fb443af40e9b9905041d2aa80b3e58d94509af69986dc6075a93b19a1f79ab641de795b342a8447346ef9f84aed306a1e94918840fdc0e18660245a0759c2a0064080be8c4a02a68f2b4253cd327bec73362ddfb7a113782204f159eb248432958f945016f882fa0ccf44370020a985c27a534b0f1b9ed207ae68defa608913a5158ce4182c7f6c154713bdc9854292894cac9d55e143d296cff9c94ccb88af30f6b09d91c4f6eaf1ba719173d80f46259e5108ac4dc7446d6d9fc35f565b4f036312f30fa1186f053a04fc32e7686f2c776c2dc83a2657b49780e9b6e3bcc3b59f54b3bd8e313621395fdac8abaef21fbfca7672c86d62c855eb7aa2737a8910bfe04eb46bc4e8f171864155a18fc246eefecdc2f10f2603604bba5ca73abef1a5d07e134e1751e3e0153bb5c5f4d6e3db4915bd78c7717dffccf21140d0b0625a6f4453868730b7ddd9477ca0c79cb49215ed3730ecfcf0c9586884e3edab0cf521452c8a2822716587fe025fbb687481085d40c0652a9393ee9a9e94967e59783664f6321b13203701eed4a894a6fa08c18010df4846d0ba014b9c88b600cef63228516932d4f79d5b7a4e341400023dcf87a7eba3181951b8cc1b522ced9b544e339741795281b112d81dbc3a7d6ff1e1298bb50eb2b41341cc0372c10c5c4434696ac3b6f8805295b50857f22b24038b84bb54311792488baa98a661e4cbff07a908a2c6e875e2fb65489d95b4d4becd8e0a96f24a3d3893f7b21218a072796c8198fe3edf1432556b6dbb0c16e84be3280fcbfb6f536f27accdaf7512e3a52f2c03e5b9c59f4c6c2185306a2f78e82893657637611fd177723935c4f650f74256d7f0c03c3dc373d81b697082fca7ecbbcb08eb9dcbad7f29f59c16fc47eedc3d88c50899998d8b3887cffeb513ea017761b713a2744491084797499ae67bc64dca1285d872120ecf7e18742a36fbd6eaca64e255d8e9f6479fd367aa90968de67f29e6afe85e89b8edc4d7ef68eea05e4e35138001e98f0d38a6d0e093fcd6fa560a2224fac7d10b5245044a5808e2894aae964dc8791ce18190062222d4a01c48b13e23d104dafe82a7ec87831c08b3f6cfe6335515a65bbba4ed9818e6b2dc2f2306f7854235c5de1a824417dfa635bbbf56f276951c0c4f2a7ec2b63cfea1b741011da9b24af0587ca294d1ae1ba1f57148821b8bc60f9500b97aef5937dcff295f28d3a612cd14c8f70ae44fc40447e617c49c887dd08055286227cc26ff09e259cf7ee0e934efea72fad790049ab550368699657f9d79577f600f822f54fde8e7ca7f4d8b0ea90e33fd2dfc68fd7eb60f75a1ca7a92b36cc3811f57400274f28754bb60e8f8a75a3bdb2c99f4cda7e5547a43d6f8274c834330679e5297906a4933b703d764b6cd4dcae8557ce6d99e51f2defc136d930946d3418a3133f37d838eea23f46a1696910960f15b4808ebca587589d0f651af9588dbd24f9ff46f2267e568edc317f6215c8afa0f3d923ed6ba0bc60f3838a026de894b4811f872b7d6450c4b24634156a2c541c1b9f5e9589466355ce396ba616d94d9572443bb5abd6416f00fad2ab48e39bce74173f1739d61669dc5e02c686a8450d15d0386c52bf7f2f4eb8b8c6c10ae0af536cb0452ac3ea68db7e464fc569f06bd08806f15d6d2068704cde387f848381694cb344a079cf7c0c4436d0584f46f523fee3ff34c3815a396fc24eec0280c120c0b609053023a8ade95bd5682ca09d67d93af7fed07ce0f80f64b38561b6816b44ea30cbd78490c1ffcff673445afa346f95f77c305eccb918508337cce1874fb98d6d25b77e06a933d7d4122a0edd7db71ee9bb3b7ff42bebb289efd767c309e", 0x1000}, {&(0x7f0000001240)="24507576266ae7d7b45860f56648b562d082dcd2617e3dea7fe76bd593bf8fbf7f5061edccb56a647876655d096b340d2a984134de8a8341e4899c8c4df329efb0d30b71acb39ac3cd74eb99166579e9f8df962c7cdf62717f4a2a868c1c59783cc013fe4315094e224dadabad77cd22fc5e8896e63386f9ce04bba7b279c8f1316199151c04875e76517f1515bd2a5d1dadaec5d48c3b78e9d4b8749a2506048fd4b6e623ec2486158d4e0c1cee652f0f33eb6f7ac808b72d13cea38bcdc9361953876c88d876ab48d94bbc139c356e8c0b0358b52e2ffc9530adad21fd09d5198e807f7efe498a53d40f1ae9ed1f2b", 0xf0}], 0x5, 0x1)
dup3(r0, r1, 0x0)

[ 2539.274382][T18426] SELinux:  policydb string length 10 does not match expected length 8
[ 2539.322604][T18426] SELinux: failed to load policy
00:15:29 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

00:15:29 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = fcntl$dupfd(r0, 0x0, r0)
timerfd_gettime(r1, &(0x7f0000000000))
r2 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(r0, r2, 0x0)

00:15:30 executing program 4 (fault-call:3 fault-nth:5):
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

00:15:30 executing program 2:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9100000005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

00:15:30 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)
r2 = getpgrp(0xffffffffffffffff)
syz_open_procfs(r2, &(0x7f0000000000)='net/ipx\x00')

00:15:30 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, 0x0, 0x0)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

[ 2539.513474][T18439] binder: 18436:18439 Release 1 refcount change on invalid ref 0 ret -22
[ 2539.524154][T18441] SELinux:  policydb string length 16 does not match expected length 8
[ 2539.532704][T18441] SELinux: failed to load policy
[ 2539.665793][T18452] FAULT_INJECTION: forcing a failure.
[ 2539.665793][T18452] name failslab, interval 1, probability 0, space 0, times 0
[ 2539.687849][T18452] CPU: 0 PID: 18452 Comm: syz-executor.4 Not tainted 5.0.0+ #20
[ 2539.695530][T18452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2539.705606][T18452] Call Trace:
[ 2539.708914][T18452]  dump_stack+0x172/0x1f0
[ 2539.713387][T18452]  should_fail.cold+0xa/0x15
[ 2539.718189][T18452]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 2539.724060][T18452]  ? ___might_sleep+0x163/0x280
[ 2539.728941][T18452]  __should_failslab+0x121/0x190
[ 2539.733913][T18452]  should_failslab+0x9/0x14
[ 2539.738552][T18452]  kmem_cache_alloc+0x2b2/0x6f0
[ 2539.743429][T18452]  ? __put_user_ns+0x70/0x70
[ 2539.748034][T18452]  ? sock_alloc_inode+0x63/0x260
[ 2539.752972][T18452]  ? lockdep_init_map+0x1be/0x6d0
[ 2539.758012][T18452]  security_inode_alloc+0x39/0x160
[ 2539.763247][T18452]  inode_init_always+0x56e/0xb50
[ 2539.768274][T18452]  alloc_inode+0x83/0x190
[ 2539.772600][T18452]  new_inode_pseudo+0x19/0xf0
[ 2539.777301][T18452]  sock_alloc+0x41/0x270
[ 2539.781567][T18452]  __sock_create+0xc0/0x750
[ 2539.786125][T18452]  ? sctp_id2assoc+0x203/0x2c0
[ 2539.790915][T18452]  sock_create+0x7f/0xa0
[ 2539.795179][T18452]  sctp_do_peeloff+0x1a0/0x470
[ 2539.799952][T18452]  ? sctp_copy_sock+0xe50/0xe50
[ 2539.804927][T18452]  ? lock_downgrade+0x880/0x880
[ 2539.809801][T18452]  sctp_getsockopt_peeloff_common.isra.0+0x8e/0x270
[ 2539.816419][T18452]  ? sctp_do_peeloff+0x470/0x470
[ 2539.821459][T18452]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2539.827718][T18452]  ? _copy_from_user+0xdd/0x150
[ 2539.832614][T18452]  sctp_getsockopt+0x1ec1/0x673d
[ 2539.837569][T18452]  ? lock_downgrade+0x880/0x880
[ 2539.842647][T18452]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2539.849181][T18452]  ? kasan_check_read+0x11/0x20
[ 2539.854046][T18452]  ? sctp_getsockopt_peeloff_common.isra.0+0x270/0x270
[ 2539.860890][T18452]  ? avc_has_perm+0x404/0x610
[ 2539.865567][T18452]  ? __fget+0x35a/0x550
[ 2539.869713][T18452]  ? lock_downgrade+0x880/0x880
[ 2539.874661][T18452]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2539.881082][T18452]  ? sock_has_perm+0x209/0x2a0
[ 2539.886865][T18452]  ? selinux_secmark_relabel_packet+0xe0/0xe0
[ 2539.892952][T18452]  ? kasan_check_write+0x14/0x20
[ 2539.897957][T18452]  sock_common_getsockopt+0x9a/0xe0
[ 2539.903164][T18452]  ? sock_common_getsockopt+0x9a/0xe0
[ 2539.908826][T18452]  __sys_getsockopt+0x168/0x250
[ 2539.913684][T18452]  ? kernel_setsockopt+0x1e0/0x1e0
[ 2539.918809][T18452]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 2539.924284][T18452]  ? do_syscall_64+0x26/0x610
[ 2539.929186][T18452]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2539.935360][T18452]  ? do_syscall_64+0x26/0x610
[ 2539.940067][T18452]  __x64_sys_getsockopt+0xbe/0x150
[ 2539.945798][T18452]  do_syscall_64+0x103/0x610
[ 2539.950403][T18452]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2539.956300][T18452] RIP: 0033:0x457f29
[ 2539.960204][T18452] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 2539.980150][T18452] RSP: 002b:00007f6ffeed5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[ 2539.989469][T18452] RAX: ffffffffffffffda RBX: 00007f6ffeed5c90 RCX: 0000000000457f29
[ 2539.997431][T18452] RDX: 0000000000000066 RSI: 0000000000000084 RDI: 0000000000000003
[ 2540.005397][T18452] RBP: 000000000073bfa0 R08: 0000000020000140 R09: 0000000000000000
00:15:30 executing program 0:
openat$dsp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
pipe(&(0x7f0000000100)={<r1=>0xffffffffffffffff})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0xd7)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000000)='vcan0\x00', 0x1000001c3)
connect$inet(r2, &(0x7f0000000140)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x26}}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000240)={0x0, 0x8d9c, 0x10001}, 0x14)
splice(r1, 0x0, r2, 0x0, 0x10005, 0x0)

00:15:30 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
fsetxattr$security_ima(r0, &(0x7f0000000000)='security.ima\x00', &(0x7f0000000080)=@ng={0x4, 0x11, "89a3d5f74dc8"}, 0x8, 0x2)
r3 = dup3(r1, r2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000100)={<r4=>0xffffffffffffffff}, 0x13f, 0xd}}, 0x20)
write$RDMA_USER_CM_CMD_MIGRATE_ID(r3, &(0x7f0000000180)={0x12, 0x10, 0xfa00, {&(0x7f00000000c0), r4, r3}}, 0x18)

00:15:30 executing program 2:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf92f0000005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

[ 2540.013365][T18452] R10: 0000000020000040 R11: 0000000000000246 R12: 00007f6ffeed66d4
[ 2540.021332][T18452] R13: 00000000004c9868 R14: 00000000004d02b8 R15: 0000000000000004
00:15:30 executing program 2:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080000020045204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

00:15:30 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x80000000, 0x1)
r1 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(r0, r1, 0x0)

[ 2540.070987][T18459] SELinux:  policydb string length 47 does not match expected length 8
[ 2540.100345][T18452] socket: no more sockets
00:15:30 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, 0x0, 0x0)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

[ 2540.187635][T18466] SELinux:  policydb string length 33554440 does not match expected length 8
00:15:30 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

00:15:30 executing program 5:
r0 = syz_open_dev$usb(&(0x7f0000000100)='/dev/bus/usb/00#/00#\x00', 0x2, 0x311040)
getsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000240), &(0x7f0000000180)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x151001, 0x0)
syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x2, 0x800)
r2 = syz_open_dev$midi(&(0x7f00000000c0)='/dev/midi#\x00', 0x81, 0x2)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(r1, r3, 0x0)

00:15:30 executing program 4 (fault-call:3 fault-nth:6):
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

00:15:30 executing program 2:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080000040045204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

00:15:30 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/access\x00', 0x2, 0x0)
dup3(r0, r1, 0x80000)

[ 2540.400727][T18480] binder: 18477:18480 Release 1 refcount change on invalid ref 0 ret -22
00:15:31 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
r2 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x4, 0x20801)
setsockopt$netlink_NETLINK_RX_RING(r2, 0x10e, 0x6, &(0x7f0000000080)={0x80000001, 0x3, 0x7, 0x1f}, 0x10)
dup3(r0, r1, 0x0)

[ 2540.464550][T18482] SELinux:  policydb string length 67108872 does not match expected length 8
[ 2540.551322][T18491] FAULT_INJECTION: forcing a failure.
[ 2540.551322][T18491] name failslab, interval 1, probability 0, space 0, times 0
[ 2540.573753][T18491] CPU: 1 PID: 18491 Comm: syz-executor.4 Not tainted 5.0.0+ #20
[ 2540.581612][T18491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2540.592131][T18491] Call Trace:
[ 2540.595458][T18491]  dump_stack+0x172/0x1f0
[ 2540.600099][T18491]  should_fail.cold+0xa/0x15
[ 2540.604732][T18491]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 2540.610945][T18491]  ? ___might_sleep+0x163/0x280
[ 2540.610967][T18491]  __should_failslab+0x121/0x190
[ 2540.610988][T18491]  should_failslab+0x9/0x14
[ 2540.611018][T18491]  kmem_cache_alloc+0x2b2/0x6f0
[ 2540.620854][T18491]  ? inet6_create+0x2ea/0xf90
[ 2540.620880][T18491]  sk_prot_alloc+0x67/0x2e0
[ 2540.620905][T18491]  ? lock_downgrade+0x880/0x880
[ 2540.644510][T18491]  sk_alloc+0x39/0xf70
[ 2540.648614][T18491]  inet6_create+0x360/0xf90
[ 2540.653171][T18491]  __sock_create+0x3e6/0x750
[ 2540.657893][T18491]  sock_create+0x7f/0xa0
[ 2540.662164][T18491]  sctp_do_peeloff+0x1a0/0x470
[ 2540.666959][T18491]  ? sctp_copy_sock+0xe50/0xe50
[ 2540.671845][T18491]  ? lock_downgrade+0x880/0x880
[ 2540.676752][T18491]  sctp_getsockopt_peeloff_common.isra.0+0x8e/0x270
[ 2540.683498][T18491]  ? sctp_do_peeloff+0x470/0x470
[ 2540.688595][T18491]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2540.695098][T18491]  ? _copy_from_user+0xdd/0x150
[ 2540.699985][T18491]  sctp_getsockopt+0x1ec1/0x673d
[ 2540.704949][T18491]  ? lock_downgrade+0x880/0x880
[ 2540.709817][T18491]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2540.716184][T18491]  ? kasan_check_read+0x11/0x20
[ 2540.721228][T18491]  ? sctp_getsockopt_peeloff_common.isra.0+0x270/0x270
[ 2540.728178][T18491]  ? avc_has_perm+0x404/0x610
[ 2540.732869][T18491]  ? __fget+0x35a/0x550
[ 2540.737045][T18491]  ? lock_downgrade+0x880/0x880
[ 2540.741917][T18491]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2540.748352][T18491]  ? sock_has_perm+0x209/0x2a0
[ 2540.753132][T18491]  ? selinux_secmark_relabel_packet+0xe0/0xe0
[ 2540.759201][T18491]  ? kasan_check_write+0x14/0x20
[ 2540.764157][T18491]  sock_common_getsockopt+0x9a/0xe0
[ 2540.769600][T18491]  ? sock_common_getsockopt+0x9a/0xe0
[ 2540.775283][T18491]  __sys_getsockopt+0x168/0x250
[ 2540.780216][T18491]  ? kernel_setsockopt+0x1e0/0x1e0
[ 2540.785434][T18491]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 2540.791091][T18491]  ? do_syscall_64+0x26/0x610
[ 2540.795800][T18491]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2540.801974][T18491]  ? do_syscall_64+0x26/0x610
[ 2540.806683][T18491]  __x64_sys_getsockopt+0xbe/0x150
[ 2540.811819][T18491]  do_syscall_64+0x103/0x610
[ 2540.816426][T18491]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2540.822329][T18491] RIP: 0033:0x457f29
[ 2540.826332][T18491] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
00:15:31 executing program 0:
openat$dsp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
pipe(&(0x7f0000000100)={<r1=>0xffffffffffffffff})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0xd7)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000000)='vcan0\x00', 0x1000001c3)
connect$inet(r2, &(0x7f0000000140)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x26}}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000240)={0x0, 0x8d9c, 0x10001}, 0x14)
splice(r1, 0x0, r2, 0x0, 0x10005, 0x0)

00:15:31 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, 0x0, 0x0)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:31 executing program 2:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080000000145204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

00:15:31 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = geteuid()
r3 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x10000, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r3, 0x7709, 0x0)
setsockopt(r0, 0x4080000000000000, 0x4, &(0x7f0000000180)="2a33aad3155e835961b9ff5c5d09878984cc4f2702f02aa755b0c753077375f027c03132d19927f20e800cb77bfd7b82e2cc2ffba5433d70f64ca7d6dad7936313dc8450ebec1401a235f790c0c9d6bf7497059db3a504eab949a055d79b1d88aa781e13a2657f2ac4155402a02a0296016b030a8b798da61837c10777", 0x7d)
getresgid(&(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000140)=<r4=>0x0)
fchown(r0, r2, r4)
r5 = dup3(r1, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r5, 0x84, 0x8, &(0x7f0000000040), &(0x7f0000000080)=0x4)

[ 2540.845977][T18491] RSP: 002b:00007f6ffeed5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[ 2540.854412][T18491] RAX: ffffffffffffffda RBX: 00007f6ffeed5c90 RCX: 0000000000457f29
[ 2540.862408][T18491] RDX: 0000000000000066 RSI: 0000000000000084 RDI: 0000000000000003
[ 2540.870393][T18491] RBP: 000000000073bfa0 R08: 0000000020000140 R09: 0000000000000000
[ 2540.878377][T18491] R10: 0000000020000040 R11: 0000000000000246 R12: 00007f6ffeed66d4
[ 2540.886373][T18491] R13: 00000000004c9868 R14: 00000000004d02b8 R15: 0000000000000004
[ 2540.912573][T18497] SELinux:  policydb string 
E Linux does not match my string SE Linux
00:15:31 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x2a, 0x400)
ioctl$VIDIOC_G_SLICED_VBI_CAP(r1, 0xc0745645, &(0x7f0000000080)={0x6, [0x9, 0xd8e1, 0x3, 0x0, 0x1, 0x2, 0x40480000, 0x45b6, 0x1, 0x400, 0x3, 0x9, 0x81, 0x2, 0x6ee, 0x81, 0x1, 0x2, 0x5, 0x20, 0x2, 0x0, 0x3, 0xe56, 0x2, 0x59df, 0x7fffffff, 0x2, 0x20000000000000, 0x200, 0x7cf7, 0x2, 0x40, 0x4, 0x27, 0x4, 0x80000000, 0x5, 0x1, 0xffffffff, 0x2, 0x5, 0x4, 0x6, 0xbf, 0x5, 0x5aff, 0xdd9f], 0x7})
r2 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/access\x00', 0x2, 0x0)
r3 = dup3(r0, r2, 0x0)
setsockopt$inet_sctp_SCTP_AUTOCLOSE(r3, 0x84, 0x4, &(0x7f0000000040)=0x6, 0x4)
setsockopt$inet6_MCAST_MSFILTER(r3, 0x29, 0x30, &(0x7f0000000240)={0xfffffffffffffffd, {{0xa, 0x4e24, 0x1f, @ipv4={[], [], @loopback}, 0x7}}, 0x0, 0x2, [{{0xa, 0x4e21, 0x4, @empty, 0x8001}}, {{0xa, 0x4e20, 0x2, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x200}}]}, 0x190)

00:15:31 executing program 2:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080000002545204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

[ 2541.099407][T18511] SELinux:  policydb string %E Linux does not match my string SE Linux
00:15:31 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

00:15:31 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
sysinfo(&(0x7f0000000080)=""/230)
r1 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(r0, r1, 0x0)

00:15:31 executing program 4 (fault-call:3 fault-nth:7):
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

00:15:31 executing program 2:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080200005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

00:15:31 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[], 0x0)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:31 executing program 5:
socketpair$unix(0x1, 0x8000000000024, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(r0, r1, 0x0)

[ 2541.320549][T18523] SELinux:  policydb string length 520 does not match expected length 8
[ 2541.439887][T18535] FAULT_INJECTION: forcing a failure.
[ 2541.439887][T18535] name failslab, interval 1, probability 0, space 0, times 0
[ 2541.464222][T18535] CPU: 0 PID: 18535 Comm: syz-executor.4 Not tainted 5.0.0+ #20
[ 2541.471905][T18535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2541.481985][T18535] Call Trace:
[ 2541.485382][T18535]  dump_stack+0x172/0x1f0
[ 2541.489726][T18535]  should_fail.cold+0xa/0x15
[ 2541.494315][T18535]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 2541.500130][T18535]  ? ___might_sleep+0x163/0x280
[ 2541.504991][T18535]  __should_failslab+0x121/0x190
[ 2541.509951][T18535]  should_failslab+0x9/0x14
[ 2541.514581][T18535]  kmem_cache_alloc_trace+0x2d1/0x760
[ 2541.520000][T18535]  ? sk_prot_alloc+0x67/0x2e0
[ 2541.524739][T18535]  selinux_sk_alloc_security+0x87/0x1c0
[ 2541.530468][T18535]  security_sk_alloc+0x7d/0xc0
[ 2541.535251][T18535]  sk_prot_alloc+0xa5/0x2e0
[ 2541.539804][T18535]  sk_alloc+0x39/0xf70
[ 2541.543882][T18535]  inet6_create+0x360/0xf90
[ 2541.548404][T18535]  __sock_create+0x3e6/0x750
[ 2541.553004][T18535]  sock_create+0x7f/0xa0
[ 2541.557271][T18535]  sctp_do_peeloff+0x1a0/0x470
[ 2541.562062][T18535]  ? sctp_copy_sock+0xe50/0xe50
[ 2541.567014][T18535]  ? lock_downgrade+0x880/0x880
[ 2541.571909][T18535]  sctp_getsockopt_peeloff_common.isra.0+0x8e/0x270
[ 2541.578607][T18535]  ? sctp_do_peeloff+0x470/0x470
[ 2541.583560][T18535]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2541.589819][T18535]  ? _copy_from_user+0xdd/0x150
[ 2541.594752][T18535]  sctp_getsockopt+0x1ec1/0x673d
[ 2541.599705][T18535]  ? lock_downgrade+0x880/0x880
[ 2541.604586][T18535]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2541.610826][T18535]  ? kasan_check_read+0x11/0x20
[ 2541.615668][T18535]  ? sctp_getsockopt_peeloff_common.isra.0+0x270/0x270
[ 2541.622505][T18535]  ? avc_has_perm+0x404/0x610
[ 2541.627200][T18535]  ? __fget+0x35a/0x550
[ 2541.631349][T18535]  ? lock_downgrade+0x880/0x880
[ 2541.636189][T18535]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2541.642445][T18535]  ? sock_has_perm+0x209/0x2a0
[ 2541.647215][T18535]  ? selinux_secmark_relabel_packet+0xe0/0xe0
[ 2541.653307][T18535]  ? kasan_check_write+0x14/0x20
[ 2541.658351][T18535]  sock_common_getsockopt+0x9a/0xe0
[ 2541.663545][T18535]  ? sock_common_getsockopt+0x9a/0xe0
[ 2541.668931][T18535]  __sys_getsockopt+0x168/0x250
[ 2541.673776][T18535]  ? kernel_setsockopt+0x1e0/0x1e0
[ 2541.678995][T18535]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 2541.684499][T18535]  ? do_syscall_64+0x26/0x610
[ 2541.689319][T18535]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2541.695395][T18535]  ? do_syscall_64+0x26/0x610
[ 2541.700184][T18535]  __x64_sys_getsockopt+0xbe/0x150
[ 2541.705392][T18535]  do_syscall_64+0x103/0x610
[ 2541.710446][T18535]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2541.716335][T18535] RIP: 0033:0x457f29
[ 2541.720328][T18535] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
00:15:32 executing program 0:
openat$dsp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
pipe(&(0x7f0000000100)={<r1=>0xffffffffffffffff})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0xd7)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000000)='vcan0\x00', 0x1000001c3)
connect$inet(r2, &(0x7f0000000140)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x26}}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000240)={0x0, 0x8d9c, 0x10001}, 0x14)
splice(r1, 0x0, r2, 0x0, 0x10005, 0x0)

00:15:32 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
vmsplice(r1, &(0x7f00000013c0)=[{&(0x7f0000000080)="195ff3c2d826c76e82001d0201d65841ef4882e967890ddd8f0f9166775f3af38365182b05d7ba10aeda1414563ec3efdb253d66b207bf956e52d5bca7c842c56dbfa65c9489cad6d97047c8e415b9adbd0015102b0d6e1171633b49777e8ceea5d59ad55308a327372d2e5ce8a7773ec932e4a7de39f332927ec9021225fcc1c60e5982be005465d0869903604b6780d6785692d68b36b75326647494f3c1fdce4e112e3b0f649b532bf6e6a284ee8848bf51a8036c8593a5e8db5dd7574f", 0xbf}, {&(0x7f0000000140)="e82b64524637d173a2806b1e70b0d94de19c7a5452475fe01267ef29543fb2c9b823a491726697c0ed6fe42c14a4f623d1b0838544e5d458f5dbab9d216e93cfecc058e2e1b9dc50e2db3e8301f223588ffac42f97c6b464923f2913b5e98a5c0f4df034f8393f0858fd35dd9afae64a583c9d47330d5ca6185feab848bb26fc320be21690f5c25df5203a3f2070855dfea430f58bbd3c6074", 0x99}, {&(0x7f0000000240)="38d233012561ad1250d6ccfc03072056256db6e4ee5d8ec08286aa8bba966064ec97df7d3fe77cba5ea5b2788a73bc2d199d55803e6223d0c570a9f940ac260c9c648b", 0x43}, {&(0x7f00000002c0)="5bcec4d9ec26166ff2917d78b98b3dc0c96b2d70c11b8dda2f20235b5258cbe9b47db41ae6a1d1113cf3018f0b335454939b77b5abbcdafbd2fd957f051559fb783b4557e4529af3044389e2e1fa4658144b3a16f28c5a40a321c62c756e60e7d40c0470e73e0c129750a32e67b3aa472e44995da04c08cdbbae57e39c82a77d5446a53d9de8130d46749d5793a69e7912f2cacdfe973183e1826d0964ae27a9e468eb486006fc5f314a9e1f04831e2f0305cfcbf343530adfa8fe39d0781fd7cbf8630dbe59627679f685271bb6ea8debbbf0dfe65e637b675a49a8d2ce0ff43448d13061bf9f11d52354c8bc1ce3f1ee3b50cdf88835313bfff2875cfbdcd2ebeda69ee1f0c124c1dfb95965a06c56e3cadf353c27708dee7f80224d546090c96c92659eef787682a75fec8d37ffa922a7af4798b0a3e33638b5c79e64b61354e700483b44bf3a463a7e6cf75ba82f86aef3997e48c72fe6c5415731f228826778e78e42e873fdc492aa0fecc716645359a0aa59c39ce369e61a9ec74fde0e9a747c6ad042cc74ec2c5f31317d1e21d2a68d051eb04f02379ab350204cc9430b8458628eeb0716aff627632c355fab2f284ebfa056e1a8fd52b832eff0437711e5beab1bd51f918de09b22926073e40762be187150998c892fe00f832a03dac1e3f42fe73e5b9958025430f22a0aac3c67562ed6791f8aca1edf7ac4ee27c5087e30122aeda86f705c7077e45aa00cc876abe2ff56936068f9b1ed5a8a021a6834a0ac32402f90e413ec37073cb1ef514bf33df15885d8da6e3e3f6acc1e7b64814c61bf2224601050d50a48dcc7d9e31a58aa417bf0e547e39f0ac7223203fe4b88dfbf94b8b9c0633dfae26eb3f1ee95e8a8a9cfc2a21ee7edfc67b7b0cae10773874b2ad4d8d76a7625d21ca372aa112a2727ab3e9f7181ab64478a78975c18fe7158b9a35346c07d954a67a4de8f469b4aeee92caa3776239cd28d1c33b8349935fead6878f8a0811fe5993872bbaa425ff724a3da40e5c437a439dec72aada05c00845ee001278674b522a416cc8bb1f3c719c23d1cc60bb8df1ad4ee1527b0b734d3d950d4693de3fee21e2bcad74a24567df788186f9640f004326b052c84693c62cc0c56ed20cca44417edd55813860a96bb96eb2ebbbf051730e637227b54fd916a5bfb2e36fb5b4dbe0cb6b44e45e9f453605f02d7310524afb3c68ab93a9a03a0b1c5013d04ab347816cdde80c4062f22a63940868b4e43fe7c5e80fb8798214544497ed47a336661d372904e0c37ef0e0a108c32148a882ff85aab5a666ce7e685d9f0eda3c0efbaff464fb17cba20e889198718ae8873ea0c5677d4de3361e6f03ce1860f63e8f1708d58def3f89a91d15f123f486fc3a8d2e7381513a1c4988f069f16f6b4c35ab06eb7b2be0c5087957ab577a7c07f65af9b24ed40dfce2f7234432937ee3ec5041763e7510d167bd6a38c9b2cd3425a2f11898365f9750f8569b39128a063e839cec344f5bad6ee553b37fca3f7a81fd9d1ca88fbc5662f14983f5faeea10c46c4e8d5152ce1c1b3479daa9faea8313c68be7c779339164c4bcd07abc8ca6317729726db8902e6308ab76ee988fad4ee14a6e8ab30436bf07ba25778dc700324fc752bdecdf1df920b387bd3e4651e2c654bff10e2f5b4f1e5be6967af051621312b2559be25dcd2d6878fab5c5f2f2b84ace2f701173daa8ed5782fa1d3b65d8a13f1f7dadf60305d82adeedc714b3d27701e0291dcc73683cd6381165123652e411603dbfe0640a11b2045e812d5bb7c96d290b78b0a3cd56f74ac20e655df5f5376fdb290c7967e857e0fcc50b727d38b198e6fe758f737724ac81c60bb415da54e87a899c4f4f6b2deb36627e2b12e66e1f457a18b6ef7dc1acb2c59bbeeb6483be4f1487a34cdaa4f83ec8beffd994fe458525a76df09db7bda7dd08afde9dd50b1df72a197d3352106bc0bf1236a3addbaa1a5c3abaf6cb4392dda79a243a5df5954ac0cdab3575e47da5f8e66a7243a6ba7d4a79f54fe983188c045e997aa304db0383bbaf2132189c9e9f04289ecbecf09e820f922ea57da5e93e08c096cb9235a0331a13e973e2d13e1cb8c3599cc6b79ff33b4c83ada4115428e72663c60d17192bd784f46feac29a950b90fe3e77cc24a5653efaff55c54d3c2da1077ae9e32b603abc556fa6d335f971b46cc915a23d10fcb6496f6644e4b77bffd616a490818f47ee86b66d1b456fde9c4ef0688a3f222b56ef82249ffabd2f99ca992d2c9501ae30a4f4686d312b4b591052c39e1e44f9d78f04dce77d8ec2173c7b4f529ba17d107d39e491e93738c067203b059206b08230c57bb1cfa9f8e0f9e8a3968009b275f1f26f3b3afc806befc259bafb7ad566ea9424cf8e696434f7c39575d6997ff3d0f8e46d9ca0cbe981421c376c6747787f9ceea543cf162e9b0b847c1e028bba091d3d0c52381f532e217f976c603bd4396101aad2706c80151689a6d59914eed440ecea6336ef3be554d53d73684a326a8be9db14fca91e4253da5a2af1d3cdb7f5b41bb740f4776f36ebfb5705092714d86ac30f9ad212f38c47c3994115d5e0275c2e589889f300b640c25df4f884c4bfc8d32e7bc2c2aeae2d276aa42c3d08f3e0a6cd5575f806f3a4a5dc39cf0528efb777d28e2140917f2dedaa98ace22f7000a1f2ef0cfbc8d4624ec72a15f53529baab9d9e4d1214509bc4a1e2551bb01cfcde2ffabcdf4f192e1eae36f92f369da535d6f9e8e4efae126e429fc6b00ae3d3ed8e8e42f9333c49bb1c43891caa8da0c2754b7e68bf8c5f136286e47bca9007af645505badc77b59ed958bc81854cb01bb3ed5c5ab023b6c958390b70491edfa7a2b9dadec3bcd107f14f8e63d8575978efc2cf6adeea30d8c02f186c658327887a192547ea2f4379dc39840273349a9e59c0008b43026c8b2f7119f29bf6aaa8dfc85e2bafba43e6b7d48d98828439b0563fbeecba0ece5aee3578ecf3af826268390bc000267b52cdcfe2263c5eb82de2faf77c73f0d7d00617f62474cfc3ed7043438d0aa7226bfea74ef55196b4e5586deee2126d65e3de0f199caba345ff1a7b3a9b037cdadbe6cd39449dd5bbf69b5f9486787d46c4205d679e249f0ad7612253f836b24c31b23b7755b5e6ca507b51a57e74838fe55c9a5406568f1f89faad0be589fa92f219130915414641d6585c36ffa27f0d36a88ccdad74f487eb1733594b1d09deb1432d9ff6056eed6d1006eed2a25932a8a070425e5cbdc4f518baac50acfb229c4008a7980853286a589147c0536eac627b68f38d20b141edd679132facc29ad8eb6a4552549da07c184c4874423861197fcbc262d96e6f9de6457ba4418f4b42c23967e377dc8a965e11584e13db80a543a09d991bf17a706ed77266b35eec2ed60f3e0afdde93d28743563719526abbac137c2f1caec40c7ee260ef99522fc3d8d693de5b7376737adc3de84a31a3457f130b42387e7b894c10579b7a1d2323fdef63908edc16dd658262e47864a0f7c95e1ea6c5b688bc40884c6d53d7d15710718f8a30103abc2848c01f3625bf34d56f2fb9313d2470d1143c8519d09ebc6ca1bc044b192a5ee5ff1848fa3078205109deaad9d95b7bfb52ff210feb144eec2a8dedecfc7f394096236bdd0c0e85232483722810028cc05e4b2337090d86ba37e979d9d1ccf4db33d4c453628bf312f7db8f7033444235f32a0c31134052680e2f9bb932e75f5fb6b05a8e71670b72dba5cc669f6505af8358427d57545cdec7a310cdb68fd4316f63b5691fe91ba0ef02da01a786739ae66e05f15d39218f3aacffb3555e1b4c3dcf1afd68ac1ef851c3868eddd5dead869d3e0ec5837114613947a1f1ac5e84438dca8c52ed293af414d75f51c98720a9106d8b9acf9e9f1754703c799be12a2e6b5edbb9bab066290d3b2d7510553863e3c39c1000a6020fb4cc8fed34bfd0669bb5035f94be19d33fe1a456f08b8038f74ffb47612a5cc85f9391a429d6cca1d174a49ed171e94031e37c0b8679e74b7cad6670ff28982c3ac4b969e75be9f65eeea3453fb51288e55e6e61bce328347ff1ce3114cf21b2ede0fd5da1544923c6cd6663bce0c2ab6c8b587e28ff1a0b075c55b10ea7141a73ae208e0abd96f744acb12ab9cfc4d154c3c10fa4664e459e0f7803f8d586e6415677a1239fbfe35bb03e5377b9ed529c866e23f34561c7e211a948ab6f5760353a63187434ef05d4b0198f6ac612b1fb55381b621a36f7aa40287881c33878ff11b6f32351ca76e02ac0f6567cb21c46701e00861ac48a1e04b10a7d9386f90869afa3e98b32754c2ef440557fb90d51ec4a0b7780d0270116d3268392ae7d64cdbdba33560de31d6fb39c3e2a897a6e24491a61695e190f254b76f6e1e379ca61f4b7c8afc1a76bb2d225a4d498c7e66c02dddab870257c77bf4101ab57cf8d307898bfa1e3407d7921465165d8ff5cc7b959d99da74845d5b97ab2a80b50985888d7b868963e77e568643632cc988d9bbe231bca1be21b7cb5beb07406ae4a2e948d037f9a2209f17203f60acc6176b18abbe45993eaef8cc47fa6e0c71dee56b9558252fc1121708311541d4afc2d9bdac81d24b8484852086deb488eb5c2c90cc8ef938999ac135f129421b33a5200b93d66be37397cd187f918e5b65f1bfac67d1bd25893a51b6d5e2875e44980964785819611cfb45bf377b16ae1f354f2def669fcc45df28d68c04fbd87c254c31f874254ff1d51a90a833ade42ddeaaa9ee5fb8b98ca77eadf06275c0af0b5f8d6050c0012a56a08c3d3cba6e44c94755a369daa1f0bdb7fd754001b7f97b03187692340dada9078c08371ad2d3792ee6be330a53e79bdea748aec9ce93c3315640f519fb413ebdd55678dce5e075d4605a57e04c079d1bfc1f474c2fceb0db89051712cb41914d82387d217bcb942740f2c102d7d59b755ef815f698b34a946d5e1559c5d036d772191b96937beaa4d2ae485b41cfdf4f97cc13db01ae37983d8b02f3dd828a8251758e71a07f491caa2dddc26a193eabb25ffb2053852e58a1eb9c27c9a3aa54f6418ce80d61984e3afbbb9719ce67fceea5e3ec31bdc488d0e40119ff36f9d1b06e984883586d40ab742d80dcbdf47119f6000edfa894e09ab25ffc016b6ce29f55c99ad561359649bc0903e765ed45f48185384b33539df80d1b76ed22021aea65ae7ae98e3656eecbbc03024f74a4315ffadfb289c5cdb08cc4d8fbf4d9f09616a6bcf16b49d28cc2dbf134620c6be02fa3c259545735f24df5eee2a3df19100c3a0cb928a1c855150f3546d3193351e74ecab171980fccde8c9b876c22f70d0a2296ab9238d311e8d4aecdad4e9d5db58c38601c459697145afa1973779a9b82c36435f65120e11db30c960e21a1b290e62b47c7da61c8586377010911faf3acbdf7a2326a99edfa00cbe8dbbaa2861b935197c03b55fabcde072b9e438873bd6a6cd79dea55556fdd39b39a083fd2e9a0b37c388868e471d01104647b1cf0bb846b64c16841586c6f85754bbd23c881ed17ef7d6a9a0e91d57a20e2ab9c7d7fa833477082817d6eacd7ccbc4ae8a6ef5176e70eda784f52e0fc04e75a154c750ddf0d91346fbc00458e65937387e1088c776bfcbac742dd92ed1b9b1288991cea020712abace95c28a7dfa05bcc8e500df206342bba3ee7490cd2ffdaa53b890221ae2a907ecdffd8e083233ada4fabc3e12a6ed38f141702dfeffc6b13f", 0x1000}, {&(0x7f00000012c0)="228d5e0b5e0fef4a6f1a68f63b9e2cef332f6c1ea25f8308e5e374ba3da2fb261f6ebef2b548", 0x26}, {&(0x7f0000001300)="cac7e70f309a356baecc6d7e80353d69c2fb33ccba1a226dd72751df433181fc6faddeb4497886c1b0f2617e06863bacc3e2c59a5515b5122c5452296b2444a3a33003d7cfbebe7e0932a0a2ce48439291f90b3754569ea7977cb9595ca38ef3888df9a42515bd9f11c0963657e78ac1eb68e0b473f37d4df545f85ec7ce3bdb9f958640b5c73dd879271cf120c0c46e9c27602ddaaa361d89192f4734bd18a4308d1071a2e4525456ab093ba04d305c9e1cb362", 0xb4}], 0x6, 0x2)
ioctl$int_out(r0, 0x5462, &(0x7f0000000000))
r2 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(r1, r2, 0x0)

00:15:32 executing program 2:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080300005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

[ 2541.739953][T18535] RSP: 002b:00007f6ffeed5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[ 2541.748362][T18535] RAX: ffffffffffffffda RBX: 00007f6ffeed5c90 RCX: 0000000000457f29
[ 2541.756328][T18535] RDX: 0000000000000066 RSI: 0000000000000084 RDI: 0000000000000003
[ 2541.764293][T18535] RBP: 000000000073bfa0 R08: 0000000020000140 R09: 0000000000000000
[ 2541.772455][T18535] R10: 0000000020000040 R11: 0000000000000246 R12: 00007f6ffeed66d4
[ 2541.780451][T18535] R13: 00000000004c9868 R14: 00000000004d02b8 R15: 0000000000000004
00:15:32 executing program 2:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080400005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

00:15:32 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
r3 = dup3(r0, r2, 0x0)
connect$rxrpc(r3, &(0x7f00000000c0)=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x4e22, 0x6, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x6}}, 0x24)
fcntl$F_GET_FILE_RW_HINT(r2, 0x40d, &(0x7f0000000080))
ioctl$FS_IOC_RESVSP(r3, 0x40305828, &(0x7f0000000000)={0x0, 0x4, 0x100000001, 0x1})

[ 2541.844066][T18541] SELinux:  policydb string length 776 does not match expected length 8
00:15:32 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[], 0x0)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

[ 2541.931087][T18547] SELinux:  policydb string length 1032 does not match expected length 8
00:15:32 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

00:15:32 executing program 2:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080500005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

[ 2542.119408][T18557] SELinux:  policydb string length 1288 does not match expected length 8
[ 2542.131172][T18557] SELinux:  policydb string length 1288 does not match expected length 8
00:15:32 executing program 4 (fault-call:3 fault-nth:8):
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

00:15:32 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/access\x00', 0x2, 0x0)
r2 = dup3(r0, r1, 0x0)
ioctl$KDSIGACCEPT(r2, 0x4b4e, 0x36)

00:15:32 executing program 2:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080600005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

00:15:32 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = semget$private(0x0, 0x0, 0x110)
r2 = add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000180)="216cf18a6f1bab4ddb65263c1548d8c115347acce2377db715ed342b82c3616e660e4f7e2a40d67cd3407cc8de8122516592f8fb7e8aeefe3ca2b819", 0x3c, 0x0)
keyctl$KEYCTL_PKEY_SIGN(0x1b, &(0x7f00000001c0)={r2, 0x92f1, 0x6}, &(0x7f0000000240)={'enc=', 'pkcs1', ' hash=', {'rmd256-generic\x00'}}, &(0x7f00000002c0)="c2df256dc9fb214da622583b3b1f65ac4da6d56e6ef32a66cf08103057645efd3a46141113e5848e4f4d96d6dc4c1f73b842de4dd23d25474f1582da9b00e622cf53f2c8ecd9796ad4dff8dd5f5bc478efe0e383200772c1ca6269d5a989e641db99bc2c1a815e249e3274f06cacdbc72d3ffb39c921def0eb0e774ba02e", &(0x7f0000000340)=""/143)
semctl$IPC_INFO(r1, 0x3, 0x3, &(0x7f0000000080)=""/175)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r3 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000400)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(r0, r3, 0xfffffffffffffffe)

[ 2542.250258][T18568] SELinux:  policydb string length 1544 does not match expected length 8
[ 2542.272082][T18568] sel_write_load: 10 callbacks suppressed
[ 2542.272087][T18568] SELinux: failed to load policy
[ 2542.314953][T18571] FAULT_INJECTION: forcing a failure.
[ 2542.314953][T18571] name failslab, interval 1, probability 0, space 0, times 0
[ 2542.340162][T18571] CPU: 1 PID: 18571 Comm: syz-executor.4 Not tainted 5.0.0+ #20
[ 2542.347839][T18571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2542.357910][T18571] Call Trace:
[ 2542.361235][T18571]  dump_stack+0x172/0x1f0
[ 2542.365597][T18571]  should_fail.cold+0xa/0x15
[ 2542.370221][T18571]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 2542.376055][T18571]  ? ___might_sleep+0x163/0x280
[ 2542.380964][T18571]  __should_failslab+0x121/0x190
[ 2542.387406][T18571]  should_failslab+0x9/0x14
[ 2542.391928][T18571]  kmem_cache_alloc_trace+0x2d1/0x760
[ 2542.397397][T18571]  sctp_endpoint_new+0x79/0xed0
[ 2542.402273][T18571]  sctp_init_sock+0xc2e/0x1360
[ 2542.407067][T18571]  ? kasan_check_write+0x14/0x20
[ 2542.412033][T18571]  ? sock_init_data+0x8de/0xc70
[ 2542.416902][T18571]  ? sctp_destroy_sock+0x3e0/0x3e0
[ 2542.416926][T18571]  inet6_create+0x9cd/0xf90
[ 2542.426561][T18571]  __sock_create+0x3e6/0x750
[ 2542.426580][T18571]  sock_create+0x7f/0xa0
[ 2542.426596][T18571]  sctp_do_peeloff+0x1a0/0x470
[ 2542.426610][T18571]  ? sctp_copy_sock+0xe50/0xe50
[ 2542.426627][T18571]  ? lock_downgrade+0x880/0x880
[ 2542.426644][T18571]  sctp_getsockopt_peeloff_common.isra.0+0x8e/0x270
[ 2542.426659][T18571]  ? sctp_do_peeloff+0x470/0x470
[ 2542.426678][T18571]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2542.426694][T18571]  ? _copy_from_user+0xdd/0x150
[ 2542.426710][T18571]  sctp_getsockopt+0x1ec1/0x673d
[ 2542.426722][T18571]  ? lock_downgrade+0x880/0x880
[ 2542.426743][T18571]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2542.488822][T18571]  ? kasan_check_read+0x11/0x20
[ 2542.493700][T18571]  ? sctp_getsockopt_peeloff_common.isra.0+0x270/0x270
[ 2542.500673][T18571]  ? avc_has_perm+0x404/0x610
[ 2542.505565][T18571]  ? __fget+0x35a/0x550
[ 2542.509749][T18571]  ? lock_downgrade+0x880/0x880
[ 2542.514617][T18571]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2542.521053][T18571]  ? sock_has_perm+0x209/0x2a0
[ 2542.525839][T18571]  ? selinux_secmark_relabel_packet+0xe0/0xe0
[ 2542.531908][T18571]  ? kasan_check_write+0x14/0x20
[ 2542.536856][T18571]  sock_common_getsockopt+0x9a/0xe0
[ 2542.542054][T18571]  ? sock_common_getsockopt+0x9a/0xe0
[ 2542.547416][T18571]  __sys_getsockopt+0x168/0x250
[ 2542.552259][T18571]  ? kernel_setsockopt+0x1e0/0x1e0
[ 2542.557376][T18571]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 2542.562836][T18571]  ? do_syscall_64+0x26/0x610
[ 2542.567520][T18571]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2542.573605][T18571]  ? do_syscall_64+0x26/0x610
[ 2542.578288][T18571]  __x64_sys_getsockopt+0xbe/0x150
[ 2542.583398][T18571]  do_syscall_64+0x103/0x610
[ 2542.587982][T18571]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2542.593868][T18571] RIP: 0033:0x457f29
00:15:33 executing program 0:
openat$dsp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
pipe(&(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0xd7)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000000)='vcan0\x00', 0x1000001c3)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x26}}, 0x10)
write$binfmt_misc(r2, &(0x7f0000000100)=ANY=[], 0x4f3d1d6e)
splice(r1, 0x0, r3, 0x0, 0x10005, 0x0)

00:15:33 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[], 0x0)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:33 executing program 2:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080700005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

00:15:33 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x420400, 0x0)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffff9c, 0x84, 0xf, &(0x7f0000000080)={<r2=>0x0, @in6={{0xa, 0x4e23, 0x1, @loopback, 0x1000}}, 0x3, 0x1ff, 0x100000000, 0x9, 0x1000}, &(0x7f0000000140)=0x98)
getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000180)={r2}, &(0x7f00000001c0)=0x8)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x8001)
r3 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(r0, r3, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000240)='/dev/snd/pcmC#D#c\x00', 0x800, 0x20000)

[ 2542.597770][T18571] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 2542.617408][T18571] RSP: 002b:00007f6ffeed5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[ 2542.625851][T18571] RAX: ffffffffffffffda RBX: 00007f6ffeed5c90 RCX: 0000000000457f29
[ 2542.633834][T18571] RDX: 0000000000000066 RSI: 0000000000000084 RDI: 0000000000000003
[ 2542.641809][T18571] RBP: 000000000073bfa0 R08: 0000000020000140 R09: 0000000000000000
[ 2542.649992][T18571] R10: 0000000020000040 R11: 0000000000000246 R12: 00007f6ffeed66d4
[ 2542.658067][T18571] R13: 00000000004c9868 R14: 00000000004d02b8 R15: 0000000000000004
[ 2542.735115][T18582] SELinux:  policydb string length 1800 does not match expected length 8
00:15:33 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = syz_open_dev$media(&(0x7f0000000100)='/dev/media#\x00', 0x3, 0x20000)
ioctl$DRM_IOCTL_MARK_BUFS(r1, 0x40206417, &(0x7f0000000140)={0x19, 0x80, 0x0, 0x8, 0x3, 0x401})
r2 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
r3 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforce\x00', 0x10000, 0x0)
r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f00000000c0)={r0, r4})
r5 = dup3(r0, r2, 0x0)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000002c0)={r5, 0x10, &(0x7f00000001c0)={&(0x7f0000000240)=""/69, 0x45, <r6=>0x0}}, 0x10)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000340)={r4, 0x10, &(0x7f0000000300)={&(0x7f0000000180)=""/64, 0x40, r6}}, 0x10)

[ 2542.792453][T18582] SELinux: failed to load policy
00:15:33 executing program 2:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080a00005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

00:15:33 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

00:15:33 executing program 5:
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
connect$llc(r0, &(0x7f0000000280)={0x1a, 0x200, 0x101, 0x8001, 0x4, 0x2, @local}, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0xffffffffffff8001, 0x0)
ioctl$VT_WAITACTIVE(r3, 0x5607)
ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{<r4=>0x0}]})
ioctl$DRM_IOCTL_GET_CTX(r3, 0xc0086423, &(0x7f00000000c0)={r4})
syz_open_dev$usbmon(&(0x7f0000000100)='/dev/usbmon#\x00', 0x716, 0x488c01)
ioctl$FS_IOC_SETFLAGS(r3, 0x40086602, &(0x7f0000000180)=0x3a8)
ioctl$SG_SET_TIMEOUT(r3, 0x2201, &(0x7f0000000140)=0x1000)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ioctl$VIDIOC_QUERYMENU(r1, 0xc02c5625, &(0x7f00000002c0)={0x3, 0x100000001, @value=0xd7b})
r5 = dup3(r2, 0xffffffffffffffff, 0x0)
mq_getsetattr(r5, &(0x7f00000001c0)={0xd4c0, 0xfffffffffffffe01, 0x3, 0x31ef3eaf, 0x9, 0x7, 0x5, 0x3}, 0x0)

[ 2542.948855][T18597] SELinux:  policydb string length 2568 does not match expected length 8
[ 2542.964105][T18597] SELinux: failed to load policy
00:15:33 executing program 4 (fault-call:3 fault-nth:9):
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

00:15:33 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, 0x0, &(0x7f0000000440))
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:33 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f0000000000), 0x4)
r2 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/dlm_plock\x00', 0x82000, 0x0)
ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffff9c, 0xc0106426, &(0x7f0000000180)={0xa, &(0x7f0000000100)=[{}, {}, {}, {}, {}, {}, {}, {}, {<r3=>0x0}, {}]})
ioctl$DRM_IOCTL_RM_CTX(r2, 0xc0086421, &(0x7f00000001c0)={r3, 0x7dbdc092a02357f3})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r4 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
pwritev(r4, &(0x7f00000000c0)=[{&(0x7f0000000240)="866fd509a420c902e1c6290cf22ae0a69625382513f848d08a7c9b1c4edc3f2b80258897330c1f8347dab565fbbc192b181a869107070c0314f3d58ddf56f1e5f94d5fb83e26893be3bccce19679dab3b4619633a28c158809e92873fd2e16b1de886f3482bb855f8a46c706c056f93b8d0874b51e14b959fd7591e581c339e45ea3960a47cd57928725a62049b90a7b943e9e2b1a", 0x95}], 0x1, 0x0)
dup3(r1, r4, 0x0)
openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-control\x00', 0x400, 0x0)

00:15:33 executing program 2:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080f00005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

[ 2543.108376][T18608] SELinux:  policydb string length 3848 does not match expected length 8
[ 2543.120765][T18608] SELinux: failed to load policy
[ 2543.218258][T18618] FAULT_INJECTION: forcing a failure.
[ 2543.218258][T18618] name failslab, interval 1, probability 0, space 0, times 0
[ 2543.261858][T18618] CPU: 0 PID: 18618 Comm: syz-executor.4 Not tainted 5.0.0+ #20
[ 2543.270112][T18618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2543.281904][T18618] Call Trace:
[ 2543.285250][T18618]  dump_stack+0x172/0x1f0
[ 2543.289615][T18618]  should_fail.cold+0xa/0x15
[ 2543.294205][T18618]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 2543.300327][T18618]  ? ___might_sleep+0x163/0x280
[ 2543.305221][T18618]  __should_failslab+0x121/0x190
[ 2543.310182][T18618]  should_failslab+0x9/0x14
[ 2543.314700][T18618]  kmem_cache_alloc_trace+0x2d1/0x760
[ 2543.320086][T18618]  sctp_endpoint_new+0x100/0xed0
[ 2543.327722][T18618]  sctp_init_sock+0xc2e/0x1360
[ 2543.332491][T18618]  ? kasan_check_write+0x14/0x20
[ 2543.337439][T18618]  ? sock_init_data+0x8de/0xc70
[ 2543.342325][T18618]  ? sctp_destroy_sock+0x3e0/0x3e0
[ 2543.347447][T18618]  inet6_create+0x9cd/0xf90
[ 2543.351976][T18618]  __sock_create+0x3e6/0x750
[ 2543.356576][T18618]  sock_create+0x7f/0xa0
[ 2543.360851][T18618]  sctp_do_peeloff+0x1a0/0x470
[ 2543.365880][T18618]  ? sctp_copy_sock+0xe50/0xe50
[ 2543.370742][T18618]  ? lock_downgrade+0x880/0x880
[ 2543.375604][T18618]  sctp_getsockopt_peeloff_common.isra.0+0x8e/0x270
[ 2543.382192][T18618]  ? sctp_do_peeloff+0x470/0x470
[ 2543.387138][T18618]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2543.393580][T18618]  ? _copy_from_user+0xdd/0x150
[ 2543.398463][T18618]  sctp_getsockopt+0x1ec1/0x673d
[ 2543.403412][T18618]  ? lock_downgrade+0x880/0x880
[ 2543.408274][T18618]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2543.414522][T18618]  ? kasan_check_read+0x11/0x20
[ 2543.419409][T18618]  ? sctp_getsockopt_peeloff_common.isra.0+0x270/0x270
[ 2543.426292][T18618]  ? avc_has_perm+0x404/0x610
[ 2543.430993][T18618]  ? __fget+0x35a/0x550
[ 2543.435171][T18618]  ? lock_downgrade+0x880/0x880
[ 2543.440068][T18618]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2543.446307][T18618]  ? sock_has_perm+0x209/0x2a0
[ 2543.451075][T18618]  ? selinux_secmark_relabel_packet+0xe0/0xe0
[ 2543.457172][T18618]  ? kasan_check_write+0x14/0x20
[ 2543.462160][T18618]  sock_common_getsockopt+0x9a/0xe0
[ 2543.467354][T18618]  ? sock_common_getsockopt+0x9a/0xe0
[ 2543.472756][T18618]  __sys_getsockopt+0x168/0x250
[ 2543.477623][T18618]  ? kernel_setsockopt+0x1e0/0x1e0
[ 2543.482940][T18618]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 2543.488410][T18618]  ? do_syscall_64+0x26/0x610
[ 2543.493096][T18618]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2543.499197][T18618]  ? do_syscall_64+0x26/0x610
[ 2543.503932][T18618]  __x64_sys_getsockopt+0xbe/0x150
[ 2543.509110][T18618]  do_syscall_64+0x103/0x610
[ 2543.513721][T18618]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2543.519626][T18618] RIP: 0033:0x457f29
[ 2543.523527][T18618] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 2543.543245][T18618] RSP: 002b:00007f6ffeed5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[ 2543.552386][T18618] RAX: ffffffffffffffda RBX: 00007f6ffeed5c90 RCX: 0000000000457f29
00:15:34 executing program 0:
openat$dsp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
pipe(&(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0xd7)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000000)='vcan0\x00', 0x1000001c3)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x26}}, 0x10)
write$binfmt_misc(r2, &(0x7f0000000100)=ANY=[], 0x4f3d1d6e)
splice(r1, 0x0, r3, 0x0, 0x10005, 0x0)

00:15:34 executing program 2:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9084800005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

00:15:34 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
r2 = dup3(r0, r1, 0x0)
r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_NEW_DAEMON(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x34, r3, 0xf00, 0x70bd2d, 0x6, {}, [@IPVS_CMD_ATTR_DAEMON={0x20, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x780}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x44004)

[ 2543.560351][T18618] RDX: 0000000000000066 RSI: 0000000000000084 RDI: 0000000000000003
[ 2543.568320][T18618] RBP: 000000000073bfa0 R08: 0000000020000140 R09: 0000000000000000
[ 2543.576309][T18618] R10: 0000000020000040 R11: 0000000000000246 R12: 00007f6ffeed66d4
[ 2543.584452][T18618] R13: 00000000004c9868 R14: 00000000004d02b8 R15: 0000000000000004
00:15:34 executing program 2:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9084c00005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

[ 2543.625809][T18622] SELinux:  policydb string length 18440 does not match expected length 8
[ 2543.635490][T18622] SELinux: failed to load policy
00:15:34 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(r0, r2, 0x0)

00:15:34 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, 0x0, &(0x7f0000000440))
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

[ 2543.739862][T18631] SELinux:  policydb string length 19464 does not match expected length 8
[ 2543.761083][T18631] SELinux: failed to load policy
00:15:34 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

00:15:34 executing program 5:
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x8900, 0x0)
ioctl$PIO_FONT(r0, 0x4b61, &(0x7f0000000080)="a8280d")
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(r1, r2, 0x0)

00:15:34 executing program 4 (fault-call:3 fault-nth:10):
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

00:15:34 executing program 2:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9086800005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

00:15:34 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
link(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='./file0\x00')
r1 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(r0, r1, 0x0)

00:15:34 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, 0x0, &(0x7f0000000440))
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

[ 2543.953287][T18646] binder: 18644:18646 ioctl c0306201 0 returned -14
[ 2544.026652][T18651] SELinux:  policydb string length 26632 does not match expected length 8
[ 2544.052848][T18651] SELinux: failed to load policy
[ 2544.179075][T18661] FAULT_INJECTION: forcing a failure.
[ 2544.179075][T18661] name failslab, interval 1, probability 0, space 0, times 0
[ 2544.197459][T18661] CPU: 1 PID: 18661 Comm: syz-executor.4 Not tainted 5.0.0+ #20
[ 2544.205368][T18661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2544.215566][T18661] Call Trace:
[ 2544.218959][T18661]  dump_stack+0x172/0x1f0
[ 2544.223741][T18661]  should_fail.cold+0xa/0x15
[ 2544.228657][T18661]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 2544.235163][T18661]  ? ___might_sleep+0x163/0x280
[ 2544.240318][T18661]  __should_failslab+0x121/0x190
[ 2544.245862][T18661]  should_failslab+0x9/0x14
[ 2544.250801][T18661]  kmem_cache_alloc_trace+0x2d1/0x760
[ 2544.258732][T18661]  ? sctp_endpoint_lookup_assoc+0x290/0x290
[ 2544.265454][T18661]  sctp_auth_shkey_create+0x87/0x1b0
[ 2544.271164][T18661]  sctp_endpoint_new+0x518/0xed0
[ 2544.276302][T18661]  sctp_init_sock+0xc2e/0x1360
[ 2544.281365][T18661]  ? kasan_check_write+0x14/0x20
[ 2544.286440][T18661]  ? sock_init_data+0x8de/0xc70
[ 2544.291518][T18661]  ? sctp_destroy_sock+0x3e0/0x3e0
[ 2544.296848][T18661]  inet6_create+0x9cd/0xf90
[ 2544.301493][T18661]  __sock_create+0x3e6/0x750
[ 2544.306122][T18661]  sock_create+0x7f/0xa0
[ 2544.310672][T18661]  sctp_do_peeloff+0x1a0/0x470
[ 2544.316347][T18661]  ? sctp_copy_sock+0xe50/0xe50
[ 2544.322814][T18661]  ? lock_downgrade+0x880/0x880
[ 2544.329196][T18661]  sctp_getsockopt_peeloff_common.isra.0+0x8e/0x270
[ 2544.335812][T18661]  ? sctp_do_peeloff+0x470/0x470
[ 2544.341506][T18661]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2544.350750][T18661]  ? _copy_from_user+0xdd/0x150
[ 2544.356284][T18661]  sctp_getsockopt+0x1ec1/0x673d
[ 2544.363119][T18661]  ? lock_downgrade+0x880/0x880
[ 2544.368155][T18661]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2544.374603][T18661]  ? kasan_check_read+0x11/0x20
[ 2544.379532][T18661]  ? sctp_getsockopt_peeloff_common.isra.0+0x270/0x270
[ 2544.388352][T18661]  ? avc_has_perm+0x404/0x610
[ 2544.393443][T18661]  ? __fget+0x35a/0x550
[ 2544.400059][T18661]  ? lock_downgrade+0x880/0x880
[ 2544.405413][T18661]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2544.415198][T18661]  ? sock_has_perm+0x209/0x2a0
[ 2544.420762][T18661]  ? selinux_secmark_relabel_packet+0xe0/0xe0
[ 2544.430632][T18661]  ? kasan_check_write+0x14/0x20
[ 2544.440160][T18661]  sock_common_getsockopt+0x9a/0xe0
[ 2544.445839][T18661]  ? sock_common_getsockopt+0x9a/0xe0
[ 2544.452019][T18661]  __sys_getsockopt+0x168/0x250
[ 2544.457100][T18661]  ? kernel_setsockopt+0x1e0/0x1e0
[ 2544.462473][T18661]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 2544.468738][T18661]  ? do_syscall_64+0x26/0x610
[ 2544.473661][T18661]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
00:15:35 executing program 0:
openat$dsp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
pipe(&(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0xd7)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000000)='vcan0\x00', 0x1000001c3)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x26}}, 0x10)
write$binfmt_misc(r2, &(0x7f0000000100)=ANY=[], 0x4f3d1d6e)
splice(r1, 0x0, r3, 0x0, 0x10005, 0x0)

00:15:35 executing program 5:
r0 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforce\x00', 0x40000, 0x0)
fanotify_mark(r0, 0x1, 0x2, r0, &(0x7f00000001c0)='./file0\x00')
setsockopt$TIPC_SRC_DROPPABLE(r0, 0x10f, 0x80, &(0x7f0000000080)=0x1, 0x4)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400)='TIPCv2\x00')
sendmsg$TIPC_NL_NAME_TABLE_GET(r0, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x3}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="844f815f13000000", @ANYRES16=r1, @ANYBLOB="00062bbd7000fcdbdf251000000010000600040002000800010001000000600001004c0002000800020000000000080004000104000008000400080000000800040085b80000080001000d000000080001000a000000080003003af500000800030000000000080004000002000008000300000000000800030008000000"], 0x84}, 0x1, 0x0, 0x0, 0x4000001}, 0x4010)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/access\x00', 0x2, 0x0)
getsockopt$IP_VS_SO_GET_SERVICE(r0, 0x0, 0x483, &(0x7f0000000140), &(0x7f00000000c0)=0x68)
ioctl$VT_SETMODE(r0, 0x5602, &(0x7f0000000380)={0x2, 0x9, 0x0, 0x2, 0x4d})
dup3(r2, r3, 0x0)

00:15:35 executing program 2:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9086c00005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

[ 2544.480571][T18661]  ? do_syscall_64+0x26/0x610
[ 2544.486441][T18661]  __x64_sys_getsockopt+0xbe/0x150
[ 2544.494217][T18661]  do_syscall_64+0x103/0x610
[ 2544.498978][T18661]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2544.505807][T18661] RIP: 0033:0x457f29
[ 2544.510439][T18661] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 2544.537947][T18661] RSP: 002b:00007f6ffeed5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[ 2544.537965][T18661] RAX: ffffffffffffffda RBX: 00007f6ffeed5c90 RCX: 0000000000457f29
[ 2544.537972][T18661] RDX: 0000000000000066 RSI: 0000000000000084 RDI: 0000000000000003
[ 2544.537979][T18661] RBP: 000000000073bfa0 R08: 0000000020000140 R09: 0000000000000000
[ 2544.537986][T18661] R10: 0000000020000040 R11: 0000000000000246 R12: 00007f6ffeed66d4
[ 2544.537994][T18661] R13: 00000000004c9868 R14: 00000000004d02b8 R15: 0000000000000004
[ 2544.564174][T18664] SELinux:  policydb string length 27656 does not match expected length 8
[ 2544.615192][T18664] SELinux: failed to load policy
00:15:35 executing program 5:
socketpair$unix(0x1, 0xfffffffffffffffe, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x400000, 0x0)
ioctl$TIOCGPGRP(r3, 0x540f, &(0x7f0000000080))
ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40042409, 0x0)
dup3(r1, r2, 0x0)

00:15:35 executing program 2:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9087400005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

00:15:35 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), 0x0)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:35 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

[ 2544.756363][T18676] SELinux:  policydb string length 29704 does not match expected length 8
[ 2544.768145][T18676] SELinux: failed to load policy
00:15:35 executing program 2:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9087a00005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

00:15:35 executing program 4 (fault-call:3 fault-nth:11):
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

00:15:35 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
fcntl$setflags(r0, 0x2, 0x1)
dup3(r0, r1, 0x0)

[ 2544.919114][T18687] binder: 18683:18687 ioctl c0306201 0 returned -14
[ 2544.959980][T18691] SELinux:  policydb string length 31240 does not match expected length 8
00:15:35 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
pipe(&(0x7f0000000240)={<r1=>0xffffffffffffffff})
ioctl$KVM_TPR_ACCESS_REPORTING(r1, 0xc028ae92, &(0x7f0000000280)={0x4, 0x100})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r2 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
r3 = dup3(r0, r2, 0x0)
getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r3, 0x84, 0x77, &(0x7f0000000000)={0x0, 0x1f, 0x1, [0x4]}, &(0x7f0000000080)=0xa)
r4 = open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000000)={'vet\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbdh\x00', 0x43732e5398416f1a})
r7 = socket$nl_route(0x10, 0x3, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3b5f, 0x80000000}, 0x0, 0x0, 0xb5ec, 0x0, 0xfffffffffffffffc, 0x0, 0x3f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r8 = shmget$private(0x0, 0x2000, 0xfffffffffffffffe, &(0x7f0000ffb000/0x2000)=nil)
shmctl$IPC_STAT(r8, 0x2, &(0x7f0000000080)=""/19)
r9 = socket$inet(0x2, 0x3, 0x2)
r10 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
r11 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r11, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r11, 0x117, 0x1, &(0x7f0000001f3a)="ad56b6c5820faeb995298992ea54c7beef9f5d56534c90c2", 0x18)
r12 = accept$alg(r11, 0x0, 0x0)
io_setup(0x1000000000a, &(0x7f0000000380)=<r13=>0x0)
io_submit(r13, 0x1, &(0x7f0000bd9fe0)=[&(0x7f0000617fc0)={0x0, 0x0, 0x0, 0x0, 0x0, r12, &(0x7f000007d000)="b3", 0x1}])
getsockname(r10, &(0x7f0000000140)=@ipx, &(0x7f00000001c0)=0x80)
setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r4, 0x28, 0x0, &(0x7f0000000100)=0x1, 0x8)
setsockopt$inet_int(r9, 0x0, 0xca, &(0x7f0000000000)=0x10001, 0x10)
dup2(r7, r7)
getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(r9, 0x84, 0x1c, &(0x7f0000000440), &(0x7f0000000480)=0x4)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x3e7, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)

00:15:35 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

[ 2545.011263][T18691] SELinux: failed to load policy
[ 2545.061942][T18699] FAULT_INJECTION: forcing a failure.
[ 2545.061942][T18699] name failslab, interval 1, probability 0, space 0, times 0
[ 2545.076763][T18699] CPU: 1 PID: 18699 Comm: syz-executor.4 Not tainted 5.0.0+ #20
[ 2545.085400][T18699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2545.097754][T18699] Call Trace:
[ 2545.097784][T18699]  dump_stack+0x172/0x1f0
[ 2545.097807][T18699]  should_fail.cold+0xa/0x15
[ 2545.097828][T18699]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 2545.097844][T18699]  ? kernel_text_address+0x73/0xf0
[ 2545.097859][T18699]  ? __kernel_text_address+0xd/0x40
[ 2545.097881][T18699]  __should_failslab+0x121/0x190
[ 2545.097901][T18699]  should_failslab+0x9/0x14
[ 2545.097919][T18699]  kmem_cache_alloc+0x47/0x6f0
[ 2545.097945][T18699]  ebitmap_cpy+0xcd/0x270
[ 2545.097961][T18699]  ? hashtab_search+0x1c2/0x250
[ 2545.097986][T18699]  mls_compute_sid+0x5d0/0xf80
[ 2545.156515][T18702] binder: 18700:18702 ioctl c0306201 0 returned -14
[ 2545.158100][T18699]  ? mls_convert_context+0x6d0/0x6d0
[ 2545.158122][T18699]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2545.158138][T18699]  ? sidtab_search_core+0x164/0x210
[ 2545.158159][T18699]  ? __sanitizer_cov_trace_cmp2+0x18/0x20
[ 2545.199876][T18699]  security_compute_sid.part.0+0xed5/0x1620
[ 2545.206425][T18699]  ? security_context_to_sid_core.isra.0+0x620/0x620
[ 2545.214166][T18699]  ? kmem_cache_alloc_trace+0x354/0x760
[ 2545.221463][T18699]  security_transition_sid+0x126/0x190
[ 2545.227504][T18699]  selinux_socket_post_create+0x548/0x8a0
[ 2545.227532][T18699]  ? selinux_bprm_set_creds+0xcd0/0xcd0
[ 2545.227547][T18699]  ? sctp_init_sock+0xe27/0x1360
[ 2545.227565][T18699]  ? sock_init_data+0x8de/0xc70
[ 2545.227577][T18699]  ? sctp_destroy_sock+0x3e0/0x3e0
[ 2545.227603][T18699]  security_socket_post_create+0x89/0xd0
[ 2545.279876][T18699]  __sock_create+0x5cf/0x750
[ 2545.285918][T18699]  sock_create+0x7f/0xa0
[ 2545.290980][T18699]  sctp_do_peeloff+0x1a0/0x470
[ 2545.298503][T18699]  ? sctp_copy_sock+0xe50/0xe50
[ 2545.305492][T18699]  ? lock_downgrade+0x880/0x880
[ 2545.312243][T18699]  sctp_getsockopt_peeloff_common.isra.0+0x8e/0x270
[ 2545.312260][T18699]  ? sctp_do_peeloff+0x470/0x470
[ 2545.312284][T18699]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2545.338067][T18699]  ? _copy_from_user+0xdd/0x150
[ 2545.344750][T18699]  sctp_getsockopt+0x1ec1/0x673d
[ 2545.350962][T18699]  ? lock_downgrade+0x880/0x880
[ 2545.357980][T18699]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2545.365321][T18699]  ? kasan_check_read+0x11/0x20
[ 2545.365342][T18699]  ? sctp_getsockopt_peeloff_common.isra.0+0x270/0x270
[ 2545.365357][T18699]  ? avc_has_perm+0x404/0x610
[ 2545.365381][T18699]  ? __fget+0x35a/0x550
[ 2545.365404][T18699]  ? lock_downgrade+0x880/0x880
[ 2545.365418][T18699]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2545.365437][T18699]  ? sock_has_perm+0x209/0x2a0
[ 2545.365453][T18699]  ? selinux_secmark_relabel_packet+0xe0/0xe0
00:15:36 executing program 0:
openat$dsp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
pipe(&(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0xd7)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000000)='vcan0\x00', 0x1000001c3)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000240)={0x0, 0x8d9c, 0x10001}, 0x14)
write$binfmt_misc(r2, &(0x7f0000000100)=ANY=[], 0x4f3d1d6e)
splice(r1, 0x0, r3, 0x0, 0x10005, 0x0)

00:15:36 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

[ 2545.365477][T18699]  ? kasan_check_write+0x14/0x20
[ 2545.365501][T18699]  sock_common_getsockopt+0x9a/0xe0
[ 2545.365515][T18699]  ? sock_common_getsockopt+0x9a/0xe0
[ 2545.365541][T18699]  __sys_getsockopt+0x168/0x250
[ 2545.387185][T18699]  ? kernel_setsockopt+0x1e0/0x1e0
[ 2545.387208][T18699]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 2545.387225][T18699]  ? do_syscall_64+0x26/0x610
[ 2545.387243][T18699]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2545.387257][T18699]  ? do_syscall_64+0x26/0x610
[ 2545.387278][T18699]  __x64_sys_getsockopt+0xbe/0x150
[ 2545.430711][T18699]  do_syscall_64+0x103/0x610
[ 2545.430736][T18699]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2545.430748][T18699] RIP: 0033:0x457f29
[ 2545.430764][T18699] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 2545.430772][T18699] RSP: 002b:00007f6ffeed5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
00:15:36 executing program 2:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080003005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

[ 2545.497203][T18699] RAX: ffffffffffffffda RBX: 00007f6ffeed5c90 RCX: 0000000000457f29
[ 2545.497214][T18699] RDX: 0000000000000066 RSI: 0000000000000084 RDI: 0000000000000003
[ 2545.497222][T18699] RBP: 000000000073bfa0 R08: 0000000020000140 R09: 0000000000000000
[ 2545.497229][T18699] R10: 0000000020000040 R11: 0000000000000246 R12: 00007f6ffeed66d4
[ 2545.497236][T18699] R13: 00000000004c9868 R14: 00000000004d02b8 R15: 0000000000000004
00:15:36 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), 0x0)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:36 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

[ 2545.611825][T18716] SELinux:  policydb string length 196616 does not match expected length 8
00:15:36 executing program 0:
openat$dsp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
pipe(&(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0xd7)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000000)='vcan0\x00', 0x1000001c3)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000240)={0x0, 0x8d9c, 0x10001}, 0x14)
write$binfmt_misc(r2, &(0x7f0000000100)=ANY=[], 0x4f3d1d6e)
splice(r1, 0x0, r3, 0x0, 0x10005, 0x0)

00:15:36 executing program 2:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080005005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

00:15:36 executing program 4 (fault-call:3 fault-nth:12):
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

00:15:36 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

00:15:36 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), 0x0)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

[ 2545.959298][T18734] SELinux:  policydb string length 327688 does not match expected length 8
[ 2546.060055][T18742] FAULT_INJECTION: forcing a failure.
[ 2546.060055][T18742] name failslab, interval 1, probability 0, space 0, times 0
[ 2546.073521][T18742] CPU: 0 PID: 18742 Comm: syz-executor.4 Not tainted 5.0.0+ #20
[ 2546.082970][T18742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2546.094056][T18742] Call Trace:
[ 2546.097482][T18742]  dump_stack+0x172/0x1f0
[ 2546.102389][T18742]  should_fail.cold+0xa/0x15
[ 2546.107193][T18742]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 2546.113744][T18742]  __should_failslab+0x121/0x190
[ 2546.119432][T18742]  should_failslab+0x9/0x14
[ 2546.124320][T18742]  kmem_cache_alloc+0x47/0x6f0
[ 2546.124345][T18742]  ebitmap_cpy+0xcd/0x270
[ 2546.124359][T18742]  ? hashtab_search+0x1c2/0x250
[ 2546.124380][T18742]  mls_compute_sid+0x5d0/0xf80
[ 2546.139847][T18742]  ? mls_convert_context+0x6d0/0x6d0
[ 2546.139865][T18742]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
00:15:36 executing program 5:
r0 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x4, 0x80)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x7ff)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000280)='/selinux/access\x00', 0x2, 0x0)
r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x200, 0xa8)
setsockopt$inet_MCAST_LEAVE_GROUP(r3, 0x0, 0x2d, &(0x7f0000000080)={0x6, {{0x2, 0x4e23, @remote}}}, 0x88)
ioctl$KDSIGACCEPT(r3, 0x4b4e, 0x38)
dup3(r1, r2, 0x0)

00:15:36 executing program 0:
openat$dsp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
pipe(&(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0xd7)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000000)='vcan0\x00', 0x1000001c3)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000240)={0x0, 0x8d9c, 0x10001}, 0x14)
write$binfmt_misc(r2, &(0x7f0000000100)=ANY=[], 0x4f3d1d6e)
splice(r1, 0x0, r3, 0x0, 0x10005, 0x0)

00:15:36 executing program 2:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080006005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

00:15:36 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

[ 2546.139880][T18742]  ? sidtab_search_core+0x164/0x210
[ 2546.139891][T18742]  ? __sanitizer_cov_trace_cmp2+0x18/0x20
[ 2546.139909][T18742]  security_compute_sid.part.0+0xed5/0x1620
[ 2546.139932][T18742]  ? security_context_to_sid_core.isra.0+0x620/0x620
[ 2546.139963][T18742]  ? kmem_cache_alloc_trace+0x354/0x760
[ 2546.139985][T18742]  security_transition_sid+0x126/0x190
[ 2546.140044][T18742]  selinux_socket_post_create+0x548/0x8a0
[ 2546.140063][T18742]  ? selinux_bprm_set_creds+0xcd0/0xcd0
[ 2546.140084][T18742]  ? sctp_init_sock+0xe27/0x1360
[ 2546.189883][T18742]  ? sock_init_data+0x8de/0xc70
[ 2546.217285][T18742]  ? sctp_destroy_sock+0x3e0/0x3e0
[ 2546.222838][T18742]  security_socket_post_create+0x89/0xd0
[ 2546.222861][T18742]  __sock_create+0x5cf/0x750
[ 2546.222880][T18742]  sock_create+0x7f/0xa0
[ 2546.222905][T18742]  sctp_do_peeloff+0x1a0/0x470
[ 2546.243699][T18742]  ? sctp_copy_sock+0xe50/0xe50
[ 2546.248699][T18742]  ? lock_downgrade+0x880/0x880
00:15:36 executing program 5:
r0 = socket$bt_bnep(0x1f, 0x3, 0x4)
ioctl$SIOCGSTAMP(r0, 0x8906, &(0x7f0000000000))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = dup2(r2, r1)
ioctl$DRM_IOCTL_CONTROL(r3, 0x40086414, &(0x7f0000000080)={0x3, 0x8})
ioctl$sock_bt_bnep_BNEPGETCONNINFO(r0, 0x800442d3, &(0x7f00000000c0)={0xfffffffffffffffb, 0x2, 0x3, @remote, 'eql\x00'})
r4 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(r2, r4, 0x0)

[ 2546.254876][T18742]  sctp_getsockopt_peeloff_common.isra.0+0x8e/0x270
[ 2546.262638][T18742]  ? sctp_do_peeloff+0x470/0x470
[ 2546.267705][T18742]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2546.274373][T18742]  ? _copy_from_user+0xdd/0x150
[ 2546.279348][T18742]  sctp_getsockopt+0x1ec1/0x673d
[ 2546.284992][T18742]  ? lock_downgrade+0x880/0x880
[ 2546.292058][T18742]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2546.299312][T18742]  ? kasan_check_read+0x11/0x20
[ 2546.304462][T18742]  ? sctp_getsockopt_peeloff_common.isra.0+0x270/0x270
00:15:36 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
r3 = dup3(r1, r2, 0x0)
getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r3, 0x84, 0x66, &(0x7f0000000000)={<r4=>0x0, 0x2}, &(0x7f0000000080)=0x8)
setsockopt$inet_sctp6_SCTP_CONTEXT(r3, 0x84, 0x11, &(0x7f00000000c0)={r4, 0xd9}, 0x8)
tee(r0, r3, 0x3, 0x0)

[ 2546.311618][T18742]  ? avc_has_perm+0x404/0x610
[ 2546.316631][T18742]  ? __fget+0x35a/0x550
[ 2546.321156][T18742]  ? lock_downgrade+0x880/0x880
[ 2546.326144][T18742]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2546.332510][T18742]  ? sock_has_perm+0x209/0x2a0
[ 2546.337492][T18742]  ? selinux_secmark_relabel_packet+0xe0/0xe0
[ 2546.343912][T18742]  ? kasan_check_write+0x14/0x20
[ 2546.349077][T18742]  sock_common_getsockopt+0x9a/0xe0
[ 2546.355417][T18742]  ? sock_common_getsockopt+0x9a/0xe0
00:15:36 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup3(r0, r0, 0x80000)
write$vhci(r1, &(0x7f0000000080)=@HCI_SCODATA_PKT={0x3, "7a05614b06ae58ed55ae49e0378f9ab318f14b9cb990408bbce055c6611cea78d3bb88afc4b136da6679bae8bbce6043b65be0c5fa4748feb0c465f4c49e69756dbbdf131fe9322d03b71fefd6bc246ec116dbf33823ada5a92a52f8dbac38b672bcd45592995cbe6934948120940f1e5375993e6b05b6a1f0c26e0f2d370650d974ad5ad2f9394860056ae7941fed13f87690956de2e62afc96249841fb29ec594c33973e89ef44d9e0561bbd85add70ddecdaa291522ac46ccf21a97eec7628842ab98d0dfe2da0ded4be606eb2af4a8b153caee66079d712eb9c9092e0752d5f6ef0ad75f143703f3af8c3555"}, 0xef)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r2 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(r0, r2, 0x0)

[ 2546.361050][T18742]  __sys_getsockopt+0x168/0x250
[ 2546.366759][T18742]  ? kernel_setsockopt+0x1e0/0x1e0
[ 2546.372245][T18742]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 2546.378079][T18742]  ? do_syscall_64+0x26/0x610
[ 2546.383481][T18742]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2546.391453][T18742]  ? do_syscall_64+0x26/0x610
[ 2546.396544][T18742]  __x64_sys_getsockopt+0xbe/0x150
[ 2546.401986][T18742]  do_syscall_64+0x103/0x610
00:15:37 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = syz_open_dev$adsp(&(0x7f0000000080)='/dev/adsp#\x00', 0x54, 0x8000)
r2 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$SIOCX25GDTEFACILITIES(r2, 0x89ea, &(0x7f0000000000))
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r3 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r1, 0xc058534f, &(0x7f00000000c0)={{0xfffffffffffffff7, 0x8}, 0x1, 0x0, 0x6, {0x1, 0x8}, 0x6, 0x3})
r4 = dup3(r0, r3, 0x0)
ioctl$DRM_IOCTL_AGP_ACQUIRE(r4, 0x6430)

[ 2546.407210][T18742]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2546.413676][T18742] RIP: 0033:0x457f29
[ 2546.418110][T18742] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 2546.441349][T18742] RSP: 002b:00007f6ffeed5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[ 2546.450990][T18742] RAX: ffffffffffffffda RBX: 00007f6ffeed5c90 RCX: 0000000000457f29
[ 2546.460038][T18742] RDX: 0000000000000066 RSI: 0000000000000084 RDI: 0000000000000003
[ 2546.468574][T18742] RBP: 000000000073bfa0 R08: 0000000020000140 R09: 0000000000000000
[ 2546.476591][T18742] R10: 0000000020000040 R11: 0000000000000246 R12: 00007f6ffeed66d4
[ 2546.485389][T18742] R13: 00000000004c9868 R14: 00000000004d02b8 R15: 0000000000000004
00:15:37 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
r2 = dup3(r0, r1, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r2, &(0x7f0000000080)="2cd4b3ec9592d0caf362ce1bb26cecbad667664cdad382a05a709bc488bb012a61c42b88feef9a9673f876e719f5e66c535d9e4b1a589a8469018ee1903440ddecb5d0e5cbdbc5addafc18f720ccbad37308829470e3b94df298c3a60be0f79d5202fb28934de071a05bf685c314cfd8", &(0x7f0000000000)="7c83701d0e8a6a617981a19ec24c6699379c07a26ac1876212f97c63cfb2c189c85fd7eda87b1edeab8a0c3351ad43f54ba85fea28c4e330fcd64a6730"}, 0x20)

[ 2546.513359][T18766] SELinux:  policydb string length 393224 does not match expected length 8
[ 2546.525151][T18764] binder: 18746:18764 ioctl c0306201 0 returned -14
00:15:37 executing program 4 (fault-call:3 fault-nth:13):
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

00:15:37 executing program 2:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080007005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

00:15:37 executing program 0:
openat$dsp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
pipe(&(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0xd7)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x26}}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000240)={0x0, 0x8d9c, 0x10001}, 0x14)
write$binfmt_misc(r2, &(0x7f0000000100)=ANY=[], 0x4f3d1d6e)
splice(r1, 0x0, r3, 0x0, 0x10005, 0x0)

00:15:37 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(0x0, 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:37 executing program 5:
r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x6, 0x101000)
ioctl$PPPIOCDISCONN(r0, 0x7439)
r1 = getpid()
r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/qat_adf_ctl\x00', 0x4000, 0x0)
perf_event_open(&(0x7f0000000040)={0x4, 0x70, 0x1, 0x4, 0xfffffffffffffffa, 0x14000, 0x0, 0x3f, 0x484, 0xc, 0x7, 0x6, 0xfc7f, 0x2, 0x1, 0x3f8, 0xfffffffffffffffa, 0x2, 0x80000001, 0x80000001, 0x7, 0x5, 0x0, 0x6, 0x3b, 0xffffffff, 0x8322, 0xe000000000000000, 0x3, 0x0, 0x8cde, 0x1000, 0x8001, 0x80, 0x4, 0x3, 0xfffffffffffff000, 0x1, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0xc}, 0x40, 0x400, 0x8, 0xf, 0x621, 0x10000, 0x1}, r1, 0xffffffffffffffff, r2, 0xb)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="29000200040000000000f7b5acf3000000000000040000000000000000000000000000000000000000"], 0x29)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$SIOCX25SFACILITIES(r0, 0x89e3, &(0x7f0000000340)={0x2e, 0xd6, 0xb, 0xc, 0x4, 0x81})
get_robust_list(r1, &(0x7f00000002c0)=&(0x7f0000000280)={&(0x7f0000000180), 0x0, &(0x7f0000000240)={&(0x7f00000001c0)}}, &(0x7f0000000300)=0x18)
openat$selinux_access(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/access\x00', 0x2, 0x0)
dup3(r3, r3, 0x0)

00:15:37 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

00:15:37 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

[ 2546.869791][T18782] binder: 18780:18782 ioctl c0306201 0 returned -14
[ 2546.902614][T18788] SELinux:  policydb string length 458760 does not match expected length 8
00:15:37 executing program 2:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf908000a005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

[ 2546.954333][T18793] FAULT_INJECTION: forcing a failure.
[ 2546.954333][T18793] name failslab, interval 1, probability 0, space 0, times 0
[ 2546.967277][T18793] CPU: 0 PID: 18793 Comm: syz-executor.4 Not tainted 5.0.0+ #20
[ 2546.975644][T18793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2546.986660][T18793] Call Trace:
[ 2546.990392][T18793]  dump_stack+0x172/0x1f0
[ 2546.995090][T18793]  should_fail.cold+0xa/0x15
[ 2546.995120][T18793]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 2547.005879][T18793]  __should_failslab+0x121/0x190
[ 2547.005901][T18793]  should_failslab+0x9/0x14
[ 2547.005917][T18793]  kmem_cache_alloc+0x47/0x6f0
[ 2547.005940][T18793]  ebitmap_cpy+0xcd/0x270
[ 2547.005953][T18793]  ? hashtab_search+0x1c2/0x250
[ 2547.005972][T18793]  mls_compute_sid+0x5d0/0xf80
[ 2547.005995][T18793]  ? mls_convert_context+0x6d0/0x6d0
[ 2547.043237][T18796] SELinux:  policydb string length 655368 does not match expected length 8
00:15:37 executing program 2:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf908000f005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

[ 2547.044825][T18793]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2547.044844][T18793]  ? sidtab_search_core+0x164/0x210
[ 2547.044856][T18793]  ? __sanitizer_cov_trace_cmp2+0x18/0x20
[ 2547.044876][T18793]  security_compute_sid.part.0+0xed5/0x1620
[ 2547.044902][T18793]  ? security_context_to_sid_core.isra.0+0x620/0x620
[ 2547.044934][T18793]  ? kmem_cache_alloc_trace+0x354/0x760
[ 2547.095095][T18793]  security_transition_sid+0x126/0x190
[ 2547.095117][T18793]  selinux_socket_post_create+0x548/0x8a0
[ 2547.095133][T18793]  ? selinux_bprm_set_creds+0xcd0/0xcd0
[ 2547.095155][T18793]  ? sctp_init_sock+0xe27/0x1360
[ 2547.107679][T18793]  ? sock_init_data+0x8de/0xc70
[ 2547.107692][T18793]  ? sctp_destroy_sock+0x3e0/0x3e0
[ 2547.107711][T18793]  security_socket_post_create+0x89/0xd0
[ 2547.107737][T18793]  __sock_create+0x5cf/0x750
[ 2547.130973][T18798] SELinux:  policydb string length 983048 does not match expected length 8
00:15:37 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x3, 0x103000)
bind$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0x0, @hyper}, 0x10)
r2 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
socket$alg(0x26, 0x5, 0x0)
dup3(r0, r2, 0x0)

[ 2547.136281][T18793]  sock_create+0x7f/0xa0
[ 2547.136300][T18793]  sctp_do_peeloff+0x1a0/0x470
[ 2547.136315][T18793]  ? sctp_copy_sock+0xe50/0xe50
[ 2547.136335][T18793]  ? lock_downgrade+0x880/0x880
[ 2547.136353][T18793]  sctp_getsockopt_peeloff_common.isra.0+0x8e/0x270
[ 2547.136367][T18793]  ? sctp_do_peeloff+0x470/0x470
[ 2547.136385][T18793]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2547.136408][T18793]  ? _copy_from_user+0xdd/0x150
00:15:37 executing program 2:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080048005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

[ 2547.195932][T18793]  sctp_getsockopt+0x1ec1/0x673d
[ 2547.195948][T18793]  ? lock_downgrade+0x880/0x880
[ 2547.195963][T18793]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2547.195980][T18793]  ? kasan_check_read+0x11/0x20
[ 2547.196034][T18793]  ? sctp_getsockopt_peeloff_common.isra.0+0x270/0x270
[ 2547.196059][T18793]  ? avc_has_perm+0x404/0x610
[ 2547.224234][T18793]  ? __fget+0x35a/0x550
[ 2547.224259][T18793]  ? lock_downgrade+0x880/0x880
[ 2547.224283][T18793]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2547.260919][T18793]  ? sock_has_perm+0x209/0x2a0
[ 2547.260937][T18793]  ? selinux_secmark_relabel_packet+0xe0/0xe0
[ 2547.260965][T18793]  ? kasan_check_write+0x14/0x20
[ 2547.260990][T18793]  sock_common_getsockopt+0x9a/0xe0
[ 2547.261048][T18793]  ? sock_common_getsockopt+0x9a/0xe0
[ 2547.261081][T18793]  __sys_getsockopt+0x168/0x250
[ 2547.296382][T18793]  ? kernel_setsockopt+0x1e0/0x1e0
00:15:37 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(r0, r1, 0x0)
r2 = semget$private(0x0, 0x1, 0x100)
semctl$SEM_STAT(r2, 0x3, 0x12, &(0x7f0000000000)=""/32)
dup(r1)

[ 2547.296758][T18804] SELinux:  policydb string length 4718600 does not match expected length 8
[ 2547.302115][T18793]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 2547.302131][T18793]  ? do_syscall_64+0x26/0x610
[ 2547.302149][T18793]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2547.302162][T18793]  ? do_syscall_64+0x26/0x610
[ 2547.302182][T18793]  __x64_sys_getsockopt+0xbe/0x150
[ 2547.302200][T18793]  do_syscall_64+0x103/0x610
[ 2547.302229][T18793]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2547.318476][T18793] RIP: 0033:0x457f29
[ 2547.357523][T18793] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 2547.380444][T18793] RSP: 002b:00007f6ffeed5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[ 2547.390306][T18793] RAX: ffffffffffffffda RBX: 00007f6ffeed5c90 RCX: 0000000000457f29
[ 2547.398626][T18793] RDX: 0000000000000066 RSI: 0000000000000084 RDI: 0000000000000003
[ 2547.406991][T18793] RBP: 000000000073bfa0 R08: 0000000020000140 R09: 0000000000000000
[ 2547.415813][T18793] R10: 0000000020000040 R11: 0000000000000246 R12: 00007f6ffeed66d4
[ 2547.424185][T18793] R13: 00000000004c9868 R14: 00000000004d02b8 R15: 0000000000000004
[ 2547.472087][T18811] binder: 18810:18811 ioctl c0306201 0 returned -14
00:15:38 executing program 4 (fault-call:3 fault-nth:14):
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

00:15:38 executing program 2:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf908004c005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

00:15:38 executing program 5:
r0 = syz_open_dev$vcsn(&(0x7f00000002c0)='/dev/vcs#\x00', 0x5, 0x2100)
getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffff9c, 0x84, 0x1a, &(0x7f0000000300)={<r1=>0x0, 0xe2, "8616702cbc62eb7797ec91bc22f1f22a07fb5719b1ef09c12b0f848d659e4116516a9cf8d794bec42aba38895e2ac3a7adcfb312a7cd3df1244b272546bbb449cd2a6a7d30618eeef25d6178b4ff1b013f539f8b9576448598b7879df614d18886d1fbee9e6967a78236e181e6cb1a83dc5deacc76eeba39194cc792fabad9282f41342f50e552313d48434296fe964cf1861635044a1bdd0006a8a993951398eddd442b12b84747215e1c85a5cf5d7fe70d5679dbc9a311d68a8ebed189ddda8cfe2e47d9ad392db586c959b86102c72b4384403fe095be7bae0ee7d4be93bee66b"}, &(0x7f0000000400)=0xea)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000440)={r1, 0x18, "41124b2e8af96dda51792c743d70853d0d564e2755aeeaf1"}, &(0x7f0000000480)=0x20)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x8, 0x10600)
getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000080)={<r4=>0x0, 0x1, 0x700, 0x800, 0xfffffffffffff362, 0x4, 0x400, 0x6, {<r5=>0x0, @in={{0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0xd}}}, 0xa3fe, 0x7ff800000000000, 0xa15, 0x7f, 0x42b}}, &(0x7f0000000140)=0xb0)
setsockopt$inet_sctp_SCTP_DELAYED_SACK(r3, 0x84, 0x10, &(0x7f0000000180)=@sack_info={r5, 0x6, 0x7}, 0xc)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ioctl$TUNSETSTEERINGEBPF(r3, 0x800454e0, &(0x7f00000001c0)=r3)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r3, 0x84, 0x6c, &(0x7f0000000240)={r4, 0x29, "28bfa52a89603eec2f6c6ca937e149504241c8d894741554bc0958a40dc20c11fb0ba9ca707527e29b"}, &(0x7f0000000280)=0x31)
r6 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(r2, r6, 0x0)

00:15:38 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

00:15:38 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(0x0, 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:38 executing program 0:
openat$dsp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
pipe(&(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0xd7)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x26}}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000240)={0x0, 0x8d9c, 0x10001}, 0x14)
write$binfmt_misc(r2, &(0x7f0000000100)=ANY=[], 0x4f3d1d6e)
splice(r1, 0x0, r3, 0x0, 0x10005, 0x0)

00:15:38 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

[ 2547.811644][T18824] SELinux:  policydb string length 4980744 does not match expected length 8
00:15:38 executing program 5:
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x40800, 0x0)
ioctl$UI_SET_PHYS(r0, 0x4008556c, &(0x7f0000000080)='syz1\x00')
r1 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
setitimer(0x3, &(0x7f00000000c0), &(0x7f0000000100))
dup3(0xffffffffffffffff, r1, 0x0)

[ 2547.865678][T18824] sel_write_load: 7 callbacks suppressed
[ 2547.865683][T18824] SELinux: failed to load policy
[ 2547.888450][T18832] FAULT_INJECTION: forcing a failure.
[ 2547.888450][T18832] name failslab, interval 1, probability 0, space 0, times 0
[ 2547.963794][T18832] CPU: 1 PID: 18832 Comm: syz-executor.4 Not tainted 5.0.0+ #20
[ 2547.972532][T18832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2547.987742][T18832] Call Trace:
[ 2547.987773][T18832]  dump_stack+0x172/0x1f0
[ 2547.987796][T18832]  should_fail.cold+0xa/0x15
[ 2547.987817][T18832]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 2547.987836][T18832]  ? security_context_to_sid_core.isra.0+0x620/0x620
[ 2547.987863][T18832]  __should_failslab+0x121/0x190
[ 2547.987883][T18832]  should_failslab+0x9/0x14
[ 2547.987898][T18832]  kmem_cache_alloc_trace+0x4b/0x760
[ 2547.987915][T18832]  ? kmem_cache_alloc_trace+0x354/0x760
[ 2547.987943][T18832]  selinux_netlbl_sock_genattr+0xb3/0x430
[ 2548.000209][T18832]  selinux_netlbl_socket_post_create+0x7a/0x150
[ 2548.000226][T18832]  selinux_socket_post_create+0x49c/0x8a0
[ 2548.000244][T18832]  ? selinux_bprm_set_creds+0xcd0/0xcd0
[ 2548.000256][T18832]  ? sctp_init_sock+0xe27/0x1360
[ 2548.000283][T18832]  ? sock_init_data+0x8de/0xc70
[ 2548.079274][T18832]  ? sctp_destroy_sock+0x3e0/0x3e0
[ 2548.085730][T18832]  security_socket_post_create+0x89/0xd0
[ 2548.091598][T18832]  __sock_create+0x5cf/0x750
[ 2548.097758][T18832]  sock_create+0x7f/0xa0
[ 2548.097777][T18832]  sctp_do_peeloff+0x1a0/0x470
[ 2548.097791][T18832]  ? sctp_copy_sock+0xe50/0xe50
[ 2548.097809][T18832]  ? lock_downgrade+0x880/0x880
[ 2548.097828][T18832]  sctp_getsockopt_peeloff_common.isra.0+0x8e/0x270
[ 2548.097842][T18832]  ? sctp_do_peeloff+0x470/0x470
[ 2548.097859][T18832]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2548.097875][T18832]  ? _copy_from_user+0xdd/0x150
[ 2548.097892][T18832]  sctp_getsockopt+0x1ec1/0x673d
[ 2548.097904][T18832]  ? lock_downgrade+0x880/0x880
[ 2548.097917][T18832]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
00:15:38 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.swap.current\x00', 0x0, 0x0)
write$UHID_SET_REPORT_REPLY(r1, &(0x7f0000000080)={0xe, 0x4, 0x9, 0x9, 0xf1, "647fdb1f2fec42c96abc19c752837e6d5709b73b3da963dd49d9ca0c1407dc996ce00b2779d8babe86c997452eff3035647dbcfba9a484042f9f0d7d19557dd4cdfdd3693b4df857843d6a85385885801069a404921cdae6130fc746559e083749a6209ad573d1e2f231389dc55b56a62d0760787721c6fd1a8a8fa3160ace5a7652fea62e25c1ed37079aa7b18d69a711533d3b4f0c0d7b7ac01170d32472b28b150d8ec4940fc8a1932fb44bb163add0f5c7c0a7e07f452d4131cd33291e01cd317c46eca0d1d75bf9770c0876c6f51c8a8cef0e6ec13b4873c7f7a30275af588f42902753ba669c2b52ed93d8370ab7"}, 0xfd)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r2 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(r0, r2, 0x0)

00:15:38 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

00:15:38 executing program 2:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080068005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

[ 2548.097936][T18832]  ? kasan_check_read+0x11/0x20
[ 2548.097954][T18832]  ? sctp_getsockopt_peeloff_common.isra.0+0x270/0x270
[ 2548.097985][T18832]  ? avc_has_perm+0x404/0x610
[ 2548.108970][T18832]  ? __fget+0x35a/0x550
[ 2548.108993][T18832]  ? lock_downgrade+0x880/0x880
[ 2548.109043][T18832]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2548.109063][T18832]  ? sock_has_perm+0x209/0x2a0
[ 2548.109080][T18832]  ? selinux_secmark_relabel_packet+0xe0/0xe0
00:15:38 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(0x0, 0x80)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

[ 2548.109106][T18832]  ? kasan_check_write+0x14/0x20
[ 2548.109131][T18832]  sock_common_getsockopt+0x9a/0xe0
[ 2548.109145][T18832]  ? sock_common_getsockopt+0x9a/0xe0
[ 2548.109162][T18832]  __sys_getsockopt+0x168/0x250
[ 2548.109177][T18832]  ? kernel_setsockopt+0x1e0/0x1e0
[ 2548.109201][T18832]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 2548.174733][T18832]  ? do_syscall_64+0x26/0x610
[ 2548.174752][T18832]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2548.174766][T18832]  ? do_syscall_64+0x26/0x610
[ 2548.174788][T18832]  __x64_sys_getsockopt+0xbe/0x150
[ 2548.174806][T18832]  do_syscall_64+0x103/0x610
[ 2548.174830][T18832]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2548.185766][T18832] RIP: 0033:0x457f29
[ 2548.185783][T18832] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 2548.185790][T18832] RSP: 002b:00007f6ffeed5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[ 2548.185804][T18832] RAX: ffffffffffffffda RBX: 00007f6ffeed5c90 RCX: 0000000000457f29
[ 2548.185813][T18832] RDX: 0000000000000066 RSI: 0000000000000084 RDI: 0000000000000003
[ 2548.185821][T18832] RBP: 000000000073bfa0 R08: 0000000020000140 R09: 0000000000000000
[ 2548.185828][T18832] R10: 0000000020000040 R11: 0000000000000246 R12: 00007f6ffeed66d4
[ 2548.185836][T18832] R13: 00000000004c9868 R14: 00000000004d02b8 R15: 0000000000000004
[ 2548.357039][T18850] SELinux:  policydb string length 6815752 does not match expected length 8
[ 2548.401631][T18850] SELinux: failed to load policy
00:15:39 executing program 4 (fault-call:3 fault-nth:15):
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

00:15:39 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
r2 = dup3(r0, r1, 0x0)
ioctl$SNDRV_CTL_IOCTL_PVERSION(r2, 0x80045500, &(0x7f0000000000))

00:15:39 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

00:15:39 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x0)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:39 executing program 2:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf908006c005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

00:15:39 executing program 0:
openat$dsp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
pipe(&(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0xd7)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x26}}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000240)={0x0, 0x8d9c, 0x10001}, 0x14)
write$binfmt_misc(r2, &(0x7f0000000100)=ANY=[], 0x4f3d1d6e)
splice(r1, 0x0, r3, 0x0, 0x10005, 0x0)

00:15:39 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(r0, r1, 0x0)
r2 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x6287, 0x0)
ioctl$VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f00000002c0)={0x3, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x3ebe8810}]}})
openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x44c000, 0x0)

00:15:39 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

[ 2548.720519][T18864] SELinux:  policydb string length 7077896 does not match expected length 8
[ 2548.745864][T18864] SELinux: failed to load policy
[ 2548.821367][T18874] FAULT_INJECTION: forcing a failure.
[ 2548.821367][T18874] name failslab, interval 1, probability 0, space 0, times 0
[ 2548.835845][T18874] CPU: 1 PID: 18874 Comm: syz-executor.4 Not tainted 5.0.0+ #20
[ 2548.844411][T18874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2548.854964][T18874] Call Trace:
[ 2548.858757][T18874]  dump_stack+0x172/0x1f0
[ 2548.863875][T18874]  should_fail.cold+0xa/0x15
[ 2548.869116][T18874]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 2548.875531][T18874]  ? mark_held_locks+0xf0/0xf0
[ 2548.881340][T18874]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2548.888223][T18874]  __should_failslab+0x121/0x190
[ 2548.895282][T18874]  should_failslab+0x9/0x14
[ 2548.899972][T18874]  __kmalloc_track_caller+0x6d/0x740
[ 2548.905441][T18874]  ? security_netlbl_sid_to_secattr+0x18f/0x310
[ 2548.912488][T18874]  kstrdup+0x3a/0x70
[ 2548.916626][T18874]  security_netlbl_sid_to_secattr+0x18f/0x310
[ 2548.923248][T18874]  selinux_netlbl_sock_genattr+0xf3/0x430
[ 2548.929933][T18874]  selinux_netlbl_socket_post_create+0x7a/0x150
[ 2548.937305][T18874]  selinux_socket_post_create+0x49c/0x8a0
[ 2548.943331][T18874]  ? selinux_bprm_set_creds+0xcd0/0xcd0
[ 2548.949106][T18874]  ? sctp_init_sock+0xe27/0x1360
[ 2548.949125][T18874]  ? sock_init_data+0x8de/0xc70
[ 2548.949137][T18874]  ? sctp_destroy_sock+0x3e0/0x3e0
[ 2548.949160][T18874]  security_socket_post_create+0x89/0xd0
[ 2548.959497][T18874]  __sock_create+0x5cf/0x750
[ 2548.959519][T18874]  sock_create+0x7f/0xa0
[ 2548.959546][T18874]  sctp_do_peeloff+0x1a0/0x470
[ 2548.959561][T18874]  ? sctp_copy_sock+0xe50/0xe50
[ 2548.959581][T18874]  ? lock_downgrade+0x880/0x880
[ 2548.959603][T18874]  sctp_getsockopt_peeloff_common.isra.0+0x8e/0x270
[ 2548.971409][T18874]  ? sctp_do_peeloff+0x470/0x470
[ 2548.971430][T18874]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2548.971448][T18874]  ? _copy_from_user+0xdd/0x150
[ 2548.971466][T18874]  sctp_getsockopt+0x1ec1/0x673d
[ 2548.971480][T18874]  ? lock_downgrade+0x880/0x880
[ 2548.971494][T18874]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2548.971518][T18874]  ? kasan_check_read+0x11/0x20
[ 2548.981226][T18874]  ? sctp_getsockopt_peeloff_common.isra.0+0x270/0x270
[ 2548.981242][T18874]  ? avc_has_perm+0x404/0x610
[ 2548.981267][T18874]  ? __fget+0x35a/0x550
[ 2548.981290][T18874]  ? lock_downgrade+0x880/0x880
[ 2548.981305][T18874]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2548.981330][T18874]  ? sock_has_perm+0x209/0x2a0
[ 2549.075695][T18884] SELinux:  policydb string length 7602184 does not match expected length 8
[ 2549.080555][T18874]  ? selinux_secmark_relabel_packet+0xe0/0xe0
[ 2549.080587][T18874]  ? kasan_check_write+0x14/0x20
[ 2549.080615][T18874]  sock_common_getsockopt+0x9a/0xe0
[ 2549.080630][T18874]  ? sock_common_getsockopt+0x9a/0xe0
[ 2549.080647][T18874]  __sys_getsockopt+0x168/0x250
[ 2549.080669][T18874]  ? kernel_setsockopt+0x1e0/0x1e0
[ 2549.123207][T18874]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 2549.129059][T18874]  ? do_syscall_64+0x26/0x610
[ 2549.134673][T18874]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2549.135823][T18884] SELinux: failed to load policy
[ 2549.141032][T18874]  ? do_syscall_64+0x26/0x610
[ 2549.141056][T18874]  __x64_sys_getsockopt+0xbe/0x150
[ 2549.141076][T18874]  do_syscall_64+0x103/0x610
[ 2549.141098][T18874]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2549.141110][T18874] RIP: 0033:0x457f29
[ 2549.141125][T18874] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 2549.141134][T18874] RSP: 002b:00007f6ffeed5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[ 2549.141147][T18874] RAX: ffffffffffffffda RBX: 00007f6ffeed5c90 RCX: 0000000000457f29
[ 2549.141165][T18874] RDX: 0000000000000066 RSI: 0000000000000084 RDI: 0000000000000003
00:15:39 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x0, &(0x7f0000000680)})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

00:15:39 executing program 2:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080074005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

00:15:39 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
fadvise64(r0, 0x0, 0x9, 0x1)
r2 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(r1, r2, 0x0)

00:15:39 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x3, 0x40000)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x100000000000004)
r2 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
r3 = dup3(r0, r2, 0x80002)
setsockopt$inet6_tcp_buf(r3, 0x6, 0x1c, &(0x7f0000000080)="a5a3e3f860620a307a9d993efe7ff0bd475787562c0d14242353a7846c114ff7b627c6d50bb56de42738ff12ca9970034ad19164b9b709d4eb13bbaa0eb51c30140a2a7f1a5557a1b5b1d80ecfa10a795cc96d84cce96f4a3048858b61e8e146d2f25bd2399fe9f195992c3e0c04ab4828b14a26a4ab830a9b4e907d8906dc92df3c1aae8b6150b6f7a92e8493ba", 0x8e)

[ 2549.156617][T18874] RBP: 000000000073bfa0 R08: 0000000020000140 R09: 0000000000000000
[ 2549.156627][T18874] R10: 0000000020000040 R11: 0000000000000246 R12: 00007f6ffeed66d4
[ 2549.156634][T18874] R13: 00000000004c9868 R14: 00000000004d02b8 R15: 0000000000000004
00:15:40 executing program 2:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf908007a005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

00:15:40 executing program 0:
openat$dsp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
pipe(&(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000000)='vcan0\x00', 0x1000001c3)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x26}}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000240)={0x0, 0x8d9c, 0x10001}, 0x14)
write$binfmt_misc(r2, &(0x7f0000000100)=ANY=[], 0x4f3d1d6e)
splice(r1, 0x0, r3, 0x0, 0x10005, 0x0)

00:15:40 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0x0, 0x0, 0x0})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

00:15:40 executing program 4 (fault-call:3 fault-nth:16):
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000240)=[@in6={0xa, 0x0, 0x0, @local, 0x3}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r1=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)

00:15:40 executing program 1:
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
ioctl(0xffffffffffffffff, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x1)
ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f00000003c0), &(0x7f0000000440)=0xffffffffffffff91)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
fremovexattr(0xffffffffffffffff, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x0)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000380)={0x3f, 0xc60, 0x202, 0xfffffffffffffffe, 0x200, 0x8, 0x5}, 0x20)
ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000080))
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_security(0x11, 0x0, 0x0, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$tun(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x1)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x8000000, 0x0, 0x3e6, 0x0, 0x0, 0x0, 0x4fe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

00:15:40 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0xa0080, 0x0)
ioctl$sock_bt_bnep_BNEPCONNADD(r2, 0x400442c8, &(0x7f0000000240)={r1, 0x100000000, 0x7fffffff, "bd3b7cd15cb94602e87e9c324df527f3b6b56ab2d32a9e9ffa13070e620edf31f0b7e6489a00d6f2c47f8f59614be9a431132123ec69a8468ca45bf61751fd39a6eea89e1dc5fe5b6971c67864c249b22bb6d194638f29c679682b6f2ebb394f41078d5e3c5d63667876b35db798197a924864305ca01caafd1473f65360b6efe101407c204ae4dea2b9d5a10fe8592aa5ead9c43c6981b99c8ad30d0f2529ba7f63bd4a2d03b1a44a88d69457ff6b50e8edc356688d638b510c6c9eedeab4b751a1c10535a031b7202f0505f6527bf492644969458c7dbc6f8c40816bf1b753204c6c0b2bd7e503d537b518645a7504a7684ed0f2dd7fc179996c619e7f1b3a9a1e57d6aaa20c453d3aacf672de46fd6533328bfa1ec21dafe8671257d72ec2bc86e1bf999c5c00c2a253523b98060a714670e43a03a1108a9e9f2a577c940159c382d328c981866c67d7943ba1537a30aeb31cb6207d47931d02c1f6b3f4faed3e7c7e19ad0b68008af7d01312b399b14c3807fcd59c62e56834fbb53eef4587a76d8883032588bc4d0c2a1e1a36c2a54fe668b4205caf7813bd1f72a04c12e2afbec5d8f713906eb9bae81839a44310d60573fb051281465502335ec484383a5838f39eee18c47333523f9048bdee563a92579f62de3ebbcb782db640781fa0156ee5b8d50a06c24c1e1fbd85a043b5700263b55a5c79bde002c5764681277f8909e4907bb9dcd58744c6ee0317566074010a75898a31921623e7230913f5586bda0e15affa0f9c2334518c44614f14b98d51d01da806544aca6ebc99ba40fd1a5942a97ef1c1b77a817700934040f7582fbb9242ad74fdfd2116f4fa0311b6ac800fd5fd2366c52f5050b61da7abaf58f04fa9b84d057b079859dff243a4519894d208d2c760e174c196479fe22059a9cb5af12c4ab22d1744237b1c54ddb04ded032db27bc5203f8b21e1bb5377c8b343225401bd8df89a28e8a45188e64b9d3541d05f6b8af8fab3b9cb773e17809e889494bb9816d9e72aa69f46389eef97b6b3a2834081f7916d87160f6b1e0a79daaa4e3a8ea69096592d45e63f1fa773bb2f6767ffa701937559c5e1966a1542e07272f3060be8412632b1a2ba68f8227a37aaa741ab61981c19399efea559a1d51f9a926b699bdda49f424497819b81c5b929b6207e3e0a632ec8329d61a94ceb4b2029406a5b23dc1ff71ccdda5f4f2fda5d9e87eaafaaf494f43bf76944e8377b2e981ad34e2d42a827e5e0633291188aeb06b90fa7ce59d4f2e5fdb4ebc17cced6a9e252fe819f1812dba13ce4db7df32373b3b61904ac80c4cf97848c6469a424abf90ee3230082d5d6b540b645325dcf5f69bd17ef6b3cfb57eb3a3283a431166cc151f32cf568f7bbbdc6beed260c97b9445463e51149c1d609ddeed6ff6bd3fe32b994b5b0df2863214dcdc83fb2a261cafd5f4b7f7267ea2a50f6ace6b7357ae846fc03c6d31e4919d0c24d367f608bb8793e3b80b77b6e9011a38b79199989e5fd76d9c5d25ab2be9ebbc8868ef5a4992eb6bafd6224e2884df29ee57a14852fdd5e40d0d9744a591cebb3317bc6d90516f2a0e9ca220e722d4f605aa564e8d01a01d391179e083050d51ef64c2a28a7b6f6837ecfec8934f51dc0e2e8a7940d0d5a723d166dac26fbcf4404264dc76b99cd80f89fac521c989414960f36d0e8b1b43b1aa07ac8e04d300c743fa14711bf3e3474b69f7d826599a794dc151c65e5c5b0494a2f3efc3cd2c655ad04decda3c5b4c23d08dadc16708a481838e26b716ca7098d6515b3b92bdbd92c1d4fc453f820d6929a7cdbea0111eb94b460eec397883423c4efd075ed2ceeb616a105e040b0bc924b5d61996f4ae1ca3af9a2916169e120feb30d80a95a3e1b9cda0add8ee361dbe2c5d0c8189673d5c9834b2ac50fe8424964022fc0adcd4de1132d3071d39a95ba0bb46f5fcb25a46fcce4ee5818d29a6cdd766a4fc998044ca59331b21dedcbb69cad8af2ab3e91df969243939a22c114840bd076e27a0c9fc7124b18bda005480a0ecf47bb8f254f8e32c6bca99fefbc792d7be8c4eef4aebebb975ba8d00fdb723225366888a2d7bb1a60ec80dc9b9c80e0b5f6b13180e2cf2c0db41e843b302cf3e7fe4f952c57e731cc2464cdd518a916c0f1ed7e6b8bec9885751827cd5cfd9a401e9480fdd8175ea876f8a2ac6950bd912f336fbaf41e1e06b302c42f7baf2a02f8925d0523d8f2f80d3519b44d09232087965779847e4d057772b2a2f70790fb56a9c5121acf939f923fc38a3e03129e91574915369481aa7544824f2c73b4f9dca66403c7ca59293438a7b8dfd3dc76bc954a852f27462329d8cf4d09fdef1af6c9e2328e32a20a0b78f0477d743a6953793a333678c448fe90fd46a49cd1fe6e5c5d8e92cea5718ce8961550a227fa82793656fe54a42467a673c2fe2ea77ddc426a53dd7fd9bd6bedbf6e170cc308442cb5b2cb7f7211e36b4fc925d175fd75d99ad914efdc877ff134f1e85627c32b0375e2f4c281fe4c1d0479273541abd488fdb43c739d4dc190b9a2963d4acb4d92d32145e9d69cdceaaf4229ecb55638c40f85d75903e3b6fc4df46e78ebfcc94e3f62e3f17bb8add072218e2a1f94aacfaf905bf0efbaad800018b8abc1bcd730d6e361de228cc069d15d0619ee13b07cebfd7625571833a968463ffce9a125ca5d7ba4ccaa9adaf0cbf316406d4bc19d60857ed1b9a78d0bf9ce00177d997535e57f0c990f31ee6c54d20c4e3d52ffc64e03b781a38958e6d246aba7cc91ac3ca93ea2bfff1745267d5120041186c6a81da522e342fc3d3941e0a07599f7467447b6f870b18cda58b8760ac596b6b382be95495dc305ac052d644d31a1ece0f0e539a0263af54420f77cfcf6266f7ebb28c47026893da7ec0dc1f355b02a70c37dac73f80bf9f591a09415c9628033d535abdd6049c21db9864bc20aa1ac076944f2540467b8023b387d20625fea4c5e7a964914bda01d7aa58bcaa4ea1182283b3a7cf47565d3d54e5c1552ebdf50572eaefac086988463163baec3aa1d471f37df1b942c0a1bf8d9e4f569ffe23383d0815497c5b8cff3a518fc3960f5e21917e403ccd7301a3fadf0d59112d4423a47ff4fa039a270b1f692d51fedcfaa48dc8598382c18ceda36ffba5fa0a938113f7008fce9334fecdf5c25fc7bcd1b102d4dcd69076cd50d874ade908f8fc129a6d5e99b7bbc04ca9f36ea442eea2feeb6f40d0da6c196a94cd1001f2f0f483d7f78074698c7dddb35471f23f1a9e8b5112719154bf0e41baf0bef9bd28d6cda165a2c4cb576e6b5ffb7a0d9d1a6ade988002a4f712d2e6d82ac1c38071785a14258e1308be6aa362d20d347258bedc1416f58ca130abd22f4cdc00c50bf9a80dd78ae1a4136f68c78e59a601d387224787397d05c638333a63f276319e3e257a40f391f78e20768ec475ce166c93073e6b372d04f7288421433431bce0ac591a973d5f38785b01a58659c964de904181ea9de712cf90b420ffdacc4339d4c964652abef5160c2362075fca401c674968ce43db396c3241be0f59d92483d6b7c96ac1f86109477cfdb88615b2904c4a6a9b36ef9cd6928589dac8428972eb07ef26e75b097fea769f0f778cdb1db4bf27c2137065edded5b2c564c30aab751065b340a5c11882925fb4f8088921901b4900fcbddd98fce9e2b097c378f85286c7ed15eee541e335bd1d0ddbe24e8086bdae37f1c25cf07a1b32917fab6a4461586b295e208bbf6cbe3e8227136c083172c5070ba1337c796218eaefce1510ea8d056d4e1937a1c097e6949c910214d264af813a0d77a1d3fe60da9bbcbb228ab092fc830706ded2eceded82d2d503201cc25674a595b5bff776eb887759e4133c61869650ab15d217ebdc057e27bbd847661e7d7fa6d589b1a16dffc86354a4417e17b026c66b6c933dc2ffd882b5683609a79f7b62ad425c0b01a74306b3f0ca5f854a79b3d1b1feb72cb72f842778c048aa6a2c965d9de68ab571976eaed8b62851e213aaecacdb85153c7fec5c87f53289e11c8e795b170d9df10185443a8897aab4699dd5a6ed4164eab22bf74df608cde04afebc77f2dd2ef0cce6d2687e3e22a18e403ab3de9d24d08a39f5a583c9fc7e0d2edd6a6d6d283f5fea39a9972599d2530f9edc74ec26780a28f3a96a8fba5450fc2e79fb59ba151e195c2907f2c299f8781b14a60b954cf47b9746a1a62fadc3a2e8fe2fb8fea29edc8d00f797a3fa98150e8d3e411cfd6c0e8c3baa65ee9c6c88de40361a621da3ac4d26293af8160ba02d645e377f845c5b6a830f88ab1cb75f4a9cafd77f8fd084ebcfff6358d007c67452c8b5c46675e35845db6846a81a1a7802a1c9836fe1044d8bddfaf7af8028c9cf953644f58e0eb80796fa039b5e45ec9aac355e49c0469415e2b73aeaea63fb67039d2350914ddfaed5cf87378afc236f71a593fe5dad23d664dd63d76035754b877a69fa1e81a5fa2a91be889f5d15fd7933603f7c0f4a5b58d47fbd969fc12d2f5575b160f00572ba93d3676b4ff9818d0cbfaf606cbfbb96707e9fa64421db86f9259c63ae9019d74ff484f6f8e23657477b30b748dcffa1cb044039731f972ca1e0021e970e0fd60e93453e149e60962920db027ce9093107a407d40e497636cab6f31fb88ea1c5aa75058dad841bc528d32c4f8ee62b25fc1ba2138622277a9d6a4254d3a4f88255e80e75bd866bc9b43e4bc069f684b7620e97432fec9fee7ddef187acec94e1fc78775655a28b7103360d58d2a2f985beba3a51b9a27fd87f2536cc75aeca2f8a56a65d97a6576205346667454e9a0e5b1a00eb6cae2216ae5cc3728515f41f0f47806dbdc35bc63cebf168bd5a5c228c73c2237bf9f1728e7fd01bd8873f9dd2b59c4c1fead83acd567746a53a9e1a55583cf540f6d6d2f1f761cb57aab5b45460c98e52bc14a8b5f9f28336071e57f9e172d531acb0d38c28057aacee60c9ae49117f06dd7d0454d13ffc4830a5256fd0e654dce1034ccc913b0406264398eb5c04f3f28834dfe0efd51c7be1869498447d7da8c23a276a65d797d6c587d145a9df550c8441e0794ff92ed1e4ac8036507023744ac4acd6a19a4a4ca5a0fa960e6b10216022aa409b72add4c305dfea02741773b9f0b2e0878268c365a28220cb6189ac46525747ff05bbb835ae3d886a5e7cc1fa7f0d367bba59bf9b2a024503242b636f5ffb9a1e4dc7c000f3ef06bed7a9378d68921b226a0020b4f1562617c2181006a626d0c84026bffe69f6c8cdaff04786fe655e1df7c51654005d918cd33928a0687c66e0551eff3e0f83282bc0ff039e438f02b00874293031a0168270cfeb2f15f433bb9404b5083735396befa13023fcd28a16423001bafb4908c74c365e5e7e1ffc6c0197b3b1bcc4178af24915de1f3e058d4373ac85b8c6891d4b665fdf1981a29b2d1074c67752d595d34264a3b0f3c08b5e903cd1baab238b8e84c1e4d0eddda1a4173355d6a8ae9de27969a7a6ed6143ab3b2c7698b054ef9021ab9f8f19861cd7015eee8bae9dc2eee7bbd3c0ffb19a53e960b0c7f41596d01bf33db4233b723c244044429c00dc565417f35dddca9ba5eaa454f2f0577e053d5bb2fe6bc8188b4ca31a3aa00050798bba9fdf155c0794b5d58a1df44d6f2b37a69ee8f3a9c4853d03b0525b77a2784fe74ac716d93a62da34e34d1edaa8998eb25f54707b0418b5de7552be23d8b5fcc9ec91a46413d77c9bf"})
r3 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(r1, r3, 0x0)
splice(r0, &(0x7f0000000000), r0, &(0x7f00000000c0), 0x1001, 0x1)

[ 2549.638823][T18902] SELinux:  policydb string length 7995400 does not match expected length 8
00:15:40 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0x0, 0x0, 0x0})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

[ 2549.681702][T18902] SELinux: failed to load policy
00:15:40 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
ioctl$sock_inet_SIOCGIFNETMASK(r0, 0x891b, &(0x7f0000000080)={'bcsf0\x00', {0x2, 0x4e22, @empty}})
r1 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
open(&(0x7f0000000000)='./file0\x00', 0x400, 0xc0)
dup3(r0, r1, 0x0)

00:15:40 executing program 2:
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080002005345204c696e75781200000000c46f0006000000070000003c9f030000b8b15a0f00000000681bfd45ef000000000000000000000000000000000000000000"], 0x47)

[ 2549.764926][T18914] FAULT_INJECTION: forcing a failure.
[ 2549.764926][T18914] name failslab, interval 1, probability 0, space 0, times 0
[ 2549.802235][T18914] CPU: 0 PID: 18914 Comm: syz-executor.4 Not tainted 5.0.0+ #20
[ 2549.810349][T18914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2549.820978][T18914] Call Trace:
[ 2549.824428][T18914]  dump_stack+0x172/0x1f0
[ 2549.830101][T18914]  should_fail.cold+0xa/0x15
[ 2549.835609][T18914]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 2549.841733][T18914]  ? ___might_sleep+0x163/0x280
[ 2549.846938][T18914]  __should_failslab+0x121/0x190
[ 2549.852421][T18914]  should_failslab+0x9/0x14
[ 2549.857325][T18914]  kmem_cache_alloc_trace+0x2d1/0x760
00:15:40 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0x0, 0x0, 0x0})
dup(r1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

[ 2549.863176][T18914]  ? mark_held_locks+0xa4/0xf0
[ 2549.863990][T18920] SELinux:  policydb string length 131080 does not match expected length 8
[ 2549.867991][T18914]  sctp_add_bind_addr+0x9f/0x3a0
[ 2549.868050][T18914]  sctp_bind_addr_dup+0xdd/0x140
[ 2549.868068][T18914]  sctp_sock_migrate+0x525/0x14c0
[ 2549.868093][T18914]  ? kasan_check_read+0x11/0x20
[ 2549.898099][T18914]  sctp_do_peeloff+0x2f5/0x470
[ 2549.903261][T18914]  ? sctp_copy_sock+0xe50/0xe50
[ 2549.906741][T18920] SELinux: failed to load policy
00:15:40 executing program 5:
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r0 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access\x00', 0x2, 0x0)
dup3(0xffffffffffffffff, r0, 0x0)

[ 2549.909128][T18914]  ? lock_downgrade+0x880/0x880
[ 2549.909152][T18914]  sctp_getsockopt_peeloff_common.isra.0+0x8e/0x270
[ 2549.909169][T18914]  ? sctp_do_peeloff+0x470/0x470
[ 2549.909188][T18914]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2549.909212][T18914]  ? _copy_from_user+0xdd/0x150
00:15:40 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)})
dup(0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000100)=[@release], 0x0, 0x0, 0x0})

[ 2549.961512][T18914]  sctp_getsockopt+0x1ec1/0x673d
[ 2549.967323][T18914]  ? lock_downgrade+0x880/0x880
[ 2549.973048][T18914]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2549.980095][T18914]  ? kasan_check_read+0x11/0x20
[ 2549.985141][T18914]  ? sctp_getsockopt_peeloff_common.isra.0+0x270/0x270
[ 2549.993482][T18914]  ? avc_has_perm+0x404/0x610
[ 2549.998622][T18914]  ? __fget+0x35a/0x550
[ 2550.002938][T18914]  ? lock_downgrade+0x880/0x880
[ 2550.008357][T18914]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2550.015732][T18914]  ? sock_has_perm+0x209/0x2a0
[ 2550.020631][T18914]  ? selinux_secmark_relabel_packet+0xe0/0xe0
[ 2550.027051][T18914]  ? kasan_check_write+0x14/0x20
[ 2550.032393][T18914]  sock_common_getsockopt+0x9a/0xe0
[ 2550.037979][T18914]  ? sock_common_getsockopt+0x9a/0xe0
[ 2550.043855][T18914]  __sys_getsockopt+0x168/0x250
[ 2550.049096][T18914]  ? kernel_setsockopt+0x1e0/0x1e0
[ 2550.054827][T18914]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 2550.060320][T18914]  ? do_syscall_64+0x26/0x610
[ 2550.065860][T18914]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2550.073208][T18914]  ? do_syscall_64+0x26/0x610
[ 2550.078883][T18914]  __x64_sys_getsockopt+0xbe/0x150
[ 2550.084532][T18914]  do_syscall_64+0x103/0x610
[ 2550.089423][T18914]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2550.096392][T18914] RIP: 0033:0x457f29
[ 2550.096409][T18914] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 2550.096416][T18914] RSP: 002b:00007f6ffeed5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[ 2550.096428][T18914] RAX: ffffffffffffffda RBX: 00007f6ffeed5c90 RCX: 0000000000457f29
[ 2550.096435][T18914] RDX: 0000000000000066 RSI: 0000000000000084 RDI: 0000000000000003
[ 2550.096443][T18914] RBP: 000000000073bfa0 R08: 0000000020000140 R09: 0000000000000000
[ 2550.096451][T18914] R10: 0000000020000040 R11: 0000000000000246 R12: 00007f6ffeed66d4
[ 2550.096459][T18914] R13: 00000000004c9868 R14: 00000000004d02b8 R15: 0000000000000004
[ 2550.109637][T18914] kasan: CONFIG_KASAN_INLINE enabled
[ 2550.127357][ T3874] kobject: 'loop5' (0000000000788b4d): fill_kobj_path: path = '/devices/virtual/block/loop5'
[ 2550.144132][T18914] kasan: GPF could be caused by NULL-ptr deref or user memory access
[ 2550.150932][ T3874] kobject: 'loop3' (00000000cf4cd494): kobject_uevent_env
[ 2550.164288][T18914] general protection fault: 0000 [#1] PREEMPT SMP KASAN
[ 2550.165895][ T3874] kobject: 'loop3' (00000000cf4cd494): fill_kobj_path: path = '/devices/virtual/block/loop3'
[ 2550.173737][T18914] CPU: 0 PID: 18914 Comm: syz-executor.4 Not tainted 5.0.0+ #20
[ 2550.173744][T18914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2550.173764][T18914] RIP: 0010:sctp_assoc_rwnd_increase+0x34/0x520
[ 2550.173778][T18914] Code: 41 54 49 89 fc 53 89 f3 48 83 ec 10 e8 55 11 ef fa 49 8d bc 24 60 06 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 2f 04 00 00 45 8b ac 24 60 06
[ 2550.173784][T18914] RSP: 0018:ffff888036a476f8 EFLAGS: 00010203
[ 2550.173794][T18914] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc9000e8a4000
[ 2550.173801][T18914] RDX: 00000000000000cb RSI: ffffffff868152db RDI: 000000000000065f
[ 2550.173809][T18914] RBP: ffff888036a47730 R08: ffff88809355e1c0 R09: ffff88809355ea88
[ 2550.173815][T18914] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffffffffffff
[ 2550.173822][T18914] R13: 0000000000000000 R14: ffff88805c0a0bc0 R15: 0000000000000000
[ 2550.173831][T18914] FS:  00007f6ffeed6700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
[ 2550.173839][T18914] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2550.173845][T18914] CR2: 0000001b30c2c000 CR3: 000000005c1e0000 CR4: 00000000001406f0
[ 2550.173854][T18914] Call Trace:
[ 2550.173874][T18914]  sctp_ulpevent_free+0x21f/0x4e0
[ 2550.173889][T18914]  sctp_queue_purge_ulpevents+0xc4/0x110
[ 2550.173903][T18914]  sctp_close+0x148/0x860
[ 2550.173918][T18914]  ? rcu_read_lock_sched_held+0x110/0x130
[ 2550.173933][T18914]  ? mark_held_locks+0xa4/0xf0
[ 2550.173953][T18914]  ? sctp_init_sock+0x1360/0x1360
[ 2550.183060][ T3874] kobject: 'loop2' (00000000c840cb6d): kobject_uevent_env
[ 2550.190491][T18914]  ? sctp_add_bind_addr+0x2d3/0x3a0
[ 2550.190509][T18914]  ? ip_mc_drop_socket+0x211/0x270
[ 2550.190522][T18914]  ? sctp_bind_addr_dup+0xf3/0x140
[ 2550.190537][T18914]  inet_release+0x105/0x1f0
[ 2550.190550][T18914]  inet6_release+0x53/0x80
[ 2550.190563][T18914]  __sock_release+0x1fe/0x2b0
[ 2550.190574][T18914]  sock_release+0x18/0x20
[ 2550.190586][T18914]  sctp_do_peeloff+0x38a/0x470
[ 2550.190598][T18914]  ? sctp_copy_sock+0xe50/0xe50
[ 2550.190621][T18914]  ? lock_downgrade+0x880/0x880
[ 2550.200817][ T3874] kobject: 'loop2' (00000000c840cb6d): fill_kobj_path: path = '/devices/virtual/block/loop2'
[ 2550.207782][T18914]  sctp_getsockopt_peeloff_common.isra.0+0x8e/0x270
[ 2550.207796][T18914]  ? sctp_do_peeloff+0x470/0x470
[ 2550.207812][T18914]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2550.207826][T18914]  ? _copy_from_user+0xdd/0x150
[ 2550.207839][T18914]  sctp_getsockopt+0x1ec1/0x673d
[ 2550.207851][T18914]  ? lock_downgrade+0x880/0x880
[ 2550.207863][T18914]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2550.207878][T18914]  ? kasan_check_read+0x11/0x20
[ 2550.207900][T18914]  ? sctp_getsockopt_peeloff_common.isra.0+0x270/0x270
[ 2550.512271][T18914]  ? avc_has_perm+0x404/0x610
[ 2550.517589][T18914]  ? __fget+0x35a/0x550
[ 2550.522084][T18914]  ? lock_downgrade+0x880/0x880
[ 2550.527433][T18914]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2550.533916][T18914]  ? sock_has_perm+0x209/0x2a0
[ 2550.538699][T18914]  ? selinux_secmark_relabel_packet+0xe0/0xe0
[ 2550.545314][T18914]  ? kasan_check_write+0x14/0x20
[ 2550.551092][T18914]  sock_common_getsockopt+0x9a/0xe0
[ 2550.557940][T18914]  ? sock_common_getsockopt+0x9a/0xe0
[ 2550.565227][T18914]  __sys_getsockopt+0x168/0x250
[ 2550.570727][T18914]  ? kernel_setsockopt+0x1e0/0x1e0
[ 2550.577748][T18914]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 2550.583319][T18914]  ? do_syscall_64+0x26/0x610
[ 2550.589103][T18914]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2550.596096][T18914]  ? do_syscall_64+0x26/0x610
[ 2550.601749][T18914]  __x64_sys_getsockopt+0xbe/0x150
[ 2550.608475][T18914]  do_syscall_64+0x103/0x610
[ 2550.615767][T18914]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2550.625224][T18914] RIP: 0033:0x457f29
[ 2550.629591][T18914] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 2550.653532][T18914] RSP: 002b:00007f6ffeed5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[ 2550.664322][T18914] RAX: ffffffffffffffda RBX: 00007f6ffeed5c90 RCX: 0000000000457f29
[ 2550.673766][T18914] RDX: 0000000000000066 RSI: 0000000000000084 RDI: 0000000000000003
[ 2550.682289][T18914] RBP: 000000000073bfa0 R08: 0000000020000140 R09: 0000000000000000
[ 2550.692450][T18914] R10: 0000000020000040 R11: 0000000000000246 R12: 00007f6ffeed66d4
[ 2550.702437][T18914] R13: 00000000004c9868 R14: 00000000004d02b8 R15: 0000000000000004
[ 2550.712758][T18914] Modules linked in:
[ 2550.723364][T18914] ---[ end trace 8c8f75ad68b651db ]---
[ 2550.729403][T18914] RIP: 0010:sctp_assoc_rwnd_increase+0x34/0x520
[ 2550.741434][T18914] Code: 41 54 49 89 fc 53 89 f3 48 83 ec 10 e8 55 11 ef fa 49 8d bc 24 60 06 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 2f 04 00 00 45 8b ac 24 60 06
[ 2550.753697][ T3874] kobject: 'loop0' (00000000a97dc98a): kobject_uevent_env
[ 2550.770884][ T3874] kobject: 'loop0' (00000000a97dc98a): fill_kobj_path: path = '/devices/virtual/block/loop0'
[ 2550.772902][T18914] RSP: 0018:ffff888036a476f8 EFLAGS: 00010203
[ 2550.791182][T18914] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc9000e8a4000
[ 2550.800334][T18914] RDX: 00000000000000cb RSI: ffffffff868152db RDI: 000000000000065f
[ 2550.810195][T18914] RBP: ffff888036a47730 R08: ffff88809355e1c0 R09: ffff88809355ea88
[ 2550.819647][T18914] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffffffffffff
[ 2550.828516][T18914] R13: 0000000000000000 R14: ffff88805c0a0bc0 R15: 0000000000000000
[ 2550.838097][T18914] FS:  00007f6ffeed6700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
[ 2550.847555][T18914] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2550.854505][T18914] CR2: 000000000070b158 CR3: 000000005c1e0000 CR4: 00000000001406e0
[ 2550.862882][T18914] Kernel panic - not syncing: Fatal exception
[ 2550.870705][T18914] Kernel Offset: disabled
[ 2550.875339][T18914] Rebooting in 86400 seconds..