858277ed53336f134ae17efa05483d982a5a9f76c311a39cb3c4983e5f640d0b960c7c8a6c8e1b1ee6564c228a889e05e5193055abba69b489b3e7fd009e5f", @ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627300000000000000000000000000000000000000008561646600"/96], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0})

22:18:41 executing program 4:
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt$EBT_SO_GET_INIT_ENTRIES(r0, 0x0, 0xe, 0x0, &(0x7f0000000180))

22:18:41 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = dup3(0xffffffffffffffff, r0, 0x80000)
write$P9_RWSTAT(r1, &(0x7f0000000040)={0x7, 0x7f, 0x1}, 0x7)
r2 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x5, 0x2, 0x36}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

[  487.209485] binder_alloc: 11491: binder_alloc_buf, no vma
[  487.222947] binder: 11491:11495 transaction failed 29189/-3, size 104-24 line 3284
[  487.231653] binder: 11491:11495 ioctl c0306201 20000800 returned -14
[  487.247281] binder: 11502:11504 got transaction with invalid data ptr
22:18:41 executing program 4:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB], 0x48}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0xffffffffffffffc7, &(0x7f0000000300)={&(0x7f0000000280)=@dellink={0x28, 0x65, 0x30479e840602a76b, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x28}}, 0x0)

22:18:41 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = dup3(0xffffffffffffffff, r0, 0x80000)
write$P9_RWSTAT(r1, &(0x7f0000000040)={0x7, 0x7f, 0x1}, 0x7)
r2 = syz_open_dev$binder(0x0, 0x0, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x5, 0x2, 0x36}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

22:18:41 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = dup3(0xffffffffffffffff, r0, 0x80000)
write$P9_RWSTAT(r1, &(0x7f0000000040)={0x7, 0x7f, 0x1}, 0x7)
r2 = syz_open_dev$binder(0x0, 0x0, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x5, 0x2, 0x36}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

[  487.250083] binder: undelivered TRANSACTION_ERROR: 29189
[  487.268795] binder_alloc: 11513: binder_alloc_buf, no vma
[  487.268811] binder: 11513:11514 transaction failed 29189/-3, size 104-24 line 3284
[  487.268825] binder: 11513:11514 ioctl c0306201 20000800 returned -14
22:18:41 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = dup3(0xffffffffffffffff, r0, 0x80000)
write$P9_RWSTAT(r1, &(0x7f0000000040)={0x7, 0x7f, 0x1}, 0x7)
r2 = syz_open_dev$binder(0x0, 0x0, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x5, 0x2, 0x36}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

22:18:42 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$IPT_SO_GET_INFO(r1, 0x0, 0x40, &(0x7f0000000080)={'fil\xbd*r\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00'}, &(0x7f0000000040)=0x54)

[  487.269188] binder: undelivered TRANSACTION_ERROR: 29189
[  487.292345] binder: 11518:11520 transaction failed 29189/-22, size 104-24 line 3138
[  487.292360] binder: 11518:11520 ioctl c0306201 20000800 returned -14
[  487.292622] binder: undelivered TRANSACTION_ERROR: 29189
[  487.326924] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=101 sclass=netlink_route_socket pig=11519 comm=syz-executor.4
22:18:42 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = dup3(0xffffffffffffffff, r0, 0x80000)
write$P9_RWSTAT(r1, &(0x7f0000000040)={0x7, 0x7f, 0x1}, 0x7)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x5, 0x2, 0x36}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

[  487.329525] binder: 11525:11526 transaction failed 29189/-22, size 104-24 line 3138
[  487.329540] binder: 11525:11526 ioctl c0306201 20000800 returned -14
[  487.329680] binder: undelivered TRANSACTION_ERROR: 29189
[  487.344906] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=101 sclass=netlink_route_socket pig=11527 comm=syz-executor.4
[  487.372184] binder: 11529:11532 transaction failed 29189/-22, size 104-24 line 3138
[  487.372201] binder: 11529:11532 ioctl c0306201 20000800 returned -14
[  487.372371] binder: undelivered TRANSACTION_ERROR: 29189
[  487.416238] binder: 11538:11539 transaction failed 29189/-22, size 104-24 line 3138
[  487.416256] binder: 11538:11539 ioctl c0306201 20000800 returned -14
[  487.416418] binder: undelivered TRANSACTION_ERROR: 29189
[  487.478844] binder: 11502:11504 transaction failed 29201/-14, size 96-24 line 3316
[  487.495155] binder: undelivered TRANSACTION_ERROR: 29201
22:18:42 executing program 2:
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

22:18:44 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = dup3(0xffffffffffffffff, r0, 0x80000)
write$P9_RWSTAT(r1, &(0x7f0000000040)={0x7, 0x7f, 0x1}, 0x7)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x5, 0x2, 0x36}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

22:18:44 executing program 4:
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f00000000c0)=0x2, 0x4)

22:18:44 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
prctl$PR_MCE_KILL_GET(0x22)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r2, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
flistxattr(r2, &(0x7f0000000180)=""/222, 0xde)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000280)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x8, 0x1, 0x1d}, @fda={0x66646185, 0x0, 0x1}}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x0, 0x0, 0x0})

22:18:44 executing program 1:
memfd_create(&(0x7f00000001c0)='\xb3', 0x0)
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
r1 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/commit_pending_bools\x00', 0x1, 0x0)
getsockopt$inet_mreqn(r1, 0x0, 0x2d21ad22f7ea2871, &(0x7f0000000040)={@broadcast, @initdev}, &(0x7f00000000c0)=0xc)
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="d3e1bb03000000148c0f34"], 0xe}}, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000080)={0x0, 0x0, 0x0, {}, {}, @cond=[{}, {0x0, 0x0, 0x0, 0x40}]})
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

22:18:44 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba78d9b7bfecfc62f4d7445e58e528a9deeb520b535a7f40992bfc32890b724bf159ca7576d643d92f959e66bd87c291a7858277ed53336f134ae17efa05483d982a5a9f76c311a39cb3c4983e5f640d0b960c7c8a6c8e1b1ee6564c228a889e05e5193055abba69b489b3e7fd009e5f", @ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627300000000000000000000000000000000000000008561646600"/96], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0})

22:18:44 executing program 2:
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

22:18:44 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
prctl$PR_MCE_KILL_GET(0x22)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r2, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
flistxattr(r2, &(0x7f0000000180)=""/222, 0xde)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000280)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x8, 0x1, 0x1d}, @fda={0x66646185, 0x0, 0x1}}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x0, 0x0, 0x0})

22:18:44 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba78d9b7bfecfc62f4d7445e58e528a9deeb520b535a7f40992bfc32890b724bf159ca7576d643d92f959e66bd87c291a7858277ed53336f134ae17efa05483d982a5a9f76c311a39cb3c4983e5f640d0b960c7c8a6c8e1b1ee6564c228a889e05e5193055abba69b489b3e7fd009e5f", @ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627300000000000000000000000000000000000000008561646600"/96], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0})

22:18:44 executing program 4:
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt$EBT_SO_GET_INIT_ENTRIES(r0, 0x0, 0x82, &(0x7f0000000100)={'nat\x00', 0x0, 0x0, 0x0, [], 0x0, 0x0, 0x0}, &(0x7f0000000180)=0x20000178)

22:18:44 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba78d9b7bfecfc62f4d7445e58e528a9deeb520b535a7f40992bfc32890b724bf159ca7576d643d92f959e66bd87c291a7858277ed53336f134ae17efa05483d982a5a9f76c311a39cb3c4983e5f640d0b960c7c8a6c8e1b1ee6564c228a889e05e5193055abba69b489b3e7fd009e5f", @ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627300000000000000000000000000000000000000008561646600"/96], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0})

[  490.251538] binder: 11549:11551 transaction failed 29189/-22, size 104-24 line 3138
[  490.263260] binder: 11552:11556 got transaction with invalid data ptr
[  490.263284] binder: 11552:11556 transaction failed 29201/-14, size 96-24 line 3316
22:18:44 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba78d9b7bfecfc62f4d7445e58e528a9deeb520b535a7f40992bfc32890b724bf159ca7576d643d92f959e66bd87c291a7858277ed53336f134ae17efa05483d982a5a9f76c311a39cb3c4983e5f640d0b960c7c8a6c8e1b1ee6564c228a889e05e5193055abba69b489b3e7fd009e5f", @ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627300000000000000000000000000000000000000008561646600"/96], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0})

22:18:44 executing program 4:
r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x28842, 0x0)
write$uinput_user_dev(r0, 0x0, 0x0)

[  490.263549] binder: undelivered TRANSACTION_ERROR: 29201
[  490.293650] binder: 11563:11565 got transaction with invalid data ptr
[  490.293676] binder: 11563:11565 transaction failed 29201/-14, size 96-24 line 3316
[  490.294025] binder: undelivered TRANSACTION_ERROR: 29201
[  490.319207] binder_alloc: 11573: binder_alloc_buf, no vma
[  490.319222] binder: 11573:11575 transaction failed 29189/-3, size 96-24 line 3284
[  490.319345] binder: undelivered TRANSACTION_ERROR: 29189
[  490.348287] binder_alloc: 11580: binder_alloc_buf, no vma
[  490.348307] binder: 11580:11582 transaction failed 29189/-3, size 96-24 line 3284
[  490.348597] binder: undelivered TRANSACTION_ERROR: 29189
[  490.402776] binder: 11549:11551 ioctl c0306201 20000800 returned -14
22:18:45 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = dup3(0xffffffffffffffff, r0, 0x80000)
write$P9_RWSTAT(r1, &(0x7f0000000040)={0x7, 0x7f, 0x1}, 0x7)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x5, 0x2, 0x36}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

22:18:45 executing program 5:
timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)
r0 = gettid()
clone(0x3ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
setrlimit(0x7, &(0x7f0000000000))
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x8, 0x4, 0x4, 0x8eb, 0x0, 0x0}, 0x2c)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
wait4(0x0, 0x0, 0x0, 0x0)

22:18:45 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x1003e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
add_key$user(&(0x7f0000000040)='user\x00', &(0x7f0000000440)={'syz'}, &(0x7f0000000480)="02", 0x1, 0xfffffffffffffffb)

[  490.411766] binder: undelivered TRANSACTION_ERROR: 29189
[  490.434154] audit: type=1400 audit(1569277125.077:34): avc:  denied  { map_read map_write } for  pid=11585 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1
[  490.434416] binder: 11589:11591 transaction failed 29189/-22, size 104-24 line 3138
[  490.434433] binder: 11589:11591 ioctl c0306201 20000800 returned -14
[  490.434651] binder: undelivered TRANSACTION_ERROR: 29189
22:18:47 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
dup3(0xffffffffffffffff, r0, 0x80000)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x5, 0x2, 0x36}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

22:18:47 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba78d9b7bfecfc62f4d7445e58e528a9deeb520b535a7f40992bfc32890b724bf159ca7576d643d92f959e66bd87c291a7858277ed53336f134ae17efa05483d982a5a9f76c311a39cb3c4983e5f640d0b960c7c8a6c8e1b1ee6564c228a889e05e5193055abba69b489b3e7fd009e5f", @ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627300000000000000000000000000000000000000008561646600"/96], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0})

22:18:47 executing program 4:
r0 = socket$inet6(0xa, 0x2, 0x0)
getsockopt$inet6_buf(r0, 0x29, 0x3d, &(0x7f0000000280)=""/196, &(0x7f0000000380)=0xc4)

22:18:47 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
setsockopt$IP_VS_SO_SET_TIMEOUT(r0, 0x0, 0x48a, &(0x7f0000000000)={0xfffffff8}, 0xc)

22:18:47 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

22:18:47 executing program 1:
memfd_create(&(0x7f00000001c0)='\xb3', 0x0)
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="d3e1bb03000018148c0f34"], 0xe}}, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000080)={0x0, 0x0, 0x0, {}, {}, @cond=[{}, {0x0, 0x0, 0x0, 0x40}]})
ptrace$setregs(0xf, r0, 0xffffffffffffffff, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r1, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
clock_gettime(0x0, &(0x7f0000003d00)={<r2=>0x0, <r3=>0x0})
recvmmsg(r1, &(0x7f0000003b00)=[{{&(0x7f0000000000)=@x25={0x9, @remote}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000240)=""/255, 0xff}, {&(0x7f00000000c0)=""/47, 0x2f}], 0x2, &(0x7f0000000180)}, 0x6}, {{&(0x7f0000000340)=@pppol2tpin6={0x18, 0x1, {0x0, <r4=>0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, 0x80, &(0x7f0000000440)=[{&(0x7f00000003c0)=""/110, 0x6e}], 0x1, &(0x7f0000000480)=""/152, 0x98}, 0x401}, {{&(0x7f0000000540)=@generic, 0x80, &(0x7f00000008c0)=[{&(0x7f00000005c0)=""/127, 0x7f}, {&(0x7f0000000640)=""/84, 0x54}, {&(0x7f00000006c0)=""/162, 0xa2}, {&(0x7f0000000780)=""/139, 0x8b}, {&(0x7f0000000840)=""/30, 0x1e}, {&(0x7f0000000880)=""/47, 0x2f}], 0x6, &(0x7f0000000940)=""/168, 0xa8}, 0x2}, {{0x0, 0x0, &(0x7f0000001a40)=[{&(0x7f0000000a00)=""/63, 0x3f}, {&(0x7f0000000a40)=""/4096, 0x1000}, {&(0x7f0000002200)=""/4096, 0x1000}], 0x3, &(0x7f0000001a80)=""/151, 0x97}, 0x80}, {{&(0x7f0000001b40)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @remote}}, 0x80, &(0x7f0000001e40)=[{&(0x7f0000001bc0)=""/150, 0x96}, {&(0x7f0000001c80)=""/58, 0x3a}, {&(0x7f0000001cc0)=""/185, 0xb9}, {&(0x7f0000001d80)=""/157, 0x9d}], 0x4}, 0x7}, {{&(0x7f0000001e80)=@rc, 0x80, &(0x7f0000002080)=[{&(0x7f0000001f00)=""/178, 0xb2}, {&(0x7f0000001fc0)=""/192, 0xc0}], 0x2, &(0x7f00000020c0)=""/208, 0xd0}, 0x4}, {{&(0x7f0000003200)=@caif=@util, 0x80, &(0x7f0000003540)=[{&(0x7f0000003280)=""/107, 0x6b}, {&(0x7f0000003300)=""/161, 0xa1}, {&(0x7f00000033c0)=""/132, 0x84}, {&(0x7f0000003480)=""/158, 0x9e}], 0x4, &(0x7f0000003580)=""/142, 0x8e}, 0x7}, {{&(0x7f0000003640)=@tipc=@id, 0x80, &(0x7f0000003a40)=[{&(0x7f00000036c0)=""/136, 0x88}, {&(0x7f0000003780)=""/197, 0xc5}, {&(0x7f0000003880)=""/138, 0x8a}, {&(0x7f0000003940)=""/248, 0xf8}], 0x4, &(0x7f0000003a80)=""/65, 0x41}, 0x10000}], 0x8, 0x0, &(0x7f0000003d40)={r2, r3+30000000})
accept$packet(r4, 0x0, &(0x7f0000003d80))
symlink(&(0x7f0000000180)='./file0\x00', &(0x7f0000003dc0)='./file0\x00')

22:18:47 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x5, 0x2, 0x36}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

22:18:47 executing program 5:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu\x00', 0x200002, 0x0)
fchdir(r0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0)
r4 = creat(&(0x7f0000000700)='./bus\x00', 0x0)
fcntl$setstatus(r4, 0x4, 0x6100)
write$FUSE_INIT(r3, &(0x7f0000000000)={0xfffffffffffffeca}, 0x50)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
write$cgroup_type(r4, &(0x7f0000000200)='threaded\x00', 0x175d9189)

22:18:47 executing program 4:

22:18:47 executing program 4:

[  493.289695] binder_alloc: 11603: binder_alloc_buf, no vma
[  493.291836] binder: 11604:11614 got transaction with invalid parent offset or type
[  493.291861] binder: 11604:11614 transaction failed 29201/-22, size 104-24 line 3454
22:18:47 executing program 1:
memfd_create(&(0x7f00000001c0)='\xb3', 0x0)
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="d3e1bb03000000148c0f34"], 0xe}}, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r1, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
getsockopt$IP_VS_SO_GET_INFO(r1, 0x0, 0x481, &(0x7f0000000000), &(0x7f0000000040)=0xc)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000080)={0x0, 0x0, 0x0, {}, {}, @cond=[{}, {0x0, 0x0, 0x0, 0x40}]})
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

22:18:48 executing program 3:
r0 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x5, 0x2, 0x36}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

22:18:48 executing program 4:

[  493.291877] binder: 11604:11614 ioctl c0306201 20000800 returned -14
[  493.292020] binder: undelivered TRANSACTION_ERROR: 29201
[  493.339028] binder: 11618:11625 got transaction with invalid parent offset or type
22:18:48 executing program 4:

[  493.339054] binder: 11618:11625 transaction failed 29201/-22, size 104-24 line 3454
[  493.339070] binder: 11618:11625 ioctl c0306201 20000800 returned -14
[  493.339222] binder: undelivered TRANSACTION_ERROR: 29201
[  493.430717] binder: 11603:11611 transaction failed 29189/-3, size 96-24 line 3284
22:18:48 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba78d9b7bfecfc62f4d7445e58e528a9deeb520b535a7f40992bfc32890b724bf159ca7576d643d92f959e66bd87c291a7858277ed53336f134ae17efa05483d982a5a9f76c311a39cb3c4983e5f640d0b960c7c8a6c8e1b1ee6564c228a889e05e5193055abba69b489b3e7fd009e5f", @ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627300000000000000000000000000000000000000008561646600"/96], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0})

22:18:48 executing program 3:
r0 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x5, 0x2, 0x36}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

22:18:48 executing program 4:

[  493.441684] binder: undelivered TRANSACTION_ERROR: 29189
[  493.471090] binder: 11647:11650 transaction failed 29189/-22, size 96-24 line 3138
[  493.482112] binder: undelivered TRANSACTION_ERROR: 29189
22:18:50 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

22:18:50 executing program 4:
r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x28842, 0x0)
write$uinput_user_dev(r0, 0x0, 0x151)

22:18:50 executing program 3:
r0 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x5, 0x2, 0x36}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

22:18:50 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba78d9b7bfecfc62f4d7445e58e528a9deeb520b535a7f40992bfc32890b724bf159ca7576d643d92f959e66bd87c291a7858277ed53336f134ae17efa05483d982a5a9f76c311a39cb3c4983e5f640d0b960c7c8a6c8e1b1ee6564c228a889e05e5193055abba69b489b3e7fd009e5f", @ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627300000000000000000000000000000000000000008561646600"/96], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0})

22:18:50 executing program 5:
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x5c831, 0xffffffffffffffff, 0x0)
getsockopt$IP6T_SO_GET_INFO(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)

22:18:51 executing program 1:
memfd_create(&(0x7f00000001c0)='\xb3', 0x0)
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="78d3e1ba03000000148c0f343fc38ffdf7bbfb9c04297158bfe2b783bb0b2b6f901afb19b80ace68de537f6d4ed39573ca1ef478a96d981c2e2925c2945974a86d70f206707601e41161d5231f000000a3f1d350a89c12240f68b51809fe4d971c687088ad0a0413b6e958faf9cd"], 0xe}}, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000080)={0x0, 0x0, 0x0, {}, {}, @cond=[{}, {0x0, 0x0, 0x0, 0x40}]})
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

22:18:51 executing program 5:
clone(0x100000203, 0x0, 0x0, 0x0, 0x0)
mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0)
execve(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
r0 = creat(&(0x7f00000000c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x10a)
symlink(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./file1\x00')
close(r0)
execve(&(0x7f0000000100)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x200800000000013, &(0x7f00000001c0)=0x400100000001, 0x4)
connect$inet6(r1, &(0x7f0000000180)={0xa, 0x0, 0x0, @empty}, 0x1c)
r2 = dup2(r0, r0)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64)
open$dir(&(0x7f0000000240)='./file0\x00', 0x841, 0x0)
clone(0x3102001ff0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
execve(&(0x7f0000000040)='./file1\x00', 0x0, 0x0)
accept$inet(r0, 0x0, 0x0)

22:18:51 executing program 4:

22:18:51 executing program 3:
r0 = syz_open_dev$binder(0x0, 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x5, 0x2, 0x36}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

22:18:51 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba78d9b7bfecfc62f4d7445e58e528a9deeb520b535a7f40992bfc32890b724bf159ca7576d643d92f959e66bd87c291a7858277ed53336f134ae17efa05483d982a5a9f76c311a39cb3c4983e5f640d0b960c7c8a6c8e1b1ee6564c228a889e05e5193055abba69b489b3e7fd009e5f", @ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627300000000000000000000000000000000000000008561646600"/96], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0})

[  496.296928] binder: 11659:11663 transaction failed 29189/-22, size 96-24 line 3138
[  496.317142] binder: undelivered TRANSACTION_ERROR: 29189
22:18:51 executing program 4:

22:18:51 executing program 3:
r0 = syz_open_dev$binder(0x0, 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x5, 0x2, 0x36}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

[  496.367451] binder: 11676:11678 transaction failed 29189/-22, size 96-24 line 3138
[  496.379462] binder: undelivered TRANSACTION_ERROR: 29189
22:18:53 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

22:18:53 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba78d9b7bfecfc62f4d7445e58e528a9deeb520b535a7f40992bfc32890b724bf159ca7576d643d92f959e66bd87c291a7858277ed53336f134ae17efa05483d982a5a9f76c311a39cb3c4983e5f640d0b960c7c8a6c8e1b1ee6564c228a889e05e5193055abba69b489b3e7fd009e5f", @ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627300000000000000000000000000000000000000008561646600"/96], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0})

22:18:53 executing program 3:
r0 = syz_open_dev$binder(0x0, 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x5, 0x2, 0x36}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

22:18:53 executing program 4:

22:18:53 executing program 5:

[  499.298118] binder: 11702:11705 transaction failed 29189/-22, size 96-24 line 3138
[  499.316236] binder: undelivered TRANSACTION_ERROR: 29189
22:18:54 executing program 4:

22:18:54 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x5, 0x2, 0x36}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

22:18:54 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba78d9b7bfecfc62f4d7445e58e528a9deeb520b535a7f40992bfc32890b724bf159ca7576d643d92f959e66bd87c291a7858277ed53336f134ae17efa05483d982a5a9f76c311a39cb3c4983e5f640d0b960c7c8a6c8e1b1ee6564c228a889e05e5193055abba69b489b3e7fd009e5f", @ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627300000000000000000000000000000000000000008561646600"/96], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0})

22:18:54 executing program 1:
openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r0 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SET_LINK_TOL(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000040)={&(0x7f0000000140)={0x68, r0, 0x20, 0x70bd2d, 0x25dfdbfd, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x5, @media='eth\x00'}}}, ["", "", "", "", "", "", "", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x40)
memfd_create(&(0x7f00000001c0)='\xb3', 0x0)
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
r2 = socket$key(0xf, 0x3, 0x2)
fcntl$setownex(r2, 0xf, &(0x7f0000000240)={0x0, r1})
wait4(0x0, 0x0, 0x80000000, 0x0)
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="d3e1bb03000000148c0f34"], 0xe}}, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x10000000001c)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000080)={0x0, 0x0, 0x0, {}, {}, @cond=[{}, {0x0, 0x0, 0x0, 0x40}]})
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r1, 0x0, 0x0)

22:18:54 executing program 5:

22:18:54 executing program 4:
r0 = socket$inet6(0xa, 0x802, 0x73)
sendmmsg$inet6(r0, &(0x7f00000000c0)=[{{&(0x7f0000000b40)={0xa, 0x0, 0x0, @loopback}, 0x1c, 0x0}}], 0x1ec, 0x0)
ioctl$EXT4_IOC_SWAP_BOOT(0xffffffffffffffff, 0x6611)

22:18:54 executing program 5:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x300000c, 0x2011, r0, 0x0)

[  499.374773] binder: 11715:11720 transaction failed 29189/-22, size 104-24 line 3138
[  499.386414] binder: 11715:11720 ioctl c0306201 20000800 returned -14
[  499.393366] binder: 11716:11719 transaction failed 29189/-22, size 96-24 line 3138
[  499.393629] binder: undelivered TRANSACTION_ERROR: 29189
[  499.428728] binder: undelivered TRANSACTION_ERROR: 29189
22:18:56 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
epoll_create1(0x0)
r1 = epoll_create1(0x0)
r2 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r1, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r2, r1, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

22:18:56 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba78d9b7bfecfc62f4d7445e58e528a9deeb520b535a7f40992bfc32890b724bf159ca7576d643d92f959e66bd87c291a7858277ed53336f134ae17efa05483d982a5a9f76c311a39cb3c4983e5f640d0b960c7c8a6c8e1b1ee6564c228a889e05e5193055abba69b489b3e7fd009e5f", @ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627300000000000000000000000000000000000000008561646600"/96], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0})

22:18:56 executing program 5:
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000cc0)='cpu.stat\x00', 0x275a, 0x0)
pipe(0x0)
mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

22:18:56 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x5, 0x2, 0x36}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

22:18:56 executing program 4:
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000cc0)='cpu.stat\x00', 0x275a, 0x0)
mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x300000a, 0x2011, r0, 0x0)
mmap(&(0x7f0000a35000/0x400000)=nil, 0x507000, 0x1000006, 0x2013, r0, 0x0)

22:18:56 executing program 5:
r0 = socket$inet6(0xa, 0x802, 0x73)
sendmmsg$inet6(r0, &(0x7f00000000c0)=[{{&(0x7f0000000b40)={0xa, 0x0, 0x0, @loopback}, 0x1c, 0x0}}], 0x1ec, 0x0)

22:18:56 executing program 0:
r0 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba78d9b7bfecfc62f4d7445e58e528a9deeb520b535a7f40992bfc32890b724bf159ca7576d643d92f959e66bd87c291a7858277ed53336f134ae17efa05483d982a5a9f76c311a39cb3c4983e5f640d0b960c7c8a6c8e1b1ee6564c228a889e05e5193055abba69b489b3e7fd009e5f", @ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627300000000000000000000000000000000000000008561646600"/96], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0})

22:18:57 executing program 4:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup\x00', 0x0, 0x0)
chdir(&(0x7f0000000000)='./file0\x00')
r0 = openat$cgroup_int(0xffffffffffffff9c, &(0x7f00000001c0)='cpuset.mem_exclusive\x00', 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
dup2(r1, r0)

[  502.331760] binder: 11750:11757 transaction failed 29189/-22, size 104-24 line 3138
[  502.335161] binder: 11747:11759 transaction failed 29189/-22, size 96-24 line 3138
[  502.335305] binder: undelivered TRANSACTION_ERROR: 29189
[  502.364346] binder: 11750:11757 ioctl c0306201 20000800 returned -14
22:18:57 executing program 1:
r0 = memfd_create(&(0x7f00000001c0)='\xb3', 0x0)
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="d3e1bb03000000ab8c0f34"], 0xe}}, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x10000000001c)
ioctl$int_in(r0, 0x5421, &(0x7f00000000c0)=0xfffffffffffffffb)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000080)={0x0, 0x0, 0x0, {}, {}, @cond=[{}, {0x0, 0x0, 0x0, 0x40}]})
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, <r2=>0x0, <r3=>0x0})
setuid(r2)
ptrace$cont(0x7, r1, 0x0, 0x0)
r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x2, 0x0)
ptrace$setopts(0xffffffffffffffff, 0xffffffffffffffff, 0xfff, 0x11)
ioctl$EVIOCGNAME(r4, 0x80404506, &(0x7f00000002c0)=""/118)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r6 = fcntl$dupfd(r5, 0x406, r5)
r7 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r8=>0x0, <r9=>0x0})
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000500)={0x0, <r10=>0x0}, &(0x7f0000000540)=0xc)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r11=>0x0})
ioctl$LOOP_SET_CAPACITY(r6, 0x4c07)
write$P9_RRENAME(r6, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r6, @ANYBLOB=',rootmode=00000000000000000160000,user_id=', @ANYRESDEC=r11, @ANYBLOB=',group_id=', @ANYRESDEC=r9, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r10, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r8, @ANYBLOB="2c70633030303006000a000000000034392c726f6f746326c6a39066665f752c646f6e745f686172682c006630e06dc5d927ede7bf4b73f6d7578dfef9ffa130bc2bec9529ddd1bc8b60d3eb32341a5deb118792f05ff4a7d2170aa1cf1cfacef8f50e8b1c0d60aee6eee165ab6f29a6497c24dce42e39fd5189fca18574d1b9d5302337d208c093efbeb098243d752b489a46305de755f82f0ac93225d49e22cdaaef3bbb4c79ecabdb7616dec9d8122757d582a3ac50d241502ef0577e2fd31e62e81d0f983c0497f5b72bf52613e6f05d72"])
fchown(r4, r10, r3)

22:18:57 executing program 0:
r0 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba78d9b7bfecfc62f4d7445e58e528a9deeb520b535a7f40992bfc32890b724bf159ca7576d643d92f959e66bd87c291a7858277ed53336f134ae17efa05483d982a5a9f76c311a39cb3c4983e5f640d0b960c7c8a6c8e1b1ee6564c228a889e05e5193055abba69b489b3e7fd009e5f", @ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627300000000000000000000000000000000000000008561646600"/96], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0})

22:18:57 executing program 4:

22:18:57 executing program 0:
r0 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba78d9b7bfecfc62f4d7445e58e528a9deeb520b535a7f40992bfc32890b724bf159ca7576d643d92f959e66bd87c291a7858277ed53336f134ae17efa05483d982a5a9f76c311a39cb3c4983e5f640d0b960c7c8a6c8e1b1ee6564c228a889e05e5193055abba69b489b3e7fd009e5f", @ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627300000000000000000000000000000000000000008561646600"/96], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0})

[  502.385433] binder: undelivered TRANSACTION_ERROR: 29189
22:18:59 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
epoll_create1(0x0)
r1 = epoll_create1(0x0)
r2 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r1, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r2, r1, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

22:18:59 executing program 4:

22:18:59 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x5, 0x2, 0x36}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

22:18:59 executing program 5:

22:18:59 executing program 0:
r0 = syz_open_dev$binder(0x0, 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba78d9b7bfecfc62f4d7445e58e528a9deeb520b535a7f40992bfc32890b724bf159ca7576d643d92f959e66bd87c291a7858277ed53336f134ae17efa05483d982a5a9f76c311a39cb3c4983e5f640d0b960c7c8a6c8e1b1ee6564c228a889e05e5193055abba69b489b3e7fd009e5f", @ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627300000000000000000000000000000000000000008561646600"/96], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0})

22:18:59 executing program 4:

22:18:59 executing program 5:

22:19:00 executing program 0:
r0 = syz_open_dev$binder(0x0, 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba78d9b7bfecfc62f4d7445e58e528a9deeb520b535a7f40992bfc32890b724bf159ca7576d643d92f959e66bd87c291a7858277ed53336f134ae17efa05483d982a5a9f76c311a39cb3c4983e5f640d0b960c7c8a6c8e1b1ee6564c228a889e05e5193055abba69b489b3e7fd009e5f", @ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627300000000000000000000000000000000000000008561646600"/96], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0})

22:19:00 executing program 1:
r0 = memfd_create(&(0x7f00000001c0)='\xb3', 0x0)
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
r2 = dup3(0xffffffffffffffff, r0, 0x100000)
ioctl$PIO_FONT(r2, 0x4b61, &(0x7f0000000240)="ce1778e0bbe16d0aac9b5e7bbc088f53a484cfcb8edb05c65f057ce66836809522c4eb09d7c9a5f028ee26745abdf416fa7839548a940679426929839e66ed93ae46e440b07aec6f35f9fdfe6fa6b358c27d7e0f9f758783d591d8b86fed31fdd7a9eb3eb68d20d6d797c3d1242af02cb52f6e1bdc60ceafd560d7ca09dcc9cb85151ea50564d65950fea0a06d491f249f816a818c6b7a3855d0c538fa3b2ca144dc228f538348dbcd29046f38f696a7f06628dd14b4f6be683f631842a4591a048057907c34acdb324790412b4ea7008cd914ba2b7942768ac98e6c1c3cdcf638f5239cc0e38486c689f0ffa1ffbe2428f78f0e908c64be74f80f8304")
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="d3e1bb03000000148c0f34"], 0xe}}, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x10000000001c)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000080)={0x0, 0x0, 0x0, {}, {}, @cond=[{}, {0x0, 0x0, 0x0, 0x40}]})
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r1, 0x0, 0x0)

22:19:00 executing program 4:
mmap(&(0x7f0000a35000/0x400000)=nil, 0x507000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
ioctl$EXT4_IOC_SWAP_BOOT(0xffffffffffffffff, 0x6611)
socketpair(0x0, 0x0, 0x0, &(0x7f0000000440))

22:19:00 executing program 0:
r0 = syz_open_dev$binder(0x0, 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba78d9b7bfecfc62f4d7445e58e528a9deeb520b535a7f40992bfc32890b724bf159ca7576d643d92f959e66bd87c291a7858277ed53336f134ae17efa05483d982a5a9f76c311a39cb3c4983e5f640d0b960c7c8a6c8e1b1ee6564c228a889e05e5193055abba69b489b3e7fd009e5f", @ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627300000000000000000000000000000000000000008561646600"/96], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0})

22:19:00 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
r2 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000080)}}], 0x0, 0x0, 0x0})

[  505.343800] binder: 11794:11798 transaction failed 29189/-22, size 104-24 line 3138
[  505.372853] binder: 11794:11798 ioctl c0306201 20000800 returned -14
[  505.380346] binder: undelivered TRANSACTION_ERROR: 29189
22:19:02 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
epoll_create1(0x0)
r1 = epoll_create1(0x0)
r2 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r1, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r2, r1, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

22:19:02 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x5, 0x2, 0x36}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

22:19:02 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba78d9b7bfecfc62f4d7445e58e528a9deeb520b535a7f40992bfc32890b724bf159ca7576d643d92f959e66bd87c291a7858277ed53336f134ae17efa05483d982a5a9f76c311a39cb3c4983e5f640d0b960c7c8a6c8e1b1ee6564c228a889e05e5193055abba69b489b3e7fd009e5f", @ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627300000000000000000000000000000000000000008561646600"/96], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0})

22:19:02 executing program 5:
r0 = socket$netlink(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x14, 0x0, 0x9, 0x4592c6640eac2939}, 0x14}}, 0x0)

22:19:02 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$team(&(0x7f0000000100)='team\x00')
sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)={0x20, r1, 0x1, 0x0, 0x0, {0x2}, [{{0x8}, {0x4}}]}, 0x20}}, 0x0)

22:19:03 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba78d9b7bfecfc62f4d7445e58e528a9deeb520b535a7f40992bfc32890b724bf159ca7576d643d92f959e66bd87c291a7858277ed53336f134ae17efa05483d982a5a9f76c311a39cb3c4983e5f640d0b960c7c8a6c8e1b1ee6564c228a889e05e5193055abba69b489b3e7fd009e5f", @ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627300000000000000000000000000000000000000008561646600"/96], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0})

22:19:03 executing program 5:
r0 = socket$inet(0x2, 0x3, 0x2)
getsockopt$EBT_SO_GET_INIT_ENTRIES(r0, 0x0, 0x83, &(0x7f0000000100)={'na\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa2\x16\t:\x00', 0x0, 0x0, 0x0, [], 0x0, 0x0, 0x0}, &(0x7f0000000180)=0x78)

22:19:03 executing program 4:

22:19:03 executing program 1:
memfd_create(&(0x7f00000001c0)='\xb3', 0x0)
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000000)=<r1=>0x0)
wait4(r1, &(0x7f0000000040), 0x20000000, &(0x7f0000000240))
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="d3e1bb03000000148c0f34"], 0xe}}, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
r2 = socket(0x1, 0x4, 0xc1)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r3, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r4, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$TIPC_CMD_GET_LINKS(r2, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x24, r4, 0xa77fa31f7a424249, 0x70bd29, 0x25dfdbfc, {{}, 0x0, 0x4, 0x0, {0x8, 0x11, 0xffff8076}}, ["", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x10040001}, 0x4008801)
tkill(r0, 0x10000000001c)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000080)={0x0, 0x0, 0x0, {}, {}, @cond=[{}, {0x0, 0x0, 0x0, 0x40}]})
pipe(&(0x7f0000000340)={<r5=>0xffffffffffffffff})
sendmsg$TIPC_CMD_SHOW_LINK_STATS(r5, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x801000c0}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x28, r4, 0x5a83fadb62cf7ada, 0x70bd25, 0x25dfdbfd, {{}, 0x0, 0xb, 0x0, {0xc, 0x14, 'syz1\x00'}}, ["", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x40000)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000580)='/dev/vga_arbiter\x00', 0x101001, 0x0)

22:19:03 executing program 5:

[  508.349481] binder_alloc: 11830: binder_alloc_buf, no vma
[  508.353526] binder: 11829:11838 transaction failed 29189/-22, size 96-24 line 3138
[  508.353767] binder: undelivered TRANSACTION_ERROR: 29189
[  508.383266] binder: 11845:11847 transaction failed 29189/-22, size 96-24 line 3138
22:19:03 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba78d9b7bfecfc62f4d7445e58e528a9deeb520b535a7f40992bfc32890b724bf159ca7576d643d92f959e66bd87c291a7858277ed53336f134ae17efa05483d982a5a9f76c311a39cb3c4983e5f640d0b960c7c8a6c8e1b1ee6564c228a889e05e5193055abba69b489b3e7fd009e5f", @ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627300000000000000000000000000000000000000008561646600"/96], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0})

22:19:03 executing program 4:

[  508.383411] binder: undelivered TRANSACTION_ERROR: 29189
[  508.434414] binder: 11830:11835 transaction failed 29189/-3, size 104-24 line 3284
[  508.446234] binder: 11859:11860 transaction failed 29189/-22, size 96-24 line 3138
[  508.446383] binder: undelivered TRANSACTION_ERROR: 29189
[  508.474179] binder: 11830:11835 ioctl c0306201 20000800 returned -14
[  508.483387] binder: undelivered TRANSACTION_ERROR: 29189
22:19:03 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, 0x0)
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

22:19:03 executing program 5:

22:19:03 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070")
r1 = syz_open_procfs(0x0, &(0x7f0000000200)='clear_refs\x00\x87\a\'\xd8\xfb\xcd[a\xb0 \x98e\xe4L\xe4\xfd\xc9qA\xdcv9>1:\xb9\xa1\xec_\xd7\x99\xa1\xab\xb8\xf4\xe4\x87A\xa4n\xd7\xcd\xd4\xe7Y\xe7\xa1\'\x9e\x98+\x16jL\x92\x98\xd1\xd9\xb1$4\xa5\x7f[{\x17N\xb1\x14\xcf]\x96Bh-\xcc\xd7\n\xc1\xa4FO\x14\f\x84xA\x91%\xc5\x8d\x0f\v\xcb\xe4\xea\xef\x10\xeb\'\xefJk\x9eRew\xd3\xa2\x87\xac}\x14\xd0\xdcd\xfa\'\xab\x02\x8a\xa9\x9c\xfe\x17\xba\xa7\x88\xbe\x12\x91B\xc6<\f\xcdSP\x81\xb26Q\xca/jR\xa5\x1b\x85(5?=\b\xec\xb1\x05\xb9\x94\xe6\xd0\xfc\xbc\xf4n\xb9\xcd\xc7\xa8Q9o\xcc.\xe6L\xf6)~)\xfa*h\xf8\x8b\x99\x1d\xbb\xe3\xcf?\xb7;\xeb1U:\x9a3\x1c@\xc0\xcc\x90\xd6\xea\f\xef\xa2\xc4\xf4\xce+yYU\xb8\xa2\xdd\xd9@\xc9\x99\x00F\x9aV\xe2\x9bP\xebV_b\t\x030\x9d\x1f)U\xf3\xe0\x17\x1e\xb5\xdd</\xf8\xd9,\xf9h6\x99\xe6\xe8\x96\xe4;\xd4@\xa7\xad\x8d\x9a$a\x00\x00\x00')
write(r1, 0x0, 0x2b)

22:19:03 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba78d9b7bfecfc62f4d7445e58e528a9deeb520b535a7f40992bfc32890b724bf159ca7576d643d92f959e66bd87c291a7858277ed53336f134ae17efa05483d982a5a9f76c311a39cb3c4983e5f640d0b960c7c8a6c8e1b1ee6564c228a889e05e5193055abba69b489b3e7fd009e5f", @ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627300000000000000000000000000000000000000008561646600"/96], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0})

22:19:03 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x5, 0x2, 0x36}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

22:19:03 executing program 5:
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(0xffffffffffffffff, 0x660c)
setsockopt$inet_udp_encap(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0)

22:19:03 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070")
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x17, 0x0, 0x201000, 0x1, 0x0, 0x1}, 0x3c)
fchmod(r1, 0x0)

22:19:03 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x5, 0x2, 0x36}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

[  509.183014] binder_alloc: 11873: binder_alloc_buf, no vma
[  509.193052] binder_alloc: 11874: binder_alloc_buf, no vma
[  509.193072] binder: 11874:11879 transaction failed 29189/-3, size 104-24 line 3284
[  509.193087] binder: 11874:11879 ioctl c0306201 20000800 returned -14
[  509.193227] binder: undelivered TRANSACTION_ERROR: 29189
[  509.218875] binder_alloc: 11886: binder_alloc_buf, no vma
[  509.218894] binder: 11886:11890 transaction failed 29189/-3, size 104-24 line 3284
[  509.218909] binder: 11886:11890 ioctl c0306201 20000800 returned -14
[  509.219090] binder: undelivered TRANSACTION_ERROR: 29189
[  509.266042] binder: 11873:11877 transaction failed 29189/-3, size 96-24 line 3284
[  509.275273] binder: undelivered TRANSACTION_ERROR: 29189

INIT: Id "5" respawning too fast: disabled for 5 minutes

INIT: Id "2" respawning too fast: disabled for 5 minutes

INIT: Id "4" respawning too fast: disabled for 5 minutes

INIT: Id "6" respawning too fast: disabled for 5 minutes

INIT: Id "1" respawning too fast: disabled for 5 minutes
22:19:06 executing program 4:
clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x77359400}, 0x0)

22:19:06 executing program 5:
futex(&(0x7f0000000140)=0xfffffffe, 0x8, 0x0, 0x0, 0x0, 0x0)

22:19:06 executing program 3:
syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r0 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x5, 0x2, 0x36}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

22:19:06 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba78d9b7bfecfc62f4d7445e58e528a9deeb520b535a7f40992bfc32890b724bf159ca7576d643d92f959e66bd87c291a7858277ed53336f134ae17efa05483d982a5a9f76c311a39cb3c4983e5f640d0b960c7c8a6c8e1b1ee6564c228a889e05e5193055abba69b489b3e7fd009e5f", @ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627300000000000000000000000000000000000000008561646600"/96], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0})

[  511.435928] binder_alloc: 11896: binder_alloc_buf, no vma
[  511.442346] binder: 11896:11902 transaction failed 29189/-3, size 96-24 line 3284
[  511.451348] binder: undelivered TRANSACTION_ERROR: 29189
22:19:06 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, 0x0)
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

22:19:06 executing program 5:
memfd_create(&(0x7f00000001c0)='\xb3', 0x0)
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000000)=<r1=>0x0)
wait4(r1, &(0x7f0000000040), 0x20000000, &(0x7f0000000240))
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="d3e1bb03000000148c0f34"], 0xe}}, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
r2 = socket(0x1, 0x4, 0xc1)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r3, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r4, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$TIPC_CMD_GET_LINKS(r2, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x24, r4, 0xa77fa31f7a424249, 0x70bd29, 0x25dfdbfc, {{}, 0x0, 0x4, 0x0, {0x8, 0x11, 0xffff8076}}, ["", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x10040001}, 0x4008801)
tkill(r0, 0x10000000001c)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000080)={0x0, 0x0, 0x0, {}, {}, @cond=[{}, {0x0, 0x0, 0x0, 0x40}]})
pipe(&(0x7f0000000340)={<r5=>0xffffffffffffffff})
sendmsg$TIPC_CMD_SHOW_LINK_STATS(r5, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x801000c0}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x28, r4, 0x5a83fadb62cf7ada, 0x70bd25, 0x25dfdbfd, {{}, 0x0, 0xb, 0x0, {0xc, 0x14, 'syz1\x00'}}, ["", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x40000)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000580)='/dev/vga_arbiter\x00', 0x101001, 0x0)

22:19:06 executing program 1:
r0 = memfd_create(&(0x7f00000001c0)='\xb3', 0x0)
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
r2 = gettid()
ptrace$setopts(0x4206, r2, 0x0, 0x0)
tkill(r2, 0x3b)
ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r2, 0x0, 0x0)
r3 = gettid()
ptrace$setopts(0x4206, r3, 0x0, 0x0)
tkill(r3, 0x3b)
ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r3, 0x0, 0x0)
r4 = gettid()
ptrace$setopts(0x4206, r4, 0x0, 0x0)
tkill(r4, 0x3b)
ptrace$setregs(0xd, r4, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r4, 0x0, 0x0)
r5 = gettid()
ptrace$setopts(0x4206, r5, 0x0, 0x0)
tkill(r5, 0x3b)
ptrace$setregs(0xd, r5, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r5, 0x0, 0x0)
r6 = gettid()
ptrace$setopts(0x4206, r6, 0x0, 0x0)
tkill(r3, 0x24)
ptrace$setregs(0xd, r6, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r6, 0x0, 0x0)
r7 = gettid()
ptrace$setopts(0x4206, r7, 0x0, 0x0)
tkill(r7, 0x3b)
ptrace$setregs(0xd, r7, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r7, 0x0, 0x0)
r8 = gettid()
ptrace$setopts(0x4206, r8, 0x0, 0x0)
tkill(r8, 0x3b)
ptrace$setregs(0xd, r8, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r8, 0x0, 0x0)
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYPTR64=&(0x7f0000000380)=ANY=[@ANYPTR=&(0x7f0000000880)=ANY=[@ANYRESHEX=r4, @ANYPTR=&(0x7f0000000040)=ANY=[@ANYRES32], @ANYPTR=&(0x7f00000004c0)=ANY=[@ANYRES64=0x0, @ANYRES64, @ANYRES32=r5, @ANYRESHEX=r0, @ANYRES64=r6, @ANYBLOB="f636272bd0fe5ccfe75536f48ef7b3311d7710b5f49b161fc195502200c80317125bb16fe328b96d6d5f957076330d23838e9c1627677a6470ed5bce7703cb84036a0444040cfb01c81c61d23f9be81b76df", @ANYBLOB="ed13354e89bc4da25920586f60537772dd37ed29de34e0bf7d9fe1f7d072813551b6b6d711a7f45a79e51e2dc707b4380a63b92176f3b82b32d77b86b7630615462c3eb0339bcd27f2135c8b09224068cbd99f1e969a0150a343d6e07d2a62c844ad83eb99b383e610057fac182057ac33d56168dc3e203c8f3e8b5bc5a34a008953b72e21a2272f11db", @ANYRES64], @ANYRESOCT=0x0, @ANYRES64, @ANYRES64=r8, @ANYRESOCT, @ANYRES32=r1, @ANYRESHEX=r1, @ANYPTR=&(0x7f00000000c0)=ANY=[]], @ANYBLOB="2a231a8747e880bb5a537837aa84d0ba706d8bf87195074edd9406ae6ae8e94837398faf7992c546b6d8883db0ec4bc079c42aa5eaa927e7d9bcd562daaa2ff751338e53a221557f8d1a61e29e4073cc928e7f8789934e2c61d5ffdd6807880bc687dcc17c5ede25ebac2d20af550256426014e2ae60c49834a7e6905a88bcef053dff4eaff7ae87dd8ccfce5389895db8646bbe6ba9fcdbecfe989485dd241fe019437fa6b7a6336bf0203ff911770f64d2dbb1972d9a3afe9075d41a6ff06ea31e0f011bb74cd89f95e42a9e91b1e5dedf67f3f65f2de5bca522", @ANYPTR64, @ANYPTR64=&(0x7f0000000240)=ANY=[@ANYRES16=0x0, @ANYBLOB="c162354340a1701f3642d1c59a8c1b4d617737dc16e27c0f2a21daa2b1d38a8fe265344c92247f9601ad383ffb48cd5d55e222cf17964d6895828663e2cc92ce3fc28a49a962d36cc9ca0b273ab0b3248c95a178d52cfc499aad99490e61874ab850264a965841ff8846d89e33656f78e558131d93500d43f61b0fe986a9d62c55203ba957267ed67447a24701f7f73addb8eb3ad47bb9179e160e5f0a9a3eecf3c697755ce365a78976f4f81f82ed04ccf94f6f39f2a67bb93fdbc2a0de8cc275f4d0a822b67b454d5117c46f", @ANYBLOB="5c9a2a9618c8beea4274416877eb9cbabf2c4c634a223a0b1c9e2fba35592c899e86e4172e884762dff31196324efc64322e02bdd0f7"], @ANYRESOCT=r2, @ANYRESDEC=r3]], 0x8}, 0x1, 0x0, 0x0, 0x20004880}, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x10000000001c)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000080)={0x0, 0x0, 0x0, {}, {}, @cond=[{}, {0x0, 0x0, 0x0, 0x40}]})
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r1, 0x0, 0x0)

22:19:06 executing program 3:
syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r0 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x5, 0x2, 0x36}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

22:19:06 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba78d9b7bfecfc62f4d7445e58e528a9deeb520b535a7f40992bfc32890b724bf159ca7576d643d92f959e66bd87c291a7858277ed53336f134ae17efa05483d982a5a9f76c311a39cb3c4983e5f640d0b960c7c8a6c8e1b1ee6564c228a889e05e5193055abba69b489b3e7fd009e5f", @ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627300000000000000000000000000000000000000008561646600"/96], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0})

22:19:06 executing program 1:
memfd_create(&(0x7f00000001c0)='\xb3', 0x0)
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="efe19f03000042948c0f34"], 0xe}}, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)
r1 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/cache_stats\x00', 0x0, 0x0)
getpeername$netlink(r1, &(0x7f0000000040), &(0x7f00000000c0)=0xc)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000080)={0x0, 0x0, 0x0, {}, {}, @cond=[{}, {0x0, 0x0, 0x0, 0x40}]})
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

22:19:06 executing program 3:
syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r0 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x5, 0x2, 0x36}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

22:19:06 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)

[  512.195786] binder_alloc: 11910: binder_alloc_buf, no vma
[  512.213425] binder: 11910:11912 transaction failed 29189/-3, size 96-24 line 3284
[  512.230234] binder: undelivered TRANSACTION_ERROR: 29189
22:19:06 executing program 4:
r0 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/status\x00', 0x0, 0x0)
setsockopt$inet_sctp_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f00000000c0)=0x7, 0x4)
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r2 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000100)={@ptr={0x70742a85, 0x0, 0x0}, @flat, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0})

22:19:06 executing program 0:
syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r0 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba78d9b7bfecfc62f4d7445e58e528a9deeb520b535a7f40992bfc32890b724bf159ca7576d643d92f959e66bd87c291a7858277ed53336f134ae17efa05483d982a5a9f76c311a39cb3c4983e5f640d0b960c7c8a6c8e1b1ee6564c228a889e05e5193055abba69b489b3e7fd009e5f", @ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627300000000000000000000000000000000000000008561646600"/96], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0})

22:19:06 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)

[  512.244777] binder: 11930:11931 ioctl c0306201 0 returned -14
22:19:06 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)

[  512.276163] binder: 11937:11939 ioctl c0306201 0 returned -14
[  512.294164] binder: 11940:11941 got transaction with out-of-order buffer fixup
[  512.306695] binder: 11943:11945 ioctl c0306201 0 returned -14
[  512.317581] binder: 11940:11941 transaction failed 29201/-22, size 96-24 line 3467
[  512.329283] binder: undelivered TRANSACTION_ERROR: 29201
22:19:09 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, 0x0)
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

22:19:09 executing program 0:
syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r0 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba78d9b7bfecfc62f4d7445e58e528a9deeb520b535a7f40992bfc32890b724bf159ca7576d643d92f959e66bd87c291a7858277ed53336f134ae17efa05483d982a5a9f76c311a39cb3c4983e5f640d0b960c7c8a6c8e1b1ee6564c228a889e05e5193055abba69b489b3e7fd009e5f", @ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627300000000000000000000000000000000000000008561646600"/96], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0})

22:19:09 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

22:19:09 executing program 4:
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff})
write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f000001a000))
creat(0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00001f0000)='/dev/ptmx\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r1=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0)
vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

22:19:09 executing program 5:
memfd_create(&(0x7f00000001c0)='\xb3', 0x0)
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000000)=<r1=>0x0)
wait4(r1, &(0x7f0000000040), 0x20000000, &(0x7f0000000240))
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="d3e1bb03000000148c0f34"], 0xe}}, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
r2 = socket(0x1, 0x4, 0xc1)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r3, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r4, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$TIPC_CMD_GET_LINKS(r2, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x24, r4, 0xa77fa31f7a424249, 0x70bd29, 0x25dfdbfc, {{}, 0x0, 0x4, 0x0, {0x8, 0x11, 0xffff8076}}, ["", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x10040001}, 0x4008801)
tkill(r0, 0x10000000001c)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000080)={0x0, 0x0, 0x0, {}, {}, @cond=[{}, {0x0, 0x0, 0x0, 0x40}]})
pipe(&(0x7f0000000340)={<r5=>0xffffffffffffffff})
sendmsg$TIPC_CMD_SHOW_LINK_STATS(r5, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x801000c0}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x28, r4, 0x5a83fadb62cf7ada, 0x70bd25, 0x25dfdbfd, {{}, 0x0, 0xb, 0x0, {0xc, 0x14, 'syz1\x00'}}, ["", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x40000)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000580)='/dev/vga_arbiter\x00', 0x101001, 0x0)

22:19:09 executing program 1:
memfd_create(&(0x7f00000001c0)='\xb3', 0x0)
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r1, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
ioctl$RTC_PLL_SET(r1, 0x40207012, &(0x7f0000000000)={0x3, 0x7f, 0x8a, 0xfffff01c, 0x401, 0x7fff, 0x1000})
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="d3e1bb030100001489538b65724f23bdff6c194bc826ca05aa11ad790ae2878ed9bf0389106824566ef6f01bc5441c3ddb0000001800000000671b9252a811c0fd855529bd2abeb7c960f3f6400306fbe97843d1f822"], 0xe}}, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000080)={0x0, 0x0, 0x0, {}, {}, @cond=[{}, {0x0, 0x0, 0x0, 0x40}]})
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

22:19:09 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

22:19:09 executing program 0:
syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r0 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba78d9b7bfecfc62f4d7445e58e528a9deeb520b535a7f40992bfc32890b724bf159ca7576d643d92f959e66bd87c291a7858277ed53336f134ae17efa05483d982a5a9f76c311a39cb3c4983e5f640d0b960c7c8a6c8e1b1ee6564c228a889e05e5193055abba69b489b3e7fd009e5f", @ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627300000000000000000000000000000000000000008561646600"/96], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0})

22:19:09 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)

22:19:09 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

22:19:09 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000600), 0x0, 0x0, 0x0})

22:19:09 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)

[  515.267390] binder: 11975:11980 ioctl c0306201 0 returned -14
[  515.301647] binder: 11987:11988 ioctl c0306201 0 returned -14

INIT: Id "3" respawning too fast: disabled for 5 minutes
22:19:12 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0))
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

22:19:12 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000600), 0x0, 0x0, 0x0})

22:19:12 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)

22:19:12 executing program 4:
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff})
write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f000001a000))
creat(0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00001f0000)='/dev/ptmx\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r1=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0)
vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

22:19:12 executing program 5:
memfd_create(&(0x7f00000001c0)='\xb3', 0x0)
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000000)=<r1=>0x0)
wait4(r1, &(0x7f0000000040), 0x20000000, &(0x7f0000000240))
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="d3e1bb03000000148c0f34"], 0xe}}, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
r2 = socket(0x1, 0x4, 0xc1)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r3, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r4, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$TIPC_CMD_GET_LINKS(r2, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x24, r4, 0xa77fa31f7a424249, 0x70bd29, 0x25dfdbfc, {{}, 0x0, 0x4, 0x0, {0x8, 0x11, 0xffff8076}}, ["", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x10040001}, 0x4008801)
tkill(r0, 0x10000000001c)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000080)={0x0, 0x0, 0x0, {}, {}, @cond=[{}, {0x0, 0x0, 0x0, 0x40}]})
pipe(&(0x7f0000000340)={<r5=>0xffffffffffffffff})
sendmsg$TIPC_CMD_SHOW_LINK_STATS(r5, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x801000c0}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x28, r4, 0x5a83fadb62cf7ada, 0x70bd25, 0x25dfdbfd, {{}, 0x0, 0xb, 0x0, {0xc, 0x14, 'syz1\x00'}}, ["", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x40000)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000580)='/dev/vga_arbiter\x00', 0x101001, 0x0)

22:19:12 executing program 1:
memfd_create(&(0x7f00000001c0)='\xb3', 0x0)
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="d3e1bb03000000148c0f34"], 0xe}}, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000080)={0x0, 0x0, 0x0, {}, {}, @cond=[{}, {0x0, 0x0, 0x0, 0x40}]})
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r1, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r2 = gettid()
ptrace$setopts(0x4206, r2, 0x0, 0x0)
tkill(r2, 0x3b)
ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r2, 0x0, 0x0)
fcntl$setown(r1, 0x8, r2)

22:19:12 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000600), 0x0, 0x0, 0x0})

22:19:12 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

22:19:12 executing program 1:
memfd_create(&(0x7f00000001c0)='\xb3', 0x0)
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="d3e1bb03000000148c0f34"], 0xe}}, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000080)={0x0, 0x0, 0x0, {}, {}, @cond=[{}, {0x0, 0x0, 0x0, 0x40}]})
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
r1 = gettid()
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x3b)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r1, 0x0, 0x0)
ptrace$cont(0x20, 0xffffffffffffffff, 0x3ff, 0x40000000002)

[  518.214403] binder: 11994:11997 ioctl c0306201 0 returned -14
22:19:12 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000080)}}], 0x0, 0x0, 0x0})

22:19:12 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

22:19:12 executing program 1:
r0 = memfd_create(&(0x7f00000001c0)='\xb3', 0x0)
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
r2 = request_key(&(0x7f0000000000)='rxrpc_s\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000000c0)='\x00', 0xfffffffffffffffc)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r2, &(0x7f0000000140)='rxrpc_s\x00', 0x0)
wait4(0x0, 0x0, 0x80000000, 0x0)
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="d3e1bb03000000148c0f34"], 0xe}}, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r3, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
getresgid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)=<r4=>0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r5, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
sendmsg$unix(r3, &(0x7f00000004c0)={&(0x7f0000000240)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000180)=[{&(0x7f00000002c0)="a58deb9a28fc951e62d6acdab8b6e3a6f2cb6bc5d0a34238592e6a1827d5050f9aea9282e409c0f32ac496bcfb5b8d05af6100f6daf2f7f5063a993816fc5eca56e94cf130e12ad9cec43c7282c0b6912b61f72ccf2a9f08fa59f624ebbf872be52127fafbb2dff3c139e1c40f311c65d023ce7eb6ca4921fc47cee919561f0de984654e47964bbff213fa36985913572d915f379f268236a4b871f3cb1dcef04d624f20a4d2fed0cc7703f37654b3ffb0bf4d466023afe05fd0a61ca2ad850aed9b76e218cfd6dec08e401a8be6399f44e878a122929afe21ff", 0xda}], 0x1, &(0x7f0000000480)=[@cred={{0x1c, 0x1, 0x2, {r1, 0xffffffffffffffff, r4}}}, @rights={{0x1c, 0x1, 0x1, [r0, r0, r5]}}], 0x40, 0x4000000}, 0x40818)
tkill(r1, 0x10000000001c)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000080)={0x0, 0x0, 0x0, {}, {}, @cond=[{}, {0x0, 0x0, 0x0, 0x40}]})
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r1, 0x0, 0x0)

[  518.288954] binder: 12020:12022 got transaction with invalid offset (0, min 0 max 0) or object.
[  518.306208] binder: 12020:12022 transaction failed 29201/-22, size 0-24 line 3379
[  518.323597] binder: undelivered TRANSACTION_ERROR: 29201
22:19:15 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0))
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

22:19:15 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

22:19:15 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000080)}}], 0x0, 0x0, 0x0})

22:19:15 executing program 1:
memfd_create(&(0x7f00000001c0)='\xb3', 0x0)
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x2ceba3f7aa343498, 0x0)
wait4(0x0, 0x0, 0x80000000, 0x0)
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="d3e1bb01000000bbcaff4bc2d9f6d2ecf2ef148c0f34"], 0xe}}, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000080)={0x0, 0x0, 0x0, {}, {}, @cond=[{}, {0x0, 0x0, 0x0, 0x40}]})
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r1, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
inotify_init1(0x80000)
setsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f00000000c0)={0x1, 0x40}, 0x8)
ptrace$cont(0x7, r0, 0x0, 0x0)

22:19:15 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
r2 = epoll_create1(0x0)
r3 = epoll_create1(0x0)
r4 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r4, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000200))
epoll_pwait(r3, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r5 = dup3(r4, r3, 0x0)
ioctl$BLKIOOPT(r5, 0x1279, &(0x7f0000000700))
setsockopt$IP6T_SO_SET_ADD_COUNTERS(r5, 0x29, 0x41, &(0x7f0000000180)={'security\x00', 0x2, [{}, {}]}, 0x48)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000100)={@ptr={0x70742a85, 0x0, 0x0}, @flat, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0})

22:19:15 executing program 4:
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff})
write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f000001a000))
creat(0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00001f0000)='/dev/ptmx\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r1=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0)
vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

22:19:15 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0xb1, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba78d9b7bfecfc62f4d7445e58e528a9deeb520b535a7f40992bfc32890b724bf159ca7576d643d92f959e66bd87c291a7858277ed53336f134ae17efa05483d982a5a9f76c311a39cb3c4983e5f640d0b960c7c8a6c8e1b1ee6564c228a889e05e5193055abba69b489b3e7fd009e5f", @ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627300000000000000000000000000000000000000008561646600"/96]], 0x0, 0x0, 0x0})

22:19:15 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0xa9, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba78d9b7bfecfc62f4d7445e58e528a9deeb520b535a7f40992bfc32890b724bf159ca7576d643d92f959e66bd87c291a7858277ed53336f134ae17efa05483d982a5a9f76c311a39cb3c4983e5f640d0b960c7c8a6c8e1b1ee6564c228a889e05e5193055abba69b489b3e7fd009e5f"], 0x0, 0x0, 0x0})

22:19:15 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0})

[  521.232198] binder: 12038:12045 got transaction with invalid offset (0, min 0 max 0) or object.
[  521.243276] binder: 12038:12045 transaction failed 29201/-22, size 0-24 line 3379
[  521.253095] binder: 12054:12056 got transaction with invalid data ptr
[  521.253120] binder: 12054:12056 transaction failed 29201/-14, size 96-24 line 3316
22:19:15 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0})

22:19:15 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0})

22:19:15 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0})

[  521.253350] binder: undelivered TRANSACTION_ERROR: 29201
[  521.267881] binder: 12058:12059 got transaction with invalid data ptr
[  521.267905] binder: 12058:12059 transaction failed 29201/-14, size 96-24 line 3316
[  521.268192] binder: undelivered TRANSACTION_ERROR: 29201
[  521.316116] binder: undelivered TRANSACTION_ERROR: 29201
22:19:18 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0))
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

22:19:18 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000080)}}], 0x0, 0x0, 0x0})

22:19:18 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0})

22:19:18 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r1, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r2, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r3 = dup(r2)
ioctl$sock_inet_SIOCGIFBRDADDR(r3, 0x8919, &(0x7f00000000c0)={'hsr0\x00', {0x2, 0x4e23, @initdev={0xac, 0x1e, 0x1, 0x0}}})
getsockopt$sock_int(r1, 0x1, 0xa, &(0x7f0000000000), &(0x7f0000000080)=0x4)

22:19:18 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x108040, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r1, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=@ipv4_getroute={0x1c, 0x1a, 0x2, 0x70bd25, 0x25dfdbfd, {0x2, 0x14, 0x0, 0x1f, 0x6, 0x5, 0xc8, 0x4, 0x500}, ["", "", "", ""]}, 0x1c}}, 0x2000014)

22:19:18 executing program 1:
memfd_create(&(0x7f00000001c0)='\xb3', 0x0)
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="d3e1bb03000000148c0f34"], 0xe}}, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
r1 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/avc/cache_stats\x00', 0x0, 0x0)
pipe2(&(0x7f0000000140)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x80000)
write$FUSE_LK(r2, &(0x7f0000000180)={0x28, 0xffffffffffffffda, 0x1, {{0x6ad5, 0x8}}}, 0x28)
tkill(r0, 0x10000000001c)
r3 = open(&(0x7f0000000480)='./file0\x00', 0x10400, 0xa)
ioctl$EVIOCSFF(r3, 0x40304580, &(0x7f0000000080)={0x0, 0x2, 0x0, {}, {}, @cond=[{0x0, 0x0, 0x0, 0x0, 0x20}, {0x0, 0x0, 0x0, 0x40}]})
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
r4 = add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz', 0x1}, &(0x7f0000000240)="685f313415c8b95e9d01ce54bb97e2aed5fe1ddb8be547e0a01167903c14f01fe569f823fb77322e9e27c165d925f7324d349070be486674282bf14212052ab1402df3465900098dac14f565c3a878c2410ce2364b69ca1adc7f69b7ad8a2830898981784f470e834ce55584187e5104109e261145d2173c649efb4c99ce65e52a564ff704a32c99f1cbde", 0x8b, 0xfffffffffffffffd)
keyctl$describe(0x6, r4, &(0x7f0000000300)=""/163, 0xa3)
ptrace$cont(0x7, r0, 0x0, 0x0)
setsockopt$inet6_MCAST_LEAVE_GROUP(r1, 0x29, 0x2d, &(0x7f00000003c0)={0x576a, {{0xa, 0x4e23, 0x9, @local, 0x6}}}, 0x88)

22:19:18 executing program 4:
r0 = perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x1f, 0x1, 0x0, 0x3, 0x0, 0x7fff, 0x1101, 0x9, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_config_ext={0x521, 0x189}, 0x8, 0x4, 0x5b, 0x6, 0x1, 0x78e1, 0x7}, 0x0, 0x8, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40042409, 0x1)
r1 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/p\xb7\x1a\xf1\x82J/\xcc^\x00', 0x513d8a65648b09bb, 0x0)
getresuid(&(0x7f00000000c0), &(0x7f0000000180), &(0x7f00000001c0))
pidfd_send_signal(r1, 0x0, &(0x7f0000000100), 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r2, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="14000000ec00ffff0000020000"], 0x14}}, 0x0)
fsetxattr$trusted_overlay_upper(r2, &(0x7f0000000240)='trusted.overlay.upper\x00', &(0x7f0000000280)={0x0, 0xfb, 0x20, 0x0, 0x7b, "7b09244f6c363216a290dd6c56dc9b39", "b690a32ae2a089931c5d1c"}, 0x20, 0x1)
io_setup(0x83e, &(0x7f0000000200))

22:19:18 executing program 5:
r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0xa7def7838da2f287, 0x0)
ioctl$SIOCAX25ADDFWD(r0, 0x89ea, &(0x7f0000000080)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}})
r1 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r1, 0x0, 0x0, 0x0)

22:19:18 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0})

22:19:18 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2, 0x36}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

[  524.241865] binder: 12078:12080 got transaction with invalid offset (0, min 0 max 0) or object.
[  524.263013] binder: 12078:12080 transaction failed 29201/-22, size 0-24 line 3379
[  524.276803] binder: undelivered TRANSACTION_ERROR: 29201
22:19:18 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x55, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba78d9b7bfecfc62f4d7445e58e528a9deeb520b535a7f40992bfc32"], 0x0, 0x0, 0x0})

22:19:18 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000000))
pidfd_send_signal(r0, 0x0, 0x0, 0x0)

[  524.302945] binder: 12106:12109 got transaction with invalid parent offset or type
[  524.324859] binder: 12106:12109 transaction failed 29201/-22, size 104-24 line 3454
[  524.326272] binder: 12113:12115 got transaction with invalid data ptr
[  524.326294] binder: 12113:12115 transaction failed 29201/-14, size 96-24 line 3316
[  524.326428] binder: undelivered TRANSACTION_ERROR: 29201
[  524.364117] binder: 12106:12109 ioctl c0306201 20000800 returned -14
[  524.373046] binder: undelivered TRANSACTION_ERROR: 29201
22:19:21 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(0xffffffffffffffff, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

22:19:21 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x1, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='\x00'], 0x0, 0x0, 0x0})

22:19:21 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x8000, 0x0)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)

22:19:21 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="9d24827700594100c30800000000000095ec0f83534ed46a"], &(0x7f0000000180)='EP\xd4\x00\x1f\x91\xeb/W\xb72$C0%\x03\x9c0\x96\xb2\fkC\x93H\xbfh\x9c\b`\x857\xd6\">c\xad\xc0bO\xba\xe2\xe1\t5\x9d\xcei\"2L\xcc\x13\x16\vh\xca\xe6C\x06\x97%\x9d\xd5-\x1fs\xe1j\xdc5\x92\xd0)%\xdf\xfa\xe8^\x9c\xd29\x8clg\xc8\x7f\xb5\xb1&\x02\xf1E\xb4\x84\xbeE\x91)f\xe8\xb7\xe2\xf6`i\xc5m\xd7l\x1d\xc1\x12\x01<:kM\xe9\x99\xcd\xcd\xc8\x85Z\xee47\xdc\xc8u\x80\xcf\xbeTo\xbb\xfb\xc0\xebV\xd8\xbb\xbe\xa2\x90J|s\xc2', 0x1, 0xc3, &(0x7f0000000000)=""/195}, 0x48)
openat$selinux_relabel(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/relabel\x00', 0x2, 0x0)
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
clock_gettime(0x0, &(0x7f00000002c0)={<r4=>0x0, <r5=>0x0})
r6 = epoll_create1(0x0)
r7 = epoll_create1(0x0)
r8 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r6, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r8, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r8, &(0x7f0000000200))
epoll_pwait(r7, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r8, r7, 0x0)
timerfd_settime(r8, 0x0, &(0x7f0000000180)={{r4, r5+10000000}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r3, &(0x7f0000000200))
r9 = dup3(r1, r3, 0x80000)
ioctl$RTC_PIE_ON(r9, 0x7005)
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r10, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
ioctl$sock_inet_SIOCGIFNETMASK(r10, 0x891b, &(0x7f0000000300)={'rose0\x00', {0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0xa}}})
r11 = dup3(r3, r2, 0x0)
ioctl$BLKIOOPT(r11, 0x1279, &(0x7f0000000700))
ioctl$TIOCGISO7816(r11, 0x80285442, &(0x7f0000000280))
pidfd_send_signal(r0, 0x0, 0x0, 0x0)

22:19:21 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x0, 0x36}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

22:19:21 executing program 1:
memfd_create(&(0x7f00000001c0)='\xb3', 0x0)
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="d3e1bb03000000148c0f34"], 0xe}}, 0x0)
openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/access\x00', 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000080)={0x0, 0x0, 0x0, {}, {}, @cond=[{}, {0x0, 0x0, 0x0, 0x40}]})
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

22:19:21 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x0, 0x36}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

22:19:21 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(0xffffffffffffffff, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

22:19:21 executing program 4:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_open_dev$mice(&(0x7f0000002400)='/dev/input/mice\x00', 0x0, 0x20000)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002480)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f0000002540)={&(0x7f0000002440)={0x10, 0x0, 0x0, 0x600000}, 0xc, &(0x7f0000002500)={&(0x7f00000024c0)={0x2c, r2, 0x8, 0x70bd27, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x81}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x19}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7f}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8000}, 0x8010)
sendmsg$nl_netfilter(r0, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001001ffff000000000000000000020000"], 0x14}}, 0x0)
r3 = dup2(0xffffffffffffffff, r0)
setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r3, 0x6, 0x21, &(0x7f0000000000)="56f39d16b507e51ccef25379e8b0a459", 0x10)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000000c0), &(0x7f0000000180)=0xc)
r4 = gettid()
ptrace$setopts(0x4206, r4, 0x0, 0x0)
tkill(r4, 0x3b)
ptrace$setregs(0xd, r4, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r4, 0x0, 0x0)
r5 = gettid()
ptrace$setopts(0x4206, r5, 0x0, 0x0)
tkill(r5, 0x3b)
r6 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000100)='/dev/uinput\x00', 0x2, 0x0)
write$uinput_user_dev(r6, &(0x7f0000000400)={'syz1\x00'}, 0x45c)
ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000000040)={{0x1}})
r7 = gettid()
r8 = creat(&(0x7f00000000c0)='./file0\x00', 0x1)
write$binfmt_script(r8, &(0x7f0000000100)={'#! ', './file0'}, 0xb)
r9 = geteuid()
fchown(r8, r9, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r8)
clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ptrace$setopts(0x4206, r7, 0x0, 0x0)
setsockopt$netlink_NETLINK_RX_RING(0xffffffffffffffff, 0x10e, 0x6, 0x0, 0x0)

[  527.279522] binder: 12123:12129 unknown command 0
22:19:21 executing program 1:
memfd_create(&(0x7f00000001c0)='\xb3', 0x0)
clone(0x280857fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="d3e1bb03000000148c0f34"], 0xe}}, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000080)={0x0, 0x0, 0x0, {}, {}, @cond=[{}, {0x0, 0x0, 0x0, 0x3f}]})
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

22:19:21 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(0xffffffffffffffff, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

22:19:22 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x0, 0x36}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

22:19:22 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

[  527.282416] binder: 12126:12132 got transaction with out-of-order buffer fixup
[  527.282801] binder: 12126:12132 transaction failed 29201/-22, size 104-24 line 3467
[  527.282816] binder: 12126:12132 ioctl c0306201 20000800 returned -14
[  527.282962] binder: undelivered TRANSACTION_ERROR: 29201
[  527.336942] binder: 12140:12144 got transaction with out-of-order buffer fixup
[  527.336970] binder: 12140:12144 transaction failed 29201/-22, size 104-24 line 3467
[  527.336987] binder: 12140:12144 ioctl c0306201 20000800 returned -14
22:19:22 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x1, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='\x00'], 0x0, 0x0, 0x0})

22:19:22 executing program 1:
memfd_create(&(0x7f00000001c0)='\xb3', 0x0)
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/exec\x00', 0x2, 0x0)
signalfd4(r0, &(0x7f0000000040)={0xd0}, 0x8, 0x80000)
r1 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="d3e1bb03000000148c0f34"], 0xe}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff})
close(r2)
io_setup(0x6, &(0x7f0000000140)=<r3=>0x0)
io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x12f}])
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r4, &(0x7f0000d65000)={0x0, 0xfffffffffffffe02, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[]}, 0x1, 0x0, 0x0, 0x1000}, 0x4000)
r5 = epoll_create1(0x0)
r6 = epoll_create1(0x0)
r7 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r7, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r7, &(0x7f0000000200))
epoll_pwait(r6, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r8 = dup3(r7, r6, 0x0)
ioctl$BLKIOOPT(r8, 0x1279, &(0x7f0000000700))
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r9, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r10, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r11 = dup(r10)
io_submit(r3, 0x2, &(0x7f00000002c0)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7, 0x1, r4, &(0x7f0000000140)="3ffdeb7552637ff38448fb451c0108733959773c76025fe01f140369fb29c5aa260e961ede8db1f3dcbc4cb5c81a52714f6e3dc5d7d155b2bb55177e059f47a7396871bd68c83e81e089ffa921258b529af569bded164f5c2f17f948661e2d59aa1280667dc8d147aa690fa2", 0x6c, 0x5, 0x0, 0x2, r8}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x1, r9, &(0x7f0000000240)="0c52a575f62cb484e308d3086f13fe1b4749537e25004b83eac6239130e63d9abdf65eaeadbf407d0c3fb7a9d73e56c5bf0ec1009bd1b0", 0x37, 0x80000001, 0x0, 0x0, r11}])
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x10000000001c)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000080)={0x0, 0x0, 0x0, {}, {0x0, 0x1000}, @cond=[{}, {0x0, 0xc3, 0x0, 0x40}]})
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r1, 0x0, 0x0)

[  527.337285] binder: undelivered TRANSACTION_ERROR: 29201
[  527.370866] binder: 12159:12162 got transaction with out-of-order buffer fixup
[  527.370896] binder: 12159:12162 transaction failed 29201/-22, size 104-24 line 3467
[  527.370915] binder: 12159:12162 ioctl c0306201 20000800 returned -14
[  527.371079] binder: undelivered TRANSACTION_ERROR: 29201
[  527.462218] binder: 12123:12129 ioctl c0306201 20000800 returned -22
[  527.482578] binder: 12172:12176 unknown command 0
[  527.487502] binder: 12172:12176 ioctl c0306201 20000800 returned -22
22:19:22 executing program 5:
openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)

22:19:22 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

22:19:22 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

22:19:22 executing program 4:
r0 = epoll_create1(0x0)
r1 = epoll_create1(0x0)
r2 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r2, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000200))
epoll_pwait(r1, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r3 = dup3(r2, r1, 0x0)
ioctl$BLKIOOPT(r3, 0x1279, &(0x7f0000000700))
ioctl$DRM_IOCTL_AUTH_MAGIC(r3, 0x40046411, &(0x7f0000000000)=0x9)
r4 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r4, 0x0, &(0x7f0000000100), 0x0)

22:19:22 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x1, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='\x00'], 0x0, 0x0, 0x0})

22:19:22 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x2b, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00`\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0})

22:19:22 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)

22:19:22 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

[  528.178085] binder: 12183:12186 got transaction with invalid parent offset or type
[  528.180185] binder: 12185:12188 unknown command 0
[  528.180193] binder: 12185:12188 ioctl c0306201 20000800 returned -22
22:19:22 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r1, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
getsockopt$sock_timeval(r1, 0x1, 0x42, &(0x7f0000000000), &(0x7f0000000080)=0x10)

22:19:22 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100), 0x0, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

22:19:22 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x2b, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00`\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0})

[  528.218129] binder: 12193:12199 got transaction with invalid data ptr
[  528.218162] binder: 12193:12199 transaction failed 29201/-14, size 96-0 line 3316
[  528.218458] binder: undelivered TRANSACTION_ERROR: 29201
[  528.253325] binder: 12207:12210 got transaction with invalid data ptr
22:19:22 executing program 1:
memfd_create(&(0x7f00000001c0)='\xb3', 0x0)
openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/hash_stats\x00', 0x0, 0x0)
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="d3e1bb03000000148c0f34"], 0xe}}, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000080)={0x0, 0x0, 0x0, {}, {}, @cond=[{}, {0x0, 0x0, 0x0, 0x40}]})
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

22:19:22 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x2b, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00`\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0})

22:19:22 executing program 5:
openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
socket$inet6(0xa, 0x80006, 0x38)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x2, &(0x7f0000000000)=[{0xf39e, 0x40, 0x1, 0x7}, {0x7, 0xff, 0x4, 0x8}]}, 0x10)
ioctl$sock_SIOCGIFBR(r0, 0x8940, &(0x7f0000000100)=@add_del={0x2, &(0x7f00000000c0)='rose0\x00'})

22:19:22 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x0, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2}, @fda}, 0x0}}], 0x0, 0x0, 0x0})

[  528.253349] binder: 12207:12210 transaction failed 29201/-14, size 96-0 line 3316
[  528.253696] binder: undelivered TRANSACTION_ERROR: 29201
[  528.302236] binder: 12183:12186 transaction failed 29201/-22, size 104-24 line 3454
[  528.311338] binder: 12183:12186 ioctl c0306201 20000800 returned -14
[  528.319348] binder: 12219:12227 got transaction with invalid data ptr
[  528.320154] binder: undelivered TRANSACTION_ERROR: 29201
[  528.338413] binder: 12219:12227 transaction failed 29201/-14, size 96-0 line 3316
[  528.338738] binder: release 12230:12232 transaction 937 out, still active
[  528.338742] binder: undelivered TRANSACTION_COMPLETE
[  528.344355] binder: send failed reply for transaction 937, target dead
[  528.370529] binder: undelivered TRANSACTION_ERROR: 29201
22:19:23 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x0, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2}, @fda}, 0x0}}], 0x0, 0x0, 0x0})

22:19:23 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100), 0x0, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

22:19:23 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x40, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba78d9b7bfecfc"], 0x0, 0x0, 0x0})

22:19:23 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
r1 = epoll_create1(0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
write$FUSE_NOTIFY_INVAL_ENTRY(r2, &(0x7f0000000280)={0x2c, 0x3, 0x0, {0x4, 0xb, 0x0, '/proc/self\x00'}}, 0x2c)
r3 = epoll_create1(0x0)
r4 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f00000000c0)={0x20000001})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r5, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r6 = fcntl$dupfd(r3, 0x406, r5)
timerfd_settime(r6, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r4, &(0x7f0000000200))
epoll_pwait(r3, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
eventfd2(0x9, 0x80800)
r7 = dup3(r4, r3, 0x0)
ioctl$BLKIOOPT(r7, 0x1279, &(0x7f0000000700))
write$P9_RREADDIR(r7, &(0x7f0000000180)={0xc5, 0x29, 0x2, {0x318, [{{0x0, 0x2, 0x4}, 0x1, 0x1, 0x7, './file0'}, {{0x47, 0x2}, 0x5, 0x6, 0x7, './file0'}, {{0x10, 0x2, 0x8}, 0x10001, 0x5, 0x7, './file0'}, {{0x41e8d7fd0c7c47e2, 0x2, 0x5}, 0x0, 0x3, 0x7, './file0'}, {{0xf9, 0x0, 0x6}, 0x5, 0x3, 0x7, './file0'}, {{0x5183ab83dad060e5, 0x2, 0x4}, 0x3, 0xff, 0x7, './file0'}]}}, 0xc5)
openat$cgroup_ro(r7, &(0x7f0000000000)='cpuacct.stat\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)

22:19:23 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
ioctl$int_out(0xffffffffffffffff, 0x2a30, &(0x7f0000000080))
r1 = open(&(0x7f0000000000)='./file0\x00', 0x202000, 0x10a)
ioctl$RTC_EPOCH_SET(r1, 0x4008700e, 0xcdd)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)

22:19:23 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x0, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2}, @fda}, 0x0}}], 0x0, 0x0, 0x0})

22:19:23 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x2b, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00`\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0})

22:19:23 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100), 0x0, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

[  529.040574] binder: release 12242:12247 transaction 939 out, still active
[  529.050749] binder: undelivered TRANSACTION_COMPLETE
[  529.056457] binder: 12243:12248 got transaction with invalid data ptr
[  529.056485] binder: 12243:12248 transaction failed 29201/-14, size 96-24 line 3316
[  529.089928] binder: BINDER_SET_CONTEXT_MGR already set
[  529.089936] binder: 12259:12263 ioctl 40046207 0 returned -16
[  529.090357] binder_alloc: 12242: binder_alloc_buf, no vma
[  529.090375] binder: 12259:12263 transaction failed 29189/-3, size 104-0 line 3284
[  529.092545] binder: BINDER_SET_CONTEXT_MGR already set
[  529.092553] binder: 12260:12261 ioctl 40046207 0 returned -16
[  529.093940] binder_alloc: 12243: binder_alloc_buf, no vma
[  529.093957] binder: 12260:12261 transaction failed 29189/-3, size 96-0 line 3284
[  529.170568] binder: undelivered TRANSACTION_ERROR: 29189
[  529.176080] binder: undelivered TRANSACTION_ERROR: 29189
[  529.181664] binder: undelivered TRANSACTION_ERROR: 29201
[  529.187172] binder: send failed reply for transaction 939, target dead
22:19:25 executing program 1:
memfd_create(&(0x7f00000001c0)='\xb3', 0x0)
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
r1 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/mls\x00', 0x0, 0x0)
sendmsg$nl_netfilter(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="b28db67d69e114e4faff7621"], 0xc}, 0x1, 0x0, 0x0, 0x80}, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000080)={0x0, 0x0, 0x0, {}, {}, @cond=[{}, {0x0, 0x0, 0x0, 0x40}]})
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

22:19:25 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
pwritev(r1, &(0x7f0000000100)=[{&(0x7f0000000080)="f3acf9a841d6a8c4dc1a11fff122f9aaac5ca0ed323c2420fabadac36dc9552715670f18d03bbad9b200063a368a8dd81573c1cd49816d7859883a736bd9950f402e85a68397fb27", 0x48}, {&(0x7f0000000000)="34ab122d378bca2fabc94c9c1822d3cb5f9a3a748993a8ee4270b2e5fe56e622c4d8efab9febe303d971ea38e38f30417796078b76d87a", 0x37}], 0x2, 0x0)

22:19:25 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x2b, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00`\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0})

22:19:25 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0x0, 0x0, 0x0)
dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

22:19:25 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
r2 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r2, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r3, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
ioctl$BINDER_SET_MAX_THREADS(r2, 0x40046205, &(0x7f0000000040)=0x5)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})
fcntl$getown(0xffffffffffffffff, 0x9)

22:19:25 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x400000, &(0x7f0000000100), 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = creat(&(0x7f0000000000)='./file0\x00', 0x2)
r3 = socket$netlink(0x10, 0x3, 0xa)
fcntl$dupfd(r3, 0x0, r3)
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f00000005c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000480)={0x110, r4, 0x1, 0x70bd25, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_DEST={0x60, 0x2, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@rand_addr=0x59}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x2f7f}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@initdev={0xac, 0x1e, 0x1, 0x0}}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x7}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e22}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@loopback}]}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x8}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x3b}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xa24}, @IPVS_CMD_ATTR_DAEMON={0x14, 0x3, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0xfee5}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}]}, @IPVS_CMD_ATTR_DAEMON={0x64, 0x3, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @broadcast}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth0_to_bond\x00'}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e20}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x3}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @initdev={0xac, 0x1e, 0x6, 0x0}}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'caif0\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @broadcast}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x101}]}, 0x110}, 0x1, 0x0, 0x0, 0x8800}, 0x4)
sendmsg$IPVS_CMD_GET_DAEMON(r2, &(0x7f0000000840)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x4010080}, 0xc, &(0x7f0000000800)={&(0x7f0000000780)=ANY=[@ANYBLOB='b\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="120128bd7000ffdbdf250b000000080005000500000008000600070000000800050007000000"], 0x2c}, 0x1, 0x0, 0x0, 0x4043}, 0x40000)
sendmsg$IPVS_CMD_NEW_DEST(r1, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000180)={0xb0, r4, 0x20, 0x70bd2c, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DAEMON={0x40, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @local}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x6}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e23}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e20}]}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0x2}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x7ff}, @IPVS_DEST_ATTR_TUN_PORT={0x8, 0xe, 0x4e20}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0xc97}]}, @IPVS_CMD_ATTR_DAEMON={0x30, 0x3, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x6}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @local}]}]}, 0xb0}, 0x1, 0x0, 0x0, 0x200040c0}, 0xc080)

22:19:25 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0x0, 0x0, 0x0)
dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

22:19:26 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r1, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
pidfd_send_signal(r0, 0x5, 0x0, 0x0)
r2 = epoll_create1(0x0)
r3 = epoll_create1(0x0)
r4 = timerfd_create(0x0, 0x0)
r5 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r5, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r6, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r5, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffd000/0x2000)=nil, 0x2000}, &(0x7f00000001c0)=0x10)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r4, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000200))
epoll_pwait(r3, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r7 = dup3(r4, r3, 0x0)
ioctl$BLKIOOPT(r7, 0x1279, &(0x7f0000000700))
accept(0xffffffffffffffff, &(0x7f00000003c0)=@can={0x1d, <r8=>0x0}, &(0x7f0000000300)=0x80)
r9 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0x400, 0x0)
write$smack_current(r9, &(0x7f00000004c0)='selinuxeth1\x00', 0xc)
connect$packet(r9, &(0x7f0000000100)={0x11, 0x6, r8, 0x1, 0x2, 0x6, @random="2b41ce5a94a3"}, 0x14)
sendmsg$nl_route_sched(r7, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="240000002e000009293861ed9700000000000000", @ANYRES32=r8, @ANYBLOB="1000f2ff020005000f000800"], 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x40001)

22:19:26 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0x0, 0x0, 0x0)
dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

[  531.328022] binder: 12272:12284 got transaction with invalid data ptr
[  531.339687] binder: 12272:12284 transaction failed 29201/-14, size 96-0 line 3316
[  531.364462] binder: undelivered TRANSACTION_ERROR: 29201
22:19:26 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x2b, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00`\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0})

22:19:26 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x4, 0x400)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r3, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r3, &(0x7f0000000200))
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r4 = openat$selinux_user(0xffffffffffffff9c, &(0x7f00000001c0)='/selinux/user\x00', 0x2, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r4, &(0x7f0000000240)={0x10002002})
r5 = dup3(r3, r2, 0x0)
ioctl$BLKIOOPT(r5, 0x1279, &(0x7f0000000700))
accept4$inet(r5, &(0x7f0000000000)={0x2, 0x0, @initdev}, &(0x7f0000000080)=0x10, 0x800)

22:19:26 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(0xffffffffffffffff, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

22:19:26 executing program 1:
memfd_create(&(0x7f00000001c0)='\xb3', 0x0)
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="d3e1bb03000000148c0f34"], 0xe}}, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e22, 0x9, @rand_addr="150a29c819458fcfbbef414c0ecb4c3a", 0x8}, 0x1c)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000080)={0x0, 0x0, 0x0, {}, {}, @cond=[{}, {0x0, 0x0, 0x0, 0x40}]})
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

[  531.371479] binder: 12276:12283 got transaction with invalid parent offset or type
[  531.382887] binder: 12276:12283 transaction failed 29201/-22, size 104-24 line 3454
22:19:26 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x36, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a37"], 0x0, 0x0, 0x0})

22:19:26 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x36, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a37"], 0x0, 0x0, 0x0})

22:19:26 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x36, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a37"], 0x0, 0x0, 0x0})

[  531.406315] binder: 12303:12308 got transaction with invalid data ptr
[  531.406341] binder: 12303:12308 transaction failed 29201/-14, size 96-0 line 3316
[  531.406576] binder: undelivered TRANSACTION_ERROR: 29201
[  531.449531] binder: 12317:12321 got transaction with invalid data ptr
[  531.449559] binder: 12317:12321 transaction failed 29201/-14, size 96-24 line 3316
[  531.449704] binder: undelivered TRANSACTION_ERROR: 29201
[  531.466201] binder: 12327:12328 got transaction with invalid data ptr
[  531.466226] binder: 12327:12328 transaction failed 29201/-14, size 96-24 line 3316
[  531.466457] binder: undelivered TRANSACTION_ERROR: 29201
[  531.484239] binder: 12330:12331 got transaction with invalid data ptr
[  531.484264] binder: 12330:12331 transaction failed 29201/-14, size 96-24 line 3316
[  531.484534] binder: undelivered TRANSACTION_ERROR: 29201
[  531.530789] binder: 12276:12283 ioctl c0306201 20000800 returned -14
[  531.539805] binder: undelivered TRANSACTION_ERROR: 29201
[  531.550133] binder: 12276:12298 got transaction with invalid parent offset or type
[  531.557927] binder: 12276:12298 transaction failed 29201/-22, size 104-24 line 3454
[  531.565781] binder: 12276:12298 ioctl c0306201 20000800 returned -14
22:19:26 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x4827afc5523e2d72, 0x0)
ioctl$RTC_RD_TIME(r1, 0x80247009, &(0x7f00000000c0))
r2 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})
prctl$PR_SET_UNALIGN(0x6, 0x2)

22:19:26 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3b, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba78"], 0x0, 0x0, 0x0})

22:19:26 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x36, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a37"], 0x0, 0x0, 0x0})

[  531.572540] binder: undelivered TRANSACTION_ERROR: 29201
[  531.588785] binder: 12337:12338 got transaction with invalid parent offset or type
[  531.591475] binder: 12336:12340 got transaction with invalid data ptr
[  531.591498] binder: 12336:12340 transaction failed 29201/-14, size 96-24 line 3316
[  531.591733] binder: undelivered TRANSACTION_ERROR: 29201
[  531.607606] binder: 12342:12343 got transaction with invalid data ptr
[  531.607630] binder: 12342:12343 transaction failed 29201/-14, size 96-24 line 3316
[  531.607861] binder: undelivered TRANSACTION_ERROR: 29201
[  531.645262] binder: 12337:12338 transaction failed 29201/-22, size 104-24 line 3454
[  531.653391] binder: 12337:12338 ioctl c0306201 20000800 returned -14
[  531.661772] binder: undelivered TRANSACTION_ERROR: 29201
[  531.667893] binder_alloc: 12337: binder_alloc_buf, no vma
[  531.673672] binder: 12337:12345 transaction failed 29189/-3, size 104-24 line 3284
[  531.681528] binder: 12337:12345 ioctl c0306201 20000800 returned -14
[  531.688271] binder: undelivered TRANSACTION_ERROR: 29189
22:19:26 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r1, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000000201feff000000000000000000020000"], 0x14}}, 0x0)
clock_gettime(0x0, &(0x7f00000047c0)={<r2=>0x0, <r3=>0x0})
syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x4, 0x400001)
recvmmsg(r1, &(0x7f0000004740)=[{{0x0, 0x0, &(0x7f00000003c0), 0x0, &(0x7f0000000440)=""/4096, 0x1000}}, {{&(0x7f0000001440)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000004680)=[{&(0x7f00000014c0)=""/20, 0x14}, {&(0x7f0000001500)=""/4096, 0x1000}, {&(0x7f0000002500)=""/4096, 0x1000}, {&(0x7f0000003500)}, {&(0x7f0000003540)=""/16, 0x10}, {&(0x7f0000003580)=""/4096, 0x1000}, {&(0x7f0000004580)=""/219, 0xdb}], 0x7, &(0x7f0000003500)=""/29, 0x1d}, 0x9}], 0x2, 0x0, &(0x7f0000004800)={r2, r3+30000000})

22:19:26 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x36, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a37"], 0x0, 0x0, 0x0})

22:19:26 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
r2 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r3, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r4, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
ioctl$GIO_SCRNMAP(r3, 0x4b40, &(0x7f0000000840)=""/204)
fgetxattr(r2, &(0x7f0000000200)=@known='trusted.overlay.origin\x00', &(0x7f0000000640)=""/214, 0xd6)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r2, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r5, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
openat(r2, &(0x7f00000001c0)='./file0\x00', 0x101000, 0x4)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=<r6=>0x0)
sched_setaffinity(r6, 0x8, &(0x7f0000000180)=0x90f)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x27, 0x0, &(0x7f0000000600)=ANY=[@ANYRESOCT, @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000851466a231f5e36fa3e9ed087bbf6164660000000000000000000000000200000000000000000000000000000085616466000000000000000000000000000000000000000000000000000000006b423e45492262e1741a3ce0963e8e81776446b3a6d31f65d6a60079f82f49c81629f15f2b7b8d4dcf143c318a3b06578ce53a87bbdddf5e1f66619e"], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB="0000000eb500000028000000020000004800000000000000"]], 0x0, 0x0, 0x0})

22:19:26 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r1, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
shutdown(r1, 0x1)

22:19:26 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(0xffffffffffffffff, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

[  532.219814] binder: 12351:12353 got transaction with invalid data ptr
[  532.234438] binder: 12351:12353 transaction failed 29201/-14, size 96-24 line 3316
[  532.235633] binder: 12352:12355 unknown command 926363952
[  532.235640] binder: 12352:12355 ioctl c0306201 20000800 returned -22
[  532.243086] binder: BINDER_SET_CONTEXT_MGR already set
[  532.243096] binder: 12352:12360 ioctl 40046207 0 returned -16
[  532.280044] binder: undelivered TRANSACTION_ERROR: 29201
[  532.303825] audit: type=1400 audit(1569277166.947:35): avc:  denied  { shutdown } for  pid=12367 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
22:19:29 executing program 1:
memfd_create(&(0x7f00000001c0)='\xb3', 0x0)
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="d3e19b0300e9ff138cfc0eef444fb811cb1952af630f34"], 0xe}}, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000080)={0x0, 0x0, 0x0, {}, {}, @cond=[{}, {0x0, 0x0, 0x0, 0x40}]})
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

22:19:29 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x36, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a37"], 0x0, 0x0, 0x0})

22:19:29 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
r2 = request_key(&(0x7f0000000140)='asymmetric\x00', &(0x7f0000000580)={'syz', 0x2}, &(0x7f0000000640)='user\x00', 0xfffffffffffffff8)
request_key(&(0x7f00000006c0)='user\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000440), r2)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r3, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r4, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
ioctl$PERF_EVENT_IOC_RESET(r3, 0x2403, 0x4)
keyctl$set_timeout(0xf, r2, 0xfffffff0)
r5 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r5, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
setsockopt$inet_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x8, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="053b34e72dd66f52e136b78a6125c5a7c874e7ae3b470929ac96151f8ef25537466be0726c04000000000000001ab9409a35933e8cbaae98e9088447a547ba99b0cf5aebcab8385fabe609aa3f7083bd38f843f653e977dc12e375e3da6efb91802f2ed787f9c31b173a02b8899d8a683598c2352c6897c1c0ca033122d5503354679ed27f"], 0x0, 0x0, 0x0})

22:19:29 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0xfffffffd, &(0x7f0000000100)={0x0, 0x2, 0x8f}, 0x0)

22:19:29 executing program 5:
prctl$PR_SET_MM_AUXV(0x23, 0xc, &(0x7f0000000080)="aba022712d001e89a918d6b107075bf214b6bd0b824a8a0c456f15ce13cdd4474e5cde15cd42554d7cd74750babfdde50620ac8a8b238b1530c11f85bbee91309b0c725bce5c9db11cb97b38892cd49aa94d61dfd1bf16b79422950f1d129d98e6baa1867cd84f432c71bf68f9917192d1dfb206c3c12028ca04e1ee83d28c7898737ee6245278e6915d07728c1b14243c49f46225", 0x95)
openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/attr/current\x00', 0x2, 0x0)
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
r1 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r1, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r2, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000000)={0x2d, 0x4, 0x0, {0x4, 0x7fffffff, 0x5, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x2d)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)

22:19:29 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(0xffffffffffffffff, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

22:19:29 executing program 4:
r0 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r0, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x1)
r1 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r1, 0x0, &(0x7f0000000100), 0x0)

22:19:29 executing program 4:
syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x80000000000, 0x20000)
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\xc1', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)

[  534.438799] binder: 12380:12386 got transaction with invalid data ptr
[  534.451254] binder: 12380:12386 transaction failed 29201/-14, size 96-24 line 3316
[  534.464761] binder: 12379:12390 unknown command -416007419
[  534.464769] binder: 12379:12390 ioctl c0306201 20000800 returned -22
22:19:29 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

22:19:29 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000000)=<r1=>0x0)
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000080)={0x1, 0xa4558dd21d9d4bbb, 0x7, 0x2, r1})
pidfd_send_signal(r0, 0x0, 0x0, 0x0)
r2 = epoll_create1(0x0)
r3 = epoll_create1(0x0)
r4 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r4, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000200))
epoll_pwait(r3, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r5 = dup3(r4, r3, 0x0)
write$9p(r5, &(0x7f0000000240)="4dc5b76a97fbc03fe5abce672fd49856ea092b7f6637958863db64a1a5643110c63292f414a5998d41c6f124f28030681d5918397ae9332ad3e59ca82746216650e8e285ea1fa906047b466908bb2f4980f6d60fef2449665c523d425968a8853f8eba34d53d5aff5508e88c0192832d0e53099a98f430037bb92b095f672bb09c116465633bbb4143775c01c2b628a65aeab074198736ded4eca3ff49a7360783cb3881c7aadf", 0xa7)
ioctl$BLKIOOPT(r5, 0x1279, &(0x7f0000000700))
ioctl$VT_RESIZEX(r5, 0x560a, &(0x7f00000000c0)={0x5, 0xdc2, 0x1, 0x8, 0x7, 0x7})

22:19:29 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r1, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="00000000000067c5180000010000000000000000"], 0x14}}, 0x0)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x800, 0x0)
ioctl$FS_IOC_FSSETXATTR(r2, 0x401c5820, &(0x7f00000000c0)={0xd505, 0x4, 0x8e, 0x0, 0x4})
ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f0000000000)={0x0, 0x3, 0x3, 0x9})

[  534.472528] binder: BINDER_SET_CONTEXT_MGR already set
[  534.472536] binder: 12379:12400 ioctl 40046207 0 returned -16
[  534.485722] binder: 12379:12400 unknown command -416007419
[  534.485729] binder: 12379:12400 ioctl c0306201 20000800 returned -22
[  534.527696] binder: undelivered TRANSACTION_ERROR: 29201
22:19:29 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x39, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40f"], 0x0, 0x0, 0x0})

[  534.535779] binder: 12410:12415 got transaction with invalid parent offset or type
[  534.535808] binder: 12410:12415 transaction failed 29201/-22, size 104-24 line 3454
[  534.535824] binder: 12410:12415 ioctl c0306201 20000800 returned -14
[  534.547360] binder: BINDER_SET_CONTEXT_MGR already set
[  534.547369] binder: 12410:12418 ioctl 40046207 0 returned -16
[  534.547702] binder_alloc: 12410: binder_alloc_buf, no vma
[  534.547722] binder: 12410:12418 transaction failed 29189/-3, size 104-24 line 3284
[  534.547740] binder: 12410:12418 ioctl c0306201 20000800 returned -14
[  534.563397] binder: BINDER_SET_CONTEXT_MGR already set
[  534.563405] binder: 12422:12425 ioctl 40046207 0 returned -16
[  534.563920] binder_alloc: 12380: binder_alloc_buf, no vma
[  534.563939] binder: 12422:12425 transaction failed 29189/-3, size 96-24 line 3284
[  534.647224] binder: undelivered TRANSACTION_ERROR: 29189
[  534.652873] binder: undelivered TRANSACTION_ERROR: 29189
[  534.658523] binder: undelivered TRANSACTION_ERROR: 29201
22:19:32 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x39, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40f"], 0x0, 0x0, 0x0})

22:19:32 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})
r2 = epoll_create1(0x0)
r3 = epoll_create1(0x0)
r4 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r4, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000200))
epoll_pwait(r3, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r5 = dup3(r4, r3, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r6, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
fsetxattr$trusted_overlay_redirect(r6, &(0x7f0000000440)='trusted.overlay.redirect\x00', &(0x7f0000000480)='./file0\x00', 0x8, 0x3)
ioctl$BLKIOOPT(r5, 0x1279, &(0x7f0000000700))
r7 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r7, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
r8 = openat(r7, &(0x7f0000000040)='./file0\x00', 0x0, 0x14c)
r9 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00')
sendmsg$TIPC_NL_MON_GET(r8, &(0x7f0000000340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10010800}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x48, r9, 0xa3e7630118f7a95d, 0x70bd28, 0x25dfdbfd, {}, [@TIPC_NLA_SOCK={0xc, 0x2, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x3ff}]}, @TIPC_NLA_SOCK={0x28, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8}, @TIPC_NLA_SOCK_ADDR={0x8}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xffffffff}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x6}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4014060}, 0x4)
ioctl$TIOCSCTTY(r5, 0x540e, 0x4)

22:19:32 executing program 1:
memfd_create(&(0x7f00000001c0)='\xb3', 0x0)
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="4e0235905c236404c11879"], 0xe}}, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000080)={0x0, 0x0, 0x0, {}, {}, @cond=[{}, {0x0, 0x0, 0x0, 0x40}]})
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
r1 = gettid()
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x3b)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r1, 0x0, 0x0)
ioprio_get$pid(0x2, r1)
r2 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r2, &(0x7f0000000040)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x57, r3, 0x20, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x20040000}, 0x0)
read$eventfd(r2, &(0x7f0000000000), 0x8)
ptrace$cont(0x7, r0, 0x0, 0x0)

22:19:32 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, 0xffffffffffffffff, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

22:19:32 executing program 4:
openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
r0 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/mls\x00', 0x0, 0x0)
mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2, 0x30, r0, 0x0)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)

22:19:32 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)
r1 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/cache_stats\x00', 0x0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r2, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f00000000c0))
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x4)
prctl$PR_GET_FP_MODE(0x2e)

22:19:32 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x39, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40f"], 0x0, 0x0, 0x0})

22:19:32 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='\b\x00roS\x00s%l\a\x00', 0x20001, 0x0)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)

22:19:32 executing program 1:
memfd_create(&(0x7f00000001c0)='\xb3', 0x0)
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
wait4(0x0, 0x0, 0x80000000, 0x0)
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="d3e1bb03000000148c0f34"], 0xe}}, 0x0)
ptrace$setopts(0x4206, 0x0, 0x0, 0x0)
tkill(0x0, 0x10000000001c)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000080)={0x0, 0x0, 0x0, {}, {}, @cond=[{}, {0x0, 0x0, 0x0, 0x40}]})
r0 = accept$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @initdev}, &(0x7f0000000040)=0x1c)
ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'ipddp0\x00', {0x2, 0x4e20, @empty}})
ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, 0x0, 0x0, 0x0)

[  537.458143] binder: 12435:12438 got transaction with invalid parent offset or type
22:19:32 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})

22:19:32 executing program 4:
pidfd_send_signal(0xffffffffffffffff, 0x0, &(0x7f0000000100), 0x0)

22:19:32 executing program 5:
clock_gettime(0x0, &(0x7f0000000000)={<r0=>0x0, <r1=>0x0})
io_pgetevents(0x0, 0x10001, 0x7, &(0x7f0000000080)=[{}, {}, {}, {}, {}, {}, {}], &(0x7f0000000180)={r0, r1+30000000}, &(0x7f0000000200)={&(0x7f00000001c0)={0x100000001}, 0x8})
r2 = epoll_create1(0x0)
r3 = epoll_create1(0x0)
r4 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r4, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000200))
epoll_pwait(r3, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r5 = dup3(r4, r3, 0x0)
ioctl$BLKIOOPT(r5, 0x1279, &(0x7f0000000700))
setsockopt$inet_opts(r5, 0x0, 0x4, &(0x7f0000000240)="3cd7bbfd652f18e73866be66b29a0778ea550ea772900a4ede354b9501df3958b7ffd069f867d1f54240331a683526bb7b5fd268df8b2beb10a648e1da4d6d55524cbd49062fd7b4f85469939632d630dd14df0a671bb82098f4c85598bbe23b9d6d8a4c9f3cecb66c1d04434d5a171318a5d5", 0x73)
r6 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r6, 0x0, 0x0, 0x0)

22:19:32 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)
setsockopt$inet6_MRT6_ADD_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd2, &(0x7f0000000280)={{0xa, 0x4e23, 0x5953, @ipv4={[], [], @rand_addr=0xfff}, 0xfff}, {0xa, 0x4e24, 0x2, @loopback, 0x7}, 0x7, [0x4, 0x3f, 0x2, 0x4, 0x40, 0x6, 0x3, 0x1]}, 0x5c)
r1 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/checkreqprot\x00', 0x10000, 0x0)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00')
sendmsg$IPVS_CMD_NEW_DAEMON(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x78, r2, 0x1, 0x70bd29, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x81}, @IPVS_CMD_ATTR_SERVICE={0x4}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, [@IPVS_DEST_ATTR_U_THRESH={0x8}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e23}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x1}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x1}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x40}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xfff}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x1}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @multicast1}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x7}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e20}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x4840}, 0x0)

22:19:32 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x39, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40f"], 0x0, 0x0, 0x0})

[  537.466458] binder: 12433:12439 got transaction with invalid data ptr
[  537.466485] binder: 12433:12439 transaction failed 29201/-14, size 96-24 line 3316
[  537.466744] binder: undelivered TRANSACTION_ERROR: 29201
[  537.495050] binder: 12448:12452 got transaction with invalid data ptr
[  537.495076] binder: 12448:12452 transaction failed 29201/-14, size 96-24 line 3316
[  537.495226] binder: undelivered TRANSACTION_ERROR: 29201
[  537.538173] binder: 12464:12468 got transaction with invalid data ptr
[  537.538198] binder: 12464:12468 transaction failed 29201/-14, size 96-24 line 3316
[  537.538493] binder: undelivered TRANSACTION_ERROR: 29201
[  537.571366] binder: 12472:12478 got transaction with invalid data ptr
[  537.571392] binder: 12472:12478 transaction failed 29201/-14, size 96-24 line 3316
[  537.571527] binder: undelivered TRANSACTION_ERROR: 29201
[  537.648350] binder: 12435:12438 transaction failed 29201/-22, size 104-24 line 3454
[  537.656672] binder: 12435:12438 ioctl c0306201 20000800 returned -14
22:19:32 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000600), 0x0, 0x0, 0x0})

22:19:32 executing program 1:
memfd_create(&(0x7f00000001c0)='\xb3', 0x0)
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="d3e1bb03000000148c0f34"], 0xe}}, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)
ptrace$setopts(0x4200, 0xffffffffffffffff, 0xc08, 0x90)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000080)={0x0, 0x0, 0x0, {}, {}, @cond=[{}, {0x0, 0x0, 0x0, 0x40}]})
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

22:19:32 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x39, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40f"], 0x0, 0x0, 0x0})

22:19:32 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)
r1 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r1, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r2, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000180)={0x9, 0xc, 0x1})
r3 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforce\x00', 0x420000, 0x0)
getsockopt$inet6_tcp_buf(r3, 0x6, 0x1f, &(0x7f0000000080)=""/14, &(0x7f00000001c0)=0xfffffffffffffe3e)

22:19:32 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, 0xffffffffffffffff, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

[  538.256523] binder: undelivered TRANSACTION_ERROR: 29201
[  538.262596] binder: 12435:12486 got transaction with invalid parent offset or type
[  538.270730] binder: 12435:12486 transaction failed 29201/-22, size 104-24 line 3454
[  538.281179] binder: 12435:12486 ioctl c0306201 20000800 returned -14
[  538.297079] binder: undelivered TRANSACTION_ERROR: 29201
22:19:32 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x39, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40f"], 0x0, 0x0, 0x0})

22:19:33 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
ioctl$TCSETX(0xffffffffffffffff, 0x5433, &(0x7f0000000000)={0x2, 0xffff, [0x5, 0xb1a8, 0x1, 0x20], 0x6})
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)

22:19:33 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x3c8, 0x0, &(0x7f0000000180)=ANY=[@ANYRESDEC, @ANYRESOCT=0x0, @ANYRESHEX], 0x0, 0x0, 0x0})

[  538.324125] binder: BINDER_SET_CONTEXT_MGR already set
[  538.330417] binder: 12494:12503 ioctl 40046207 0 returned -16
[  538.330689] binder: 12492:12498 got transaction with invalid data ptr
[  538.330718] binder: 12492:12498 transaction failed 29201/-14, size 96-24 line 3316
[  538.331066] binder: undelivered TRANSACTION_ERROR: 29201
22:19:33 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000763d2a9d326154ec0014fdd7ce2c1ad5600870273a343ede74855f53ea42d5e62e847e449e1fac487bc7880477c0674773e0df43d8feb5cc9c838d6ad444d5c82ce2690472527411a19f91b212f57101cdb41f6a0ab068f146d0ce3ac44be842c46cd96310ba673a6af3a29b7918572a99640b79e597985814c1e6b194c1a03557f1dd224844714f898baf642dcc59d8d5902c529235496669bbc09671d11dbe4f08ad95637588e6b600cb3e864fb12d55d3eca4eb209ecfaffaa312ab01f6ffffffffffff0000000000000000000002000000000000003e073061aa2b7c34b607fb0f5ca6b4c8a0c71862a8cf8e9000dabc32ba493e0c38c4d444d767192c10c0f2bc1322aed5d6bc4be6b13da4e59d241bbaf3199fd8348d4d5a302c012c2f7f6a5d8a942aba75a5b498efbb792b2a42d0be547834d36b4e806f003024fc57a99c0fb3b11eb8f61d74b0bbfbff8a49faf3c0a63bc886f0e22c03de96d3d0da98428607ef20db46c7cf9e2531a35020ee75404ba9883c960beb4a44456467000000000000fe12d96d5e685982308502c609525a258c87d4895f85eeec6fa0ed1e4b8d8a1227bd9ba9d3d2d9e55ec9a2aec5fdc940798c9330e7efba4428e24b86637232fc3906808f238bd1ee3a8f159cef720590a3d249b0bc902c60c4a46d4611410ac9d966e5727579742538303812b7f9dda947071bde2833d4f45cb42c3ce3a4093b611de86cfc55c27a4f5e3046204fe7a584365f2e8fe8afc6871875dfc431b2cfa41546921651b52c9f886c00d7a36eec2906a0ba3f9592bd9ae781dd388e5726e5d8f62f3d68bd7f82b3357b9ac9262851ae3c63c2b430baf4334a09778bf140085d5f5ce5e5f5192994f69736d4456e08c2425ea43927bdf5d0ec08cebe34889c423cc3ca799087e8b84448e4f1968c9b403402e794bf96f28a43e31ceea6623800000000000000b9ffb088ceb3b075d1c319fee6f5ea7736956c198b20f0900cd50485ba81d562384a69b63ae3cbdff8c9c55a07b682766d52686294caabb1095cc35405eea1939306e3588976dee9c1446e54318d8bd6d08fd1228a7af2a8d9ab5e9e77b2c39120cccb00874ed1bd9557b3f5d93ed7227ddbcd628378736cb368b22bba790000000000000000000000001a8ae4329461dff18bf4a6873ea25ec1547dd096a0f119b3def18af67a80368fb2248ba817be90c5aa844b54c623a877890493688483541ddf2d8fca6a4613326665a537b4ae0c33d5ec6b5885b24e83428071fa4d9d3c0dd4f65bcb9e112e7f3a7a14f94e8c39680223b70286b74cb8bcf28bf4d9a619d74a3e12e16859117a96ecd8cc54b31ae45a69e3cb997c243cbcf33fffaab7adbeaddbe8361cd26088ed502cf5f1128c09a000c0ee3bb815f9cec8e5a9c0ea434f9610b94d1a4c30d386781e0bf3714846084648c2aa2bbb91a53c48bfb9df6f49009ff4e302fdf978fcbdc08e793190dcd3d6a3b3d3b899d13eaff506d99295c40acb60615605e6643bbec4a632ff93a4ebe18b9f34c788760e38341c1e861db2406ec080974faba4b66f9620561c9b71dd090bfed4fcd08a36f0947410de00e537bbe0e1985b9993eb0c07378a987af7b5f3bcf44f962819d6f1a9e2573d4d775c998e10aedf27656714763232a50acaa139a7d370dddeb33bb6445c2571d0e2eb8b23f9887b866c1b7cc15f5e202f2fa96e049a457d7e809763463d5dc777588a2ed27a5f494f2a3e"], 0x0, 0x0, 0x0})
syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x97aa8fa8c8ce54b0)

22:19:33 executing program 5:
openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='\xa2\x96\x8e\x1a\xcd\x18\xa1\xbf\xdc\xb4\x00', 0x101000, 0x0)
r0 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r0, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r1, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
pidfd_send_signal(r0, 0x4, 0x0, 0x0)

22:19:33 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x40100, 0x0)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)
setsockopt$IP_VS_SO_SET_EDITDEST(0xffffffffffffffff, 0x0, 0x489, &(0x7f0000000080)={{0xccfc85cb48540be, @multicast2, 0x4e23, 0x3, 'sed\x00', 0x4, 0x7, 0x1f}, {@empty, 0x4e21, 0x0, 0x4, 0x87c2, 0x3}}, 0x44)
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r3, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r3, &(0x7f0000000200))
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$KDENABIO(r4, 0x4b36)
ioctl$BLKIOOPT(r4, 0x1279, &(0x7f0000000700))
accept(0xffffffffffffffff, &(0x7f00000003c0)=@can={0x1d, <r5=>0x0}, &(0x7f0000000300)=0x80)
ioctl$BLKDISCARD(r4, 0x1277, &(0x7f00000001c0))
r6 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0x400, 0x0)
write$smack_current(r6, &(0x7f00000004c0)='selinuxeth1\x00', 0xc)
prctl$PR_SVE_GET_VL(0x33, 0x25e)
connect$packet(r6, &(0x7f0000000100)={0x11, 0x5, r5, 0x1, 0x2, 0x6, @random="2b41ce5a94a3"}, 0x14)
bind$packet(r4, &(0x7f0000000000)={0x11, 0xc, r5, 0x1, 0x1}, 0x14)
timerfd_create(0x4, 0x0)

22:19:33 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x130, 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000cde749dbcf9f6146000000000000000000600000000000000018000200000000002a370cf40fbafaf0656a158396d731ecd57aeaf4d765c369c2eb0f4ad26d6e08832a06060000003853b700bf1660bd1d21f129d8ff3b83c0c2fbc7bed30374b3b1c81207dbc55a8784e0007628bd8773d243fbea129d0ba3f48da5cfab3773f0128e547755890d9693bb36fdd33f3b3a9f5801e71f0e6b83fe0417348c29e97bd9ec72edb89f14e44abd74b100b749210e3a3d5a0e62b2d0b84db5142df34211ff28b51502e4d3155450e00eda7a5aae37d09a6d4ce3d4b6fff850652bb0be06582d29102430004522703686956986cbfa470a07aabc25a90f339a828c0feff09fd0df3f8baff99aef813600ab22b63546787a134932d0de3d7c55bc7b50401bf8baade8eb585cbdbf66fa0e811d8080a7b222d27621cb0a92ee513532ea462cc2d466a637aa39c2bb9d0e611e436000b577f4bcb3565f67d5ceb0d7b4e8729f922283b40ffff965c53ed2b3089cb4955470d9ce3f0e67485e159292faea6826ef25612c4807dc391cfef41a0fa2028614f16e81f70900f1bd64453c6766a47d9573eb88fe912c4ad2f5f9161413cff0d36d7e311aa4bafa950e0a50214533571f9f775f6e57e8078ff4e18af0ccf61c20fbfbf8d75b77b98364ec57e4d1cd28c5f8a8de28c7b760c18f696d4d2a35e445225eee0f24d40246f279c3cc2b8bc79f9413011c8c6bdf63080ca3a13a9e59e23d48ccf24c72646293b5305c19e324b8429c09f9fbd5d877cd8ed22fd63d0cdd951589f953a54c30cffece4094c7187d3226f8d19b3731028c1900551e70a671fa3cc2480a6af7be542b12fe7034993b0f2ff68222478db41cc9fbb7d1c691681034f124d69f6fc20e623cf7391fe643e750176571160d4e6f416ad81cf8cb8874b9ead245c83d12ff45eafc76620bd6e94ff26e81418e2a1db13f"], 0x0, 0x0, 0x0})

[  538.350554] binder: 12510:12511 got transaction with invalid data ptr
[  538.350579] binder: 12510:12511 transaction failed 29201/-14, size 96-24 line 3316
[  538.350847] binder: undelivered TRANSACTION_ERROR: 29201
[  538.385689] binder: 12516:12521 unknown command 875837489
[  538.385696] binder: 12516:12521 ioctl c0306201 20000140 returned -22
[  538.386257] binder: BINDER_SET_CONTEXT_MGR already set
[  538.386265] binder: 12516:12522 ioctl 40046207 0 returned -16
[  538.386512] binder: 12516:12522 unknown command 875837489
[  538.386519] binder: 12516:12522 ioctl c0306201 20000140 returned -22
[  538.408158] binder_alloc: 12524: binder_alloc_buf size 3043718665544401016 failed, no address space
[  538.408164] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 2097152 (num: 1 largest: 2097152)
[  538.408182] binder: 12524:12527 transaction failed 29201/-28, size 96-3043718665544400920 line 3284
[  538.408416] binder: undelivered TRANSACTION_ERROR: 29201
[  538.414612] binder: BINDER_SET_CONTEXT_MGR already set
[  538.414620] binder: 12524:12529 ioctl 40046207 0 returned -16
[  538.414988] binder: 12524:12529 transaction failed 29189/-22, size 96-3043718665544400920 line 3138
[  538.415198] binder: undelivered TRANSACTION_ERROR: 29189
22:19:33 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000000080)=0x4, 0x4)
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r2 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="00634040000000000000001f0000000000000000000000000000000000009f6000000000dd00001800000000fa00002a370cf40fbaab478262bdb356e6a24c7b8c18204904038b14e90853c0f44d6a8e5b0b243728050c173f3e24c7ad48d3dd18ac31d8215dfd83366701c506dbed880c830c4508a9550a0b28ebb6f955557107b8f1cef58c4cc8b87c297f1f753bf28df3e01c54b28234cb22279492727c8d2a148d639fc92f7751248b16637ec1b99c5f0eee971a9b89afa967d7b20776cc11cb3654df0277de1e6d5c93a557b3c7511aa3decfa4fa30522265876d03321834d5e39d6387db4f8b6fffb3bcb42a74e6c7a5388ee6c1232164031ac4a0a6da2d4087a780b4e4d259ab035759f11d17e09b57c2c46bb939b83992c7d3fad80b824b08a17f6396032c423aacc1df8bfcd1155683699a2012bf77ed0ff25dc4264dd0e9f4905eccde130edc362e2da9e094c5b47424eb5b854a54670834858afe83cbb0d43a6d069813c258365ecffc1cb444812c8cf414e7050f94e408f01fb4893c0e1a5fc0805dbe25d506c18076d0ba487f7786e29ee8f31b73195dc95f216f83865f74a2a645e0"], 0x0, 0x0, 0x0})
openat$smack_thread_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/current\x00', 0x2, 0x0)

[  538.449402] binder: 12535:12537 transaction failed 29201/-28, size 24576-33560576 line 3284
[  538.449557] binder: undelivered TRANSACTION_ERROR: 29201
[  538.450826] binder: BINDER_SET_CONTEXT_MGR already set
[  538.450834] binder: 12535:12540 ioctl 40046207 0 returned -16
[  538.451100] binder: 12535:12540 transaction failed 29189/-22, size 24576-33560576 line 3138
[  538.451293] binder: undelivered TRANSACTION_ERROR: 29189
[  538.583756] binder_alloc: 12543: binder_alloc_buf size 1149557236356350432 failed, no address space
[  538.593126] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 2097152 (num: 1 largest: 2097152)
[  538.602465] binder: 12543:12544 transaction failed 29201/-28, size 402653405-1149557235953697018 line 3284
[  538.613832] binder: undelivered TRANSACTION_ERROR: 29201
[  538.619668] binder: BINDER_SET_CONTEXT_MGR already set
[  538.625307] binder: 12543:12546 ioctl 40046207 0 returned -16
[  538.631804] binder: 12543:12546 transaction failed 29189/-22, size 402653405-1149557235953697018 line 3138
[  538.641899] binder: undelivered TRANSACTION_ERROR: 29189
22:19:35 executing program 1:
memfd_create(&(0x7f00000001c0)='\xb3', 0x0)
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="d3e1bb03000000148c0f34"], 0xe}}, 0x0)
r1 = gettid()
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x3b)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r1, 0x0, 0x0)
ptrace$setopts(0x4206, r1, 0x2, 0x10)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000080)={0x0, 0x0, 0x0, {}, {}, @cond=[{}, {0x0, 0x0, 0x0, 0x40}]})
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

22:19:35 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r2, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="1400926910e4924bc954faac4d508f8994e0f9c107b77725a63ff522fb2f552729e427a90a3c6a55502783221dd21f011fdf7ea230f8a8c7d02f654b47eaee5ef3d0bd565facd2d521ba096c26558dfd570f55a546084517f931f044c495efe32c3e400112aa86753fca3612db4c3eaae9de5a89fe3cb585d1101d845fa020d17675faebb911b894eda0c118cb9b7d7873977b4d691a97c64a859c8fa8efd36cb16dcfacd4ac1fb8c9311c031c0cd157008b913e0748c4b5aea3b42296466eb5b286a45cbb04201da6458f738f2e5ace59c8f97fb8e829b03c35c583852c886581ecd87f235e5f38f9374607273ebd7305da495a8e49bd506fdd4f74a2a7a308e4357491522242538ab4a1ba99535ab2c7464b33290b76bca83a7874f3d44f459a1521d3330fc1aa257160f1a73814d5"], 0x14}}, 0x0)
ioctl$FICLONE(r2, 0x40049409, r0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

22:19:35 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x1d, 0x0, 0x0)

22:19:35 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, 0xffffffffffffffff, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

22:19:35 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x806)
socketpair$unix(0x1, 0xfec097cb9a0b69bc, 0x0, &(0x7f0000000040))
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
r2 = gettid()
ptrace$setopts(0x4206, r2, 0x0, 0x0)
tkill(r2, 0x3b)
ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r2, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x2, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="f640"], 0x0, 0x0, 0x0})

22:19:35 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r3, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r3, &(0x7f0000000200))
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$BLKIOOPT(r4, 0x1279, &(0x7f0000000700))
epoll_ctl$EPOLL_CTL_MOD(r4, 0x3, 0xffffffffffffffff, &(0x7f0000000000)={0x8})

22:19:36 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x122400, 0x0)
accept4(r1, &(0x7f0000000080)=@generic, &(0x7f0000000100)=0x80, 0x807fcfeb54818161)
pidfd_send_signal(r0, 0xffffffff, 0x0, 0x0)
r2 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self\x00', 0x581000, 0x0)
fsync(r2)

22:19:36 executing program 1:
memfd_create(&(0x7f00000001c0)='\xb3', 0x0)
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
iopl(0x6)
wait4(0x0, 0x0, 0x80000000, 0x0)
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="d3e1bb0300b2cf12a22673"], 0xe}}, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000080)={0x0, 0x0, 0x0, {}, {}, @cond=[{}, {0x0, 0x0, 0x0, 0x40}]})
r1 = gettid()
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x3b)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r1, 0x0, 0x0)
rt_tgsigqueueinfo(r0, r1, 0xe, &(0x7f0000000140)={0x5, 0x7, 0x1c000000})
r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
setsockopt$inet6_MRT6_ADD_MIF(r2, 0x29, 0xca, &(0x7f00000000c0)={0x7, 0x1, 0x7f, 0x6, 0x3f}, 0xc)
r3 = open(&(0x7f0000000000)='./file0\x00', 0x800, 0x2)
setsockopt$inet6_opts(r3, 0x29, 0x0, &(0x7f0000000300)=@routing={0x0, 0xc, 0x0, 0x90, 0x0, [@mcast1, @local, @mcast2, @local, @ipv4={[], [], @empty}, @local]}, 0x68)
r4 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r4, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
setsockopt$inet_MCAST_LEAVE_GROUP(r4, 0x0, 0x2d, &(0x7f0000000240)={0x7921, {{0x2, 0x4e24, @loopback}}}, 0x88)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

22:19:36 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x93cb11eb135b5cfe)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})

[  541.330934] binder: 12554:12556 got transaction with invalid parent offset or type
[  541.356712] binder: 12554:12556 transaction failed 29201/-22, size 104-24 line 3454
[  541.373788] binder: 12554:12556 ioctl c0306201 20000800 returned -14
22:19:36 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r2 = fcntl$dupfd(r1, 0x406, r1)
r3 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r4=>0x0, <r5=>0x0})
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000500)={0x0, <r6=>0x0}, &(0x7f0000000540)=0xc)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r7=>0x0})
ioctl$LOOP_SET_CAPACITY(r2, 0x4c07)
r8 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r8, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
setsockopt$inet6_tcp_buf(r8, 0x6, 0x1c, &(0x7f0000000080)="e71e636b5f9de298aea42329b6155113171bfb844b9f498c94a904aabe1f16dc735b173718935e42e709a25ea0ad88acf50f505e26386b466820ea9b142bd3bfd90cf354a1fe025513894fcc09af5fe720229b5c783632031d1a2e5d7ed96f9643426a69cb5bdf58e6c40980f2", 0x6d)
write$P9_RRENAME(r2, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB="2c726f6f746d6fe447010000003030303030308eee35911f52b8118a06e03030303030306c3d", @ANYRESDEC=r7, @ANYBLOB=',group_id=', @ANYRESDEC=r5, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r6, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r4, @ANYBLOB=',pcr=00000000000000000049,rootcontext=staff_u,dont_hash,\x00'])
ioprio_get$uid(0x5, r4)

22:19:36 executing program 1:
memfd_create(&(0x7f00000001c0)='\xb3', 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r0, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r1, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r2 = fcntl$dupfd(r0, 0x406, r1)
write$FUSE_GETXATTR(r2, &(0x7f0000000000)={0x18, 0x0, 0x3, {0x9}}, 0x18)
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="d3e1bb03000000148c2d34325f9812bda674547366928458028227f66f3ba90522ec92290bbfa33ec89d3b3e0325f3f5666d7615ca4fe317d4f66b642abd1e031603d08711757851213c9d3726bb30450b3a2c05f53122b8c1ac35e6ce027c4d87740342c86c9c3e049042e3e9e372f1f42b6f15f273643a79567a51dad0faa59e65"], 0xe}}, 0x0)
ptrace$setopts(0x4206, r3, 0x0, 0x0)
tkill(r3, 0x10000000001c)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000080)={0x0, 0x0, 0x0, {}, {}, @cond=[{}, {0x0, 0x0, 0x0, 0x40}]})
ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r3, 0x0, 0x0)

22:19:36 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000040)=<r2=>0x0)
r3 = accept4$inet(0xffffffffffffffff, &(0x7f0000000100)={0x2, 0x0, @remote}, &(0x7f0000000140)=0x10, 0x1400)
accept$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @initdev}, &(0x7f0000000200)=0x10)
ptrace$poke(0x4, r2, &(0x7f0000000080), 0x4)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x143000, 0x0)
setsockopt$inet_tcp_buf(r4, 0x6, 0x54, &(0x7f0000000840)="8fbcda1bfe3a159c0c621ea4a51fa3fa1602f46082cc6585e790d38ca1ea80eb28bfec64dbd2214305d90eceeb74a0e36e153e4f6b1c59eb9461e02313935926d8b4416f3146ffb389c1a5719572ccc3250741368367b9699d7db2d6dc1d650ed40f301de51a03cb72a50b2ab9940102a9fe149fef428b9c3531f1f5fb381ce6df47bfe0215a948e82196c71c893dd5675f82f9c780463470813e89d9cba52cdf99cfe6ddc869cfd648f3364111ca74912e45eab7f400f7688268a04df2fd91edd59883fb5c33390aed7d1ca5fa1655487aaa4cc9121d914abda54ee41a36216a1d681221ad627b72b919968e5e86cf31b4fc7dc223d11acab72e4a8597dc7c0a5e055cfc76b6b08433dc162e70086d9642b618833f885096fc408aff189e3502808846abfcbe974e84ae24f76ef87dad67ee5c40e0ef3da45ad7d98a04eecb3b361dce331c0301f0047c6994effa8a95fbb6021cda4e975e397a333bf199b29f65b527dfe4853003bca967e46d42afae9949d8cfb054600c88ea14959978ddf6339f6ca9cb4f8077bab7a805b7ca48c6af66f66f0172da7efa2afe6840d623968e858f6564d738e689fe0cccdac5c1ccd37c89bbb76a910615847cb5eaf839ec9635df8143af6f451810684c0783ecbf53e452933d6b016fe3a4d3e783d219807d04fc740f76996ee02e124c6092e875ad6ca9b7a92ceeab921d2bf4f95c8945211625ec7299ffb85e18bc1cab2e0c1c7c298467227b4568febafe67f29dab924e5d02f52e9056d35124218030c0d85ef95ae3ccdfd432ddda6b44963ced696f049d0773b4983bd6dd7dae49e877c18e6dd176d18dc509144eb720b169178386539d75e5ce241f6d7013c48526213b12cebbcd44a64cd3b900f573768c7c052b9d5f8795e1c494bdad75d8cbdf97afbf4a18861e7f59f8c685bcf8e14b4a37d40ac65a1adf0cbb6689514455951d18841a91fdb5e10b7110c1a76bcea32bb312cfe55adb5be421cb56d83005f60b22c9cdd024d3ba0d62b26437601bcdd5e1d12b51e6784c86533306bac16d156939690366cc7cba43e71aad69f7ddf19d627245844a722168f3379ed86e3dcf6deda79b0bce19ed7a0282110e56af1a3d0be1a50014d09a6b7632d60b50f87e57d6264c9b262502cfdb048890183bc6623af5c70b7c912f5b46ebf760f9931d0c1f2e5b826f3b44df62f30517f3362664821f93cacded883e593cf054d5a0c9d6adc63c7c20a57e1ebb0bbdfb12dd235b23cbab1567c9f33d8b685735ece27efa296d09e9a078752f68ef9576ffddba9ad2e5dd184b92217159fd42ff51d8dbd5e0239a1cd33459666af4e0cc8d45ef47ac7e493271d24b210f2dca298bd91152ca4c5c98a51b2fcbf0bab56b6dd98ec3f156592a89f0133a752d7a1c3d27e6169c914821b0f7fb16f54d6e0523023348ffb7fe82dc3153f32a6118aa36d2a3c36a45eecf4ff1dcb26f18bc1b8e5935f94a83dd7a9d11c94cbf2a92895a6e32f6ec6fc607a3523b9bdb69d7a9f2d4ca97d8533b390f25abac3ebb229aec78ceaee7d85270b315be1e06e9091365e2ff96413034716ed1c53487b11bb1349e5422710e391821f068dd9757e7febcd83e6568fc234f614f35d4f20c3fdf8b53adfbba2d169ed2479e261b55d39bcc19cfe8592e0a115d5500b0f6465d33c0e8557c2940b743e9c9672a95a8b463b0bae06f5c43c10002a16878d3eb18a551a3672a6a6b3a0687182f2eda10133da01845167e57abe43e96dfb4899e308e373d613e834b7eef49094a0c010aea62fd88622dfaa757923c8004b67d8eaea25ab81f4bcd1a59ec48bd3cc503ec187478da0e56d62a3b499aabe60e7dc5f0ec21745468c31854024e471f3c0f235202a5283414d817b1bc7fefd88eded214a917184df3f0dbc9f7b5b97982b6dc252a78ee0631112d6c9ce2e47eb145a5b167512550dd4dec4c029b5c4bd7c6a8cf72604ecb6014161e5df8bc5bef006d5348e73b20149bb5874964741f10e97aac480b41b5d8e1712883200192e51202c6cd3ee915df06a4b0794ca22473b3fb6e5069e74ce79bcd1b85317207c067860d8a047a919e2598bff1b570c0237491d62b72750e9ae6158091d07a45aa87314600101f026e8388414c5cb3b648a41f15306be1d844146063ba816a7aa40943fa3c4bd95e525194b43ad695f66fab5e4b2be84a0fcbca065ccbce83ee3bf2de05a44d9a2cc8a322c2d054ca67d6c923315eb5a04855bf2c32edf251819459793f8f2a9b3ec0b6103972a46af6dddc3cd747ab5a514dbbff6ea62909bc93f3df865c0d1ca16076ffecbc8ecf96edca01b13fc0872eab511b66d91454990af2592219d09335b7cfda1db1b024583748e817462da1c2f877c6ee867f00104ddc1c1598b0d9e09db143e1eba8ee2fa9de1b162ca02e8f671f3b262f4b11e6bc24cfbc92eece19bde5d4d53d859a5f9f185f84ca6242e00a8a58d81130fb45c23fb461618f2070b8b80cb452d97ea051005add1219dff76b9c9da9aea16d64ac9f0152d628b16e0194dbb44d83e895104ccda7aaf72c38aa9622a4b6dc3f0eca4ac3f3acdf5f647a36f41cd3d3eda2b84c160ba5bc92b0ab204f06f167348ee164f9b1789c26eecba12e0b7be74c6d829f33dc2d079cb939780db275f2a921645c8aef31ffca961e5805dba75365deb0801c440f260b63778ab249875874ce14b3baede2b414efe1b3b52da5203390a82e446bd73204b80dcf81869d9198b327196d813e6e6ba5c3d441ce944fe892d729f1368e76c70af1bb1dd0d4c0279f654f8f826742010bcd535b3dc17b96e9ad64f4321cd1ba2e2dd40432ddf9e179500c7b986bf582677bb001924c95500c2f4cdbfc7ca334f96239d09fd4647c53b253c7181c0b3fbefe105d06f650d5d128a7fd51ccbd65a909cea060e5bf8bb90ca65a57bc1588ca6e3356145a37ac52836c20ff7611ddea5a8fb795ed4e299839f992162bc4cf013433719b63a52d8d33008a3a1d6a747af32c04e88ce661f076c6997017f665ef1ade3c48890be918ccc297a6c77bff966024a4c1aa3b3191c19e85c0919952d4069a5d829e51c04b8737e519a392fc7aaf0de6932006a1d7fa116dd3866270d56e2e08f43b0888668f63e0a53c88bfa961b332e7f7adfc8c96a6a04d339b183781f197ca6f945715697700cf42fe70ac6ce8ba34522614a1ec06970e12b01761fe07f1b5e2f24218c24823c1c61dc87aef429e98115ca5ade83b5274bd4693c2aaa61bcc48b2841621dd79f3c83a8aa6ce39467c5208378205f86480408ad7238edea3ede6801f2ad15c2b14ba0ef58344b71b7755458d6e8237cd827ea69296a257341a7f5bfe7a9884c6b4300bcc3aadd1dd203cc119ca1c44535052cec8760fded0426c757b724d347e4477443f00853d72f324b81ab35390c6448626e079cd643178a597ddf9edd79a3b8d244a0e0455a14ef9d2e0b1b080e95db5ca71b81bdd19628a7c6434772dfd8aeb132bba4d7bd07ef6e429fcb30a432295072ede01679eea4b5d7cbd0cb2faaf734f0e8fc2343b2f22d4527bc92454e37367de526022166f6495b6ccd020626e30176815318f9e8f577ba579222fc9522021b38c5f210132e809ff8cc7d971d0eb7451858dc886f08c6051f965b15fd145c94657fa197707f7e8f1d4f6fa3a8161fab8f4f7931171d7c8096f374cf4870a3c7671335659580ca551bcab6e343a35a39ff4c082f7187eebbfb0de6facd2bf7fbaca4afad8c37112a2327209a6101dc867c234b04fc601f83e8818978c3a59f01e9d43db41dd2ac11a9e1f84804c5664113af984fa2ec6cf2007f38ffdc6004c357e3175f104e4175023b23acb06b82a4574e410b5a648ec6ceb0b00ae15814102368879b4698aeffcf6cf5ab11aae949d8ef2a63949158cff3e4b92738c48d613152a1fc6d970e32fe9b3be4e08766fd27d6056c53666166da0ee3e03e8c0b0ecc6434a83c987efd234ed12d4f5dadfcb154f820908e0d48686237826b57bf3abe3871582f684e375cb606670a2dfb675b340a45dc92e0c9aedeb8e084d31796cb6fce948f47429d0dbb75b0eba94c2b755c3d1fe6aa4b24339f7fdd2e180c9764a9aec4f3fdaf301e18e4863651d4a1688f381672adba8a4a82ae699f69ae4ebf6a0e89e265611130fe433ac46495f8353545f429722a83f9cd5ed170ee2e8fab3923d9f798ac539c89cca342dd1cc86d3501e962dc5fde16c68159b1dc580904543c463221bb45eaa2f89451569b05187640b6cd91195935087959f47318f1e6af3342eded0f386ed15e5cdf0b082d4177acb5ec0bc6194e07aad0bf3d2e827fe5a89b94fa2da4ad4dedbc8ef0bec6b3a4213b97abda1ec954f20357a0cf9bddc8cee6c54665d9183391e279a048a836e27c244a5dae75f4eefc549e40aae18e5d55713b25ed4c96b0e4dec3854999eae468b78a07029a3030b70ad2eec585f0676d514d674943f1b1369debe55e25ef40321dccba02cec67a2ee29a93e639200a27a995f13dd8d9ba255680be153e9e389b25a75ee6f804a4cd8bab672bfd0c6b9adb74f4c8464dafb0a274ca282edcb3689560e553a76183839ace39d9c96c1ce28e20730683063761e25a8d63d52d505839a751a4a4c6741bbc3af15785d9562b5d897aa3c33b2d517d1f5ab42ca17effd62f59e00fb7a6d03bbde4ce601159d6bc042e80c85571b35a3c41e186d0c0f002ff22c1fb555e58cf14a200e12e3b3f67d445aaaa8abe0004ae40e9a88a072b62771d1559bdd15acaa607017afad8dfe9bc598fac102fd2dcdc053ed2b793c9a9d79c8cc85a7a90236bcf9416fd1e8ca54f080525e8015d076880eb77d9e888fde05bafb2a62933a2f5ab201d5d619961851af15e85cce1380f95fa416e2b4f033b76baebb6919aa9299755e0ae6dcd2b6ceafcf3b37a54b935f893a1594a8a8185c019fce5cd8cdeba80628dd88a785c92101572bf4609b9eba2da4158a533553bdbfd5105b4a1004c09dc233f3bda3b9e0863d4a209aedf20d0ea8dba1f4b54d0b4fd9c909afec16c4eea6066c457f66edbad7c9983491318daac3b9512423999630d978fd6cb6537954be5da0d072223bb67ab9d4df3a926b0a819586ff20df9ed9fe0b20417f578c732d057be4a19508655832a1c2e3ad5ae3443f1a68dccf48273deb4baff91190b87bdb75f2e5ea30441391648361f142a9547bb1f5a24502a26ce7adb05b4a7371bc83fa8cf4d434534c7e5380bad423d5457ffd985e4be3390e64d81218078ba76899fc39c8a2929c3519c9b6f5e2f733140c5172458326e842c236b8527a8fb7d8309c69cd8e8cf030aad1c6b78c419a652cd0aa7441695dfdceced29a44cd1dcfb4b804ec94679b3d70b2b0a21bf61477a5cda61819a85016879709559474ccdf6f954fac04998fa4a4c413c728c947cc614cf5ab8dbc2830f001c1d174df1a3185877a063ada0e613cff0b825f39b6a78363346ae74c85f2e20b8092d9b7e35827083cc7b879cb1db0d0481374f2df3d34e5694797330960d29fb57eb1ea40f469cc86391fa754ac84f68143cd3fa91587ea8612e80640096986e184bc2150bc482fa862e69fbd4b18d7bdfb3f591dfa6d06b0b476b599ff2994002b2b444b84e2fdec3413e4ee0a015205efe85b78c2e1c686c7327b6f11ecb2dbfdb2dc38a2e5e51bc746038946c2e8173eda89372576c91c47c349781aa34e1be6024e43603b3676c2d5f08f364a8ce26393947134a269a8389", 0x1000)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})

[  541.388264] binder: undelivered TRANSACTION_ERROR: 29201
[  541.395782] binder: BINDER_SET_CONTEXT_MGR already set
[  541.402962] binder: 12554:12582 ioctl 40046207 0 returned -16
[  541.408781] binder: BINDER_SET_CONTEXT_MGR already set
[  541.408789] binder: 12577:12585 ioctl 40046207 0 returned -16
22:19:36 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x2)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
r2 = mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
r3 = gettid()
ptrace$setopts(0x4206, r3, 0x0, 0x0)
tkill(r3, 0x3b)
r4 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/enforce\x00', 0xc000, 0x0)
ioctl$LOOP_SET_CAPACITY(r4, 0x4c07)
ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r3, 0x0, 0x0)
r5 = gettid()
ptrace$setopts(0x4206, r5, 0x0, 0x0)
tkill(r5, 0x3b)
ptrace$setregs(0xd, r5, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r5, 0x0, 0x0)
ptrace$setregs(0xffffffffffffffff, r5, 0x401, &(0x7f0000000240)="d26d5ff9683192d942a2680c59ab5d501cd48e2da8011dfe0f2d61023ef19bf748e40c6f7f09d25e59501e5c74198a1f3ba603ee469c8c889cf420474a8ef59d8853cb79e3bc9b5e3eed22ac10bcc5375ff667be27e3c65eaae511ca137f25a898996bc1ff9cfb0abf00118aafc75e0161918446fd248b3cf049e4232d4d62ee909cad29bc873dae58625f2bc63bb4bf0e4d48a26cc27f67fa117c798a2abfda538969166baf869325906bac417246e6a63a22b89ba151f46d5f532f4f9e7d257454b69f9ed2f196a7f11d72a71efc49756e07260fdaf2d5606d1bb56a41eacf9273eef61c51a0")
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000b119a64500000000000068000000000056d16002fa6eb01ebe89", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470040000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561646600000000000000000000000000000000000000003b00"/104], @ANYPTR64=&(0x7f0000000200)=ANY=[@ANYPTR=&(0x7f0000000100)=ANY=[@ANYPTR64, @ANYRES64=0x0, @ANYRES32=0x0, @ANYRESDEC, @ANYRES32=r0], @ANYPTR64=&(0x7f0000000140)=ANY=[@ANYRES16, @ANYRES32=r2, @ANYRESHEX=r0, @ANYRESHEX], @ANYPTR64, @ANYRES16=r3]], 0xffffffffffffff56, 0x0, 0x0})

22:19:36 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)
r1 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/status\x00', 0x0, 0x0)
ioctl$KDSETMODE(r1, 0x4b3a, 0xfffffffffffffffb)

22:19:36 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$RTC_WKALM_RD(0xffffffffffffffff, 0x80287010, &(0x7f00000000c0))
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000200000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a747000000000000000000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561646600000000000000000000000000000000000000000100000000000000"], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0})
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fuse\x00', 0x2, 0x0)

[  541.441916] binder: 12591:12593 got transaction with invalid data ptr
[  541.452929] binder: 12591:12593 transaction failed 29201/-14, size 96-24 line 3316
[  541.468769] binder: undelivered TRANSACTION_ERROR: 29201
[  541.475248] binder: BINDER_SET_CONTEXT_MGR already set
[  541.481718] binder: 12591:12603 ioctl 40046207 0 returned -16
[  541.494355] binder: 12591:12603 transaction failed 29189/-22, size 96-24 line 3138
[  541.498750] binder: 12605:12606 got transaction with invalid parent offset or type
[  541.498810] binder: 12605:12606 transaction failed 29201/-22, size 131176-24 line 3454
[  541.499098] binder: undelivered TRANSACTION_ERROR: 29201
[  541.499778] binder: 12605:12606 got transaction with invalid parent offset or type
[  541.500179] binder: 12605:12606 transaction failed 29201/-22, size 131176-24 line 3454
[  541.500435] binder: undelivered TRANSACTION_ERROR: 29201
[  541.546830] binder: undelivered TRANSACTION_ERROR: 29189
22:19:38 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

22:19:38 executing program 5:
r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000280)='/dev/null\x00', 0x0, 0x0)
getsockopt$inet6_tcp_int(r0, 0x6, 0x22, &(0x7f0000000300), &(0x7f0000000340)=0x4)
r1 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
r2 = open(&(0x7f00000000c0)='./file0\x00', 0x40, 0x0)
setxattr$security_selinux(&(0x7f0000000080)='./file0/file0\x00', &(0x7f0000000380)='security.selinux\x00', &(0x7f0000000500)='system_u:object_r:getty_etc_t:s0\x00', 0x21, 0x3)
setsockopt$IP_VS_SO_SET_DELDEST(r2, 0x0, 0x488, &(0x7f0000000180)={{0x0, @empty, 0x4e21, 0x4, 'fo\x00', 0x0, 0x7fffffff, 0x68}, {@empty, 0x4e23, 0x2000, 0x10001, 0x3d, 0x80000001}}, 0x44)
pidfd_send_signal(r1, 0x0, 0x0, 0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r3, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r4, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
write$P9_RSTAT(r3, &(0x7f0000000200)={0x2be, 0x7d, 0x2, {0x0, 0x4e, 0x2331, 0x8, {0x0, 0xffffffff, 0x3}, 0x40100000, 0x8, 0x7, 0x3ff, 0xb, '/proc/self\x00', 0xb, '/proc/self\x00', 0x3, 'fo\x00', 0x2, '\xab:'}}, 0x55)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r5, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="1400000002a91dcc6200790dde00000000020000"], 0x14}}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r6, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=ANY=[@ANYBLOB="1400000025e8a5a411ff1e720000000000000000020000cb06706f3cfbddd3d6bfa45c13375fd2a104db0098d861ad3415b2c149732ead848a8988a7a77f75b036720e7f43799c"], 0x47}}, 0x0)
r7 = fcntl$dupfd(r5, 0x406, r6)
ioctl$EVIOCGRAB(r7, 0x40044590, &(0x7f0000000000)=0x9)

22:19:38 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r1, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f00000000c0)=0x5, 0x4)
r2 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r2, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
finit_module(r3, &(0x7f0000000040)='\x00', 0x2)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\b\x00\x00\x00\x00\x00']], 0x1ca, 0x0, 0x0})

22:19:38 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000040000000018000000000000002a370cf40fbabe8cccdc3fabf1ecc871f1052ecfbea9b4106ee5b7d79d0138cee483fe850befa1bbd89d30843941750cc5ed853a8d5998a64c025520ad2f90730f6fc5cfe0a459df01fdf5080dd99e1bcd4bd11ee06c6685ca859de38b183efb6a2e6f337408801c09db87b5037058cec0ddca0fc77bd861e987a9f5bdaab8c3b12c955b15b277090d74448e4bc7107868ef0766024cd305c30b454db975"], 0x0, 0x0, 0x0})

22:19:38 executing program 4:
prctl$PR_SET_MM(0x23, 0x7, &(0x7f0000ff9000/0x4000)=nil)
r0 = accept4$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @multicast1}, &(0x7f0000000080)=0x10, 0xc0000)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0xffffffffffffffd0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x10}]}, 0xfd53}}, 0x0)
setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x3, 0x4)
r2 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r2, 0x0, &(0x7f0000000100), 0x0)

22:19:39 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

22:19:39 executing program 4:
openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
r0 = epoll_create1(0x0)
r1 = epoll_create1(0x0)
r2 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r2, 0x0, &(0x7f0000000180)={{}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000200))
epoll_pwait(r1, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r3 = dup3(r2, r1, 0x0)
ioctl$BLKIOOPT(r3, 0x1279, &(0x7f0000000700))
pidfd_send_signal(r3, 0x26, &(0x7f0000000100)={0x0, 0x0, 0x9}, 0x0)
io_setup(0x3, &(0x7f0000000000)=<r4=>0x0)
r5 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/status\x00', 0x0, 0x0)
r6 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f00000001c0)='/selinux/policy\x00', 0x0, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r7, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r8 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r9 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r8, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r9, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r10, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r11 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r12 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r11, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r12, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r13 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x8, 0x6, &(0x7f00000005c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x7}, [@map_val={0x18, 0x0, 0x2, 0x0, r11, 0x0, 0x0, 0x0, 0x1}, @call={0x85, 0x0, 0x0, 0x2f}]}, &(0x7f0000000600)='GPL\x00', 0x7fffffff, 0x0, 0x0, 0x41100, 0x3, [], 0x0, 0x3, 0xffffffffffffffff, 0x8, &(0x7f0000000640)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000680)={0x2, 0x3, 0x0, 0x5}, 0x10}, 0x70)
r14 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r15 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f0000000bc0)={0x10, 0x0, &(0x7f0000000a80)=[@clear_death], 0xdd, 0x0, &(0x7f0000000ac0)="3b7119d2d5249931d8545e761b8e0081b9a6e2c5da330ad410af3cb1fe88c2482952187ae96efaf234d0cb638737ec9c06a00260a46589a039e73d2d963f478b359c687176ae551d906663e645743831cf15086d67f5ad30cd76e5cc605e92db364fc5e9149952042697a2a026e77f3f3953ff0a209f1a2e70551fba88b4049f1b54fa0ca5df74322fda4a203ce29f1400d55f1968779aaa72e5480425e7d6d6aed95ba287d8154e3218002d380a8fbab887eb6abed21e22b8819c45b92d0c1a8c52db6955815d1b31c95063552a78fb7ff93f485ddc009d1565e88234"})
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r14, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r15, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
io_submit(r4, 0x6, &(0x7f0000000a40)=[&(0x7f0000000340)={0x0, 0x0, 0x0, 0x6, 0x0, r5, &(0x7f0000000240)="e466ac05172f0956f237d9f1e7b7d2353b3421ac62164df10c6d2897a892829f01a24fce4d201965188889949575ceea23e739041c80c25f5a780d2373a19e6cb1865902ab55e38b4bba8f6be4bebaec2c4a6366fdae37c7358e49cab1136cc44ca1c5933d95959f52b2f6d37af434b56c1d4707d32ee16c231ac4eec0ca24916b511f7054e40b0b91cdfdf54614370f10ef19ce6d85a6d226b941bc25ab8e3a1533ce56a0464f9100c0020b816ee634386dd0af32b378263471787489de1e7f5d9aa59305df55fc75138ea7c3c899ae6bd5840dc763034b02fee23562adbc3a4f41484f5ba4c3eaa401f67b66d85d34", 0xf0, 0x7, 0x0, 0x2, r6}, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x1, 0x101, r7, &(0x7f0000000380)="d81228d6bcfb581b4c40baa75f1603249d4b6755bc72169c54d386d7daa33e9e416f6151d6dadf7be42a6dbd56f33bbcedea754aa3165bb03f9a30a5807b6634da151dcd98b24efb12f940dd49e096293130cb437ef90ed54fa589f9b65f775d405c3e6438ece97531f6eb38f27c2886a8b3f199f92471cbeb26d46745d6cad1d3cd3e7b77ee9c938046a104886ce12f86e2a4648a", 0x95, 0x81, 0x0, 0x6, r8}, &(0x7f0000000580)={0x0, 0x0, 0x0, 0xf, 0x5, r10, &(0x7f0000000480)="4ab7c1726d33d94b8e5925239c6480e3e1cdd63706c1fd393cf4950ccf796665010f3273f5e547cc55ad0c71558c37e7be3080dfc45afa52c18f832bda39813b17276164bd0fe37924ad883701f81f39ceed52677634415f12aac1e2a4641da4ace6416c4de6fb7ea5b4253bc45a5001ec696ab00286b0eb225f1ac9eec3bbab3c2046b1a787443ab49c449247e8484e1de3fb3a336d583832d6725d991f4400c8c69d4f17afe3024a077dbcfb17e71d0d5e88a5c6515f29ec8463df18c53002b9afce7dcf5884012e254b", 0xcb, 0x5}, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x3, 0x0, r13, &(0x7f00000007c0)="e94b7025880b9325caa88fb3a6fb63cc8ea712e5a2ea9dc980c59fc2f09079f022daf1c1891bd40181af28bc0e6136382e80f6aa9d97c1b77525e336ab1f3a6a974fb48cab690844f5ca40c115e1bc78260465375d5e40db18c9df42eafbb2ce3c48b18325331e76007826", 0x6b, 0x2, 0x0, 0x2, r14}, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x5, 0x90a, 0xffffffffffffffff, &(0x7f0000000840)="284bcbc1c03201d905882c60ef3a8e40ac35e13871ccf22e1381ff8202b38072dd6efcd1fa1e5963b430f7eefc59b3466a505a2e1137dbe47537bebe55c9045ad4965d5e755738abdf22a68a2b280bd94e366401077f7c480f1a15ab05d021", 0x5f, 0x2, 0x0, 0x3, r3}, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x6, 0x747e, r1, &(0x7f0000000900)="b39ac3fc2728609d505589abf1916321a5b09e172b29c916ecf4fda2095918bf9c6e6a7396cf1590af01f5af452b12c9eb7d588fa817b388013a52e99206c328c52b7f06ef84dce8850176688e9884ed13d340321fc02d95f062c2580157e43a687fa213a97f3725ab44ca9766f3da7bbb3de93a6eacc48edc5785436c63b3ee5dff5b92818840c0b961147e6a42c680551eeb65bf34998cf16a84eecc57b5c3f7bdac78d0c73988fb2b9dda584b77b418a648c143282510ccf5d437a4eff5a5f33929b85bd5e16e240e79b60cf30fcf915e6df98f1c", 0xd6, 0x4e2, 0x0, 0x2}])

[  544.343571] binder_alloc: 12617: binder_alloc_buf size 67108984 failed, no address space
[  544.349742] binder: 12614:12623 got transaction with invalid parent offset or type
22:19:39 executing program 1:
memfd_create(&(0x7f00000001c0)='\xb3', 0x0)
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r3, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r3, &(0x7f0000000200))
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$BLKIOOPT(r4, 0x1279, &(0x7f0000000700))
r5 = openat(r4, &(0x7f0000000000)='./file0\x00', 0x400000, 0x1)
ioctl$sock_SIOCGIFCONF(r5, 0x8912, &(0x7f0000000040)=@buf={0xf2, &(0x7f0000000200)="26f6d4da55a8342fb694554e93087a48c89293c2165ff83b3fc871c306bcc0deee47d02bd4697b36377eac7fe53a018b59fed5db484a822810c334123c0e36da4e5443eaae6687e956c2590ad38aeb108b7bc4a5de0a290d79d83e540e11a358c9c63cfd23394e5a6e4772ba9397ccb75771756ab87a81c359f1b42bb9a9c13a44161af5722b3faeb676ea3288ee19738770737c6fc0156ad73a765653a15e1318affe6c3615cbea42b203d8ab8e3e57c4375cb98e3cb60d1cebcc0d1b9b12983595ce7414d04b12ee6c2850cdab5ba43807f8d8368725ed1703967e3e3df2e4057a3cc1919469d08f851ac5ff4345fe2560"})
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="d3e1bb0b000000148c0f34cd571ff449d01376ca503de32d95422de680cc2f529ddc7181f62606a759f307101a70bf80d8efdc093ac6afa53c4d8106c2a79780a19c3ac35a88860f8d0667b3b5c2a40c4d88650849d6fa1e4e05000000324c0a69e232acb2c90ac0985d42ef1d60ef846388a7f428052ae88c998545db2e"], 0x5e}}, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000080)={0x0, 0x0, 0x0, {}, {}, @cond=[{}, {0x0, 0x0, 0x0, 0x40}]})
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
r6 = gettid()
ptrace$setopts(0x4206, r6, 0x0, 0x0)
tkill(r6, 0x3b)
ptrace$setregs(0xd, r6, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r6, 0x0, 0x0)
tkill(r6, 0x3e)
ptrace$cont(0x7, r0, 0x0, 0x0)

22:19:39 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

[  544.349768] binder: 12614:12623 transaction failed 29201/-22, size 104-24 line 3454
[  544.349785] binder: 12614:12623 ioctl c0306201 20000800 returned -14
22:19:39 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sedf\x00', 0x0, 0x0)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r1, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
pidfd_send_signal(r0, 0x2, 0x0, 0x0)

[  544.349972] binder: undelivered TRANSACTION_ERROR: 29201
[  544.462049] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 2097152 (num: 1 largest: 2097152)
[  544.476513] binder: 12617:12619 transaction failed 29201/-28, size 67108960-24 line 3284
[  544.487807] binder: undelivered TRANSACTION_ERROR: 29201
22:19:39 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)
r1 = gettid()
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x3b)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r1, 0x0, 0x0)
waitid(0x1, r1, &(0x7f0000000080), 0x20000000, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r2, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="1400509d717fff00020000"], 0x14}}, 0x0)
r3 = dup2(r2, 0xffffffffffffffff)
setsockopt$inet6_tcp_int(r3, 0x6, 0x3, &(0x7f0000000000)=0xff2, 0x4)

22:19:39 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x4000, 0x0)
ioctl$TUNGETIFF(r1, 0x800454d2, &(0x7f0000000080))
pidfd_send_signal(r0, 0x0, 0x0, 0x0)
ioctl$IOC_PR_PREEMPT_ABORT(r1, 0x401870cc, &(0x7f00000000c0)={0x3, 0x4, 0x0, 0xffff0000})

22:19:39 executing program 1:
memfd_create(&(0x7f00000001c0)='\xb3', 0x0)
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="d3e0769a48d9e9bb03000000148c0f34"], 0xe}}, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000080)={0x0, 0x0, 0x0, {}, {}, @cond=[{}, {0x0, 0x0, 0x0, 0x40}]})
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

22:19:39 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x10000, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)

[  544.497032] binder: BINDER_SET_CONTEXT_MGR already set
[  544.512037] binder: 12617:12656 ioctl 40046207 0 returned -16
[  544.533994] binder: 12617:12656 transaction failed 29189/-22, size 67108960-24 line 3138
22:19:39 executing program 0:
r0 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r0, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r1, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00')
sendmsg$TIPC_CMD_GET_REMOTE_MNG(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x820000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r2, 0x200, 0x70bd2d, 0x25dfdbfc, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000)
r3 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r4, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})

[  544.559115] binder: undelivered TRANSACTION_ERROR: 29189
[  544.617847] binder: 12675:12677 got transaction with invalid data ptr
[  544.624563] binder: 12675:12677 transaction failed 29201/-14, size 96-24 line 3316
[  544.633049] binder: undelivered TRANSACTION_ERROR: 29201
22:19:39 executing program 0:
r0 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r0, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
r1 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r1, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r2, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r3, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r4, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r1, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40800004}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x30, r4, 0x0, 0x70bd2b, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x0, 0x3, 0x80000001, 0x3}}}, ["", "", "", "", "", "", ""]}, 0x30}}, 0x140010c0)
clock_gettime(0x0, &(0x7f0000000040)={<r5=>0x0, <r6=>0x0})
write$input_event(r0, &(0x7f0000000080)={{r5, r6/1000+10000}, 0x5, 0x8, 0x7}, 0x18)
r7 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r8 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r8, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r8, 0x0)
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})

22:19:39 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340550000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})

[  544.854621] binder: 12687:12688 got transaction with invalid data ptr
[  544.863787] binder: 12687:12688 transaction failed 29201/-14, size 96-24 line 3316
[  544.882575] binder: undelivered TRANSACTION_ERROR: 29201
22:19:39 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
r2 = accept$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000040))
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r2, 0xc0506617, &(0x7f0000000080)={{0x1, 0x0, @reserved="265332ee557582455ac9a2fe729e174755ef1e389dfca956f1a1df21c1abf170"}, 0x97, [], "b546d19e6568d6f4b5418a1d193e62e12f564f01d84726111a14c138e67350364fa7e12449d293d923eb2e08b2f18411d265e46b065d47573155a80e464102b44442675eebd64c4c7c36bb12afdd553c795339bc98f76f8c43f2afa346d4a9946bfd018375200ec14d8e0eb1fe8d163cc32e95a900ad140a845cd1b00094ecdae1c853f338a553710c0d438cdc333ab0e6b3374b593ce0"})
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})
flistxattr(r2, &(0x7f00000001c0)=""/241, 0xf1)

[  544.953097] binder: 12696:12697 unknown command 1430283008
[  544.962073] binder: 12696:12697 ioctl c0306201 20000800 returned -22
[  545.014245] binder: 12700:12701 got transaction with invalid data ptr
[  545.026524] binder: 12700:12701 transaction failed 29201/-14, size 96-24 line 3316
[  545.044513] binder: undelivered TRANSACTION_ERROR: 29201
[  545.054091] binder: BINDER_SET_CONTEXT_MGR already set
[  545.064899] binder: 12700:12702 ioctl 40046207 0 returned -16
[  545.077868] binder: 12700:12702 transaction failed 29189/-22, size 96-24 line 3138
[  545.092600] binder: undelivered TRANSACTION_ERROR: 29189
22:19:40 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/selF\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0xfffffffd, &(0x7f0000000100)={0x38, 0x8000, 0xfffffffc}, 0x0)
r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r1)
set_tid_address(&(0x7f0000000000))

22:19:40 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
fsetxattr$trusted_overlay_origin(r0, &(0x7f0000000040)='trusted.overlay.origin\x00', &(0x7f0000000080)='y\x00', 0x2, 0x1)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fbac0d48425d81e65fd25fed01fa21c18e679feadaba196765e68e3f2215d2a18e2888c6c8e076d499960ee547dc483d355665326ebea78f094a5d68121ebd5255ef431fa865f685ee2969118d9d578d5c7f1355c6d33f91a3ac79c31f2efb264f04877677588baa992adc9861cb667ce73b35d7ffddc0cf6a52acb57d18938123719cbe0b544e53fdcf224f4b0e2b3011bd2cb071125c18d0cfe49"], 0x0, 0x0, 0x0})
sched_yield()
openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0x4002, 0x0)

22:19:40 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, 0x0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

22:19:40 executing program 5:
r0 = accept(0xffffffffffffffff, &(0x7f0000000280)=@isdn, &(0x7f0000000300)=0x80)
r1 = syz_open_procfs(0x0, 0x0)
getsockopt$EBT_SO_GET_INIT_INFO(r1, 0x0, 0x82, &(0x7f0000000680)={'filter\x00'}, &(0x7f0000000700)=0x78)
r2 = syz_genetlink_get_family_id$fou(&(0x7f0000000140)='fou\x00')
sendmsg$FOU_CMD_DEL(r1, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000002c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="18000000", @ANYRES16=r2, @ANYBLOB="200026bd7000bff6098a6df7c302ae99ffdb"], 0x18}, 0x1, 0x0, 0x0, 0x24000800}, 0x4)
accept(0xffffffffffffffff, &(0x7f00000003c0)=@can={0x1d, <r3=>0x0}, &(0x7f0000000300)=0x80)
r4 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0x400, 0x0)
write$smack_current(r4, &(0x7f00000004c0)='selinuxeth1\x00', 0xc)
connect$packet(r4, &(0x7f0000000100)={0x11, 0x5, r3, 0x1, 0x2, 0x6, @random="2b41ce5a94a3"}, 0x14)
sendmsg$FOU_CMD_GET(r0, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40000001}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="22072abd70000000df250300000008000b00", @ANYRES32=r3, @ANYBLOB="08000300d100000008000600e0000001080004000200000014000700fe8000000000000000000000000000aa0800040000000000080001004e200000"], 0x58}, 0x1, 0x0, 0x0, 0x8}, 0x80000)
r5 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
r6 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vga_arbiter\x00', 0x208080, 0x0)
pipe(&(0x7f0000000480))
ioctl$sock_inet_SIOCSARP(r6, 0x8955, &(0x7f0000000200)={{0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0xf}}, {0x1, @remote}, 0x20, {0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0xa}}, 'sit0\x00'})
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000000)=<r7=>0x0)
ptrace$setregset(0x4205, r7, 0x202, &(0x7f0000000180)={&(0x7f0000000080)="f1e36cae9f99ce622251508285c9e5031a5eb177b8fb9897b2d4e4b72e84649c46bc65cfae88728c27590b8744219c28653576e81c1396d20fa78e3b25ab57e6b3a2db74357c2bc5099c881b94db2683129de3e1f167d41979aea283e432271c558b3c28d3fb3e2b792f4fd8d0673e58fe04d99bf539f5c17704323d96179c27a4852195f5cc7c78d8c5d172bfe1a9a838b2bdee34a8f0d31e359787fac1fdc7660a8d56b3416c26bc327899ab5322d6cdb708883a628f56638d1ef99081c65d938293b866adb50de9cbe968a54562b3e5edf9f7978b1a74a6b6ac22dcb21883fe2481672eda06edb87e7632d48d29fbaffa0fa0", 0xf4})
pidfd_send_signal(r5, 0x0, 0x0, 0x0)

22:19:40 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, 0x0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

22:19:40 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000240)='/proc/self\x00', 0x511000, 0x0)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x800, 0x0)
ioctl$sock_inet_SIOCRTMSG(r1, 0x890d, &(0x7f0000000180)={0x0, {0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x18}}, {0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x2, 0x4e23, @local}, 0x20, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)='ip_vti0\x00', 0x3ff, 0x598, 0x3})
getsockopt$inet_mreq(r0, 0x0, 0x23, &(0x7f00000000c0)={@local}, &(0x7f0000000200)=0x8)

[  545.387292] binder: 12713:12721 got transaction with invalid data ptr
[  545.400911] binder: 12713:12721 transaction failed 29201/-14, size 96-24 line 3316
[  545.423903] binder: undelivered TRANSACTION_ERROR: 29201
[  545.431734] binder: BINDER_SET_CONTEXT_MGR already set
[  545.439396] binder: 12713:12732 ioctl 40046207 0 returned -16
[  545.449307] binder: 12713:12721 transaction failed 29189/-22, size 96-24 line 3138
[  545.462612] binder: undelivered TRANSACTION_ERROR: 29189
22:19:42 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
fsetxattr$trusted_overlay_upper(r0, &(0x7f0000000000)='trusted.overlay.upper\x00', &(0x7f0000000080)={0x0, 0xfb, 0xa4, 0x0, 0x2, "1395a052a3236c4e1040583402e5f47d", "b7a2366c7e89f2749ab63bd592f5220fb70e49fca8f20e1c82dfb0be7f464ab198163cff47a74d226216e8bc42f24d4bcec7a9a7190472d975fa208afa143af75f68bf0f856463b6941242e468e1efb6f1d22b126c5a2128a9a65eeb368f563fce83151df604d2b96abf0ac2f63a8a4d20b7b0757234f14d308b58701c3cd7a6d816ec970f5b20c650da8ddb10bd99"}, 0xa4, 0x3)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)

22:19:42 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, 0x0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

22:19:42 executing program 4:
r0 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r0, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
ioctl$KVM_XEN_HVM_CONFIG(r0, 0x4038ae7a, &(0x7f0000000400)={0xec52, 0x247, &(0x7f00000002c0)="0053cd5ead392660b66a0453c0d13982ec35847b0536d5db61449eb1e71258af3859fd380a2c93202ebfa9a8197916b909e9a834aa63c19c95df657a71a891d48e43e5c3ad7e13557990af5a2e2d56dc1ebf2246cd509484a8074ca3cd88d67c197aa469a5f2f8570e2f743d1e46d737d3f9be149220b30d599bc24a3c5a33eb51fa98691da0698c15d04aab6a8baab233252a422ecb937615777feec0da6525842c8e1d562c949a2ef1246fb77d043d473e3712be880a4ca1870d4437808a0f9341fa9c37a1b24f4ca166b62da6856861fe903106a6f0436d0c71027440c748c7ef128e7fddf0", &(0x7f00000003c0)="a25762ad0e745a7c06817f5d4184dee71e8af91c96b761912bd12a0248ee0f68f07724f7f2856bcbfb", 0xe7, 0x29})
openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/enforce\x00', 0x420000, 0x0)
pidfd_send_signal(r1, 0x34, &(0x7f0000000100)={0x0, 0x4, 0x3}, 0x0)
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="7c4c552a24d318a50000000000000000090000007bdb72e3f9ca32e4642daacee3bc0a845ae4b7d7443ffc606bb5db83a5d16986745e267746ac5bdd64ec549c9e2722085e63363f2a15c53a0286c704d386a239220f2189e5d88195609b39a748331815436000"], 0x14}}, 0x0)
ioctl$FS_IOC_SETFSLABEL(0xffffffffffffffff, 0x41009432, &(0x7f00000001c0)="0e3187b371a30286a94ae788d6462ed8775227f18ccdec33e59517e39a56e05f1715cd2c0d43ce5738f86adb231663b6ca2d24220af672cee0f1af6d72033dbe57b9f02225ac3c21bbd3d30f5662d8f2361f7c7c027be313f071ea95238a62b05b4b0d2ea0b0dbeea3f6adaeb33c5bcd0462459281d385e0db4021a7d6e1b265916473edc119bcd628918d64830967018538d890c76f48ecb867c469cc37578fa1182a387846ee3b4fd3dd212bdcc6ef3f6671eb5e6470df085118a57e9ad0d170fc8d61eac3bf2abd30d4780a045dd922f9c0c0b1fb70cc37796fa91ee502d1bd66e722ec8b2cb972a1d51e0e83d04f1f33b1bb5f5129b234fa1c9d639bc5e1")
r2 = dup(0xffffffffffffffff)
fchmodat(r2, &(0x7f0000000000)='./file0\x00', 0x18)
write$P9_RUNLINKAT(r1, &(0x7f0000000640)={0x7, 0x4d, 0x1}, 0x7)
syz_mount_image$f2fs(&(0x7f0000000440)='f2fs\x00', &(0x7f0000000480)='./file0\x00', 0x5c2ae26c, 0x1, &(0x7f0000000580)=[{&(0x7f00000004c0)="829d4759fe024274e156f57aa6a4cf429c521ab85d8f050dbaf27918bf521f1404a29e1c356542e9888187f0e8120f472d4c1292984050f87013fbd206e96525d6bfd83d1b58876107a56a0718e92c39b194608d7549a5cc1bc09775ba9c1039f0e289a21615563ebe0a8491f8682fd86dec9acacf3a41f6305864fadd1ccc6286ea89f7c3", 0x85, 0x5}], 0x800000, &(0x7f00000005c0)={[{@alloc_mode_reuse='alloc_mode=reuse'}, {@fastboot='fastboot'}], [{@defcontext={'defcontext', 0x3d, 'user_u'}}, {@mask={'mask', 0x3d, 'MAY_APPEND'}}, {@pcr={'pcr', 0x3d, 0x21}}]})

22:19:42 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="fb6240400000000000b4000000000000000000000000000000000000000000000000000060000000003f3b0018000000000000002a370cf40fba0abdbf98b72c19de29af9896811589570c81e9baaeb56ebf0936ff738c74bcaecb1d5a32272730df9e23cc5811cfa0a52e8986626da32f12b2186ca2f2512c64d1129c"], 0x0, 0x0, 0x0})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000005000/0x4000)=nil, 0x4000, 0x0, 0x20010, r4, 0x8000000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x2})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r5, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r6, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000400)={0x4c, 0x0, &(0x7f00000002c0)=[@reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000080)={@fd={0x66642a85, 0x0, r5}, @ptr={0x70742a85, 0x0, &(0x7f00000001c0)=""/138, 0x8a, 0x1, 0xd}, @fd={0x66642a85, 0x0, r6}}, &(0x7f0000000280)={0x0, 0x18, 0x40}}, 0x400}], 0x9b, 0x0, &(0x7f0000000340)="d95143a5d87cb5c95264dbd73aacddba24f28c8ec7d42c936482617ec7df78449ef19b4f0a9170b7b6e1dbf27b439750e0f68836ffb6492e8bdf7e0b1c001badc42a86570a33fe9a95248f3ecd2e83c88f39265bb967010c5e15723554ad5bdb17d48be9b7005bb3ac698efd199270e36bd00527747262d5975c75c9e260762c4cf9fd4ca63686a5dc088c34fa700f55cdbfcaf2e22eec5b28647a"})
sendmsg$nl_netfilter(r3, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
sendmsg$nl_netfilter(r3, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000000201ffff000000000000188000020003"], 0x14}, 0x1, 0x0, 0x0, 0x2008041}, 0x4001)
r7 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r8 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r7, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r8, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r9 = eventfd2(0x0, 0xc01)
fcntl$getown(r9, 0x9)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r7, 0x0, 0x1000, 0xd7, &(0x7f0000000840)="d52bd5558e8b67135f8965c663edb42825c561c3858806f1700991b1c9435e07de67bf2e01983947363ee1669183516034658317a35f9cc3e8cc16b58a454fe2f24a8a7db13d03e5e9d43146cc37449c523a2247f8f19a66f8a0baa63ad16fc3de09b85f3e6c01cdb1cf193768c3dea1a6e9b4dc57e72e2dcf4abeae799739b9513c00c2635c30c35559af8d96708788cfb8b8b1254654b8d14b7dea50332a445d428220218f1139a193a799579d789764922b9694b2a17e47f13e58e28c2b408aa490bbf478b35952d88e7852172928642aa989cf1de3a2b6083da443aa21fddd9dca1f9102a417afc8a0445c14ad262ea08a3c64c86468e7fd3d1ad89975c8db1ffbbcfa56331f08351b8ea9f6a3687f279fe1d9fe2ed9e45fa6d5cf9c413de42d00a839024a689593740e133534ec3095ff2e71f8b0cddee4d51ed54a1da5049afebfad03a505d4f81add0d4e583061b299f4b8e4e05a28ff5e3ebc3af14f7a385a84aee9b53d87d4c4dff96f3b3fcf428ecd31f711017455e660e4efa437ff2c06f77963e2c6816da26b4596768afb86c6f0ee1a2ea4f96de561be68dbab7c8dc43bcd58ea36fe2ab8cae6098cbbd26369cab165170c1cbc377b2b1f74867156f36135cefb7f9952d66cea3ff47730417235a1dfbc28baab06db6a4bffb7bd797dccb8979789d7379424867293da9a2f6c7d179f6af1a6647cabc495f22466ae17f1d44b8c1b17eb09ad3eaff36ba14e326727040ed64ba387a77662702225a7ce20c86cc98b99edc572bad80f7d2a10bb95bc1b2fdfaa66594212ffedcea1ec45e1b299b9837d425e9b94b881c56dfe9b3e92fd67f204146aedc664e42e5c3607287f1ff740e38dc5c12b70621614dbfce00db5db264619868e22587619a68e708f666a3e484055bb77e4364fd89d8344aa561626cb9397232db0947868d48503782df1ff18782bb3b19802042ee69ed4bc2c68bee2d7b8d1f29b55cc6ac58ac2a836b233c8db35f3a03e0ac11a7026334b4863fbcac95801500323f846b33003d591d2a2118269389c4cf1d4cf6f762ba3130c5069d55422e457b1b6f01c1c508e0c28d90b844dfdd4483c2d56b69245aba375c9d40c5543eb396af07e10320927dfda5d60aed91bd9bf9f8ad44dce309e3eab0e8093d691091ddbd5ed1af42f4d976132dfa84baab656bf251c6f2b28a9aa1702a080ba5d373409815de468ba9595c51d702720a213e369cd6356fb18e126aef8dc9f8a63945e6dae4744148435e2581d71babb2799c35744a7afa6bde28816381d2c157491c201dc54739b43f1adfc1cfbc3ad74307b09c5da1b6e7abb5c0e4b2817d6696fec8a527e66412383a6e2a545b79b97ca61d6959bac5458f3a047b4a81dc196d88fe341c147761eadae2a2a7c386cc346e67aadf4cc7a20f1efc0769b7e67caf705289d505c34b1f8fbfd434e938d1f08ede36d895486e701f42335f5c8bbc829f3bcc39fadaaf47a799ef56326e2c12e2a2ee120bf8267ab069c03180cb5b58525bf57484eca9be936d535e5b728fa187cb0b5701c877147ec0152d94424f66f4c48e38cca861cfdf53732198c89689ce6287423ab16d0e199a39c6813afc71976538bf20b241ce04def3992c965fd1e6c6dead857ffa940501237c8d713fe3999b026e693f4876f7c429ab5608bb0084a44c649520edad6ef15ee20102e9a3a95603721112296fadb544e2fb5dd9794e04fa0665a622131388109ec5e3e29ba23d8f03c2a1de4be5edf90f4fed9397a0edfbcdf448b2074c3d5f5bd145b9973da5fe3817ad0f24de3efd8efc7321963fa095684ef31f1de60b9e01a076480ba5eba4e3213172f1db428eb112abc5b0734b4d734c5e0f53cde7569bfbc2732c55123749550c358f97ea8ad858245510177f98ec7be796eaef6863e0a3ad90c52c932a1d28d6c167e70c50dd72642f83fab799f9a1f1032c073bf0b3e6ed075a106d6a68555b53eb0bcf7044a412f8987b80128d8c13bc35a8c5c70cd685a6f1afa425a05cc874c41a183f1e01482ca54f9becd9511bc9e32867ee31a70bdc2e412cca1abb20ca3709b0c861640b2427ea463c38d1d2903bca8d430edb91971f5018e96e47bde97048956f3c3a786d8ec11687fa0e2e7ff6cd596fcbd09726bfb7beb332f7a877dce71dfd1b96b898b157da03afeeff48c4f5b2f17f0c530a105ed4c88bdc513b597c106ff97b69e2fe191f455fb866c0bcf6568d009d3c094ebea75761eabe38da46708f2a12b7f6e193ffe18400f70b547b9f5442cec4d3d572a1449eafb70716aac39d5d29759e2fa3636bbf659746d0aa1a5bbd593ee6becfc6f194c45138aac5f6823322030fea0d0e8f76507bd60444cc00f10fff6b5ae46104976a35d25fa2fc14227f56373ebcab0b3768c3dce3942f45c36040bf1169ddd4b981c2eba946ab8976fa4d859a90d87f04cc282ee3c1438749ac608cbb8d13055ceb23a0a51ace166f952b637de63ec66eee4251fe716c11fcad7a6bf719d374e13956a577baf6f4c5c48ba7bb53f4235853d555d6ce46000e1e806c32075b4c24c2086ef67a3a95fcdcd5dc582548eb3e31fe744ee19caf25ed6df5953ba813180186a2a69aff55dcee20c3ba3caa755baaacb58517a5dc507fdc4f348782280921002bd983792e40b5e05b137608099391cec4fd2238c54dc37171441b48469cf0d889121328db6e591eff69fa1d3a3de2c3a4f6821c827df5952f550c4447d47295fb6deedfa45925651f82ca7d4d708ef120c1b806ecb7c0102b53c1e6c8240e3a3bb3eff50cc8278fd4a9d903c776aa84eee2d5475f70640197a6080b30c45010033ab341882b6c94f9084b9fa09170a769496ad1cafce54c1d13221bef232763166c16b08a1334da2fab8306bcd60d0349ddef9928abc1a0b9f8d82e1eee792e1c5f9796a7641942a8468833942df752443973bd49718e73e53c610eb732fc2b7ebce450c8e9ae4aecc6abb3922136818d70000abb367414d08b68efed6d042279aca314b17319088da70e9b32070879c5219c84f82a93c000b9f84e93e5e4cd28410d923230a7a67f9a5350a80ef3b1858f78a039689a626dae01517f24ec2badfb770146a525fc76b344edc858db7dea770d4322632df93a82241f1bfd378617cb855554062d6e4fdec73d962dcb551ad5de4ba255f71e4ea460da989bd7d32fa4d9577a717363fba4a487719130362457f6b442982ad7ffdd7940370ad743070c457ef44a432c7ad9ce2d4357f70446aa9b5c73ea63e3fb898957b03e98e8ac8079691022e9474b5ac14722eb06a801ed932ed053c4a60e35698d908f4198076ef79a2cde9cf1f1db6b377da5854e19f018f64d76640a41f6aa10a4db77ebf9486704c08fb21bc0348f9c3831425a0947e2a312dff3754a95025abff41f67604f6c2271d4f0701825f2d38cc5d4591c09ddbcb82f9ead3bab327678b985a668207ede7d17996e1c9a5876bd29c1a1b0b5915361b67175210e457cf6f95907576df03b83e843890ca09a3db2adcbfc734a044aa32777aea26b271dca96f654672e0ea9aa0b74e67848b1ab188b5f8cd9b1c16bd56016a2b8f7e8ec6be4272ba41327ab1d67fd3a5aca4ac6c0b60bf804cf132236c46a7e804cb08651518222c8369f9814ab6a389dd49d50de6ab387db71c7d8d9742480fd4356021b82fb19d2c52f2b4a4ce8cdbe49d50a2f1136aae17230c297021aba0513f74a5aa5089baa20a09319825083b5c50d56f6a1eeb1c9e8e19fa092207c049862ae8ab16f5ea9a0ee9a173c12abbbc2c8a678a7566390e40ca593f058e5ac8934aa1678e15315f05aa696667a8b73e76ed497af3b1316782b3a04f12c79f9858a35e3b14c4b5e53da52c67abf0f2c3fa987840f632e28e3e2e86627a85432f4ff2e13977ae43d70dc468b4acde73905cbcf1cce587be3efde3812447dd29489aa30cff4a70d7850c31810fb6c9d660de5b135376211a2a1565a0e4b6127cc8ed966c3f83c23c39a1477386432aa4d478a56a41ca69cf8a67241ee1bb9a8dcfeaf35eca64de33ca4d9424a5ce8102591dad7934bb92f61d97961b36514e89b279a0c14f6544db736e1351cda3e9583c3414a9241b94f46358d148d7d764c1d4f2cbd958f9a8b423351f1b289d96bd6d5ef95898159614c4ccfbeedebd210d125506925ba4f5dc2988e298430f24ac107b0a24f9bc70b432ee6a82d0a60bc821e0803b01f9b345b8d7cfbb9c70cecbe8921c277260b559340f6ed22b9fff9942e8a597b9366d37d851654cd6697b07a35d87bf3f7f086fe1b3d946629f809927b7c34889264c09c52be5b5fabb28a7cecf0575a91a657c319a424ce92709dabab7adcaa9e4ec97f92dcda3251c46dd866cc8c149ff4bf6dc7d4b79eb002e505645544edaa611dcb07401c4d62f231e19ea9b7b14c2327950e10aeb260ff91181e8e46bbca775d32997496d9b0af7fa2e5fe5ac210fe690cca6928097758bed23459929c14747185e5dda1bfe7b60410aa9ffb285917660d0a0c2b75e70ac6bf2cd7fb18749b2c266b681a0bd6a9906ab62f7f7a6c6520d0036b153b9efb076eb8521b474827713be3c2003a7d8e26818f74feb59ec1551d3d2d2d8dea3311851127ac73d684b4f671db0e293555abcc6cc4f300c20707c77a2aba55164c4439aedfeef4e54b167758b1c3fad0a56bf0f14013d3b3b58b38c79cb34c8c25ac100722e408a6ed04bb9d6c6aaf8d919ccd4522fedc1dcc67ad627b4301daa60762d794e0238f7432304a0e50026ca74beac1336213462644fd994f6260bb4596cb8bcf79bc6849ab785816319a1efe559efdcfc38e2ddc1a0e98e372d23ae87c0e7c4cb2530e34b1f31141918c4c2196065c9b0daf42b17d17f827bbbd79909302bfe08ca1663c441ad65c56885e07306899f47b46d1a40cf5afdd1b8f10bf34b7f4c23475deaa1c57c14877ff6a347ecaaff2e46cf0977db6c9084f8da0b99b65ae3d1a8e401a13986f3edfa7675609e764a6a13dcd47c0f1c630c8ea0b5636c12cc5fabd402fc9a05593beeb57611d4bfa512f8abbf09e356e00dede6b9d2789f904f0237ef80118b5c3567a5978d43531c9aa1a13fc8045a28a8f24af8725cb57aeae9242f139ecc3c748a9a99b203d4b5388e82416724d6dde648a0a7639b76705bc047806b2a7abf49f1e1345c283cbe32a1b62c01cb51c8ce4c41aacaa0109da7a51cce75baceb7315d4a6a8b0d2cb08514247bda279d7d8d0418f21370a6ba178a810507c746814652ebfbb8231ac7791c8d48dd1422b750ec787ff1f4ee6d0b035ce3ee6967a36b6cc2e90521ab65f84556447a6e6c0e951ff482916b324329f08d1721d53847ab83733b4da4605a9556395a6272da49aa4c6b23e0536bf6fcf25d8f97e3c59d03c9f839bb0fcf09c40571270ffdd1b6acf4de65edfd5ae059877a22d3c82076e3b5c5c821ea70ef7ba8ee4d4054e35d35140bd6afde55cee3d709ec8f2f220a0a3c47a4b5382905aaf70995ab8b4177e2c6ef5edd4df1d3a487e333a9dcb0f31d9452f66673af77ae97fba034f8a446f311b33cf55c9a6afebc0f8677baa11873c6255b779ff3408a6982e2494ce282e74f08aae0b9867bb3be0c679edec7837db3ce8cb1c084dddc4bece654e15b3da75206456771e0116240a127ff639685d1f1dc5ed8e0d1eaa5ede11d83d7f89fd18e1a49a9ede5768b2828a164ab82852659e10ee2f734e21e1d1ca4e9a157b303831d7d6b79a36824acb9fd", &(0x7f0000000440)=""/215, 0x0, 0x0, 0x69, 0x3, &(0x7f0000000540)="f3b2aa690c9d5ff1e19755f5d5ec853b5bf25021f013ed8c115936a398265297fd89262991f2fd3f58a46fbdc15f7f7cce419760aa8f86c747d158ab896b742629c0e1c0ac86fcac932f99aaf2ab11c70588b07efa0630b1e47c66973c00329cf204cb5046ec1700bc", &(0x7f00000005c0)='N%n'}, 0x40)
ioctl$FIGETBSZ(r2, 0x2, &(0x7f0000000040))

22:19:42 executing program 1:
r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x200, 0x0)
r1 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r1, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r2, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
ioctl$VIDIOC_PREPARE_BUF(r0, 0xc058565d, &(0x7f0000000140)={0xfffff552, 0x7, 0x4, 0x400002, {}, {0x2, 0x1, 0x7, 0x40, 0x7, 0x81, "03cffa68"}, 0x20, 0x536b0d7e47403a3a, @fd=r1, 0x4})
memfd_create(&(0x7f00000001c0)='\xb3', 0x0)
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB='\x00'/11], 0xe}}, 0x0)
ptrace$setopts(0x4206, r3, 0x0, 0x0)
tkill(r3, 0x10000000001c)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000080)={0x0, 0x0, 0x0, {}, {}, @cond=[{}, {0x0, 0x0, 0x0, 0x40}]})
ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r3, 0x0, 0x0)

22:19:42 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r2, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r3 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000080)=0xffffffffffffffff, 0x4)
dup2(r2, r3)
r4 = mmap$binder(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x58, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0e7a0840", @ANYRES64=r4, @ANYBLOB="11634840030000000000000000000000000000000000000000000000000000000000000070000000000000001800000000000000", @ANYPTR=&(0x7f0000000140)=ANY=[@ANYBLOB="852a747001000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB='\x00'/76], @ANYBLOB="4c000000000000001c00e10000e4ffff1b00010000000000852a7470010000000c4b4f476f6ba6a855", @ANYPTR=&(0x7f0000000200)=ANY=[@ANYBLOB='\x00'/240], @ANYBLOB="f000000000000000020000000000000004000000000000008561646600000000070000000000000002000000000000002a00000000000000"], @ANYPTR=&(0x7f0000000040)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00P\x00\x00\x00\x00\x00\x00\x00'], @ANYBLOB="0010000000000000"], 0x0, 0x0, 0x0})

22:19:42 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(0x0, 0x10000000001c)

22:19:42 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)

22:19:42 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x141000, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)
prctl$PR_GET_FPEXC(0xb, &(0x7f0000000000))

[  547.549969] binder: 12742:12745 unknown command 1074297358
[  547.563725] binder: 12741:12748 unknown command 1077961467
[  547.563734] binder: 12741:12748 ioctl c0306201 20000800 returned -22
[  547.564235] binder: BINDER_SET_CONTEXT_MGR already set
22:19:42 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
r1 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r1, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r2, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
ioctl$BLKREPORTZONE(r1, 0xc0101282, &(0x7f0000000580)={0x8, 0x5, 0x0, [{0x3c382cc1, 0xdf5, 0x7, 0x5, 0xff, 0x9}, {0x8001, 0x2, 0x63f6defe, 0xff, 0x7f, 0x1b, 0x7}, {0xcbb, 0x7, 0x3, 0x7f, 0x8, 0xb5, 0x1}, {0x7fff, 0xff, 0x4, 0x91, 0x0, 0x7, 0x9}, {0x81, 0x0, 0x401, 0x5, 0x4, 0x20, 0x5}]})
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r3, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r4, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
ioctl$TIOCGPGRP(r3, 0x540f, &(0x7f0000000280)=<r5=>0x0)
wait4(r5, &(0x7f0000000380), 0x1000000, &(0x7f00000002c0))
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)=0x6)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)
r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='cpuset.effective_cpus\x00', 0x0, 0x0)
write$P9_RLCREATE(r6, &(0x7f0000000240)={0x18, 0xf, 0x1, {{0xd2, 0x1, 0x2}, 0x8}}, 0x18)

22:19:42 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x200, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)

[  547.564244] binder: 12741:12748 ioctl 4018620d 20000100 returned -16
[  547.580195] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0)
22:19:42 executing program 5:
r0 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r3, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r3, &(0x7f0000000200))
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$BLKIOOPT(r4, 0x1279, &(0x7f0000000700))
setsockopt$inet6_MCAST_MSFILTER(r4, 0x29, 0x30, &(0x7f0000000440)={0xe8, {{0xa, 0x4e21, 0xeea4, @rand_addr="0690b9e9ddaef28977e51c3a98eb3a9a", 0x2}}, 0x1, 0x8, [{{0xa, 0x4e20, 0x9, @empty, 0x5}}, {{0xa, 0x4e22, 0x7, @remote, 0x3cf}}, {{0xa, 0x4e24, 0x3, @mcast1, 0x3e}}, {{0xa, 0x4e23, 0x80000001, @rand_addr="34c6ad741f2d2e37ea2b8f78823453ea", 0x4}}, {{0xa, 0x4e20, 0x80, @remote, 0x8}}, {{0xa, 0x4e21, 0x400, @mcast1, 0x5}}, {{0xa, 0x4e21, 0x9, @ipv4={[], [], @broadcast}, 0x3}}, {{0xa, 0x4e21, 0x6, @loopback, 0x401}}]}, 0x490)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r0, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
ioctl$CAPI_INSTALLED(r0, 0x80024322)
r5 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
write$tun(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="0000000000000c982577a6139100110081002b000805000708953cd888a00bc68c6af0ab056789e7a83fcc05f4aedece3058479f3ff84c7afcb349aa46e143bf5dc16539263ce9245b0df8ff6ac7f57b61c5d5dc14623a7eaae9748d15de0f4bb8f531a33a4535f5b7912a760dbfb9f58b17570f0324f3fbfb0000000000000000619140085be7f23f390b0bf9c9ee73128a6b6dc0921809184e4c5051087c539cbc6518e57ba483fad062e7707f00fea546d66653ba6107"], 0xb8)
pidfd_send_signal(r5, 0x0, 0x0, 0x0)
r6 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r6, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
ioctl$BLKTRACESTOP(r6, 0x1275, 0x0)

[  547.580201] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  547.580477] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  547.580483] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[  547.662486] binder: 12741:12779 got reply transaction with no transaction stack
[  547.662497] binder: 12741:12779 transaction failed 29201/-71, size 88-24 line 3046
22:19:42 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000e00600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})

22:19:42 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
r1 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r1, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r2, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
ioctl$sock_inet6_tcp_SIOCATMARK(r1, 0x8905, &(0x7f0000000000))
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)

[  547.679287] audit: type=1400 audit(1569277182.317:36): avc:  denied  { setattr } for  pid=12772 comm="syz-executor.4" path="/proc/12772" dev="proc" ino=38448 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=dir permissive=1
[  547.711370] binder: 12741:12765 unknown command 1077961467
[  547.711378] binder: 12741:12765 ioctl c0306201 20000800 returned -22
[  547.712621] binder: 12741:12765 got reply transaction with no transaction stack
[  547.712629] binder: 12741:12765 transaction failed 29201/-71, size 88-24 line 3046
[  547.760413] binder: 12789:12791 got transaction with invalid data ptr
[  547.760473] binder: 12789:12791 transaction failed 29201/-14, size 96-24 line 3316
[  547.760663] binder: undelivered TRANSACTION_ERROR: 29201
[  547.760976] binder: BINDER_SET_CONTEXT_MGR already set
22:19:42 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)
r1 = gettid()
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x3b)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r1, 0x0, 0x0)
ptrace$getsig(0x4202, r1, 0x5d, &(0x7f0000000080))
r2 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/checkreqprot\x00', 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r2, 0x400454d0, 0x1)

[  547.760983] binder: 12789:12791 ioctl 40046207 0 returned -16
[  547.761218] binder: 12789:12791 transaction failed 29189/-22, size 96-24 line 3138
[  547.761317] binder: undelivered TRANSACTION_ERROR: 29189
[  547.831515] binder: 12742:12745 ioctl c0306201 20000800 returned -22
[  547.849273] binder: BINDER_SET_CONTEXT_MGR already set
22:19:42 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x12, &(0x7f0000000100)={0x0, 0x5, 0x3}, 0x0)
r1 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r2, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r2, 0x400c6615, &(0x7f00000000c0))
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r1, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r3, 0x2584261267656ac4, 0xe01a, 0x24dfdbfb, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xcb, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
fcntl$setstatus(r1, 0x4, 0x45c00)
lseek(0xffffffffffffffff, 0x0, 0x2)
accept$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000080)=0x14)

[  547.857934] binder: 12742:12802 ioctl 40046207 0 returned -16
22:19:45 executing program 1:
memfd_create(&(0x7f00000001c0)='\xb3', 0x0)
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="d3e1bb03000000148c0f34"], 0xe}}, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000080)={0x0, 0x0, 0x0, {}, {}, @cond=[{}, {0x0, 0x0, 0x0, 0x40}]})
r1 = socket$nl_route(0x10, 0x3, 0x0)
bind$netlink(r1, &(0x7f0000000000)={0x10, 0x0, 0x25dfdbfd, 0x92526ba5dac996e1}, 0xc)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)
r2 = getegid()
write$FUSE_ENTRY(0xffffffffffffffff, &(0x7f0000000240)={0x90, 0x0, 0x3, {0x4, 0x0, 0x40, 0xffffffff, 0x4, 0x9, {0x4, 0xff, 0x3, 0x81, 0x101, 0x2, 0xc0, 0x101, 0x80000000, 0x1, 0x6, 0x0, r2, 0x40, 0x10000}}}, 0x90)

22:19:45 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
r2 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/commit_pending_bools\x00', 0x1, 0x0)
r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r3, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(0x0)
sendmsg$TIPC_NL_NAME_TABLE_GET(r4, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x24409000}, 0xc, &(0x7f0000000280)={&(0x7f0000000580)=ANY=[@ANYBLOB="0800ad2846bee24ac4c074d74eb7c0a0c8ab5b15d2fe45b39c1da54ad1143459bc50dc07641ec79583ae054ac7340d04abf3fc62b85074a7cffe78c4600148dc7cdec497f5c4f40517798001", @ANYRES16=r5, @ANYRES32=r1], 0x3}, 0x1, 0x0, 0x0, 0x8004}, 0x4000004)
sendmsg$TIPC_NL_LINK_RESET_STATS(r3, &(0x7f0000000480)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000440)={&(0x7f0000000380)={0x9c, r5, 0x1, 0x70bd2c, 0x25dfdbfe, {}, [@TIPC_NLA_SOCK={0x14, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x2}]}, @TIPC_NLA_NET={0x14, 0x7, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x5e}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x3}]}, @TIPC_NLA_SOCK={0x14, 0x2, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x4}]}, @TIPC_NLA_BEARER={0xc, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x7}]}, @TIPC_NLA_LINK={0x40, 0x4, [@TIPC_NLA_LINK_PROP={0x24, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80000000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x800}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1591}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}]}]}, 0x9c}, 0x1, 0x0, 0x0, 0x4004}, 0x1)
setsockopt$inet6_tcp_TLS_RX(r2, 0x6, 0x2, &(0x7f0000000100)=@gcm_256={{0x303}, "46bd96e01ba35bc8", "e089cee2e8be45d94edd242ad39dc7635f81ba1905959d585bd3c22b3ed549e7", "4c118d00", "1e73e913c310c4a6"}, 0x38)
openat$smack_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r6, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
getpeername$netlink(r6, &(0x7f0000000080), &(0x7f0000000140)=0xc)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x10f, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000433d6563f4e2fd055cd7be75bb12f6f729139933c4fc68a5e122e16b2b6967e2001cad96d1c0280074ce63143911837d91ba00cbd251c3a42b3e35a74a72e1b4308587e14fe73b5b39f1ce849c79f04df42da00f525332c589a5e84bf971c8102dd1185b295ec5782d8ef3f49771fe629e8fa0be985eae09a92643a841b6487db11a945c989737e5da0b3c31f251f942a9110f499db483df7b51828b0ee0ce9467c4929544b559aa23dbbd1757437b273484c0675c41e3db27df0ac8619af71e20aa43fdd5a30632af03a0", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a747000000000000000000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561646600"/91], @ANYPTR=&(0x7f0000000080)=ANY=[]], 0x0, 0x0, 0x0})
fcntl$setflags(r1, 0x2, 0x0)
prctl$PR_SET_TSC(0x1a, 0x0)

22:19:45 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(0x0, 0x10000000001c)

22:19:45 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)
r1 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/commit_pending_bools\x00', 0x1, 0x0)
ioctl$EVIOCGKEY(r1, 0x80404518, &(0x7f00000001c0)=""/70)
r2 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x8000, 0x10)
getsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f0000000080)={0x0, @initdev, @remote}, &(0x7f00000000c0)=0xc)

22:19:45 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r2, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r3 = syz_open_dev$binder(&(0x7f0000000180)='/dev/binder#\x00', 0x0, 0x0)
r4 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000005000/0x4000)=nil, 0x4000, 0x0, 0x20010, r3, 0x8000000000000)
ioctl$SNDRV_TIMER_IOCTL_START(r3, 0x54a0)
r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000280)='/dev/full\x00', 0x2400, 0x0)
ioctl$sock_SIOCGPGRP(r5, 0x8904, &(0x7f0000000400))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = mmap$binder(&(0x7f0000005000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x3ff)
r8 = mmap$binder(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x1, 0x11, r5, 0x0)
r9 = mmap$binder(&(0x7f0000008000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000006c0)={0x88, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="03630840", @ANYRES64=r7, @ANYBLOB="086310400000000000000000000000000000000003630840", @ANYRES64=r8, @ANYBLOB="00634040020000000000000000000000000000000000000011000000000000000000000048000000000000001800000000000000", @ANYPTR=&(0x7f0000000440)=ANY=[@ANYBLOB="852a646600000000", @ANYRES32=r6, @ANYBLOB="000000000000000000000000852a62730010000003000000000000000000000000000000852a6277001000000100"/60], @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="000000000000000018000000000000003000000000000000"], @ANYBLOB="03630840", @ANYRES64=0x0, @ANYBLOB="0363084050016f0851238a83c2d99a0f8ad72f1ef6633915a1d1e3ab5a3eadf703345a4301d43cf28cf6", @ANYRES64=r9], 0xa6, 0x0, &(0x7f0000000600)="d25aaf31891fb94f4d5c356e32e66fd2fd301b31b78e2d539c63f5455e5ed20af59886e0c11ccbd0f948967a981320c563df8176a12e68ac44bcc131e3430470a56d43da6676723099df8e80d5184b456459b2bdddb6bfc9811f901bc1b28d5bac9423278e8a2e1fbfbe90a6189e91b1f4f86689f89f40519d23c537cac9aa8d8b3f53ef9757dfdfd3ba5b9dd985ed1d59df3b6988b802d1dd1bc237b3f9767afdab702ca428"})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x138, 0x0, &(0x7f0000001a80)=[@acquire, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x68, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, &(0x7f0000000040)=""/65, 0x41, 0x0, 0x11}, @fd, @ptr={0x70742a85, 0x0, &(0x7f0000000840)=""/4096, 0x1000, 0x2, 0x11}}, &(0x7f00000005c0)={0x0, 0x28, 0x40}}}, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x58, 0x18, &(0x7f00000002c0)={@ptr={0x70742a85, 0x1, &(0x7f00000001c0), 0x0, 0x2}, @flat=@weak_binder={0x77622a85, 0x200f}, @fd={0x66642a85, 0x0, r1}}, &(0x7f0000000340)={0x0, 0x28, 0x40}}}, @acquire_done={0x40106309, 0x2}, @clear_death={0x400c630f, 0x1}, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001a00)={@fd={0x66642a85, 0x0, r5}, @flat=@handle={0x73682a85, 0xa, 0x3}, @ptr={0x70742a85, 0x1, &(0x7f0000001940)=""/155, 0x9b, 0x2, 0x13}}, &(0x7f0000000800)={0x0, 0x18, 0x30}}, 0x4c0}, @acquire_done={0x40106309, 0x3}, @dead_binder_done, @increfs={0x40046304, 0x2}, @clear_death={0x400c630f, 0x1}], 0xc8, 0x0, &(0x7f0000001840)="fa73b5ca19c7eefb741dbf8e42dbd92d21a79bce70870b856a5265eb6b2143156b5c1650bc52eaf5dcba7dc41b66e56c747193bd274533f40979ea066955f6bb56d9148bbfd8d52249091e8af3993268ab737f6b8ca7593c9ba1735a715f19fbba04a90326c895d49455723be743dd09431a01848ff2e85277707ff01833102729246f8149409757c410e0ce2a60c6640074c1c8ae55323d9b72afbbb155859dd057d8777b00de420ce491a2aed380897b2af172ce97211e15a50a6f5422bd5dd473f61daa8f5ae1"})
r10 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000005000/0x4000)=nil, 0x4000, 0x0, 0x20010, r10, 0x8000000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r10, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x2})
ioctl$BINDER_WRITE_READ(r10, 0xc0306201, &(0x7f0000000580)={0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0})

22:19:45 executing program 5:
epoll_create(0x1ff)
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
r1 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/cache_threshold\x00', 0x2, 0x0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000080)={0x2a, 0x4, 0x0, {0x1, 0x20, 0x2, 0x0, [0x0, 0x0]}}, 0x2a)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)

22:19:45 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)

22:19:45 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)
inotify_init1(0x80000)

22:19:45 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)
fcntl$F_GET_RW_HINT(r0, 0x40b, &(0x7f0000000000))

22:19:45 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r1, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
ioctl$TUNDETACHFILTER(r1, 0x401054d6, 0x0)
r2 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r2, 0x0)
getuid()
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})

[  550.587569] binder: 12814:12816 got transaction with invalid data ptr
[  550.600794] binder: 12814:12816 transaction failed 29201/-14, size 104-24 line 3316
[  550.614972] binder: 12819:12826 ioctl 54a0 0 returned -22
22:19:45 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r1, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000000205ffff000000000000000000020000"], 0x14}}, 0x0)
ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000000))

22:19:45 executing program 4:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz1\x00', 0x200002, 0x0)
sendfile(r0, r1, 0x0, 0x20)
pidfd_send_signal(0xffffffffffffffff, 0x0, &(0x7f0000000100), 0x0)

[  550.615854] binder: 12819:12826 BC_FREE_BUFFER uffffffffffffffff no match
[  550.615864] binder: 12819:12826 BC_INCREFS_DONE u0000000000000000 no match
[  550.615870] binder: 12819:12826 BC_FREE_BUFFER uffffffffffffffff no match
[  550.615877] binder: 12819:12826 got transaction to invalid handle
[  550.615885] binder: 12819:12826 transaction failed 29201/-22, size 72-24 line 3138
[  550.616012] binder: 12819:12826 got transaction to invalid handle
[  550.616019] binder: 12819:12826 transaction failed 29201/-22, size 104-24 line 3138
[  550.616221] binder: BINDER_SET_CONTEXT_MGR already set
[  550.616228] binder: 12819:12826 ioctl 4018620d 20000100 returned -16
[  550.622966] binder: BINDER_SET_CONTEXT_MGR already set
[  550.622985] binder: 12819:12837 ioctl 40046207 0 returned -16
[  550.623778] binder: 12819:12826 ioctl 54a0 0 returned -22
[  550.631272] binder: 12819:12837 BC_FREE_BUFFER uffffffffffffffff no match
[  550.631281] binder: 12819:12837 BC_INCREFS_DONE u0000000000000000 no match
[  550.631288] binder: 12819:12837 BC_FREE_BUFFER uffffffffffffffff no match
[  550.631296] binder: 12819:12837 got transaction to invalid handle
[  550.631306] binder: 12819:12837 transaction failed 29201/-22, size 72-24 line 3138
[  550.631399] binder: 12819:12826 Acquire 1 refcount change on invalid ref 0 ret -22
[  550.631405] binder: 12819:12826 got transaction to invalid handle
[  550.631413] binder: 12819:12826 transaction failed 29201/-22, size 104-24 line 3138
[  550.649766] binder: 12848:12849 got transaction with invalid data ptr
[  550.649791] binder: 12848:12849 transaction failed 29201/-14, size 96-24 line 3316
[  550.650013] binder: undelivered TRANSACTION_ERROR: 29201
[  550.652567] binder: 12848:12850 got transaction with invalid data ptr
[  550.652591] binder: 12848:12850 transaction failed 29201/-14, size 96-24 line 3316
[  550.652813] binder: undelivered TRANSACTION_ERROR: 29201
[  550.848398] binder: undelivered TRANSACTION_ERROR: 29201
[  550.856004] binder: BINDER_SET_CONTEXT_MGR already set
[  550.861327] binder: 12814:12863 ioctl 40046207 0 returned -16
[  550.867347] binder_alloc: 12814: binder_alloc_buf, no vma
[  550.873062] binder: 12814:12845 transaction failed 29189/-3, size 104-24 line 3284
[  550.881284] binder: undelivered TRANSACTION_ERROR: 29189
22:19:48 executing program 1:
memfd_create(&(0x7f00000001c0)='\xb3', 0x0)
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="b2e1bb03000000148c0f34"], 0xe}}, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000080)={0x0, 0x0, 0x0, {}, {}, @cond=[{}, {0x0, 0x0, 0x0, 0x40}]})
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000000200))
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r3 = dup3(0xffffffffffffffff, r2, 0x0)
ioctl$BLKIOOPT(r3, 0x1279, &(0x7f0000000700))
write$uinput_user_dev(r3, &(0x7f0000000240)={'syz0\x00', {0x1f, 0x8, 0x6, 0x8}, 0x56, [0x21e, 0x9a4dfb1, 0x200, 0x401, 0x10000, 0x5, 0xffff, 0x7f, 0x6, 0xfff, 0x10001, 0xe8, 0x4, 0x4, 0x8e1, 0x6, 0xe0, 0x6, 0x5ac6, 0x4, 0x20, 0x1, 0x1, 0xffff8001, 0x2, 0x2, 0x8000, 0x1, 0x0, 0x1f, 0x0, 0x4, 0x2, 0x532, 0x0, 0x3f, 0xba, 0x6, 0x7, 0x1ff, 0x6, 0x4, 0x8001, 0xfd8, 0xce6b, 0x80000000, 0x8, 0x8, 0x20, 0x1, 0x5, 0x10000, 0xfffffffe, 0x1, 0x6, 0x3, 0x9, 0xe1, 0x9, 0x9, 0xd68b, 0xff, 0xe95, 0x100], [0x7fffffff, 0x7, 0x7fff, 0x91c, 0x4, 0xff, 0x8, 0x800, 0xfff, 0x1, 0x3, 0x27c, 0x100, 0xcaa, 0x5, 0x9, 0x4, 0x200, 0x75addae2, 0x1, 0x49a, 0x4, 0xe2, 0x9, 0x85b, 0x6, 0x8, 0x8000, 0xffff, 0x1f, 0x9, 0x80000000, 0x7ff, 0x7fff, 0x100, 0x2, 0xfffff001, 0x89, 0x8, 0xffffffff, 0x9, 0xff, 0x3ff, 0x3f, 0xd13, 0x9, 0x5, 0x7, 0x332, 0x1, 0x4, 0x0, 0x2, 0xff, 0xffff, 0x1dcf, 0x3f, 0x9c14, 0xbc6, 0xbb, 0xffffffff, 0x0, 0x800, 0x1], [0x3, 0x4b800, 0xfffffffc, 0xffffffff, 0x9, 0x3, 0x3, 0x0, 0xc572, 0xfffffffb, 0x240, 0xff, 0x5, 0x0, 0x5, 0x4, 0xff, 0x3, 0x1e232a79, 0xfffffffd, 0x5, 0x3ff, 0x101, 0x79e, 0x1, 0x1f, 0x1, 0x0, 0x7, 0x6, 0x5, 0x9, 0x2, 0xa22, 0xb48c, 0x1, 0x7, 0x6, 0x202366d0, 0x101, 0x40, 0xc68, 0x2, 0x4, 0xc102, 0x1, 0x1ff, 0x7, 0x80, 0x100, 0x2, 0x2, 0x10000, 0x81, 0x2, 0x5b, 0x6, 0x6, 0x6, 0x18000000, 0x1f, 0x6, 0x2, 0x9], [0xa, 0x9, 0x7, 0x3, 0x9b, 0x0, 0x1, 0x6, 0x6, 0x568, 0x1, 0x9d0, 0x1, 0x2, 0x3f, 0x3, 0x9, 0x278f, 0x6, 0x35db2abc, 0x2, 0x31, 0x4, 0x7, 0x0, 0x0, 0x1, 0x2, 0x681, 0xfffffc01, 0x5, 0x0, 0x0, 0x9, 0x7f, 0x4, 0x9e79, 0x380000, 0x5, 0x100, 0x24, 0x100, 0xffff8000, 0x6, 0x1000, 0x100, 0x10000, 0x7fffffff, 0x1, 0x8, 0x8001, 0x458, 0x400, 0xa71, 0x9, 0x20, 0x10001, 0x6, 0x1, 0x1f, 0x5, 0x3, 0x9, 0x8]}, 0x45c)
ptrace$cont(0x7, r0, 0x0, 0x0)
openat$selinux_context(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/context\x00', 0x2, 0x0)
r4 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r4, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
readlinkat(r4, &(0x7f0000000040)='./file0\x00', &(0x7f0000000740)=""/204, 0xcc)

22:19:48 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(0x0, 0x10000000001c)

22:19:48 executing program 5:
openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
fsetxattr$trusted_overlay_upper(0xffffffffffffffff, &(0x7f0000000000)='trusted.overlay.upper\x00', &(0x7f00000001c0)=ANY=[@ANYBLOB="00fbca048ccd9e586ebcf18d3a6cbae6fcbe659734d4784a76ee4a2b781a2792fa0b7c37a674c777f42f8cbc4a380583ba41eb5ce2f4876b69f9b27b0358ac2d7d537f6ce2916556eb35ab7a766dbefcfae1abe60c43891325089a5688b011d82c2e261e42a7329eda2b9825710028cdb1afcf42bee9c4fa696443825236de2c65c6d4f7a4dfb3af56fe1b9455ded8152389ee81391b78558506f05f0bac95ddf06067a3df5311e9fa5a3c340c8315cd4b891426d52728777874c9405798296feaf4ab70a71ab9973645de267a3e"], 0xca, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r0, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
ioctl$sock_inet_SIOCSIFDSTADDR(r0, 0x8918, &(0x7f0000000440)={'veth1\x00', {0x2, 0x4e23, @multicast2}})
r1 = syz_open_dev$mice(&(0x7f0000000180)='/dev/input/mice\x00', 0x0, 0x80)
pidfd_send_signal(r1, 0x8, 0x0, 0x0)
r2 = epoll_create1(0x0)
r3 = epoll_create1(0x0)
r4 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r4, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000200))
epoll_pwait(r3, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r5 = dup3(r4, r3, 0x0)
ioctl$BLKIOOPT(r5, 0x1279, &(0x7f0000000700))
write$apparmor_exec(r5, &(0x7f0000000480)={'stack ', '\x00'}, 0x7)
r6 = add_key$keyring(&(0x7f0000000080)='keyring\x00', &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r7 = add_key$user(&(0x7f0000000140)='user\x00', &(0x7f00000002c0)={'syz', 0x3}, &(0x7f0000000300)="0067a80df3667de153e83f103b6cab26db5bb4e37e8d6d0a999e51ab5be88f047e781f3f53b0fbe78be01d5057d3107912c170d441275359adee2cf33b2fc4d17fd567c0d093d605afb69791a0d600f9164f384ee169704da80cdf91a221059e7204538432fc0ab71cd2fead77e0c732fc56c3d7dc8cd3b6e46c2904bbf80edeea3f9d981fde5efef6e70097f8bf6930b87690c1837cbe7e7509d968681fa18cd3b56ca68060c63a993b67311d98654bcc8b8029df40ed8dd492d6e41fdc2edf3524c9b503ec162d7e7d244f7de98b02a187d23a3c4704419a08dc176e4a20385762f9dcbdda7f52e37167569e961873694f3c2be16a", 0xf6, 0xffffffffffffffff)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r6, &(0x7f0000000100)='ceph\x00', &(0x7f0000000400)=@keyring={'key_or_keyring:', r7})

22:19:48 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00634040000000000000000000ee0000000000000000000000000000000000000000000060000000000000001800003dc8441cc80611d45fc3b66f7000000000002a37800000000000000063"], 0x0, 0x0, 0x0})

22:19:48 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100)={0x0, 0x1}, 0x0)

22:19:48 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = openat$smack_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0)
dup(r1)
r2 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

22:19:48 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
getegid()
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

[  553.608599] binder_alloc: 12867: binder_alloc_buf size -4027268339968507784 failed, no address space
[  553.613772] binder: 12869:12875 got transaction with invalid parent offset or type
[  553.613796] binder: 12869:12875 transaction failed 29201/-22, size 104-24 line 3454
[  553.613810] binder: 12869:12875 ioctl c0306201 20000800 returned -14
22:19:48 executing program 4:
r0 = epoll_create1(0x0)
r1 = epoll_create1(0x0)
r2 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r2, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000200))
epoll_pwait(r1, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r3, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r4, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
r6 = syz_genetlink_get_family_id$nbd(&(0x7f00000004c0)='nbd\x00')
sendmsg$NBD_CMD_RECONFIGURE(r5, &(0x7f0000000580)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x14, r6, 0x0, 0x70bd2a, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x24008000}, 0x40)
sendmsg$NBD_CMD_RECONFIGURE(r3, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x40, r6, 0x100, 0x70bd25, 0x25dfdbff, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x1}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7fff}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x3}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x40}, 0x1, 0x0, 0x0, 0x4101}, 0x24000800)
r7 = dup3(r2, r1, 0x0)
ioctl$BLKIOOPT(r7, 0x1279, &(0x7f0000000700))
getpeername$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000080)=0x14)
openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000380)='/selinux/commit_pending_bools\x00', 0x1, 0x0)
lstat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, <r9=>0x0})
setsockopt$inet_IP_XFRM_POLICY(r7, 0x0, 0x11, &(0x7f0000000200)={{{@in=@broadcast, @in6=@ipv4={[], [], @remote}, 0x4e24, 0x1, 0x4e23, 0x100, 0x2, 0x20, 0x80, 0x0, r8, r9}, {0x6, 0x200, 0x1ba, 0xdb, 0x6, 0x3f, 0x5, 0x9}, {0x400, 0x0, 0x5, 0x9}, 0x8, 0x6e6bb6, 0x1, 0x0, 0x1}, {{@in=@local, 0x4d6, 0xf2}, 0x1, @in6=@mcast2, 0x3506, 0x4, 0x2, 0x0, 0x1, 0x1, 0x9}}, 0xe8)
r10 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
accept(0xffffffffffffffff, &(0x7f00000003c0)=@can={0x1d, <r11=>0x0}, &(0x7f0000000300)=0x80)
r12 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0x400, 0x0)
write$smack_current(r12, &(0x7f00000004c0)='selinuxeth1\x00', 0x220)
ioctl$sock_inet_SIOCGIFNETMASK(r7, 0x891b, &(0x7f0000000340)={'veth1_to_team\x00', {0x2, 0x4e20, @loopback}})
connect$packet(r12, &(0x7f0000000100)={0x11, 0x5, r11, 0x1, 0x2, 0x6, @random="2b41ce5a94a3"}, 0x14)
ioctl$TUNSETIFINDEX(r7, 0x400454da, &(0x7f0000000300)=r11)
pidfd_send_signal(r10, 0x0, &(0x7f0000000100), 0x0)

[  553.613970] binder: undelivered TRANSACTION_ERROR: 29201
[  553.614791] binder: BINDER_SET_CONTEXT_MGR already set
[  553.614798] binder: 12869:12880 ioctl 40046207 0 returned -16
[  553.615040] binder: 12869:12880 transaction failed 29189/-22, size 104-24 line 3138
[  553.615053] binder: 12869:12880 ioctl c0306201 20000800 returned -14
[  553.615254] binder: undelivered TRANSACTION_ERROR: 29189
[  553.647730] binder: 12884:12885 got transaction with invalid parent offset or type
[  553.647757] binder: 12884:12885 transaction failed 29201/-22, size 104-24 line 3454
[  553.647774] binder: 12884:12885 ioctl c0306201 20000800 returned -14
[  553.647953] binder: undelivered TRANSACTION_ERROR: 29201
[  553.655577] binder: BINDER_SET_CONTEXT_MGR already set
[  553.655587] binder: 12884:12885 ioctl 40046207 0 returned -16
[  553.749740] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 2097152 (num: 1 largest: 2097152)
[  553.759128] binder: 12867:12876 transaction failed 29201/-28, size 96--4027268339968507880 line 3284
[  553.771247] binder: undelivered TRANSACTION_ERROR: 29201
[  553.780005] binder: BINDER_SET_CONTEXT_MGR already set
[  553.791783] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[  553.804902] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=12893 comm=syz-executor.4
[  553.837434] binder: 12867:12895 ioctl 40046207 0 returned -16
[  553.837709] binder: 12867:12897 transaction failed 29189/-22, size 96--4027268339968507880 line 3138
22:19:48 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})

[  553.838299] binder: undelivered TRANSACTION_ERROR: 29189
[  553.921590] binder: 12899:12900 transaction failed 29189/-22, size 96-24 line 3138
[  553.936906] binder: undelivered TRANSACTION_ERROR: 29189
22:19:48 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
r2 = epoll_create1(0x0)
r3 = epoll_create1(0x0)
r4 = timerfd_create(0x0, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r4, 0x0, 0x480, &(0x7f0000000340), &(0x7f0000000440)=0x40)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f00000000c0)={0x20000001})
r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuset.memory_pressure\x00', 0x0, 0x0)
ioctl$PPPIOCGNPMODE(r5, 0xc008744c, &(0x7f00000001c0)={0x8ecc82945cf6a348})
timerfd_settime(r4, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000200))
epoll_pwait(r3, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000240)={0x75d2669c, 0x4}, 0xc)
r6 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r6, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd29, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x8014)
write$P9_RLOCK(r6, &(0x7f0000000080)={0x8, 0x35, 0x2, 0x2}, 0x8)
r7 = dup3(r4, r3, 0x0)
ioctl$BLKIOOPT(r7, 0x1279, &(0x7f0000000700))
mkdirat(r7, &(0x7f0000000040)='./file0\x00', 0x1ac)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="00634040f3ff0000ffa0b81a0000000060d739b386e47f654320847a320000002000001822b060b0547003d479edbafb00001e000001002a3700000000000500000000000000138ba8"], 0x0, 0x0, 0x0})

[  554.068127] binder: 12903:12905 got transaction to invalid handle
[  554.080127] binder: 12903:12905 transaction failed 29201/-22, size -3169566203700006878-8444253524651385 line 3138
22:19:48 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
mmap$binder(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000180)='/dev/binder#\x00', 0x0, 0x0)
r3 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000005000/0x4000)=nil, 0x4000, 0x0, 0x20010, r2, 0x8000000000000)
ioctl$SNDRV_TIMER_IOCTL_START(r2, 0x54a0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000280)='/dev/full\x00', 0x2400, 0x0)
ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000400))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = mmap$binder(&(0x7f0000005000/0x4000)=nil, 0x4000, 0x1, 0x11, r2, 0x3ff)
r7 = mmap$binder(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x1, 0x11, r4, 0x0)
r8 = mmap$binder(&(0x7f0000008000/0x1000)=nil, 0x1000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000006c0)={0x88, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="03630840", @ANYRES64=r6, @ANYBLOB="086310400000000000000000000000000000000003630840", @ANYRES64=r7, @ANYBLOB="00634040020000000000000000000000000000000000000011000000000000000000000048000000000000001800000000000000", @ANYPTR=&(0x7f0000000440)=ANY=[@ANYBLOB="852a646600000000", @ANYRES32=r5, @ANYBLOB="000000000000000000000000852a62730010000003000000000000000000000000000000852a6277001000000100"/60], @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="000000000000000018000000000000003000000000000000"], @ANYBLOB="03630840", @ANYRES64=0x0, @ANYBLOB="0363084050016f0851238a83c2d99a0f8ad72f1ef6633915a1d1e3ab5a3eadf703345a4301d43cf28cf6", @ANYRES64=r8], 0xa6, 0x0, &(0x7f0000000600)="d25aaf31891fb94f4d5c356e32e66fd2fd301b31b78e2d539c63f5455e5ed20af59886e0c11ccbd0f948967a981320c563df8176a12e68ac44bcc131e3430470a56d43da6676723099df8e80d5184b456459b2bdddb6bfc9811f901bc1b28d5bac9423278e8a2e1fbfbe90a6189e91b1f4f86689f89f40519d23c537cac9aa8d8b3f53ef9757dfdfd3ba5b9dd985ed1d59df3b6988b802d1dd1bc237b3f9767afdab702ca428"})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0xc, 0x0, &(0x7f0000000040)=[@free_buffer={0x40086303, r7}], 0x0, 0x0, 0x0})

[  554.145445] binder: 12906:12907 ioctl 54a0 0 returned -22
[  554.152548] binder: 12906:12907 BC_FREE_BUFFER uffffffffffffffff no match
[  554.159574] binder: 12906:12907 BC_INCREFS_DONE u0000000000000000 no match
[  554.166689] binder: 12906:12907 BC_FREE_BUFFER uffffffffffffffff no match
[  554.173683] binder: 12906:12907 got transaction to invalid handle
[  554.179949] binder: 12906:12907 transaction failed 29201/-22, size 72-24 line 3138
22:19:48 executing program 3:
r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x303041, 0x0)
getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(r0, 0x84, 0x1c, &(0x7f00000000c0), &(0x7f0000000100)=0x4)
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r2 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

[  554.189342] binder: 12906:12907 BC_FREE_BUFFER u0000000000000000 no match
[  554.198328] binder: 12906:12909 ioctl 54a0 0 returned -22
[  554.204637] binder: 12906:12908 BC_FREE_BUFFER u0000000000000000 no match
[  554.228634] binder: 12911:12912 got transaction with invalid parent offset or type
[  554.236522] binder: 12911:12912 transaction failed 29201/-22, size 104-24 line 3454
[  554.244440] binder: 12911:12912 ioctl c0306201 20000800 returned -14
[  554.252081] binder: undelivered TRANSACTION_ERROR: 29201
[  554.258512] binder: BINDER_SET_CONTEXT_MGR already set
[  554.264159] binder: 12911:12913 ioctl 40046207 0 returned -16
[  554.270626] binder: 12911:12913 transaction failed 29189/-22, size 104-24 line 3138
[  554.278553] binder: 12911:12913 ioctl c0306201 20000800 returned -14
[  554.285522] binder: undelivered TRANSACTION_ERROR: 29189
[  554.546965] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[  554.556977] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=12893 comm=syz-executor.4
[  554.804250] binder: undelivered TRANSACTION_ERROR: 29201
[  554.805808] binder: BINDER_SET_CONTEXT_MGR already set
[  554.805816] binder: 12903:12905 ioctl 40046207 0 returned -16
22:19:51 executing program 1:
memfd_create(&(0x7f00000001c0)='\xb3', 0x0)
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="d3e1bb83860000148c0f34"], 0xe}}, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000080)={0x0, 0x0, 0x0, {}, {}, @cond=[{}, {0x0, 0x0, 0x0, 0x40}]})
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

22:19:51 executing program 3:
r0 = epoll_create1(0x0)
r1 = epoll_create1(0x0)
r2 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r2, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000200))
epoll_pwait(r1, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r3 = dup3(r2, r1, 0x0)
ioctl$BLKIOOPT(r3, 0x1279, &(0x7f0000000700))
r4 = accept$unix(r3, &(0x7f0000000280), &(0x7f0000000300)=0x6e)
ioctl$sock_SIOCGIFCONF(r4, 0x8912, &(0x7f0000000400)=@buf={0x88, &(0x7f0000000340)="339006a1b28bd3589325b24f59e83f8aa00d7e2fe0c6a442e1ab5c5651e8b85a22e7b2ba9ce4383fec6cda0655989f80b7faec9c5f1442a9433e9bda33d1ac283b7967605c9e80dde87aeaf80f2ca02d7e6443fed0991be2a62cf1e405deaed81c5f65878280af5233ecb3ef611942902dc5cc5377057e10f4ad1c401080ae0b2adce47620f61fd5"})
r5 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r6 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r6, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r6, 0x0)
ioctl$FITRIM(r4, 0xc0185879, &(0x7f0000000040)={0xc96eac7, 0x3, 0x7fff})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

22:19:51 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sslf\x00', 0x14a04f359949ab20, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)

22:19:51 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x0)

22:19:51 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)
openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/commit_pending_bools\x00', 0x1, 0x0)

22:19:51 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='.d#\x00', 0x0, 0x800)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})

22:19:51 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r1, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
getsockopt$inet_opts(r1, 0x0, 0x1b, &(0x7f0000000080)=""/173, &(0x7f0000000000)=0xad)

22:19:51 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})
r2 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/mls\x00', 0x0, 0x0)
connect$unix(r2, &(0x7f0000000080)=@file={0x1, './file0\x00'}, 0x6e)

22:19:51 executing program 4:
utimes(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)={{}, {0x77359400}})
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
syz_extract_tcp_res(&(0x7f00000000c0), 0x4, 0x7fffffff)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)

22:19:51 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='memory.stat\x00', 0x0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r2, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000000c0))
ioctl$PPPIOCGNPMODE(r1, 0xc008744c, &(0x7f0000000080)={0x3d, 0x3})

22:19:51 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100)={0xd, 0x1000}, 0x0)

22:19:51 executing program 4:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001440)={[{@fat=@dmask={'dmask'}}]})
r1 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0xc34d80, 0x0)
pidfd_send_signal(r1, 0x0, &(0x7f0000000100), 0x0)
r2 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$clear(0x7, r2)

[  556.643493] binder: 12950:12951 got transaction with invalid data ptr
[  556.667048] binder: 12950:12951 transaction failed 29201/-14, size 96-24 line 3316
[  556.677538] binder: undelivered TRANSACTION_ERROR: 29201
[  556.684512] binder: BINDER_SET_CONTEXT_MGR already set
[  556.692793] FAT-fs (loop4): bogus number of reserved sectors
[  556.692798] FAT-fs (loop4): Can't find a valid FAT filesystem
[  556.694174] binder: 12932:12965 got transaction with invalid parent offset or type
[  556.694199] binder: 12932:12965 transaction failed 29201/-22, size 104-24 line 3454
[  556.694214] binder: 12932:12965 ioctl c0306201 20000800 returned -14
[  556.728684] binder: 12950:12967 ioctl 40046207 0 returned -16
[  556.735339] binder: 12950:12971 transaction failed 29189/-22, size 96-24 line 3138
[  556.735739] binder: undelivered TRANSACTION_ERROR: 29189
[  556.760453] FAT-fs (loop4): bogus number of reserved sectors
[  556.766322] FAT-fs (loop4): Can't find a valid FAT filesystem
[  557.423940] binder: undelivered TRANSACTION_ERROR: 29201
[  557.476758] binder: 12932:12980 got transaction with invalid parent offset or type
[  557.484620] binder: 12932:12980 transaction failed 29201/-22, size 104-24 line 3454
[  557.492509] binder: 12932:12980 ioctl c0306201 20000800 returned -14
[  557.499415] binder: undelivered TRANSACTION_ERROR: 29201
22:19:54 executing program 1:
memfd_create(&(0x7f00000001c0)='\xb3', 0x0)
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="d3e1bb03000000148c0f34"], 0xe}}, 0x0)
r1 = open(&(0x7f0000000000)='./file0\x00', 0x210002, 0x5)
ioctl$KDSKBSENT(r1, 0x4b49, &(0x7f0000000240)="d94882808cfcc2e6329ed9b188749d025afbaac047139ed545b22c77e6b99dda242bb16c3269a06871cc0d5438b1853dab890bb9051afcaf8f8512110b736e1a1faa37c6bb2d30c8661b3dd0f20d3f24d38b0a79f6ad530e18c0c5795ac0a532a0644d6f091f00221f92089982cc7a597ec892b235ac69c7dccbc441d0183632f5a88703531abf01b1a7b76804463f15e2384f96bf3a674d33baaf98df26")
ptrace$setopts(0x4206, r0, 0x0, 0x0)
prctl$PR_GET_DUMPABLE(0x3)
tkill(r0, 0x10000000001c)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000080)={0x0, 0x0, 0x0, {}, {}, @cond=[{}, {0x0, 0x0, 0x0, 0x40}]})
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

22:19:54 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r3, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r3, &(0x7f0000000200))
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$BLKIOOPT(r4, 0x1279, &(0x7f0000000700))
getsockopt$inet_mreq(r4, 0x0, 0x23, &(0x7f0000000000)={@multicast2, @dev}, &(0x7f0000000080)=0x8)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r4, 0x0, 0x48b, &(0x7f0000000140)={0x0, 'ip6erspan0\x00'}, 0x18)

22:19:54 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})

22:19:54 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000080)={&(0x7f0000000000)='\x00', 0x0, 0xbc1df9055a10d329}, 0x10)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)

22:19:54 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
r2 = gettid()
ptrace$setopts(0x4206, r2, 0x0, 0x0)
tkill(r2, 0x3b)
ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r2, 0x0, 0x0)
r3 = syz_open_procfs(r2, &(0x7f0000000040)='syscall\x00')
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000100)={'team_slave_1\x00', &(0x7f00000000c0)=@ethtool_cmd={0x38, 0x1, 0x10001, 0xfeff, 0x80, 0x5, 0xe1, 0xb9, 0x2, 0xf7, 0x1000, 0x0, 0x6, 0xc0, 0x2, 0x6, [0xe9, 0x80]}})
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

22:19:54 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x0)

22:19:54 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r2, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
fcntl$setflags(r2, 0x2, 0x1)

22:19:54 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r1, &(0x7f00000001c0)={0x0, 0xfffffffffffffe02, &(0x7f0000000100)={&(0x7f0000000180)={0x14, 0x4000000000002, 0x1, 0x300, 0x0, 0x0, {0x0, 0x2}}, 0x2}}, 0x0)
r2 = syz_open_dev$mice(&(0x7f0000000080)='/dev/input/mice\x00', 0x0, 0x0)
ioctl$TIOCMBIC(r2, 0x5417, &(0x7f00000000c0)=0x1000)
r3 = dup(r0)
ioctl$FICLONERANGE(r1, 0x4020940d, &(0x7f0000000000)={r3, 0x0, 0x3, 0x6, 0x80000001})

[  559.637070] binder: 12986:12989 got transaction with invalid data ptr
[  559.646658] binder: 12986:12989 transaction failed 29201/-14, size 96-24 line 3316
[  559.664345] binder: undelivered TRANSACTION_ERROR: 29201
[  559.673563] binder: BINDER_SET_CONTEXT_MGR already set
22:19:54 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
r2 = epoll_create1(0x0)
r3 = epoll_create1(0x0)
r4 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r4, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000200))
epoll_pwait(r3, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r5 = dup3(r4, r3, 0x0)
ioctl$BLKIOOPT(r5, 0x1279, &(0x7f0000000700))
epoll_wait(r5, &(0x7f0000000040)=[{}, {}, {}], 0x3, 0x1000)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
time(&(0x7f0000000140))
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

[  559.676837] binder: 13000:13003 got transaction with invalid parent offset or type
[  559.676978] binder: 13000:13003 transaction failed 29201/-22, size 104-24 line 3454
[  559.676992] binder: 13000:13003 ioctl c0306201 20000800 returned -14
[  559.677854] binder: undelivered TRANSACTION_ERROR: 29201
[  559.679178] binder: BINDER_SET_CONTEXT_MGR already set
[  559.679186] binder: 13000:13008 ioctl 40046207 0 returned -16
[  559.679622] binder: 13000:13008 transaction failed 29189/-22, size 104-24 line 3138
[  559.679636] binder: 13000:13008 ioctl c0306201 20000800 returned -14
[  559.680752] binder: undelivered TRANSACTION_ERROR: 29189
[  559.746417] binder: 12986:13006 ioctl 40046207 0 returned -16
[  559.746605] binder: 12986:13014 transaction failed 29189/-22, size 96-24 line 3138
[  559.746960] binder: undelivered TRANSACTION_ERROR: 29189
[  559.748727] binder: 13010:13016 got transaction with invalid parent offset or type
22:19:54 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x9e709180088e9f3d)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x2)
mmap$binder(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba51ab593ccba79e0f9c19e3c3729b934f10b0be5a0578301ec86f0a6ba3b5498c56afab54e9cfd75e96328570329ae686d59ae7607563255216e8cfa174c19be9dc0564db2e416bc2d9d034ced2f72a86dccb773a05a85125c9cdf5d39f8dc9437615f3f4100d758de64055f616965ffe0d4e492a"], 0x0, 0x0, 0x0})

[  559.748882] binder: 13010:13016 transaction failed 29201/-22, size 104-24 line 3454
[  559.748897] binder: 13010:13016 ioctl c0306201 20000800 returned -14
[  559.818927] binder_alloc: 13019: binder_alloc_buf, no vma
[  559.824713] binder: 13019:13020 transaction failed 29189/-3, size 96-24 line 3284
22:19:54 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x2)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})
r2 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/status\x00', 0x0, 0x0)
stat(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
getresgid(&(0x7f0000000140), &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000200))
write$P9_RGETATTR(r2, &(0x7f0000000240)={0xa0, 0x19, 0x2, {0x80, {0xa2, 0x4, 0x4}, 0x100, r3, r4, 0x5, 0xa4ef, 0x6, 0x0, 0x6, 0x3538, 0x2, 0x101, 0xfff, 0x5, 0x401, 0xc58, 0x1, 0x3, 0x9}}, 0xa0)

[  559.833349] binder: undelivered TRANSACTION_ERROR: 29189
[  559.856778] binder: 13023:13024 got transaction with invalid data ptr
[  559.863641] binder: 13023:13024 transaction failed 29201/-14, size 96-24 line 3316
[  559.875119] binder: undelivered TRANSACTION_ERROR: 29201
[  559.881726] binder: BINDER_SET_CONTEXT_MGR already set
22:19:54 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x40200)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})

[  559.887218] binder: 13023:13025 ioctl 40046207 0 returned -16
[  559.893702] binder: 13023:13025 transaction failed 29189/-22, size 96-24 line 3138
[  559.902407] binder: undelivered TRANSACTION_ERROR: 29189
[  559.941069] binder: 13027:13028 got transaction with invalid data ptr
[  559.947739] binder: 13027:13028 transaction failed 29201/-14, size 96-24 line 3316
[  559.956408] binder: undelivered TRANSACTION_ERROR: 29201
[  560.030850] binder: BINDER_SET_CONTEXT_MGR already set
[  560.036446] binder: 13027:13029 ioctl 40046207 0 returned -16
[  560.496250] binder: undelivered TRANSACTION_ERROR: 29201
[  560.502428] binder: BINDER_SET_CONTEXT_MGR already set
[  560.507888] binder: 13010:13033 ioctl 40046207 0 returned -16
22:19:57 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
r2 = epoll_create1(0x0)
r3 = epoll_create1(0x0)
r4 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r4, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000200))
epoll_pwait(r3, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r5 = dup3(r4, r3, 0x0)
ioctl$BLKIOOPT(r5, 0x1279, &(0x7f0000000700))
epoll_wait(r5, &(0x7f0000000040)=[{}, {}, {}], 0x3, 0x1000)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
time(&(0x7f0000000140))
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

22:19:57 executing program 0:
r0 = openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x410081, 0x41)
ioctl$sock_ipx_SIOCIPXCFGDATA(r0, 0x89e2, &(0x7f0000000140))
syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000e9a000/0x1000)=nil, 0x1000, 0x1, 0x11, 0xffffffffffffffff, 0xffffffff)
times(&(0x7f00000002c0))
socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/checkreqprot\x00', 0x0, 0x0)
ioctl$EVIOCGRAB(r2, 0x40044590, &(0x7f0000000080))
r3 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000005000/0x4000)=nil, 0x4000, 0x0, 0x20010, r3, 0x8000000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x2})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000800)={0xa920bb8415701935, 0x0, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0})

22:19:57 executing program 5:
r0 = fcntl$dupfd(0xffffffffffffffff, 0x80c, 0xffffffffffffffff)
ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f0000000000)={0x4000000, 0x8, 0xfffffffd})
r1 = accept4(r0, 0x0, &(0x7f0000000080), 0xc00)
ioctl$sock_inet6_tcp_SIOCOUTQNSD(r1, 0x894b, &(0x7f00000000c0))
r2 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r2, 0x0, 0x0, 0x0)

22:19:57 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='trusted.overlay.upper\x00', &(0x7f00000002c0)={0x0, 0xfb, 0x49, 0x45c596787f160ca3, 0x5, "21dd2501dbfb62226c5673ff78a08b4e", "871f55f9f9590cd9a822c2d1045e54f0fc82c451160dc6172c281eac033b40edd6aa0b37d0d889c65d1ca5a02a4905b048fbbef6"}, 0x49, 0x4)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r3, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
r4 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r4, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc2(0x0)
sendmsg$TIPC_NL_NAME_TABLE_GET(r5, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x24409000}, 0xc, &(0x7f0000000280)={&(0x7f0000000580)=ANY=[@ANYBLOB="0800ad2846bee24ac4c074d74eb7c0a0c8ab5b15d2fe45b39c1da54ad1143459bc50dc07641ec79583ae054ac7340d04abf3fc62b85074a7cffe78c4600148dc7cdec497f5c4f40517798001", @ANYRES16=r6, @ANYBLOB="04002bbd7000fbdbdf251000000004000600a4000400440007000800010003000000080001001900000008000200020000000800030001000000080002009c07000008000200050000000800040009000000080001000d0000000c000700080004004a0000000c00010073797a30000000000c00010073797a30000000000c00010073797a31000000000c00070008000200050000000c00010073797a31000000001400010062726f6164636173742d6c696e6b00002400060008000100ff0f000008000100f8ffffff080001004f0000000800010001ffffff"], 0xe0}, 0x1, 0x0, 0x0, 0x8004}, 0x4000004)
sendmsg$TIPC_NL_BEARER_GET(r4, &(0x7f00000004c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x100020}, 0xc, &(0x7f0000000340)={&(0x7f0000000440)={0x70, r6, 0x10, 0x70bd28, 0x25dfdbfb, {}, [@TIPC_NLA_LINK={0x5c, 0x4, [@TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x14}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}]}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x840}, 0xc000)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a747000000000000000000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561646600"/104], @ANYPTR=&(0x7f0000000200)=ANY=[@ANYBLOB="0000001c47c6bc12aab92500000000004800000000000000381a5afe5f3c08fa1ea46f9957c72344da5671f264543db59e81cdefe53afeecf84f6b7803209760592d1afefab17957a8a0679e3058be7f75bbc58f62daa201000000bb2afe293faa53ec34bea4959da65f7e3909b37309031afc3995e5537cdadf518f6f7c0587a05cfb6b"]], 0x1ca, 0x0, 0x0})

22:19:57 executing program 4:
r0 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/avc/cache_stats\x00', 0x0, 0x0)
getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f00000000c0)={0x0, 0x8}, &(0x7f0000000180)=0x8)
r1 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x2000, 0x0)
fcntl$dupfd(r2, 0x80c, r3)
pidfd_send_signal(r1, 0x0, &(0x7f0000000100), 0x0)

22:19:57 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x0)

22:19:57 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r2, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
fsetxattr$security_ima(r2, &(0x7f0000000040)='security.ima\x00', &(0x7f00000000c0)=@sha1={0x1, "e20e5b09e8ae6bc90bc6e4d1e0d2fe2fa5eec695"}, 0x15, 0x2)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r3, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2, 0xfffffffffffffffe}, @fd={0x66642a85, 0x0, r3}}, &(0x7f0000000080)={0x0, 0x16e, 0x32}}}], 0x0, 0x0, 0x0})

22:19:57 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x800)
ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r0)
pidfd_send_signal(r0, 0x1a, 0x0, 0x0)
r2 = gettid()
ptrace$setopts(0x4206, r2, 0x0, 0x0)
r3 = gettid()
ptrace$setopts(0x4206, r3, 0x0, 0x0)
tkill(r3, 0x3b)
ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r3, 0x0, 0x0)
r4 = gettid()
ptrace$setopts(0x4206, r4, 0x0, 0x0)
tkill(r4, 0x3b)
ptrace$setregs(0xd, r4, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r4, 0x0, 0x0)
ptrace$setregs(0xd, r4, 0xfffffffffffffffd, &(0x7f00000001c0)="c764e74a049c8e5f1f55e599e990c18faa8d1e0f6ee6281651ddb9085c69e3c5e324a7ec7ec6cadaaa308f2344e655e30c1561b930fa858a9798ecaaead90b5d9d0d39eb905c12a26184603a74ed3285e487bb5df544f99f7d66c895c28662c03820b15b20dece0f98271299dedc7c16c7230184d68149af2f79020afcbd1e4bb230e11f0fcc087f61c21f3f90bb03dcba6fd64f27f096e7dfa0f793dc740d8a36a53c49ac52ad86f44276dfd26998a5f172bdb43d1a5a621e74850fd4")
ptrace$cont(0x7, r2, 0x0, 0x0)
r5 = gettid()
r6 = syz_open_procfs(r4, &(0x7f0000000280)='net/packet\x00')
ioctl$BLKFLSBUF(r6, 0x1261, &(0x7f00000002c0)=0x3ff)
waitid(0x0, r5, &(0x7f0000000080), 0x80000000, &(0x7f0000000100))

22:19:57 executing program 4:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x60000, 0x0)
accept4$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, &(0x7f00000000c0)=0x1c, 0x80000)
r1 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r1, 0x0, &(0x7f0000000100)={0x7, 0x0, 0x3}, 0x0)
pipe(&(0x7f0000000180)={<r2=>0xffffffffffffffff})
ioctl$SNDRV_TIMER_IOCTL_TREAD(r2, 0x40045402, &(0x7f00000001c0))

[  562.669459] binder: BINDER_SET_CONTEXT_MGR already set
[  562.672513] binder_alloc: 13037: binder_alloc_buf, no vma
[  562.672530] binder: 13037:13040 transaction failed 29189/-3, size 104-24 line 3284
22:19:57 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
prctl$PR_GET_FP_MODE(0x2e)
r1 = gettid()
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x3b)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r1, 0x0, 0x0)
r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
write$FUSE_NOTIFY_RETRIEVE(0xffffffffffffffff, &(0x7f0000001180)={0x30, 0x5, 0x0, {0x0, 0x3, 0x101, 0x9}}, 0x30)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
ioctl$TIOCCBRK(0xffffffffffffffff, 0x5428)
r3 = perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x3, 0x0, 0x1f, 0x4b, 0x0, 0x40, 0x44, 0x19, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x51b, 0x1, @perf_bp={&(0x7f0000000000), 0x2}, 0x1040, 0x4, 0x2, 0x5, 0x10000, 0xa2}, r1, 0xd, r2, 0x0)
write$binfmt_misc(r3, &(0x7f0000000100)=ANY=[@ANYBLOB="73797a31953399b1247baa7517ed42b62b0696b776532b94ef66e71af20756fe85f550455dd167dfc4cb20d263e3b9b118adcde8ea4fa9442082b7d5d0b5eb4ae6ca4e2fbef89adf3ce04c793d6db7fe722057154198e1913abd239cf047988ccaec436779810f4c3cc2ffce8bba016e536f99514a13fbfaa6e14ac89bf754d4e587272f36e4b2e32947c86eb18d907969a997eafc4a64450fd61782fbf6d082412d9542a9c665e331edde8941e3df0d537f7181458f299e5a76305c2eeeaceebb93dea85313845488daf2474bcb93fa42f2a002f996256cb14c3305093e66cc1bc7b4425603c7ed65cadd4d6645ffc5e4db9142cfb876bf490d48f9007bc6769a820f23af964fdb7e0684af9f4d871381cb8f5e5bb894e0ae665b3e8322a898cc9af1a6da567d08e8a1b0aa8812d03f9786ab20b17f9ea48c9c2eb0c7f1d27b6b1937cddf4c92a6f847bff68bd04be9b2f10584220d7b10b6ef39a0cda6522159c781a422423bc1dd94ce33001fdbbde7978d0a3484d2d484f09cc9c08f670faf347b511ef6467435c7b93d92fe8d89067b7f5dbc67dc14e5a4977d495cc2dd53164bde4c9a780fbd98752189c168776ccfa6615a419744bc017783e3e9f6fd63981b3d9889fe57f8cc9648fc443e498eb24688c214b3d2c0d886bceb6c66e5662de37746fa5585bdbe8ddd5d7dfae59b447afebcd7f881275618abacbdd4370d5ac45422ed57e5a28354a289ebf165a72547ed549b1c29508cbfb6cec6475a6f35e250b21842f6390f1898d15c1e69a6293ff01290d93f905a291ebcac3a5d7f3c0ba96f5ae0e14c77476a4ad57a05bf3409d35c70595a047ac421b8f8dcd75cd8dd9bb7bbbe9f8b6065508d105c7e27f07ef8f74dd62b28c5aec13b571d61b337ddeadc9b6497a0a4c300ac7a4180bc7d1c65a0c83b67f7ed9d89f37d48735455ab3d55564719f5321dd5ea005b35fdaa2c8d762d2cb3cde1356669224e3264b0371fe3698ed406bccf023ee457496cfce966509384a5384295313f511923d0b5e27c6d74f7dd1a894637497ce6d08efd17dfc2ab3f645cd44189d32d003c13308723c422ba2a6f06e05a8e8bca27b67fdb09e34c8cb15cd3e0829036d9acf985ce9b01d8f0a50443d40a8261c1894c0f37dbe6d785f3436d1522d737283a305b6c95f4d97e3f096da89064bb711f38117edb61e61a29ee957148e6114b1487ce58b969ac4cd7608929636f400b5ea3ec3739534c9b6c06e69ee97336a828181997594e7456bfccd86f37d40c97b4e75f578f697a40f034ce548af27ef5ad99f44afcb2326f34aeb6e3295a3e66fb6559dacd4bd166fd092ed2eb7b3d21b5fc7f4e4ed0b2ef0a489c14358545e035caf1ba6ba4b63e12c4a3859092a5f4067ee74d075d9707b96cf27f272fcddb209e4f129fe44a88dd81b2078f940c5939e7dadc63793bbafcfdd2f6ca4b3ca56d0bb992e1655c66772be789c34384882dbfd1bc7393e1a4847df21bddc7ce7f685f400e90afb5abb17d8affc077e84627b62f867ed53c5d42b2d04a72a0d21dc47eab5a296ced5ba6962219554e39f37f79fc65a1c8b8cbbcad4237fb33d777f23acfbcac5586d69c64203ff82ab69b7a93853de9529642d57c1e7f7045929f4e52570aa9ea28b4e71af6f72be30e6916f0f308c7ea4a5b8c687b399f606d83b5e1a3c7a76d0c8c74ae73d89c213616c3d343f492880970f25d6e7f60fbd8bb49a67b77459ca7dd17cff75d4f8da3a6946da8dc9607084edfb687a4310bd426b1839b4ceed098fffea60a7b72a478412f76498d68f62b637e109f87f290ef4157e413685291a6ee88dd32395fed996f091d43d9764bf3306d33fbe9c7a89acef52aa9380d061786ddc613245b2ee0f24f1d41bc7c05a792c53ac4c1483c5db9d525ce0f492915a0ba17f35a1ea0a00e30f405cf1e4b2717cbac777da8e01860aafe540548ee556a288f8dc4c8310d837178096abe85452bdadf392bc25aeb40e889cb6124c1d78a8642914057a76dccd0aabeecfe836867bd55c3875ce7552da1286fce6aad04734922dac31fb1ab810a833a5c3153b9e4edfdd8d747dc2c94b9b00a7c48de237676d9fc57f396a300d3623dd4c5baf367a9f03f2e315c24578ef3c437451047f982ae0b1196b00181bfa5ce98ff203fccaeb58a33d5b00b73a7895016d8395d286dace28a0330b2a43dd63362380580b03624f268bfa4cdcf39fbd8ae7e2c8a05f411b98c7c6c9da14cdc78b195a40ed1f3cf453a54280a01919f30e1a0c68e851477425455559697a0af01318984e4119d8c0ebea55a450e1aea87e7347bb29e42b2353bc02c6946207cbac8982a92d9e81baa6b8c96b175e2b1879a1a7330f6a965dff9a2aba113f618104937601f193c568c04e129c5324b7c04e759ecde0efee06e18d595dbd4a79e8e11972279c0218b59d5f6f7289ebcd940e6b2b72956480d3cd001fe77a7283fedf4cede21f8f395596c9d8535f2522b6de7beed6eda82a0e86a1240c53b4881fb8c22906cd462fde7aa720334b663626d75060badb37b218d26550cc7cf46ea7ee29fe2aa4f86db2c4286dbebfb4ab84d79fee0e298802d8142f5624b623ce1d76eb6867b69bc7cb5eb9850924e25e82966812da40c78fd4ab8dfcc693a77db2d99d7cb2a0c95b4ff34e44596ed7cb41854c22f726cefcfc66eab3fc94f2b5ec3fd3328ab20d13e9cfce35bfb5e70c9b4c7ceb0b06fa0fb4006996d890093246d039fc206f5316d27283600647639c42759734c00d93130b1aaa58238f627514b23328003a9bb755d16f9eef585d2fca3d6ffec8ca150af502107047a9a17c544fe6bf7e304368239ff2aed3e5f31f3a111b5a569a73b85d6b0140b52069d11186c6a27552c3045274452676e6763b85065392603b5f63cc0065c1d853f3a9dbf9fc8bfef9ab053f8d40382a180805167c6c1c359212982331fd82adcbf5e878d1334f1488c88bf5cb39e19bad95501191d7ffd80fd17c78e4c9b99d252f4f3802887c0fa52c102312069eb3f10c3c7f205d234f497b9783e026496e9d4c4af16515943e0a990e1378513790e024b030c412abd2da0318acb186981fd483be87b496cdc81a43ee635942ea46e1a9fc3060dca2e481a6d73c17d7dcc9805263bf6b0de575e9d663fee5604eb9053e0ae38809ee51f465cf0b01e43633416018dc43c0192c675bdfa1adcb8b8795d4c9e605e719bee8d6a157bdbaacc013477413dd971d4bfa6fec78ab7d9d93d9d82a1f871584836540d9e5efcd92d3c1505f2c9e788b2e725415011b7fd85bc42197a837157f21638a8ed24fad27a29c9c06d4536a5e2bc4db782efd1a50e1c2eeacc6e4b01a3ccca2c712a6ef36454025a518d3badebd2e2fbfe72004fcf5035b561698634347376734f28862d30ba86fb41aa91e87d847a73e5bac5de5092348d112814313cdb60d611232ce75edb4ae42272c2c8a527ea1ce7766369fccf2230644ffc7710e9faa1899e146098dee5f5cc5cded9f43addce6da8a6c213ba14b93e8fb9df50c34e6d2cad9995ce3bbcb1a4ac6ca84a05f184f8ed94793fc1a5e0b55593edb1016670fd01b44941b80c82b9a1ff21779120fa913db2dc0f423bf99e9bb12572aef0d6af722f3912cf64eecec42bf25bf2f1c96ab557ebcfb30f11a9c8c9d4155337d4917119bb781fd3075d78ef693af74cbae1ec4fe810da5abd627ffbdc0e89f7d28d3203dcf714b9400238d97356cffc0f54b57cd661cbb8bbabb7c662b1a1c81ebc05ce1ed50f8ad27401324623cf24c96c232b09ceb13ad762086b54429fadfda70493efba10f1bc1a255c0679c9641f33c4c146a137314cfe40f2c049a33eb1ab3311fd3b4ec316b08dd6bc7262abfcd3aa07ffa0a9a2ade7d22f12cd8cf3560d6f0c3cace87ec3cf8fe9fcbffa542fa5b2c013a4d186c0bee6d629d6eb367c4f1156157687fc8e5bffc1706f55404ca5912f58b85b58d089c76b2e6992ff93bc0ebb7e74146976f04f790884101430c406771aca65b012274e631011a14fe17a88f8ba20e6b49cd6e6ca5b9a8a1032ef6e29d135d66b7267bcea8b58c8616236bd971bea45529cfb3bf1d09bb487be5d450cdc1994975b38749022a9aadd9b6e518eaa1276d1aa85923f794ad6e21830730353da17280556e658245c5b7811ed67f6a632982edc1d98ad4e10905630ec78aaa10be8fbbd2a6626ffd344f6d549a1b7269aa49282d93aeddd922b9e3d23ab82e14d7104258037c10b30e8d6fa255ad738ba27a5e35879bbad9748ffd910d24d5dcfe0758fece4c126d71fd06553d2991feeeeb5a93281af7c50c0081df2b37b53e599b761dd5876d15a69f7c9eabaf2c8369d51252d67a1606847616c3c62d1ce3988cea706a92ecaccd27d41de5e9c4556861754bf93f6ad15022647cf0f02377cc5c66af16ad47b5d00fa0d33a3b76b8a4159251367dd621d78c2f3a0e89aa65d253ff138ac61637e8c8b37308c7f1fac7e8365206466ec159a744750c53c5e5d22887b734e6755cd82ab738a492f7c73ae1e857d4650931ca9165afe3d4f07818d55d4271974bcd70763e462ef54a1b6c529fef504d97dcfd0534a8ac57819f252603d39a09d9e7f5b4a5a43f2c957f0d8437826b27de5db54b2421e5163a5e9f5ff07ecc4cdfe4c4545a7dea3c1086dc09c90b549eb3af03c3f042a15183b57203bb4e92541f81f8f71b35103b0b7a2a9b068efb414e9340566cb74f2ba9272d94a39f85c7a6fec5c9d6edb489f7db7b74b9d37f0a6eec4200223f39f714016dc46d53b95bccc994c7e7659262578bf79542269b3da43d19d4da09f63fc6fc7e312e2ed7f9547f51c0c7f025b670ebac69c2f40b1b4e57493bd4f3da7a749845c91aab48374788e647cefd049805c4411be5f623daa01dfdeb59ae1b41b6452de20864268d1a95b7e0c4c1895583a4dd329500f19e910715fc6c02a6fcc6e364e20617286268228ac6bc29b19708a90c3fce5d07919e77561747acd4645a46f18dd995f7fd7da415366a0aa15f8963d5c9d1ca09912de8ea275321f8845cdf0687dc7f6db48be7fe71288a5e23bb3e0e9a214eed703d423bdcc955ed3e5fd28a6cf309fb0bf45d10a008c254b2b75ba17bca2b2b30911b7ec36ae4129a66e5e2d473882f8167e0e958655f58dbe602ecc867956ea120d8da16a7129d5790a1276db327ae08534acc967385b912b320d18083f498fdffe8e568848e1d32aa096896ea2d96f7c81b8f2d59badd9edfdd09cb1503daa318a7ab4ac4bfed381fc220b7bb0c936b80802daece83e991fa5a6ac0434ee1fcbee221d71ad35b23bb65f8dc461fc707c689dfc96f74ca98e78edb9b341c5d9733b1d9cf4bc87d878cdac193f703438cfe66920d4fec4fdc3b8538e9e5be0b012f38457ad64ddf91d79239230c5351556eae5f187d821742afc931a6673cbd059188ed3329d4e1dfc2d054027dcb58b75822f6e170f87282bd6d56b1ff5e21d969a9a834d1fdd88f0156ab91ea9667fb25657fd9314520231132ffabdfc816d3307ba4d99b16a0ec9158069806f9e98e2319cfe54bb74d98c1bb4c2dfcae68fc9b93a1394db2b15249d0c5851009bc3fecc5b2cc464918151e157e227a5927f5d40a2ba15c93a1e1903da1671ece6fa77cad7f92a0571234c4076762de564a3798aa6507b8b4c3a09e688b98ef2b38467c00b2e9d73089dc0f67cfbbd0413b156f0fb5b4bd39ff4f313d47e6467c43a51019f9a8bc5060834bcdf6b78a1addf39af"], 0x1004)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)
openat$selinux_status(0xffffffffffffff9c, &(0x7f0000001140)='/selinux/status\x00', 0x0, 0x0)

22:19:57 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
r2 = openat$cgroup_type(0xffffffffffffffff, &(0x7f0000000040)='cgroup.type\x00', 0x2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r3, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
clock_gettime(0x0, &(0x7f0000000100)={<r4=>0x0, <r5=>0x0})
ppoll(&(0x7f00000000c0)=[{r2, 0x6000}, {r3, 0x80c1}], 0x2, &(0x7f0000000140)={r4, r5+10000000}, &(0x7f0000000200)={0x80000001}, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

22:19:57 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r1, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
pidfd_send_signal(r1, 0xc, &(0x7f0000000080)={0x21, 0x84f, 0x9}, 0x0)
getresuid(&(0x7f0000000000), &(0x7f0000000180)=<r2=>0x0, &(0x7f00000001c0))
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
recvfrom(r1, &(0x7f0000000240)=""/42, 0x2a, 0xa0, &(0x7f00000002c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, r3, 0x2, 0x4, 0x3, 0x0, {0xa, 0x4e22, 0x9, @rand_addr="248efba61032c44edfcbbc3254e98109"}}}, 0x80)
ioprio_set$uid(0x3, r2, 0x7f)
openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/policy\x00', 0x0, 0x0)

[  562.672552] binder: 13037:13040 ioctl c0306201 20000800 returned -14
[  562.672876] binder: undelivered TRANSACTION_ERROR: 29189
[  562.679640] binder_alloc: 13037: binder_alloc_buf, no vma
[  562.679662] binder: 13037:13055 transaction failed 29189/-3, size 104-24 line 3284
[  562.679680] binder: 13037:13055 ioctl c0306201 20000800 returned -14
[  562.680409] binder: undelivered TRANSACTION_ERROR: 29189
[  562.719681] binder: 13044:13065 got transaction with invalid parent offset or type
[  562.719719] binder: 13044:13065 transaction failed 29201/-22, size 104-24 line 3454
[  562.719735] binder: 13044:13065 ioctl c0306201 20000800 returned -14
[  562.724037] binder: 13036:13064 unknown command 1768304430
[  562.724046] binder: 13036:13064 ioctl c0306201 20000800 returned -22
[  562.727671] binder: 13060:13066 got transaction with invalid offset (366, min 40 max 104) or object.
[  562.727728] binder: 13060:13066 transaction failed 29201/-22, size 104-24 line 3379
[  562.728019] binder: undelivered TRANSACTION_ERROR: 29201
[  562.729328] binder: BINDER_SET_CONTEXT_MGR already set
[  562.729335] binder: 13060:13066 ioctl 40046207 0 returned -16
[  562.772218] binder: 13072:13075 got transaction with invalid parent offset or type
[  562.772245] binder: 13072:13075 transaction failed 29201/-22, size 104-24 line 3454
[  562.772261] binder: 13072:13075 ioctl c0306201 20000800 returned -14
[  562.772485] binder: undelivered TRANSACTION_ERROR: 29201
[  562.778586] binder: BINDER_SET_CONTEXT_MGR already set
[  562.778595] binder: 13072:13078 ioctl 40046207 0 returned -16
[  562.915155] binder: 13036:13048 ioctl 4018620d 20000100 returned -16
[  562.924774] binder: 13036:13048 unknown command 1768304430
[  562.930524] binder: 13036:13048 ioctl c0306201 20000800 returned -22
22:19:58 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
exit(0x3ff)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x101000, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

22:19:58 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000e00600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})

22:19:58 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100)={0x7}, 0x0)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r1, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(0x0)
sendmsg$TIPC_NL_NAME_TABLE_GET(r2, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x24409000}, 0xc, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB="0800ad2846bee24ac4c074d74eb7c0a0c8ab5b15d2fe45b39c1da54ad1143459bc50dc07641ec79583ae054ac7340d04abf3fc62b85074a7cffe78c4600148dc7cdec497f5c4f40517798001", @ANYRES16=r3, @ANYBLOB="04002bbd7000fbdbdf251000000004000600a4000400440007000800010003000000080001001900000008000200020000000800030001000000080002009c0700000800ff00050000000800040009000000080001000d0000000004004a0000000c00010073797a00000c00010073797a30000000000c00010073797a31eeb14dac021c0602bbac817bf4000000000c00070003000200050000000c00010073797a31000000001400010062726f7a64636173742d6c696e6b00002400060008000100ff0f000008000100f8ffffff080001004f0000000800010001ffffee8f153b2e21a60020000000000000000000"], 0xe0}, 0x1, 0x0, 0x0, 0x8004}, 0x4000004)
sendmsg$TIPC_NL_LINK_SET(r1, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="bc000000", @ANYRES16=r3, @ANYBLOB="00012dbd7000fcdbdf25090000002000070008000200040000000c0003000104000000000000080002008000000038000100100001007564703a73797a32000000002400020008000400090020000800040001010000080003000400000008000300010000005000050007e16ae51028e77606000000080001001c0000000800040001010000080002000000000008000400280d00000800010075647000080001007564700008000100657468000800010065746800"], 0xbc}, 0x1, 0x0, 0x0, 0x8008}, 0x4000000)

22:19:58 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r1, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r4 = fcntl$dupfd(r3, 0x406, r3)
r5 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r6=>0x0, <r7=>0x0})
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000500)={0x0, <r8=>0x0}, &(0x7f0000000540)=0xc)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r9=>0x0})
ioctl$LOOP_SET_CAPACITY(r4, 0x4c07)
write$P9_RRENAME(r4, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000160000,user_id=', @ANYRESDEC=r9, @ANYBLOB=',group_id=', @ANYRESDEC=r7, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r8, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r6, @ANYBLOB=',pcr=00000000000000000049,rootcontext=staff_u,dont_hash,\x00'])
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r11 = fcntl$dupfd(r10, 0x406, r10)
r12 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r13=>0x0, <r14=>0x0})
getsockopt$sock_cred(r12, 0x1, 0x11, &(0x7f0000000500)={0x0, <r15=>0x0}, &(0x7f0000000540)=0xc)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r16=>0x0})
ioctl$LOOP_SET_CAPACITY(r11, 0x4c07)
write$P9_RRENAME(r11, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r11, @ANYBLOB=',rootmode=00000000000000000160000,user_id=', @ANYRESDEC=r16, @ANYBLOB=',group_id=', @ANYRESDEC=r14, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r15, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r13, @ANYBLOB=',pcr=00000000000000000049,rootcontext=staff_u,dont_hash,\x00'])
stat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, <r17=>0x0})
r18 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r19 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r18, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r19, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r20 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000300)='IPVS\x00')
sendmsg$IPVS_CMD_GET_INFO(r18, &(0x7f0000000700)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x18004}, 0xc, &(0x7f0000000580)={&(0x7f0000000640)=ANY=[@ANYBLOB="84000000", @ANYRES16=r20, @ANYBLOB="01002abb872fcd77a481e974bfad37bd7000fddbdf250f0000000887eff6549707055c0005000500000030009311bba5502d030014000600ff020000000000000000000000000001080003000400000008000100030000000800040029060d00100001000c000601016f6e65000000000008000000000000080006000900000800060006000000080004000500000000"], 0x3}, 0x1, 0x0, 0x0, 0x4000800}, 0x200000f4)
mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='fuseblk\x00', 0x40000, &(0x7f0000000440)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB="2c726f6f746d6f64653d30303030303030303030303030303030523034303030302c757365725f080004", @ANYRESDEC=r6, @ANYBLOB=',group_id=', @ANYRESDEC=r14, @ANYBLOB=',blksize=0x61979c85400cb01d,allow_other,default_permissions,default_permissions,allow_other,allow_other,euid>', @ANYRESDEC=r17, @ANYBLOB=',\x00'])
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000000))

22:19:58 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r1, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
getsockopt$sock_timeval(r1, 0x1, 0x43, &(0x7f0000000080), &(0x7f00000000c0)=0x10)
r2 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r4, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r5 = getpid()
ioctl$sock_SIOCSPGRP(r4, 0x8902, &(0x7f00000001c0)=r5)
ioctl$EVIOCSABS20(r3, 0x401845e0, &(0x7f0000000040)={0x9, 0x5c, 0x3, 0x80000000, 0x44f, 0xb5})
r6 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r3, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r6, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
mmap$binder(&(0x7f0000e96000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})

[  563.463474] binder: undelivered TRANSACTION_ERROR: 29201
[  563.497778] binder: 13093:13095 got transaction with invalid data ptr
[  563.498191] binder_alloc: 13084: binder_alloc_buf, no vma
[  563.498208] binder: 13084:13087 transaction failed 29189/-3, size 96-24 line 3284
[  563.498494] binder: undelivered TRANSACTION_ERROR: 29189
[  563.543538] binder: 13083:13105 got transaction with invalid parent offset or type
[  563.543566] binder: 13083:13105 transaction failed 29201/-22, size 104-24 line 3454
[  563.543583] binder: 13083:13105 ioctl c0306201 20000800 returned -14
[  563.568891] binder: 13093:13095 transaction failed 29201/-14, size 96-24 line 3316
[  563.585427] binder: undelivered TRANSACTION_ERROR: 29201
[  564.284150] binder: undelivered TRANSACTION_ERROR: 29201
[  564.285484] binder: BINDER_SET_CONTEXT_MGR already set
[  564.285492] binder: 13083:13105 ioctl 40046207 0 returned -16
[  564.290317] binder_alloc: 13083: binder_alloc_buf, no vma
[  564.290336] binder: 13083:13109 transaction failed 29189/-3, size 104-24 line 3284
[  564.290352] binder: 13083:13109 ioctl c0306201 20000800 returned -14
[  564.320711] binder: undelivered TRANSACTION_ERROR: 29189
22:20:00 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100)='/dev/zero\x00', 0x400000, 0x0)
ioctl$BINDER_SET_MAX_THREADS(r2, 0x40046205, &(0x7f0000000140))
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})
r3 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/commit_pending_bools\x00', 0x1, 0x0)
setsockopt$inet_tcp_TLS_TX(r3, 0x6, 0x1, &(0x7f00000000c0)=@gcm_256={{0x304}, "35c6b8bb3b7b40db", "32348974186e1170e80d8f09fbd8ec39fee1542bbe6e52ec2407d84884f23127", "692a9f8e", "01d3debde9bdfb08"}, 0x38)

22:20:00 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/commit_pending_bools\x00', 0x1, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000080)='/dev/binder#\x00')
r2 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r3, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r4, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r3)
r5 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/status\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000fcc000/0x9000)=nil, 0x9000, 0x1, 0x11, r5, 0x0)
setsockopt$inet_tcp_TCP_QUEUE_SEQ(r1, 0x6, 0x15, &(0x7f00000000c0)=0x101, 0x4)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fbaa818756b9da6fd47772d309f94f42492c14f0b2dbb920def1d35b50cc521e13eb3919f98af362e06ac60f1a0428c30dda1071c8646063f1ef7a4c6e218a419e3c3f0fc1713118e90b5077314a790f7b2cf5cfcf606a4d6f7e17c0ff589285d148466d410a79eee0584a5a3ca34c1033a8e64a1d8f288b0f2b52d4fff1cf0b60f6a1b56359e71d3ae705230202a5b14ec36e2700525798146f31bcfaf"], 0x0, 0x0, 0x0})

22:20:00 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
r1 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r1, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r2, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
ioctl$TIOCGSID(r1, 0x5429, &(0x7f0000000000)=<r3=>0x0)
perf_event_open(&(0x7f0000000080)={0x0, 0x70, 0x1, 0x0, 0x44, 0x81, 0x0, 0x1, 0x14000, 0x4, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x400, 0x0, @perf_config_ext={0x4}, 0x4000, 0x1, 0x6, 0x6, 0x3, 0x4, 0x1000}, r3, 0xd, 0xffffffffffffffff, 0x1)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)

22:20:00 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
prctl$PR_SET_UNALIGN(0x6, 0x2)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)

22:20:00 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r1, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f00000000c0)=0x5, 0x4)
r2 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r2, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
finit_module(r3, &(0x7f0000000040)='\x00', 0x2)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\b\x00\x00\x00\x00\x00']], 0x1ca, 0x0, 0x0})

22:20:00 executing program 2:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000040)=<r2=>0x0)
r3 = accept4$inet(0xffffffffffffffff, &(0x7f0000000100)={0x2, 0x0, @remote}, &(0x7f0000000140)=0x10, 0x1400)
accept$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @initdev}, &(0x7f0000000200)=0x10)
ptrace$poke(0x4, r2, &(0x7f0000000080), 0x4)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x143000, 0x0)
setsockopt$inet_tcp_buf(r4, 0x6, 0x54, &(0x7f0000000840)="8fbcda1bfe3a159c0c621ea4a51fa3fa1602f46082cc6585e790d38ca1ea80eb28bfec64dbd2214305d90eceeb74a0e36e153e4f6b1c59eb9461e02313935926d8b4416f3146ffb389c1a5719572ccc3250741368367b9699d7db2d6dc1d650ed40f301de51a03cb72a50b2ab9940102a9fe149fef428b9c3531f1f5fb381ce6df47bfe0215a948e82196c71c893dd5675f82f9c780463470813e89d9cba52cdf99cfe6ddc869cfd648f3364111ca74912e45eab7f400f7688268a04df2fd91edd59883fb5c33390aed7d1ca5fa1655487aaa4cc9121d914abda54ee41a36216a1d681221ad627b72b919968e5e86cf31b4fc7dc223d11acab72e4a8597dc7c0a5e055cfc76b6b08433dc162e70086d9642b618833f885096fc408aff189e3502808846abfcbe974e84ae24f76ef87dad67ee5c40e0ef3da45ad7d98a04eecb3b361dce331c0301f0047c6994effa8a95fbb6021cda4e975e397a333bf199b29f65b527dfe4853003bca967e46d42afae9949d8cfb054600c88ea14959978ddf6339f6ca9cb4f8077bab7a805b7ca48c6af66f66f0172da7efa2afe6840d623968e858f6564d738e689fe0cccdac5c1ccd37c89bbb76a910615847cb5eaf839ec9635df8143af6f451810684c0783ecbf53e452933d6b016fe3a4d3e783d219807d04fc740f76996ee02e124c6092e875ad6ca9b7a92ceeab921d2bf4f95c8945211625ec7299ffb85e18bc1cab2e0c1c7c298467227b4568febafe67f29dab924e5d02f52e9056d35124218030c0d85ef95ae3ccdfd432ddda6b44963ced696f049d0773b4983bd6dd7dae49e877c18e6dd176d18dc509144eb720b169178386539d75e5ce241f6d7013c48526213b12cebbcd44a64cd3b900f573768c7c052b9d5f8795e1c494bdad75d8cbdf97afbf4a18861e7f59f8c685bcf8e14b4a37d40ac65a1adf0cbb6689514455951d18841a91fdb5e10b7110c1a76bcea32bb312cfe55adb5be421cb56d83005f60b22c9cdd024d3ba0d62b26437601bcdd5e1d12b51e6784c86533306bac16d156939690366cc7cba43e71aad69f7ddf19d627245844a722168f3379ed86e3dcf6deda79b0bce19ed7a0282110e56af1a3d0be1a50014d09a6b7632d60b50f87e57d6264c9b262502cfdb048890183bc6623af5c70b7c912f5b46ebf760f9931d0c1f2e5b826f3b44df62f30517f3362664821f93cacded883e593cf054d5a0c9d6adc63c7c20a57e1ebb0bbdfb12dd235b23cbab1567c9f33d8b685735ece27efa296d09e9a078752f68ef9576ffddba9ad2e5dd184b92217159fd42ff51d8dbd5e0239a1cd33459666af4e0cc8d45ef47ac7e493271d24b210f2dca298bd91152ca4c5c98a51b2fcbf0bab56b6dd98ec3f156592a89f0133a752d7a1c3d27e6169c914821b0f7fb16f54d6e0523023348ffb7fe82dc3153f32a6118aa36d2a3c36a45eecf4ff1dcb26f18bc1b8e5935f94a83dd7a9d11c94cbf2a92895a6e32f6ec6fc607a3523b9bdb69d7a9f2d4ca97d8533b390f25abac3ebb229aec78ceaee7d85270b315be1e06e9091365e2ff96413034716ed1c53487b11bb1349e5422710e391821f068dd9757e7febcd83e6568fc234f614f35d4f20c3fdf8b53adfbba2d169ed2479e261b55d39bcc19cfe8592e0a115d5500b0f6465d33c0e8557c2940b743e9c9672a95a8b463b0bae06f5c43c10002a16878d3eb18a551a3672a6a6b3a0687182f2eda10133da01845167e57abe43e96dfb4899e308e373d613e834b7eef49094a0c010aea62fd88622dfaa757923c8004b67d8eaea25ab81f4bcd1a59ec48bd3cc503ec187478da0e56d62a3b499aabe60e7dc5f0ec21745468c31854024e471f3c0f235202a5283414d817b1bc7fefd88eded214a917184df3f0dbc9f7b5b97982b6dc252a78ee0631112d6c9ce2e47eb145a5b167512550dd4dec4c029b5c4bd7c6a8cf72604ecb6014161e5df8bc5bef006d5348e73b20149bb5874964741f10e97aac480b41b5d8e1712883200192e51202c6cd3ee915df06a4b0794ca22473b3fb6e5069e74ce79bcd1b85317207c067860d8a047a919e2598bff1b570c0237491d62b72750e9ae6158091d07a45aa87314600101f026e8388414c5cb3b648a41f15306be1d844146063ba816a7aa40943fa3c4bd95e525194b43ad695f66fab5e4b2be84a0fcbca065ccbce83ee3bf2de05a44d9a2cc8a322c2d054ca67d6c923315eb5a04855bf2c32edf251819459793f8f2a9b3ec0b6103972a46af6dddc3cd747ab5a514dbbff6ea62909bc93f3df865c0d1ca16076ffecbc8ecf96edca01b13fc0872eab511b66d91454990af2592219d09335b7cfda1db1b024583748e817462da1c2f877c6ee867f00104ddc1c1598b0d9e09db143e1eba8ee2fa9de1b162ca02e8f671f3b262f4b11e6bc24cfbc92eece19bde5d4d53d859a5f9f185f84ca6242e00a8a58d81130fb45c23fb461618f2070b8b80cb452d97ea051005add1219dff76b9c9da9aea16d64ac9f0152d628b16e0194dbb44d83e895104ccda7aaf72c38aa9622a4b6dc3f0eca4ac3f3acdf5f647a36f41cd3d3eda2b84c160ba5bc92b0ab204f06f167348ee164f9b1789c26eecba12e0b7be74c6d829f33dc2d079cb939780db275f2a921645c8aef31ffca961e5805dba75365deb0801c440f260b63778ab249875874ce14b3baede2b414efe1b3b52da5203390a82e446bd73204b80dcf81869d9198b327196d813e6e6ba5c3d441ce944fe892d729f1368e76c70af1bb1dd0d4c0279f654f8f826742010bcd535b3dc17b96e9ad64f4321cd1ba2e2dd40432ddf9e179500c7b986bf582677bb001924c95500c2f4cdbfc7ca334f96239d09fd4647c53b253c7181c0b3fbefe105d06f650d5d128a7fd51ccbd65a909cea060e5bf8bb90ca65a57bc1588ca6e3356145a37ac52836c20ff7611ddea5a8fb795ed4e299839f992162bc4cf013433719b63a52d8d33008a3a1d6a747af32c04e88ce661f076c6997017f665ef1ade3c48890be918ccc297a6c77bff966024a4c1aa3b3191c19e85c0919952d4069a5d829e51c04b8737e519a392fc7aaf0de6932006a1d7fa116dd3866270d56e2e08f43b0888668f63e0a53c88bfa961b332e7f7adfc8c96a6a04d339b183781f197ca6f945715697700cf42fe70ac6ce8ba34522614a1ec06970e12b01761fe07f1b5e2f24218c24823c1c61dc87aef429e98115ca5ade83b5274bd4693c2aaa61bcc48b2841621dd79f3c83a8aa6ce39467c5208378205f86480408ad7238edea3ede6801f2ad15c2b14ba0ef58344b71b7755458d6e8237cd827ea69296a257341a7f5bfe7a9884c6b4300bcc3aadd1dd203cc119ca1c44535052cec8760fded0426c757b724d347e4477443f00853d72f324b81ab35390c6448626e079cd643178a597ddf9edd79a3b8d244a0e0455a14ef9d2e0b1b080e95db5ca71b81bdd19628a7c6434772dfd8aeb132bba4d7bd07ef6e429fcb30a432295072ede01679eea4b5d7cbd0cb2faaf734f0e8fc2343b2f22d4527bc92454e37367de526022166f6495b6ccd020626e30176815318f9e8f577ba579222fc9522021b38c5f210132e809ff8cc7d971d0eb7451858dc886f08c6051f965b15fd145c94657fa197707f7e8f1d4f6fa3a8161fab8f4f7931171d7c8096f374cf4870a3c7671335659580ca551bcab6e343a35a39ff4c082f7187eebbfb0de6facd2bf7fbaca4afad8c37112a2327209a6101dc867c234b04fc601f83e8818978c3a59f01e9d43db41dd2ac11a9e1f84804c5664113af984fa2ec6cf2007f38ffdc6004c357e3175f104e4175023b23acb06b82a4574e410b5a648ec6ceb0b00ae15814102368879b4698aeffcf6cf5ab11aae949d8ef2a63949158cff3e4b92738c48d613152a1fc6d970e32fe9b3be4e08766fd27d6056c53666166da0ee3e03e8c0b0ecc6434a83c987efd234ed12d4f5dadfcb154f820908e0d48686237826b57bf3abe3871582f684e375cb606670a2dfb675b340a45dc92e0c9aedeb8e084d31796cb6fce948f47429d0dbb75b0eba94c2b755c3d1fe6aa4b24339f7fdd2e180c9764a9aec4f3fdaf301e18e4863651d4a1688f381672adba8a4a82ae699f69ae4ebf6a0e89e265611130fe433ac46495f8353545f429722a83f9cd5ed170ee2e8fab3923d9f798ac539c89cca342dd1cc86d3501e962dc5fde16c68159b1dc580904543c463221bb45eaa2f89451569b05187640b6cd91195935087959f47318f1e6af3342eded0f386ed15e5cdf0b082d4177acb5ec0bc6194e07aad0bf3d2e827fe5a89b94fa2da4ad4dedbc8ef0bec6b3a4213b97abda1ec954f20357a0cf9bddc8cee6c54665d9183391e279a048a836e27c244a5dae75f4eefc549e40aae18e5d55713b25ed4c96b0e4dec3854999eae468b78a07029a3030b70ad2eec585f0676d514d674943f1b1369debe55e25ef40321dccba02cec67a2ee29a93e639200a27a995f13dd8d9ba255680be153e9e389b25a75ee6f804a4cd8bab672bfd0c6b9adb74f4c8464dafb0a274ca282edcb3689560e553a76183839ace39d9c96c1ce28e20730683063761e25a8d63d52d505839a751a4a4c6741bbc3af15785d9562b5d897aa3c33b2d517d1f5ab42ca17effd62f59e00fb7a6d03bbde4ce601159d6bc042e80c85571b35a3c41e186d0c0f002ff22c1fb555e58cf14a200e12e3b3f67d445aaaa8abe0004ae40e9a88a072b62771d1559bdd15acaa607017afad8dfe9bc598fac102fd2dcdc053ed2b793c9a9d79c8cc85a7a90236bcf9416fd1e8ca54f080525e8015d076880eb77d9e888fde05bafb2a62933a2f5ab201d5d619961851af15e85cce1380f95fa416e2b4f033b76baebb6919aa9299755e0ae6dcd2b6ceafcf3b37a54b935f893a1594a8a8185c019fce5cd8cdeba80628dd88a785c92101572bf4609b9eba2da4158a533553bdbfd5105b4a1004c09dc233f3bda3b9e0863d4a209aedf20d0ea8dba1f4b54d0b4fd9c909afec16c4eea6066c457f66edbad7c9983491318daac3b9512423999630d978fd6cb6537954be5da0d072223bb67ab9d4df3a926b0a819586ff20df9ed9fe0b20417f578c732d057be4a19508655832a1c2e3ad5ae3443f1a68dccf48273deb4baff91190b87bdb75f2e5ea30441391648361f142a9547bb1f5a24502a26ce7adb05b4a7371bc83fa8cf4d434534c7e5380bad423d5457ffd985e4be3390e64d81218078ba76899fc39c8a2929c3519c9b6f5e2f733140c5172458326e842c236b8527a8fb7d8309c69cd8e8cf030aad1c6b78c419a652cd0aa7441695dfdceced29a44cd1dcfb4b804ec94679b3d70b2b0a21bf61477a5cda61819a85016879709559474ccdf6f954fac04998fa4a4c413c728c947cc614cf5ab8dbc2830f001c1d174df1a3185877a063ada0e613cff0b825f39b6a78363346ae74c85f2e20b8092d9b7e35827083cc7b879cb1db0d0481374f2df3d34e5694797330960d29fb57eb1ea40f469cc86391fa754ac84f68143cd3fa91587ea8612e80640096986e184bc2150bc482fa862e69fbd4b18d7bdfb3f591dfa6d06b0b476b599ff2994002b2b444b84e2fdec3413e4ee0a015205efe85b78c2e1c686c7327b6f11ecb2dbfdb2dc38a2e5e51bc746038946c2e8173eda89372576c91c47c349781aa34e1be6024e43603b3676c2d5f08f364a8ce26393947134a269a8389", 0x1000)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})

22:20:00 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r1, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f00000000c0)=0x5, 0x4)
r2 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r2, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
finit_module(r3, &(0x7f0000000040)='\x00', 0x2)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\b\x00\x00\x00\x00\x00']], 0x1ca, 0x0, 0x0})

22:20:00 executing program 2:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x2)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
r2 = mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
r3 = gettid()
ptrace$setopts(0x4206, r3, 0x0, 0x0)
tkill(r3, 0x3b)
r4 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/enforce\x00', 0xc000, 0x0)
ioctl$LOOP_SET_CAPACITY(r4, 0x4c07)
ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r3, 0x0, 0x0)
r5 = gettid()
ptrace$setopts(0x4206, r5, 0x0, 0x0)
tkill(r5, 0x3b)
ptrace$setregs(0xd, r5, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r5, 0x0, 0x0)
ptrace$setregs(0xffffffffffffffff, r5, 0x401, &(0x7f0000000240)="d26d5ff9683192d942a2680c59ab5d501cd48e2da8011dfe0f2d61023ef19bf748e40c6f7f09d25e59501e5c74198a1f3ba603ee469c8c889cf420474a8ef59d8853cb79e3bc9b5e3eed22ac10bcc5375ff667be27e3c65eaae511ca137f25a898996bc1ff9cfb0abf00118aafc75e0161918446fd248b3cf049e4232d4d62ee909cad29bc873dae58625f2bc63bb4bf0e4d48a26cc27f67fa117c798a2abfda538969166baf869325906bac417246e6a63a22b89ba151f46d5f532f4f9e7d257454b69f9ed2f196a7f11d72a71efc49756e07260fdaf2d5606d1bb56a41eacf9273eef61c51a0")
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000b119a64500000000000068000000000056d16002fa6eb01ebe89", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470040000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561646600000000000000000000000000000000000000003b00"/104], @ANYPTR64=&(0x7f0000000200)=ANY=[@ANYPTR=&(0x7f0000000100)=ANY=[@ANYPTR64, @ANYRES64=0x0, @ANYRES32=0x0, @ANYRESDEC, @ANYRES32=r0], @ANYPTR64=&(0x7f0000000140)=ANY=[@ANYRES16, @ANYRES32=r2, @ANYRESHEX=r0, @ANYRESHEX], @ANYPTR64, @ANYRES16=r3]], 0xffffffffffffff56, 0x0, 0x0})

22:20:00 executing program 5:
r0 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/mls\x00', 0x0, 0x0)
ioctl$KVM_SMI(r0, 0xaeb7)
r1 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r1, 0x0, 0x0, 0x0)
r2 = openat$selinux_context(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/context\x00', 0x2, 0x0)
fcntl$F_GET_RW_HINT(r2, 0x40b, &(0x7f0000000080))

[  565.663096] binder: 13111:13112 got transaction with invalid parent offset or type
[  565.679573] binder: 13111:13112 transaction failed 29201/-22, size 104-24 line 3454
[  565.682417] binder: 13116:13119 got transaction with invalid parent offset or type
22:20:00 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r1, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f00000000c0)=0x5, 0x4)
r2 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r2, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
finit_module(r3, &(0x7f0000000040)='\x00', 0x2)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\b\x00\x00\x00\x00\x00']], 0x1ca, 0x0, 0x0})

22:20:00 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r2, 0xfffffffffffffffe)
r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r3, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x88014)
write$P9_RLERROR(r3, &(0x7f0000000040)=ANY=[@ANYBLOB="170000000702000e00657428316367726f757073656c66"], 0x17)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})

22:20:00 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100)={0x33, 0x0, 0xffffffff}, 0x0)

[  565.682447] binder: 13116:13119 transaction failed 29201/-22, size 104-24 line 3454
[  565.682461] binder: 13116:13119 ioctl c0306201 20000800 returned -14
[  565.683007] binder: undelivered TRANSACTION_ERROR: 29201
[  565.692890] binder: 13118:13124 got transaction with invalid data ptr
[  565.692917] binder: 13118:13124 transaction failed 29201/-14, size 96-24 line 3316
[  565.693197] binder: undelivered TRANSACTION_ERROR: 29201
[  565.714516] binder_alloc: 13113: binder_alloc_buf, no vma
[  565.714543] binder: 13113:13121 transaction failed 29189/-3, size 96-24 line 3284
[  565.714813] binder: undelivered TRANSACTION_ERROR: 29189
[  565.721196] binder: 13127:13129 got transaction with invalid parent offset or type
[  565.721220] binder: 13127:13129 transaction failed 29201/-22, size 104-24 line 3454
[  565.721234] binder: 13127:13129 ioctl c0306201 20000800 returned -14
[  565.721606] binder: undelivered TRANSACTION_ERROR: 29201
[  565.743540] binder_alloc: 13113: binder_alloc_buf, no vma
[  565.743560] binder: 13113:13134 transaction failed 29189/-3, size 96-24 line 3284
[  565.743888] binder: undelivered TRANSACTION_ERROR: 29189
[  565.753192] binder: 13140:13141 got transaction with invalid parent offset or type
[  565.753219] binder: 13140:13141 transaction failed 29201/-22, size 104-24 line 3454
[  565.753235] binder: 13140:13141 ioctl c0306201 20000800 returned -14
[  565.753560] binder: undelivered TRANSACTION_ERROR: 29201
[  565.777270] binder_alloc: 13144: binder_alloc_buf, no vma
[  565.777287] binder: 13144:13145 transaction failed 29189/-3, size 96-24 line 3284
[  565.777493] binder: undelivered TRANSACTION_ERROR: 29189
[  565.946607] binder: 13111:13112 ioctl c0306201 20000800 returned -14
[  565.954583] binder: undelivered TRANSACTION_ERROR: 29201
[  565.960615] binder: 13111:13112 got transaction with invalid parent offset or type
[  565.968392] binder: 13111:13112 transaction failed 29201/-22, size 104-24 line 3454
[  565.976235] binder: 13111:13112 ioctl c0306201 20000800 returned -14
22:20:00 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
r4 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
r5 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
epoll_create1(0x6aeebeb3217c94c)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r5, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd27, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r5, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
epoll_pwait(r4, &(0x7f0000000080)=[{}], 0x1, 0xffffff7f, 0x0, 0x0)
dup3(r3, r2, 0x0)
bind(0xffffffffffffffff, &(0x7f0000000080)=@generic={0x0, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$sock_int(r6, 0x1, 0x2, &(0x7f0000000000)=0x9, 0x4)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSARP(r7, 0x8955, &(0x7f0000000080)={{0x2, 0x0, @local}, {0x0, @local}, 0x0, {0x2, 0x0, @loopback}, '\x00\x00\x00\x05\x00\x00\x00\x00r0\x00'})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

22:20:00 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r1, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f00000000c0)=0x5, 0x4)
r2 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r2, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\b\x00\x00\x00\x00\x00']], 0x1ca, 0x0, 0x0})

22:20:00 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x400, 0x0)
ioctl$LOOP_SET_FD(r1, 0x4c00, r0)
r2 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r3, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800009988212a2a6bec6908c55f4a00000000002a370cf40fba"], 0x0, 0x0, 0x0})

22:20:00 executing program 4:
openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3b)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)
ptrace$setsig(0x4203, r0, 0x8, &(0x7f0000000080)={0x13, 0x0, 0x9})
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000)='/selinpoli\x03\x00\x00\r\x04\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r1, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
r2 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r2, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r3, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
pidfd_send_signal(r2, 0x22, &(0x7f0000000100)={0x0, 0x20000000}, 0x0)

22:20:00 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self\x00', 0x801, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)
readv(r0, &(0x7f00000001c0)=[{&(0x7f0000000040)=""/138, 0x8a}, {&(0x7f0000000100)=""/136, 0x88}, {0xffffffffffffffff}], 0x3)

[  565.983060] binder: undelivered TRANSACTION_ERROR: 29201
22:20:00 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})

22:20:00 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r1, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r1, 0x800c6613, &(0x7f0000000000)=@v2={0x2, @aes256, 0x4, [], "a266a17351623781f44b23c93148287f"})
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)

22:20:00 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r1, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r2, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r3 = openat$cgroup_ro(r1, &(0x7f0000000040)='io.stat\x00', 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r5 = fcntl$dupfd(r4, 0x406, r4)
r6 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r7=>0x0, <r8=>0x0})
getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000500)={0x0, <r9=>0x0}, &(0x7f0000000540)=0xc)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r10=>0x0})
ioctl$LOOP_SET_CAPACITY(r5, 0x4c07)
write$P9_RRENAME(r5, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000160000,user_id=', @ANYRESDEC=r10, @ANYBLOB=',group_id=', @ANYRESDEC=r8, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r9, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r7, @ANYBLOB=',pcr=00000000000000000049,rootcontext=staff_u,dont_hash,\x00'])
stat(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r11=>0x0})
r12 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r12, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
fstat(r12, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, <r13=>0x0})
r14 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r15 = fcntl$dupfd(r14, 0x406, r14)
r16 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r17=>0x0, <r18=>0x0})
getsockopt$sock_cred(r16, 0x1, 0x11, &(0x7f0000000500)={0x0, <r19=>0x0}, &(0x7f0000000540)=0xc)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r20=>0x0})
ioctl$LOOP_SET_CAPACITY(r15, 0x4c07)
write$P9_RRENAME(r15, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r15, @ANYBLOB=',rootmode=00000000000000000160000,user_id=', @ANYRESDEC=r20, @ANYBLOB=',group_id=', @ANYRESDEC=r18, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r19, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r17, @ANYBLOB=',pcr=00000000000000000049,rootcontext=staff_u,dont_hash,\x00'])
r21 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r21, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
getsockopt$inet6_IPV6_IPSEC_POLICY(r21, 0x29, 0x22, &(0x7f0000000300)={{{@in6=@initdev, @in6=@ipv4={[], [], @multicast2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r22=>0x0}}, {{@in=@remote}, 0x0, @in=@initdev}}, &(0x7f0000000140)=0xe8)
r23 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r24 = fcntl$dupfd(r23, 0x406, r23)
r25 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r26=>0x0, <r27=>0x0})
getsockopt$sock_cred(r25, 0x1, 0x11, &(0x7f0000000500)={0x0, <r28=>0x0}, &(0x7f0000000540)=0xc)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r29=>0x0})
ioctl$LOOP_SET_CAPACITY(r24, 0x4c07)
write$P9_RRENAME(r24, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r24, @ANYBLOB=',rootmode=00000000000000000160000,user_id=', @ANYRESDEC=r29, @ANYBLOB=',group_id=', @ANYRESDEC=r27, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r28, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r26, @ANYBLOB=',pcr=00000000000000000049,rootcontext=staff_u,dont_hash,\x00'])
getresuid(&(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000480)=<r30=>0x0)
r31 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r32 = fcntl$dupfd(r31, 0x406, r31)
r33 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r34=>0x0, <r35=>0x0})
getsockopt$sock_cred(r33, 0x1, 0x11, &(0x7f0000000500)={0x0, <r36=>0x0}, &(0x7f0000000540)=0xc)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r37=>0x0})
ioctl$LOOP_SET_CAPACITY(r32, 0x4c07)
write$P9_RRENAME(r32, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r32, @ANYBLOB=',rootmode=00000000000000000160000,user_id=', @ANYRESDEC=r37, @ANYBLOB=',group_id=', @ANYRESDEC=r35, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r36, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r34, @ANYBLOB=',pcr=00000000000000000049,rootcontext=staff_u,dont_hash,\x00'])
r38 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r39 = fcntl$dupfd(r38, 0x406, r38)
r40 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r41=>0x0, <r42=>0x0})
getsockopt$sock_cred(r40, 0x1, 0x11, &(0x7f0000000500)={0x0, <r43=>0x0}, &(0x7f0000000540)=0xc)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r44=>0x0})
ioctl$LOOP_SET_CAPACITY(r39, 0x4c07)
write$P9_RRENAME(r39, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r39, @ANYBLOB=',rootmode=00000000000000000160000,user_id=', @ANYRESDEC=r44, @ANYBLOB=',group_id=', @ANYRESDEC=r42, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r43, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r41, @ANYBLOB=',pcr=00000000000000000049,rootcontext=staff_u,dont_hash,\x00'])
lstat(&(0x7f00000004c0)='./file0\x00', &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, <r45=>0x0})
r46 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r47 = fcntl$dupfd(r46, 0x406, r46)
r48 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r49=>0x0, <r50=>0x0})
getsockopt$sock_cred(r48, 0x1, 0x11, &(0x7f0000000500)={0x0, <r51=>0x0}, &(0x7f0000000540)=0xc)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r52=>0x0})
ioctl$LOOP_SET_CAPACITY(r47, 0x4c07)
write$P9_RRENAME(r47, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r47, @ANYBLOB=',rootmode=00000000000000000160000,user_id=', @ANYRESDEC=r52, @ANYBLOB=',group_id=', @ANYRESDEC=r50, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r51, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r49, @ANYBLOB=',pcr=00000000000000000049,rootcontext=staff_u,dont_hash,\x00'])
r53 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r54 = fcntl$dupfd(r53, 0x406, r53)
r55 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r56=>0x0, <r57=>0x0})
getsockopt$sock_cred(r55, 0x1, 0x11, &(0x7f0000000500)={0x0, <r58=>0x0}, &(0x7f0000000540)=0xc)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r59=>0x0})
ioctl$LOOP_SET_CAPACITY(r54, 0x4c07)
write$P9_RRENAME(r54, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r54, @ANYBLOB=',rootmode=00000000000000000160000,user_id=', @ANYRESDEC=r59, @ANYBLOB=',group_id=', @ANYRESDEC=r57, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r58, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r56, @ANYBLOB=',pcr=00000000000000000049,rootcontext=staff_u,dont_hash,\x00'])
r60 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r61 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r60, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r61, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
getsockopt$inet_IP_XFRM_POLICY(r60, 0x0, 0x11, &(0x7f0000000580)={{{@in=@broadcast, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r62=>0x0}}, {{@in6}, 0x0, @in6=@initdev}}, &(0x7f0000000680)=0xe8)
r63 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r64 = fcntl$dupfd(r63, 0x406, r63)
r65 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r66=>0x0, <r67=>0x0})
getsockopt$sock_cred(r65, 0x1, 0x11, &(0x7f0000000500)={0x0, <r68=>0x0}, &(0x7f0000000540)=0xc)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r69=>0x0})
ioctl$LOOP_SET_CAPACITY(r64, 0x4c07)
write$P9_RRENAME(r64, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r64, @ANYBLOB=',rootmode=00000000000000000160000,user_id=', @ANYRESDEC=r69, @ANYBLOB=',group_id=', @ANYRESDEC=r67, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r68, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r66, @ANYBLOB=',pcr=00000000000000000049,rootcontext=staff_u,dont_hash,\x00'])
write$FUSE_DIRENTPLUS(r3, &(0x7f0000000840)={0x488, 0x0, 0x5, [{{0x0, 0x0, 0x9, 0x621fc9a0, 0x7, 0x100, {0x3, 0x8bc3, 0x54d, 0x2, 0x8, 0xfffffffffffffffe, 0x80000000, 0x1c, 0x4, 0x7d, 0x28, r10, r11, 0x3, 0x5}}, {0x1, 0x8, 0x5, 0x0, '%bdev'}}, {{0x3, 0x2, 0x7, 0x0, 0x3, 0x4, {0x2, 0x0, 0x3, 0x10000, 0xef3f, 0x3, 0xd8e6, 0x0, 0x101, 0xffff, 0x100, r13, r18, 0x9a, 0x3}}, {0x1, 0x5, 0x0, 0x8}}, {{0x3, 0x1, 0x15a6, 0x0, 0x7, 0x0, {0x0, 0xfff, 0x8001, 0x40, 0xffffffffffffff4c, 0x6, 0x0, 0x2, 0xffffffff, 0x5, 0x1ff, r22, r27, 0xc2d8, 0xb442b36}}, {0x5, 0x8, 0x0, 0x1}}, {{0x4, 0x3, 0x3944, 0xfffffffffffffffe, 0x7ff, 0x80, {0x5, 0x10001, 0x0, 0x3, 0x3e478f81, 0x3, 0x1f, 0x3ff, 0x4, 0x2, 0x0, r30, r35, 0x7, 0x6}}, {0x2, 0x0, 0xb, 0x6, 'wlan1vmnet0'}}, {{0x4, 0x2, 0x3, 0x3, 0x4, 0x7, {0x3, 0x1, 0x0, 0xf80, 0xa8, 0x40, 0xedb, 0x0, 0x3, 0x0, 0x2fb5, r44, r45, 0x101, 0x1}}, {0x0, 0x6, 0xd, 0xeca, '/dev/binder#\x00'}}, {{0x6, 0x2, 0x8dc, 0x67c4, 0x8, 0x4, {0x2, 0x5, 0x5, 0x4, 0x8, 0x6c, 0x782, 0x10000, 0x80000001, 0x8, 0x2, r51, r57, 0xe6619967, 0xed}}, {0x0, 0x0, 0x11, 0xb333, 'posix_acl_access\xad'}}, {{0x6, 0x2, 0x3, 0x40c1d985, 0x1, 0x8000, {0x6, 0x7fffffff, 0x7ff, 0x3f, 0xfffffffffffffffb, 0x7, 0xbb9, 0x5, 0x1f, 0x8001, 0x401, r62, r67, 0x5, 0x1}}, {0x81d, 0xffffffffffff7755, 0xd, 0x0, '/dev/binder#\x00'}}]}, 0x488)
r70 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r70, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r70, 0x0)
r71 = gettid()
ptrace$setopts(0x4206, r71, 0x0, 0x0)
tkill(r71, 0x3b)
ptrace$setregs(0xd, r71, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r71, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x42, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="006306000000000000292e05c70000000000000000000000000000000000000000000000000000680000000000400020ef00000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a747000000000000000000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561646600"/104], @ANYRES16=r71], 0x0, 0x0, 0x0})

22:20:00 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)

22:20:00 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
set_robust_list(&(0x7f0000000180)={&(0x7f0000000040)={&(0x7f0000000000)}, 0x3ff000000000, &(0x7f0000000140)={&(0x7f0000000080)}}, 0x18)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

[  566.016220] binder: 13157:13162 got transaction with invalid parent offset or type
22:20:00 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x140000}, 0xc, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="380100003100800329bd7000fddbdf25000000007000010014000e0000000c0001006373756d0000000000001400150000000c00010073616d706c650000000010001a00000008000300f9ffffff000010001f000000080003000300000000001400140000000c0001007065646974000000000010000a00000008000100697074000000280001001400020000000c000100766c616e00000000000010000100000008000300b5d10000000014000100100000000000080003000300000000004c0001001000130000000800030001000000000010000b000000045b0a0f69666500000010001f0000000800030006000000000018000c000000100001fc73756e6e656c5f6b6579000000002c00010014000c0000000c000100706f6c696365000000001400070000000c00010073616d706c6500000000b480d0be4d512b177b6a1ee94f97d23facaad7f413aff051b091c53cfb"], 0x138}, 0x1, 0x0, 0x0, 0x8000}, 0x8040)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)

22:20:00 executing program 5:
r0 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r0, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r1, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r0, 0x4010ae67, &(0x7f0000000080)={0x2, 0x1000})
r2 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r2, 0x0, 0x0, 0x0)
r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r4, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r5, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r3, &(0x7f0000000400)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000100)={0x1c, r5, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x8804}, 0x8014)
prctl$PR_SET_TSC(0x1a, 0x3)
ioctl$TIOCGPKT(r3, 0x80045438, &(0x7f0000000000))
r6 = openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/attr/current\x00', 0x2, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x7e9a5a7099487954, 0x3cf7b801e24bc71f, r6, 0x0)

22:20:00 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
r2 = accept4$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @broadcast}, &(0x7f0000000080)=0x10, 0x800)
r3 = mmap$binder(&(0x7f0000e47000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x84, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="07630440030000001063084000000000000000000f630c40504b00000000000000000000076304400100000001634040010000000000000000000000000000000000000000000000000000000000000050000000000000001800000000000000", @ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB="852a62770b310000000000000000000000000000000000008561646600000000050000000000000000000000000000001a00000000000000852a6277012000000100"/80], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000018000000000000003800000000000000"], @ANYBLOB="0c63000003630840", @ANYRES64=r3, @ANYBLOB="0b6300001d4f4171defb6d70b4b43079b9f859c88b428e41148d98ce24264db20fe840960477a769cb120ee5f0a3c1e8900023d085d005b9f232b4661faec9e0aaf24297e52c259874d2d44c46ef35e06c4476708b20a9bce96e597bd27c5f45de088075bd235092fa1d4d4db4fd"], 0x65, 0x0, &(0x7f00000002c0)="8763fd5ee1a80d5332acbaffc9e1f5439ad053bb9b67a551a1cd425d0d54ddf303f7269df45f081a06964394486e0f5b770c7953480e0c4ab04e27383192f35e5b81a48bf81333b9a80d9c72a92ed4412adf39194b10d61e6bf0a81f6e390258fb3b0057bf"})
ioctl$sock_inet_udp_SIOCINQ(r2, 0x541b, &(0x7f00000000c0))
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fbae2f6da4bc14305600b0498a884e713f9dc3672e4d88d04fd43da3811207163585d529bc1846c9201747f3954b44b49b708cf76fc458a5e5afd886290d63508915172891ecce07cc7401366a2a81bdfb882106d6b59582b7ce79e6e75b136d888aface80e779f6e1ecf9d8af56a1a3e169f643e3c89"], 0x0, 0x0, 0x0})
r4 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000380)='/selinux/enforce\x00', 0x200, 0x0)
ioctl$PPPIOCSMAXCID(r4, 0x40047451, &(0x7f00000003c0)=0x7)

[  566.025546] binder_alloc: 13158: binder_alloc_buf, no vma
[  566.025565] binder: 13158:13163 transaction failed 29189/-3, size 96-3038277769181003800 line 3284
[  566.025703] binder: undelivered TRANSACTION_ERROR: 29189
[  566.026522] binder_alloc: 13158: binder_alloc_buf, no vma
[  566.026541] binder: 13158:13166 transaction failed 29189/-3, size 96-3038277769181003800 line 3284
[  566.026834] binder: undelivered TRANSACTION_ERROR: 29189
[  566.062401] binder: 13170:13175 got transaction with invalid data ptr
[  566.062428] binder: 13170:13175 transaction failed 29201/-14, size 96-24 line 3316
[  566.062742] binder: undelivered TRANSACTION_ERROR: 29201
[  566.077298] binder: BINDER_SET_CONTEXT_MGR already set
[  566.077308] binder: 13170:13185 ioctl 40046207 0 returned -16
[  566.077416] binder: 13170:13185 got transaction with invalid data ptr
[  566.077442] binder: 13170:13185 transaction failed 29201/-14, size 96-24 line 3316
[  566.077711] binder: undelivered TRANSACTION_ERROR: 29201
[  566.131301] binder: 13194:13199 DecRefs 0 refcount change on invalid ref 3 ret -22
[  566.131310] binder: 13194:13199 BC_DEAD_BINDER_DONE 0000000000000000 not found
[  566.131319] binder: 13194:13199 BC_CLEAR_DEATH_NOTIFICATION invalid ref 19280
[  566.131328] binder: 13194:13199 DecRefs 0 refcount change on invalid ref 1 ret -22
[  566.131335] binder: 13194:13199 got reply transaction with no transaction stack
[  566.131342] binder: 13194:13199 transaction failed 29201/-71, size 80-24 line 3046
[  566.132047] binder: 13194:13199 got transaction with invalid data ptr
[  566.132072] binder: 13194:13199 transaction failed 29201/-14, size 96-24 line 3316
[  566.132481] binder: undelivered TRANSACTION_ERROR: 29201
[  566.145939] binder: BINDER_SET_CONTEXT_MGR already set
[  566.145948] binder: 13194:13204 ioctl 40046207 0 returned -16
[  566.149762] binder: 13194:13199 DecRefs 0 refcount change on invalid ref 3 ret -22
[  566.149769] binder: 13194:13199 BC_DEAD_BINDER_DONE 0000000000000000 not found
[  566.149783] binder: 13194:13199 BC_CLEAR_DEATH_NOTIFICATION invalid ref 19280
[  566.149793] binder: 13194:13199 DecRefs 0 refcount change on invalid ref 1 ret -22
[  566.149801] binder: 13194:13199 got reply transaction with no transaction stack
[  566.149814] binder: 13194:13199 transaction failed 29201/-71, size 80-24 line 3046
[  566.151152] binder: 13194:13204 transaction failed 29189/-22, size 96-24 line 3138
[  566.151483] binder: undelivered TRANSACTION_ERROR: 29189
[  566.374400] binder: 13157:13162 transaction failed 29201/-22, size 104-24 line 3454
22:20:01 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
r1 = gettid()
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x3b)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r1, 0x0, 0x0)
setpriority(0x0, r1, 0x6)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)

22:20:01 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r1, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f00000000c0)=0x5, 0x4)
r2 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\b\x00\x00\x00\x00\x00']], 0x1ca, 0x0, 0x0})

22:20:01 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
keyctl$KEYCTL_CAPABILITIES(0x1f, &(0x7f0000000080)=""/126, 0x7e)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r1, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r2 = dup3(r1, 0xffffffffffffffff, 0x80000)
r3 = epoll_create1(0x0)
r4 = epoll_create1(0x0)
r5 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r5, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r5, &(0x7f0000000200))
epoll_pwait(r4, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r6 = dup3(r5, r4, 0x0)
ioctl$BLKIOOPT(r6, 0x1279, &(0x7f0000000700))
r7 = ioctl$TIOCGPTPEER(r6, 0x5441, 0x5)
dup(r7)
setsockopt$inet6_MRT6_ADD_MFC(r2, 0x29, 0xcc, &(0x7f0000000100)={{0xa, 0x4e20, 0x2, @loopback, 0x7}, {0xa, 0x4e22, 0x0, @local, 0x1}, 0x400, [0x1, 0x80000000, 0x6, 0xfffffffa, 0x959, 0x8000, 0x7, 0x800]}, 0x5c)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)

22:20:01 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x800)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x2000, 0x0)
r2 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/checkreqprot\x00', 0x104000, 0x0)
epoll_ctl$EPOLL_CTL_DEL(r2, 0x2, 0xffffffffffffffff)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
fcntl$dupfd(0xffffffffffffffff, 0x203, 0xffffffffffffffff)
socketpair(0x0, 0x80005, 0xff, &(0x7f0000000000)={<r3=>0xffffffffffffffff})
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r4, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000100)=<r5=>0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r7 = fcntl$dupfd(r6, 0x406, r6)
r8 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r9=>0x0, <r10=>0x0})
getsockopt$sock_cred(r8, 0x1, 0x11, &(0x7f0000000500)={<r11=>0x0, <r12=>0x0}, &(0x7f0000000540)=0xc)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r13=>0x0})
ioctl$LOOP_SET_CAPACITY(r7, 0x4c07)
write$P9_RRENAME(r7, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r7, @ANYBLOB=',rootmode=00000000000000000160000,user_id=', @ANYRESDEC=r13, @ANYBLOB=',group_id=', @ANYRESDEC=r10, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r12, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r9, @ANYBLOB=',pcr=00000000000000000049,rootcontext=staff_u,dont_hash,\x00'])
fstat(r0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, <r14=>0x0})
r15 = gettid()
ptrace$setopts(0xffffffffffffffff, r15, 0x0, 0x0)
tkill(r15, 0x12)
r16 = open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0)
r17 = open$dir(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
write$9p(r16, &(0x7f0000000800)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949ccc6e2e54c2d5c8f0b7932b69797f217168b0c1feb128ae34f0daf487a70b5c117acd43725fe17993634f1695dabd7f998cd55e9d5bd911e86aa7a4ad75a574bb9693dd6018b25d942a9544bca1ebb0e8d10c092cdcb85797673972099e4041aaf8d676f66cb1103ef2050ad28fabaed33d6927889d97f4b5ce0de71d3fd832980f4f088d0d824e20549b4bbd906ffa51ce9de54d779eb4de462faac20a3ab0ed9934373ca22cea5454f4c2a740cd461e39956bb5f98df2aebc60cf32623adbffbcc378fa7250b6a3fc863dadcf6d4f8b804bfe70f0796eee6218445dad2811dd6b540ff52efa2f167dd9c1b8b016268d37db430983fefc0645d20614c8df2eb0872c58e09664e672b0b6a9970fec199257e1c606ec3e364c66a0f4d258c74accd43b987c756d602fd8787fed3aa43fd8d84e9656d4a413fa9a423bc54b873583d6d497005e54712fafc71384988d80134fbf84f53fdd74b354848006b8b5b67e7cc5a472475d3ae545ca1fcf7628b873e31ba83a98a7ad5b0cfbe9711b517a9a1388ad0efa2a3b4e22152021d631b731e2e100a9831111db7acce948bb5deeea260463c140ac929e77c58402776caf85d4569a75dde2f64c4491508afb541ed9b2c81fc95c06706235f383e31cf662c95b1e49cfd94871e22720a41535756e419b271276941692bd023dd9ca8bec4f7db1e5c00d8b3be7b8e826a6aadd001edd0dfeb00f8048442b5c48456fd642e629dcb2ff55592665ff491cd832672ce4d999da186db2c3a1f8b6b1f7d3750d7cdb3097954e6e14fb2183ad662c63d4ce8b82dc2487f0fe2ea2827b53a7c6dcced878d2fb29c1d3ff583570e7bc172d1a5c716e0447cb08ce3c468ffdf975da372f3f3eb455aaf5822bc04a51b6cad24a2331369df81c123b009a2381b42e9aeb077f621608d81c12a5f5c6c295d74afd4dd5c051296be0b54c70bf899b347c36bff62f313079983409d7f9cf1242c917985c1b5d0736fe21f8514f63d0369a374c42da40bd5140bc3e602d00c3cb4f8e621863ab47422778d67d72de34753fd72cef80649a1548e4e8dcbcffe4054cc9d8a1f922623a75904cbdaacde768131e587269a4a99d82f7009c1b8ab79aa232a2fd45ad71b60fca627576ba979fa6a87525884b08d721a21400fb1f950b96ead82f408cc4388d3b78fb456616429a520656d5e5a876fd04748498902c86f58d45f4c1b3919eb846a00edf07e7a830bf723e4774f085f15534dd3b5246c0c0970b5ad7bb39b30b156a9430378c5b0aab1261c78d72ac301cd552d5e8dd4b642ec1dc0672745d593bb26d095b5b23576e3cfd6ab580f6e09419d0f0c64250fafaa3759aa1888da48d89c3f7c9454b0b3d0ab40445f5bed4493ef43ab08f31b1345ac4ffd94ad79c9eee53904ed6f572817153190d2e6863f2e39356bb99926419fd314341a536b7e76cae60bf7750a4c29e3f4c7f005530b1d4ee0e25b93b76fcc1108222f0b00de52cf4100e97adfd7b9db1370586ba27e1e183299be00d0df8439c380edf2f79deb441eac59b814b04accdff5e17f02046139f91f0332661676ff506e575f0cb2850bcc9f8666f6d1f69f8f4271cb804a79fccd7016f049d1a494c46a527c437fa0be6d516194ebe3c99080a6c9b5119863dfe865f8e60cae29f50b67dbfaa0a3c9794d73034485ca1613344c572783db3dfab01b28089c51cda99cefa4c1c881a29e229f04c7e0fd04dc425ae8417852e6e31520c6207e9d4e35285feef2a2cb8a3bceb08a166fa4284a516362621e2c06731a442791f1db063a32cf1f005c914102c7273cb4d7ab1bf567d72f230783d2ea99c43a60e8729132441ee6c5362c33f9b613f84417c3c5549f4e3d9e73c6f83f16c8e57ae22fe5f54515e111fe43ad7c400d214281452bb6141cecad84b23a695f061988d906d03be5d89584634b9e9d9a9b072f8e7cbb47c47719318a2001cafa665dd2c82672d16877ea115bd023fc1975f7c59664bfb06f66a1a5e3f05cb283fb45ea67a2727ee6e10bf35b31fdd03d43ec67b753f6737e0d2f4a5275031595878cefc8f0ca0000000000000000", 0x600)
sendfile(r16, r17, 0x0, 0x10000)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xc0, &(0x7f0000000300)={0x0, <r18=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=0x5c, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x2}, 0x0, 0x0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0xffff}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=0x20}}, 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000440)={0x0, 0xffffffffffffffff, 0x0, 0xc8, &(0x7f00000007c0)='\x00\x01\xceh\xde!Rs\xe2,@\x15\n_b\xc4XuE0\xd3\xe3\x11m\x12D\xe4\x9d)7\xd3\b\xaf\x8d\xb8m\xa4\xcc]\x01\xde\x86\xea\v\xe3mF|\x98V6\xf5\x9fp\xdc\x83qy\x02\xb0\xed\xaf\x99\xd7\x9cK&\x96\x14\x01\xb1#\xb0\xcd\xca\rk_\x93\x03\xfcT\xa3\xa3\x9a}\xb3FVQS\x9fv\xa2\xd5R~P\xde\xe8`\xd8\xb6\xb3\xfe\xab\x96s\xbe\xfa\xf2\x16\xba\xb1\xedm\xf2E\xb1\x8f\xb6H\xe7\xa8\xce\x8e6j\x82\xa6q\xfcI\al\x17Z\xe6\xcd\xeax\x9b\x87\x96\x17\xad\xe4\xde\xfc\xa3\xad\x17\xd6W\xdc\xc2\xa9X\xec\xed\x87L\xf2\x14\x00\xd65sX\xdcv\x18d\xd0A\xd0\xac=\xff\xbd,\x8d4\xa2\x13\xc2z5R\xd5\xd5\xab\xf5!z\xbf\xc8\xa1L\xd1', r18}, 0x30)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000200)={0x0, 0xffffffffffffffff, 0x0, 0x6, &(0x7f00000000c0)='sysfs\x00', r18}, 0x30)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={r15, r16, 0x0, 0x0, 0x0, r18}, 0x30)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000280)={r11, r7, 0x0, 0x2, &(0x7f0000000200)='.\x00', r18}, 0x30)
setsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f00000001c0)={r5, r9, r14}, 0xc)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0})

22:20:01 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000f53000/0x1000)=nil, 0x1000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

22:20:01 executing program 4:
openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
r0 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/status\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0xfffffffd, &(0x7f0000000100)={0x0, 0x0, 0x1}, 0x0)

[  566.382337] binder: 13157:13162 ioctl c0306201 20000800 returned -14
[  566.391043] binder: undelivered TRANSACTION_ERROR: 29201
22:20:01 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
r2 = add_key$user(&(0x7f0000000040)='user\x00', &(0x7f00000000c0)={'syz', 0x2}, &(0x7f0000000840)="234eee742bf8d7bc0c4ccf4be78437a0e87317c8dc0a51051c9df9424e1128ae1373bfc347a47c58b8cab93e672a8f5223e40500d9f0ba65e1ec4b97a71456678798e80f01f893527076399dd7effea9acae6a096fe5a8da133d3081bcf55df9a45c0857ba5255287f4d45b1882c012ee70896a6917c6f7e28401f5c18db059dbe0ed04b9edb30fead4fd8697e7aac76c885014b73d502334e1290d183e8add87153c62ce3bbc8892b7074c1304b48682d969a0b5443c69903d79c4b321c1da0310b62d94d41917cab3393f5c3b15f48f267b316d8ecf5278f8e33b3e5aa327165b116680bb071ce20c8405ab32d0ae0e5cfd0c6ac946412940598fee99cc9e33332f960812a6dca709b70e0829e072855d9abc139b41e7e8627cff9575f55fa9e88ce98f41d7520a0a906aaec7d100a16641ca0a7cf28f79427df5486c3ebc68df44e8f36c6d0f357f9b132414518067622f59a3aa7a68aaf397fe48c1abd3264712f8f8402fb3359b3fa27790d005adfef1a8cd19419da068ee3a0e9a9a6f73362cf176aebcd04805336049ac646bb3361d1a5ec12c3ab96a342ed770141ca1e35d3ba4b4809e5a3df1218c8dd171db0381f359f0feebbe10733f5cc2a18142f06c5acb17436e1cc2b63c3302120d27441f4fa15b17466591b3a2236330438b2a81fa473d244f013ae6acd071b6e65b28018af5105eda756e97a982973fd1d471c9ddde142361b38dea73c56c14af99b0e146bc079c130e294f899b5733505c0ebe93437fe46a26ef2b2b6ff975011c6da647560d5081191d23608f402da7d5fb60d5de0c07d2af3835e2fc0893fe87bc2b0a24ee1e391a952aac0e798af3c54649621931264b2d67e846668c4baa6a57b390c99d60818d153f64939a1bc14ce9fb361314dedd1a4c0cd4bca79fcc9dc3862a8082551aef0ccebde18f12dce541b71d29d7f653322cf4119dd76aaed78883f43a0f3221d22d360cf0d26d7bc7ab88fda88f4376e0927b8bc22cd58001cc6ad562921f35e22ec877c9f36bfdfe1448d93d646af21b53185b89de3aacdbdb3f3937975059202a37feeb5b4f4dfb878acfc6b1a8e1818caabaae372db2ab4e127f220a7dc39f2d52ada5873627c04fde862ac51f66d64768abb4a14bc286c7302c1202c26d530a1a697603209b6c3dd427025d1a429dad22ce935ffe2bf4d307cbaf144d3112f8c8248cc896c721a752232cdbcab542c1a332d5eefc105150026cfd5b290eadaa678dbc6bebe582f74142e290ff6a9c2d7fde2c749acd379ea3f5a305a4582f98414540fb63f8abe2ac8996fd818a9a7a2fe2c2331f7a4f04ab6ab7a430a146da2b4cd349aa80f5fa718c3469b277cd01dfadadc0e80b7ab9444616fa1cf3efcedc7a265c8c58b63ebdd1742f62573b258f02242e6f1f240b2ea79a699f145c5f81ffdb9dfadc803916d3edb825aa87214bb48cbcdd2a418d8ae4b0b59d6701f4cc077d5fc860b31798dd9675689a96556995bfc7946d6bef8f8fd1321b74f899e98c0ee4f4c6ed18c177593651d39839b6faeb3ce97bb37dc8c94751379fa12556a565d331d29dbea0d5dfd285f0cf0d7c9d809168207812ee0e2ab8fec8ee924b3e9a094f481f1fe345dce1b54fedd8c5c787317d0853394e974033121887bf8e0f2e4a1c70b8987481f1bae84380657b3d5dd4e9ebb4c6ecd177a5269c2fc5262e6c5d26d4c08866b49bddef6e093f2091c91ef414e8b98b3b2994eb4f8d0c766347c98234e565ef575ae5d7373feca39921b6291a2c4c594e63d93a4163f9d36091370b4460eb28587f90bcd14150612fc7364cd265142d50d32fea07d7cd3e3c96ea3894c5ca7b3364043c7df97d808e2452efca2d1dfd0b6fa5ab4ab95edd23891bb58271b4b8bce44c3436d800e5736a3991d0a22c41f90ea99f71fdc03892462a7ae5034e3d8f7ae032b91c5be004ec8385ed10b03dd2e05da6152e11ab1224c6b9287056a908d34a1fc500473e0fefd5dbd60f5f3c0558af4f084a08424bdaa7ccd946376040f46a75afc5aa8e216f2c760143c05413964efbfb4c5889f7f5e4ac1b8306ea19ad326a796dc2f7fc0d687d7824c2f5640fb4ec9d0870bcdcfdb504770c39fc6dcc190f876d0ceaa2e7d286b9c3896b926d0f4df6cf8131f48485bec4fcc8c5f03bf553d4cb93ec95a3a0b14a490c55d00cb03203ab6c9d446971c742cce6a061ba9597b709b77adbfd8ee5a35e1a00922d80f81c4cc5f7a6eaa0bba5f8daff612ad1fcd6703860f151e83ae99da05c4326835080865a00b11165162209c9003fb1345426933984b55f1354cc628e22fe45185744bdd8536d54a4e43904b99dc44848f83c6a87a75ad9b9242507ffd68a4aeebf185ee9d34cf4d4acb8eed0d6854baa72d741f0f32d88b42380470f00b7922c0a26d51c4ff3f4a0ff13cff49633e61c3fbaf8b8e61a995e15242e610514d29c0b590bb90182055ca09c881808d245b4f4ca75de38341e6abd67b04ac14ca0ee318736fb1c18ecf4534f42381b6d5d5542de6c4abe9fd96e61639be9aa3da562918399e1b258f2ca8571c2bfb0e1bdfc1e4b42cbfe66635d86affc5811c9f6a5e524b3802ab2958fc3cb193d716b87f4b83808e05f195d03cad7e25229533a651360d043a8f2385d3c9bd4b5f8cbe3d35491e0f779c7f75e377b462719d36fab3c3bf3c1762b9f87a82a86edb196f2718640b23e6677b0347f1156f1b4fd69e393a19b37ab30769f4b95d9b0bccac67f159729445d4d7686a55ed520d9d53edb1c70a77a83395803a926ce849e8b97d4e51672c5112c777a8e1fc3fdc776918c315dcc93db1ad14286858ad779d85ee2610b9049b8e167d122bfebc42d618184cd4ed2b82a12ebeb43f39f108bc5a7269df721b51c7b3562f5a70fa65ba1ac49409f26e632b4747579e47a75f357700febff4691edcfb16042ba44c813b0a69a9926bbffa8fc1b67d482e9e8b5ede3062d52319e2302951c39975474dfee6ac5fb87b93ae4d39f1bd8b7a0b85265589e39eef4ccd94ca2e99775982a96057c15e7000e7e3be339be90f461e688d478f75245e36ead73ba853af644977fdf17fa9dc316a9d541187bda77ec4662efcf66ca03d9fc38fd28a188e9362603d34e270f9bf12a057ea29ca8af27d5608b199301bfba2c3fe25cacc00ba4f172e393ff1992fec62275d16bb382c951c20fcf89c8abe573feb4c405678e855151c4c71e0acff57386adb6149a0180b259690c045c1f3fc5d5b2d70f6b9b029fc82df1a14d730371b9011c3476c5ab95ea41cdebf439581d00dc0299a9a8558f9ac5f37b58e7b84813f31c520cdac25daa59759b650f04e433c756d8cf84cdbb2566dc148d644d4da71ff6e85b8bdf6fe22d33bd9457c277cabe41f08f64a14af5f7c7ea11d3c0b715dc17286b6a25591c54019a5129cc0ce49f40c06e9d4c83b08f8a6e2c05d60e1132f37e404433b5f2f7d3d03296b375c33244d343ccda15a9ad44e2d7aa4782fe615a553d5daf3ee1e7b692c8e0937af1fcccda17eed641b8c02655cef5812057df6a04d756f9568875651a3fdbd1653de2ba507d1a847e5f3bf3532b53e380a475541f9b414f421c1833dcb5240452b10d346b737f225a9798342874f399c30f3dc670263a1f911b6ff2d6c7b03824ae308baa443ac3731c7bde0f49c0dd3327e22e992f247fcf67f9b85486f92161298bd43f11e89eefbf2bee42da47c72f071fa2aadc6ea55970dc8d6a0bbf2969c8ec72fc9f6b222b119e76744ccb4e052c4f33cbe4f9ea94a265f7a3e96865be86c74c69d2b0224909b2ee9ab10d2974f8f0071543487602619395a7b05da3f900a65f2d05a4c913a46dcddf57ebd19859524e2d9ae4752c7af23b8ec1cc6720df915ae1cad58835346e0dad92c76ecf5e2bab6dde79d56f2631c7889ba2542e941254950b1bee6935906ff2ed4685b6a6565e94c86950e75e2e92bd6705501c8dcd16dcf8d16743255a3f4378a64e09c16399dd1a9b5492e5b12b45d82f2fc9a56bea868bcb2b8284af5f1c79c6866a9a7f9c4f3d0d9c8572dc0596ab2f44cbe7fbe79617b475c1942f17b3148c7ca81eef907e40a2aaf848bb303a521a0dace1de1f1e35df0e7d77628dcaed1f20d27ae510f9b23af10c6cef8a7abda4d84ed13ee8dd643a89756a95e1509b91b089b1a3294944a50ddca28f5e53a9c5f15d3c5fd8d6aa10f3ab694db8131bfdab5b08f79ebab8d504ab40e82b52372a63ac569b52dd823c3f7b1432ec5d6292838cfcf6b9b64bf02e948945f86ec76ec4436e9efc09fb2afd85fea09fe39e61b07561878094e94ed1e1611970a29990cc48e8fb399251927f0a84a3016a57ae984e7dd822543a9800593aebfcf8240c113ff69e4db1cbe0ed1d631c06fa3b695f87991f60b1ed7521a407e9c99ee85b2bc44d44c01959b18bebb1762f30fa8ebff9313c0b82d7570691e9c80bcce728ef3da5434b13ed730d42808cd3a53debed1cdaa84e4548457019ed6a49458b2543cf03069f553475ae0d884aeec44b8ad7f030ffc817f1e409e17f22fa7859ccf2ea0585d23b31d384bcf880c2389b60f4f86cdefaa5355f6a6477f6b7b3c2355774378bf42e15db002649b76c781d752f8ffb8a5737c76cd0e1d11be6c5c5c8510a4449508c667e49385777d0b97be0e3bd4375b43f42713d6f1984584041426ab11bc0b49639a262765f2ee8d88e7b3915ab3718c486d6beea0cc031d336cedf67efd8c9fd39c2dd44b748899fcf92db7f6ba20c1c2b9150034f2a94a2ac9f97e399edb47bcdcbee674477eca6e56e01d21a9bd98882ba98ea0a542386465aab4dc6581904543eaa2bfc190b74732532b0914f1055bf3205e2f3bbd2bbd45db58278b53eca1073d7f4c94c86c31c118fde3eaf45cc62c10b20e99de199e38046cffc1895dfcc77a59e1086e61ef4d66511c9a5f422edecdbdd7828cb2452a90dd6d68bfd207433dcd1d6f5c194d2e317d2595885b65916e77d05c4321a1cf5c400cee457bb6250d24b77c26c7257765202ad7d829521744aebb7a5db7a8f7d4e100d2c4c5e50361ca6bcc1a7644dec9d73b8ba8b6d7b4e5da36e7a812ff2f2178fa0fe049b00c641d32ce92d9465ca4bdc6e998f05ed5857668abfa7510e83e64a0e57abf74729175ea3ef1e33045d05097b1a829dbaafbd5f70b51a7647a1b6facd543e3b2b01c52d8d1bbe8b34dea92915e8bc43ac6497d507f9113f808465394edef0ec469c4f690efaa61e2523d54ea1e9771c4f3227dfde92eb6f1e47d5cd230ec8af8deebccc9708cedc28a37987fc07ab6d36c3199f661c53cd37d4041a5514c9e195eb2f5c6a5bddf9103fb5e87f14d13575f45dba4c204b4cba16b21ad8e8adba3c07247fb7f4987d94f4f5f50086fc49af6c32517e723ac63f5a5057888fb8c478b631437c89ee66eb7475baff07c171bdbaaa949d648569a9a550d50fbcd8a1487b64976acae29e952282130a0825dbf7e1a822ef03bee36cb6c49015bf15f5843690bede6b792331e24129bfb296ee78748820e2fc3f5f757f0e20ca3fb0cc401d260c7e699da8e170b75221e618b501e9ebc1edceeef54a044688f1efd5e61679b94f2d9188d0d26bf3c0db4afb2c7da69f9e93a39d42bdbd176f3c665544d83d996c47bb39c0cd1019e0590c974b5a26c8c710ca9f0536c3e13fe0150bffabd0ff15b87190c6e27a84a569756a79239bde13184d17a256c5b23eadadeee1b94de92706c2e3675e49f4e0ca1eb5008b372", 0x1000, 0x0)
r3 = add_key(&(0x7f0000000200)='cifs.spnego\x00', &(0x7f0000000240)={'syz', 0x1}, &(0x7f0000000280)="d8ca296a15493a97c37be311ff94b4c36fc2845b58a9c819a5f09685cb177ba3d856331b83fe87a6b9cd50f84693340f761b3982cda3d2fe55b861659beb9720da8544779cf225854a9e5f89080025e55fc10e724951b34f28a608d4c12e2c6db559d2c0a9dc084770f89809b090068403671297b43bd18bb0b6354bf85e0a51280f5c34e6dd0340ec4e29764b8a60228774242458505438da1d6a1afb2b6828", 0xa0, 0x0)
keyctl$search(0xa, r2, &(0x7f0000000100)='user\x00', &(0x7f0000000140)={'syz', 0x1}, r3)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000340)=ANY=[@ANYBLOB="852a747000000000000000000000000000000000ecffffffffffffff00000000000000000020000085616466000000001e000000000000000200000000000000000000000000000085616466000000000000000000000000000000000000000000000000000000003dfed07189c58b86433b6070ec9a1115b47a3d3845a5"], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00']], 0x1ca, 0x0, 0x0})

[  566.428449] binder: 13221:13223 got transaction with invalid parent offset or type
[  566.428588] binder: 13213:13219 got transaction with invalid parent offset or type
[  566.428613] binder: 13213:13219 transaction failed 29201/-22, size 104-24 line 3454
22:20:01 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
r2 = gettid()
ptrace$setopts(0x4206, r2, 0x0, 0x0)
tkill(r2, 0x3b)
ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r2, 0x0, 0x0)
fcntl$setown(0xffffffffffffffff, 0x8, r2)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
r3 = gettid()
ptrace$setopts(0x4206, r3, 0x0, 0x0)
tkill(r3, 0x3b)
ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r3, 0x0, 0x0)
r4 = syz_open_procfs(r3, &(0x7f0000000140)='gid_map\x00')
getsockopt$inet_tcp_int(r4, 0x6, 0x13, &(0x7f0000000200), &(0x7f0000000240)=0x4)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a747000000000000000000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000004000000008561646600"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00']], 0x1ca, 0x0, 0x0})

[  566.428626] binder: 13213:13219 ioctl c0306201 20000800 returned -14
[  566.428797] binder: undelivered TRANSACTION_ERROR: 29201
[  566.436127] binder: BINDER_SET_CONTEXT_MGR already set
[  566.436136] binder: 13213:13226 ioctl 40046207 0 returned -16
[  566.436450] binder: 13213:13226 transaction failed 29189/-22, size 104-24 line 3138
[  566.436561] binder: 13213:13226 ioctl c0306201 20000800 returned -14
[  566.436812] binder: undelivered TRANSACTION_ERROR: 29189
[  566.481398] binder: 13229:13233 got transaction with too large buffer
[  566.481470] binder: 13229:13233 transaction failed 29201/-22, size 104-24 line 3493
[  566.481815] binder: 13229:13233 ioctl c0306201 20000800 returned -14
[  566.481993] binder: undelivered TRANSACTION_ERROR: 29201
[  566.489382] binder: BINDER_SET_CONTEXT_MGR already set
[  566.489392] binder: 13229:13234 ioctl 40046207 0 returned -16
[  566.570372] binder: 13221:13223 transaction failed 29201/-22, size 104-24 line 3454
[  566.578407] binder: 13221:13223 ioctl c0306201 20000800 returned -14
[  566.587458] binder: undelivered TRANSACTION_ERROR: 29201
22:20:03 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)=<r1=>0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r2, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r3 = dup2(0xffffffffffffffff, r2)
ioctl$EVIOCGEFFECTS(r3, 0x80044584, &(0x7f0000000680)=""/247)
setxattr(&(0x7f0000000540)='./file0\x00', &(0x7f0000000580)=@random={'btrfs.', '%vmnet0#nodevwlan0keyringvboxnet1\x00'}, &(0x7f00000005c0)='selinux\\\x00', 0x9, 0x0)
rt_sigqueueinfo(r1, 0x3e, &(0x7f00000001c0)={0x20, 0x4, 0x7ff})
r4 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r4, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
lsetxattr$trusted_overlay_nlink(0x0, 0x0, 0x0, 0x0, 0x0)
clone(0x0, 0x0, 0x0, 0x0, 0x0)
r5 = socket(0x200000000010, 0x2, 0xc)
write(r5, &(0x7f0000000000)="1f0000000104ffd00e00000000000000030501000b000100040423ca0000cf", 0x191)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000780)={{{@in6=@dev, @in=@dev}}, {{@in=@initdev}, 0x0, @in6=@dev}}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r6, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x12, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2, 0xffff}}, 0x14}}, 0x0)
setxattr(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)=@random={'osx.', '/dev/binder#\x00'}, &(0x7f0000000500)='%vmnet0#nodevwlan0keyringvboxnet1\x00', 0x25e, 0x1)
mmap(&(0x7f0000eae000/0x3000)=nil, 0x3000, 0x0, 0x8010, r6, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000040)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000000000000000000000000000008561646600000000000000000000000002000000000000000000000000000000856164660000000000000000000000000000000000000000000000000000000012b08d24c9883ee3be81d9619d6f25bbb243538779c97cde9298c183cafe32dae073a255f974e2f4ee22d7cab6deb9842ad7ac0aee786a2d261ed1061e0d7c6255a7639edfceb8d078fa4df88dec5f33032f5bc812116ecb44a081fb012e44ea550e0b1982db51b0ace4dc0b907d02a706b9056345000084673d25c58576d1469056cd3a33c26ead418a4652b591740f29e3599d94af1583098cd90db52d302af4a707e22b1e0200000000000000ec33c1a5f170e5bb"], @ANYPTR=&(0x7f00000002c0)=ANY=[@ANYBLOB="b67eefe6a1ec943479180119cc6291cf3e006dae494d8fb1a81d0a87ed27d48ca6269747adb687e86aed1d54a00deaae13d2fa75daabf31efeba0ccc48d948965657346d8dbba7b73d619874e1773fea0d950afa6538867064268546b30aa0ba8d204a4fbb2ba08f2ca8691b5dc0a498bcf0941e38fde623ec756e1ef4ccb89377e6b791adff08c27657655873c7ac26ef6719f4381732979806ad44c119414c3a7047e6af6673d553977ebcd9475a4c0f55eb0082bb00876b3abc6cfae6696ae50791c49e5677911534f07edc6767e46291e02b9af79897d3c47be55f79de33ee23b9d286e203d4ba121c97c97597f3b6f2837452fe40ad3346b8d7378ac903358d5066079832c58e8ccfd0e2f0e6f1753bd964a40c254d5c18a2e312be6b432a0c88bcc48cac5f54a6871162509dfd28fbc54d95dad93a63af9a20f5e3154fa066cc55dd98620c5eaa04a043fd0fe09f7a84fb53028ea3519ddd9fb7c845dd8bee0bbbe4d98f1f5d0002f5752dd3d6f7b8367123c272658e9fcf0a92f545adb53f17f9f099ac62fc462177a17cc675c22aa6e423f13d25cd2fe48ec58f7a1b0ea57cb21e2eccc19eff301e3cef9b4019e873b381a1fb1aa94c76164f844b9d90fb74487c25209e4a9a8a99796c147e0808ccc600e0bf1ca4c4620d6966cc860d98ca619e1a1405ba2bb2625f1e3f622c6bafeeebf3834b2ba8c55d73b7837087ba0a20fb016df0127636bcba8724485133f9f21a518fe5"]], 0x1ca, 0x0, 0x0})

22:20:03 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/enforce\x00', 0x400, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc2(0x0)
sendmsg$TIPC_NL_NAME_TABLE_GET(r3, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x24409000}, 0xc, &(0x7f0000000280)={&(0x7f0000000580)=ANY=[@ANYBLOB="0800ad2846bee24ac4c074d74eb7c0a0c8ab5b15d2fe45b39c1da54ad1143459bc50dc07641ec79583ae054ac7340d04abf3fc62b85074a7cffe78c4600148dc7cdec497f5c4f40517798001", @ANYRES16=r4, @ANYBLOB="04002bbd7000fbdbdf251000000004000600a4000400440007000800010003000000080001001900000008000200020000000800030001000000080002009c07000008000200050000000800040009000000080001000d0000000c000700080004004a0000000c00010073797a30000000000c00010073797a30000000000c00010073797a31000000000c00070008000200050000000c00010073797a31000000001400010062726f6164636173742d6c696e6b00002400060008000100ff0f000008000100f8ffffff080001004f0000000800010001ffffff"], 0xe0}, 0x1, 0x0, 0x0, 0x8004}, 0x4000004)
sendmsg$TIPC_NL_MEDIA_GET(r2, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x180000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0xf4, r4, 0x100, 0x70bd2b, 0x25dfdbfe, {}, [@TIPC_NLA_BEARER={0x4c, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x5}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x8, @ipv4={[], [], @loopback}, 0x40}}, {0x14, 0x2, @in={0x2, 0x4e21, @rand_addr=0x8}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0xffff8001}]}, @TIPC_NLA_SOCK={0x4}, @TIPC_NLA_LINK={0x60, 0x4, [@TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}]}, @TIPC_NLA_LINK_PROP={0x34, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6eb}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6b}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xe99}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}]}]}, @TIPC_NLA_NODE={0x1c, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x400}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x10001}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_NODE={0x14, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xf7f7}]}]}, 0xf4}, 0x1, 0x0, 0x0, 0x1}, 0x44881)
sendmsg$nl_netfilter(r1, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000000000)={0x7fff, 0x5, 0x1, 0x0, 0x0, [{r1, 0x0, 0x10000}]})

22:20:03 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r1, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f00000000c0)=0x5, 0x4)
r2 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\b\x00\x00\x00\x00\x00']], 0x1ca, 0x0, 0x0})

22:20:03 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r2, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
dup2(r1, r2)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})

22:20:03 executing program 5:
r0 = epoll_create1(0x0)
r1 = epoll_create1(0x0)
r2 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r2, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000200))
epoll_pwait(r1, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r3 = dup3(r2, r1, 0x0)
ioctl$BLKIOOPT(r3, 0x1279, &(0x7f0000000700))
ioctl$PPPIOCSMRRU(r3, 0x4004743b, &(0x7f0000000080)=0x80000001)
r4 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x4)
ioctl$sock_inet_SIOCSIFDSTADDR(r5, 0x8918, &(0x7f0000000000)={'rose0\x00', {0x2, 0x4e23, @local}})
pidfd_send_signal(r4, 0x0, 0x0, 0x0)

22:20:03 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
r4 = gettid()
ptrace$setopts(0x4206, r4, 0x0, 0x0)
tkill(r4, 0x3b)
ptrace$setregs(0xd, r4, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r4, 0x0, 0x0)
r5 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r5, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r6, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={<r7=>0xffffffffffffffff, r5, 0x0, 0x4, &(0x7f0000000040)='GPL\x00', 0xffffffffffffffff}, 0x30)
tkill(r7, 0x40)
prctl$PR_SET_NAME(0xf, &(0x7f0000000000)='selinux[[\x00')

22:20:03 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r1, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f00000000c0)=0x5, 0x4)
r2 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\b\x00\x00\x00\x00\x00']], 0x1ca, 0x0, 0x0})

22:20:03 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
r2 = gettid()
ptrace$setopts(0x4206, r2, 0x0, 0x1)
tkill(r2, 0x3b)
ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)="6776beb8fef839c5c1756d448721aee9cab7dc8331b346618f7624f425c325f32267b581051964436709e99b6b89aa344e6d76651ea297eb2eb875c81973ff")
ptrace$cont(0x7, r2, 0x0, 0x0)
r3 = gettid()
ptrace$setopts(0x4206, r3, 0x0, 0x0)
tkill(r3, 0x3b)
ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r3, 0x0, 0x0)
r4 = gettid()
ptrace$setopts(0x4206, r4, 0x0, 0x0)
tkill(r4, 0x3b)
ptrace$setregs(0xd, r4, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r4, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x8, 0x0, &(0x7f0000000040)=ANY=[@ANYPTR=&(0x7f00000000c0)=ANY=[@ANYRES16=r2, @ANYRES16=r4]], 0x0, 0x0, 0x0})

22:20:03 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r1, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f00000000c0)=0x5, 0x4)
r2 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\b\x00\x00\x00\x00\x00']], 0x1ca, 0x0, 0x0})

22:20:03 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x9, 0x200c00)
ioctl$BLKTRACESTOP(r1, 0x1275, 0x0)
pipe(&(0x7f0000000140)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$TCFLSH(r2, 0x540b, 0xfffffffffffffffa)
pidfd_send_signal(r0, 0x4, 0x0, 0x0)
setsockopt$inet_icmp_ICMP_FILTER(0xffffffffffffffff, 0x1, 0x1, &(0x7f0000000080)={0x2}, 0x4)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r3, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
getsockopt$sock_timeval(r3, 0x1, 0x14, &(0x7f0000000240), &(0x7f0000000280)=0x10)
r4 = openat$full(0xffffffffffffff9c, 0x0, 0x2, 0x0)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000200)={&(0x7f00000001c0)='./file0\x00'}, 0x10)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r4, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r5, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
ioctl$EVIOCSFF(r4, 0x40304580, &(0x7f0000000180)={0x56, 0x5, 0x78f, {0x5, 0x9}, {0x7ff, 0x6}, @cond=[{0x7, 0x2, 0x8, 0x3, 0xf64, 0x2}, {0x3f, 0x40, 0x4, 0x2, 0x3ff, 0x4}]})
ioctl(r1, 0x9, &(0x7f00000000c0)="1abaf19e3223b1a9d7b7294b3ae7521488b130e78e6ca094dd3a6e81fd9ef446c0376b155c2e319490eba7738f15c05730a0c34f0e4159d74cdd15834a683d712690210b98bdb479549605c483d3821a39efbe1fea1b2d9a32852f30ee70dc92bb93333057bca601ae3560b7f65ed79f4d")

[  569.091054] binder: 13248:13252 ioctl 8904 20000180 returned -22
[  569.096233] binder_alloc: 13250: binder_alloc_buf, no vma
[  569.096251] binder: 13250:13254 transaction failed 29189/-3, size 104-24 line 3284
22:20:03 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x200002, 0x0)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)

22:20:03 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r1, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f00000000c0)=0x5, 0x4)
r2 = syz_open_dev$binder(0x0, 0x0, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\b\x00\x00\x00\x00\x00']], 0x1ca, 0x0, 0x0})

[  569.096265] binder: 13250:13254 ioctl c0306201 20000800 returned -14
[  569.096398] binder: undelivered TRANSACTION_ERROR: 29189
[  569.107314] binder: 13251:13255 got transaction with invalid data ptr
[  569.107344] binder: 13251:13255 transaction failed 29201/-14, size 96-24 line 3316
[  569.107572] binder: undelivered TRANSACTION_ERROR: 29201
[  569.114437] binder: BINDER_SET_CONTEXT_MGR already set
[  569.114445] binder: 13251:13255 ioctl 40046207 0 returned -16
[  569.131049] binder_alloc: 13261: binder_alloc_buf, no vma
[  569.131066] binder: 13261:13264 transaction failed 29189/-3, size 104-24 line 3284
[  569.131128] binder: 13261:13264 ioctl c0306201 20000800 returned -14
[  569.131456] binder: undelivered TRANSACTION_ERROR: 29189
[  569.172538] binder_alloc: 13273: binder_alloc_buf, no vma
[  569.172558] binder: 13273:13277 transaction failed 29189/-3, size 104-24 line 3284
[  569.172572] binder: 13273:13277 ioctl c0306201 20000800 returned -14
[  569.172722] binder: undelivered TRANSACTION_ERROR: 29189
22:20:04 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x3a5cfa4bf20ca278)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000005000/0x4000)=nil, 0x4000, 0x2000006, 0x20010, r2, 0x8000000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x2})
close(0xffffffffffffffff)
ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000040)={0x7})
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x2, 0x0}, @fda={0x66646185, 0x0, 0x2, 0xfffffffffffffffe}, @fda={0x66646185, 0x7}}, &(0x7f0000000080)={0x0, 0x28, 0x3e}}}], 0x43a, 0x0, 0x0})

22:20:04 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r1, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
accept(r1, &(0x7f0000000080)=@sco, &(0x7f0000000000)=0x80)

22:20:04 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000002e0c17cb38070000002a370cf40fbac97856dd6015350e4afc29f78606e9931224fdb8e1fe4a28af7905e3c37daa6ed0fc1389e95a9c476a485699fb6e727437c358ad2c3dfd6fb152c980d52fe754db091fecccbd5312cf15c0dfb49d184c16e7613e9d9ad9b7e558f1a5921037eadc8aabd9f0ddfcc80fcd353472168573c5c05f3623aee3956ea167700b8a57cae20e214df9cddf6e09394f1a3ec53f4adb2f6b01018a7a991b36b927df4874b092891ea18d45f0ccc42b2e1a270b9a9e311b9830a5edc07343ad13ca1021269d0473d5b93fde46c276382b08027703a8f7564abab0f57593ca8b76cc3688cdbe6c10b528eef33538ad2989eca826cc5a3e41e5a8e6e62e10ddcd25796d63c802f4353ba2660e50b2ac66fdf271526d50edfe422da5e62613e7364e502578a3f22c94c48b36d5544b8f5de3dbda026992f1bded1eda9dac6e5c74555dae0f4729367fc780135791028e85a8187e907460a10de0f2e7c58791dab94abe4b41bd7773f3387780187a9c5224920586eb457f49a76d1c0ff255716cf991d2a9c72b18812d4db2e1bcfb43ed1000b13bed2d56e52828c0ed79eb4ef4285fbe822cb6955f54e2d6997572b1ace8ae9626e8d7bf957d6fe7a4b742918d5ba36d8ceb6d8b2f4fd12e000000"], 0x0, 0x0, 0x0})

22:20:04 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r1, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f00000000c0)=0x5, 0x4)
r2 = syz_open_dev$binder(0x0, 0x0, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\b\x00\x00\x00\x00\x00']], 0x1ca, 0x0, 0x0})

22:20:04 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
r1 = gettid()
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x3b)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r1, 0x0, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
recvmsg(r2, &(0x7f0000000400)={&(0x7f0000000200)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000280)=""/178, 0xb2}], 0x1, &(0x7f0000000340)=""/166, 0xa6}, 0x10040)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair(0x7, 0x3, 0xda, &(0x7f0000000440)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r5, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r6 = syz_open_dev$rtc(&(0x7f0000000480)='/dev/rtc#\x00', 0x3, 0x0)
r7 = openat$uinput(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/uinput\x00', 0x802, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r8, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
ioctl$sock_FIOGETOWN(r8, 0x8903, &(0x7f0000002000)=<r9=>0x0)
r10 = getpgrp(r1)
r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r12 = fcntl$dupfd(r11, 0x406, r11)
r13 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r14=>0x0, <r15=>0x0})
getsockopt$sock_cred(r13, 0x1, 0x11, &(0x7f0000000500)={0x0, <r16=>0x0}, &(0x7f0000000540)=0xc)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r17=>0x0})
ioctl$LOOP_SET_CAPACITY(r12, 0x4c07)
write$P9_RRENAME(r12, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r12, @ANYBLOB=',rootmode=00000000000000000160000,user_id=', @ANYRESDEC=r17, @ANYBLOB=',group_id=', @ANYRESDEC=r15, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r16, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r14, @ANYBLOB=',pcr=00000000000000000049,rootcontext=staff_u,dont_hash,\x00'])
r18 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r19 = fcntl$dupfd(r18, 0x406, r18)
r20 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r21=>0x0, <r22=>0x0})
getsockopt$sock_cred(r20, 0x1, 0x11, &(0x7f0000000500)={0x0, <r23=>0x0}, &(0x7f0000000540)=0xc)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r24=>0x0})
ioctl$LOOP_SET_CAPACITY(r19, 0x4c07)
write$P9_RRENAME(r19, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r19, @ANYBLOB=',rootmode=00000000000000000160000,user_id=', @ANYRESDEC=r24, @ANYBLOB=',group_id=', @ANYRESDEC=r22, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r23, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r21, @ANYBLOB=',pcr=00000000000000000049,rootcontext=staff_u,dont_hash,\x00'])
r25 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r25, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r26 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000002100)='/proc/self\x00', 0x240100, 0x0)
r27 = socket$inet_tcp(0x2, 0x1, 0x0)
r28 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r28, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r29 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r29, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r30 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r30, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r31 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r32 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r31, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r32, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r33 = openat$cgroup_type(r31, &(0x7f0000002140)='cgroup.type\x00', 0x2, 0x0)
r34 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r34, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r35 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r35, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r36 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000002180)='cpuset.sched_load_balance\x00', 0x2, 0x0)
r37 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r38 = fcntl$dupfd(r37, 0x406, r37)
r39 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r40=>0x0, <r41=>0x0})
getsockopt$sock_cred(r39, 0x1, 0x11, &(0x7f0000000500)={0x0, <r42=>0x0}, &(0x7f0000000540)=0xc)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r43=>0x0})
ioctl$LOOP_SET_CAPACITY(r38, 0x4c07)
write$P9_RRENAME(r38, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r38, @ANYBLOB=',rootmode=00000000000000000160000,user_id=', @ANYRESDEC=r43, @ANYBLOB=',group_id=', @ANYRESDEC=r41, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r42, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r40, @ANYBLOB=',pcr=00000000000000000049,rootcontext=staff_u,dont_hash,\x00'])
r44 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r45 = fcntl$dupfd(r44, 0x406, r44)
r46 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r47=>0x0, <r48=>0x0})
getsockopt$sock_cred(r46, 0x1, 0x11, &(0x7f0000000500)={0x0, <r49=>0x0}, &(0x7f0000000540)=0xc)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r50=>0x0})
ioctl$LOOP_SET_CAPACITY(r45, 0x4c07)
write$P9_RRENAME(r45, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r45, @ANYBLOB=',rootmode=00000000000000000160000,user_id=', @ANYRESDEC=r50, @ANYBLOB=',group_id=', @ANYRESDEC=r48, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r49, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r47, @ANYBLOB=',pcr=00000000000000000049,rootcontext=staff_u,dont_hash,\x00'])
r51 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r52 = fcntl$dupfd(r51, 0x406, r51)
r53 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r54=>0x0, <r55=>0x0})
getsockopt$sock_cred(r53, 0x1, 0x11, &(0x7f0000000500)={0x0, <r56=>0x0}, &(0x7f0000000540)=0xc)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r57=>0x0})
ioctl$LOOP_SET_CAPACITY(r52, 0x4c07)
write$P9_RRENAME(r52, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r52, @ANYBLOB=',rootmode=00000000000000000160000,user_id=', @ANYRESDEC=r57, @ANYBLOB=',group_id=', @ANYRESDEC=r55, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r56, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r54, @ANYBLOB=',pcr=00000000000000000049,rootcontext=staff_u,dont_hash,\x00'])
r58 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r59 = fcntl$dupfd(r58, 0x406, r58)
r60 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r61=>0x0, <r62=>0x0})
getsockopt$sock_cred(r60, 0x1, 0x11, &(0x7f0000000500)={0x0, <r63=>0x0}, &(0x7f0000000540)=0xc)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r64=>0x0})
ioctl$LOOP_SET_CAPACITY(r59, 0x4c07)
write$P9_RRENAME(r59, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r59, @ANYBLOB=',rootmode=00000000000000000160000,user_id=', @ANYRESDEC=r64, @ANYBLOB=',group_id=', @ANYRESDEC=r62, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r63, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r61, @ANYBLOB=',pcr=00000000000000000049,rootcontext=staff_u,dont_hash,\x00'])
r65 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r66 = fcntl$dupfd(r65, 0x406, r65)
r67 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r68=>0x0, <r69=>0x0})
getsockopt$sock_cred(r67, 0x1, 0x11, &(0x7f0000000500)={0x0, <r70=>0x0}, &(0x7f0000000540)=0xc)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r71=>0x0})
ioctl$LOOP_SET_CAPACITY(r66, 0x4c07)
write$P9_RRENAME(r66, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r66, @ANYBLOB=',rootmode=00000000000000000160000,user_id=', @ANYRESDEC=r71, @ANYBLOB=',group_id=', @ANYRESDEC=r69, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r70, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r68, @ANYBLOB=',pcr=00000000000000000049,rootcontext=staff_u,dont_hash,\x00'])
r72 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r73 = fcntl$dupfd(r72, 0x406, r72)
r74 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r75=>0x0, <r76=>0x0})
getsockopt$sock_cred(r74, 0x1, 0x11, &(0x7f0000000500)={0x0, <r77=>0x0}, &(0x7f0000000540)=0xfffffffffffffd2d)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r78=>0x0})
ioctl$LOOP_SET_CAPACITY(r73, 0x4c07)
write$P9_RRENAME(r73, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r73, @ANYBLOB=',rootmode=00000000000000000160000,user_id=', @ANYRESDEC=r78, @ANYBLOB=',group_id=', @ANYRESDEC=r76, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r77, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r75, @ANYBLOB=',pcr=00000000000000000049,rootcontext=staff_u,dont_hash,\x00'])
r79 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r80 = fcntl$dupfd(r79, 0x406, r79)
r81 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r82=>0x0, <r83=>0x0})
getsockopt$sock_cred(r81, 0x1, 0x11, &(0x7f0000000500)={0x0, <r84=>0x0}, &(0x7f0000000540)=0xc)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r85=>0x0})
ioctl$LOOP_SET_CAPACITY(r80, 0x4c07)
write$P9_RRENAME(r80, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r80, @ANYBLOB=',rootmode=00000000000000000160000,user_id=', @ANYRESDEC=r85, @ANYBLOB=',group_id=', @ANYRESDEC=r83, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r84, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r82, @ANYBLOB=',pcr=00000000000000000049,rootcontext=staff_u,dont_hash,\x00'])
getgroups(0x7, &(0x7f00000021c0)=[r41, r48, r55, <r86=>r62, r69, r76, r83])
r87 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r88 = fcntl$dupfd(r87, 0x406, r87)
r89 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r90=>0x0, <r91=>0x0})
getsockopt$sock_cred(r89, 0x1, 0x11, &(0x7f0000000500)={0x0, <r92=>0x0}, &(0x7f0000000540)=0xc)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r93=>0x0})
ioctl$LOOP_SET_CAPACITY(r88, 0x4c07)
write$P9_RRENAME(r88, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r88, @ANYBLOB=',rootmode=00000000000000000160000,user_id=', @ANYRESDEC=r93, @ANYBLOB=',group_id=', @ANYRESDEC=r91, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r92, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r90, @ANYBLOB=',pcr=00000000000000000049,rootcontext=staff_u,dont_hash,\x00'])
r94 = gettid()
ptrace$setopts(0x4206, r94, 0x0, 0x0)
tkill(r94, 0x3b)
ptrace$setregs(0xd, r94, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r94, 0x0, 0x0)
r95 = getgid()
sendmsg$netlink(r4, &(0x7f0000002340)={0x0, 0x0, &(0x7f0000002080)=[{&(0x7f0000000500)={0x1608, 0x1a, 0x100, 0x70bd28, 0x25dfdbfc, "", [@generic="de9206004a676111c3f4852736d84a4ec6048bf19ad9c7db429aca986b3a6ae405d3", @nested={0x200, 0x56, [@typed={0x44, 0x23, @binary="b32d97494b996b6628b0defe308c789c36a4299f584249c7e627a2a7a46061f078e48edcfcc44673b6c1e59122ae598e4c1be1e376d6b1e5dd6b3772fa"}, @generic="25856e83880fb59e325264f891f79b53063d06487feb0c443db14b158ab4aa92bf81a25c4ab2d420178a549e2a88e4e4e949dc7cf6d323a6eb881a503c4043876fd03094e35544cf329b7fad3e6e04520debf973927031969ac4fe4fc5f6c8ba7481564c8d803913c8f0843a8094b7be5c0863aeee9dac464b06519e5544fc9f9836b3ef908886f837ab67bdbf58050ab6638dc4cee48e4953a48a", @generic="cd64af6de51ac5a0810f2b00ee87b2856ce7149a456f6ff9a815793c0a4932b934789e5955221b0a5d", @typed={0x14, 0x6d, @ipv6=@remote}, @generic="b1d078522a5c89856a4acf5264299a6f0980526f09d815a3b41546f6dbd0964f512f52e8", @typed={0xc, 0x82, @binary="151fb554bc05ce"}, @typed={0x8, 0x13, @fd=r5}, @generic="dd04208508220f2c5fa436d14af061a41d29a7e5c204830c361c2dea4056f31ae8adec5576bea3f5073fdf57a7a8c1a1a97f1eda9651991aae055b39fc8641db684e064c2e9fee206827c3b72c4483214e634684f7eed7900abf62fe0f26040ff5f4bdffc7b5c046f0eda06b430dfee9df2d3101edf3aaaa2e8abf25e3a6387eea981fcdd45b820c06ae0457a879c4686582b5c6", @typed={0x14, 0x18, @ipv6=@mcast2}]}, @nested={0x8c, 0x67, [@typed={0x8, 0x7e, @str='\x00'}, @generic="1071cf60f3ce69960a201fcd1c09b70a0791623130a3bbe1b864edc77bbb60027279634cd2520cef779c1bba117398a85e2643e03a9d3f258506e8617ebba6bc4de53bcd41b846534e935c0d13ed0dd0cafec893488c0ef969a1485cd0796d0abeda437f1bcd5cf32650ffec909af8d65fc5b9", @typed={0x4, 0x3}, @typed={0x8, 0x19, @fd=r6}]}, @generic="c2d10a0d86628f0b4d3a2bf5bc453a98126c4d76a0cbe26374e0604abcec129584c305cbd1cd33fd5868ae6dd1221a2b1c2bca0353dc3025e67206104fdb1edb7637", @typed={0x8, 0x87, @fd=r7}, @typed={0xc, 0x88, @u64=0x9}, @nested={0x12f4, 0x43, [@generic="e706e8233158f619416e05e96d7f25646f6763651741d010737e964b48701d75ec0da882f0d6aa1b38f94299cca561c2b299901081c845684887f84c465812a323ed0a0c31ff4736ced5f9117a69c03daf94e534d0d4e61f7d745ce6dedf6d9d38f1cc326e717d1890dadec69622f9fd632f0a71bafa90cb1b846437ae696bd3d2e2f3f5f3f84d09527f04b547b63b11df22c67b7e", @typed={0x14, 0x1a, @ipv6=@dev={0xfe, 0x80, [], 0x1e}}, @typed={0x4, 0x8b}, @generic="21d57e5d8d4da033aab58b8c03e5227875f59f02e8cd486773b446cb31263c4f6371014fc00d5d7e7b0dfbde5e2473a20f1fc36671f6dfdbfe32227758bf76ba249220f28d41606b88c91efc864fc7d0cf10a1733108a4fb15bfa8c372c60e07d7907403d98ed2bdc802316a1e6bba0d90053975f6335d8d8ea93e2578261bcc521126e1e7697e45f94d791e6db7b988e3f1ec1bbff2acf8f7a186b495bd6bffff68de41eef5c72e8320cb4540f61764748fc7d7e16224619a407010b2551905c07e6c902cf599d709bba15b8a73eaac5839b551216cc5b6690f2721b81ec136ab", @typed={0x8, 0x53, @u32=0x9}, @generic="6a92ae81917c68f17b2efcbac0fa9eafe3d6bc63bf6a194394040f429dc8814d2546a57af946c3fad3b3a6b42485145c641d0e798d9a2269c22dbcdd7113e493a51576a76ebec03ddf05ebe58603ae5c5aee5c2d3c1a74119f6fedf98a581d9872803d4a2d73010d8d23c7571cfbce287850e1022bbf2631ea72c6c6a23e2dbe037b14296af1", @typed={0xd4, 0x88, @binary="da43b81ffa429b9d2324a8dd50aba9428b3d881e05e6287afa79cb4177f5c3becd14c1f68c898c9db8eec3f518a94c46d8624653e78f32a9a50d58358403466d2dab947f0f2d7db83446efafdbb665d2c6c13f39cc6e3aeb9af4b3f1c1823c496eb31ec80d32152cc550c07ee10d7651f8567b8972739fc012bb2dab2a04dfef956071ea05296dfb2e283177b73fbeb582f9e26416a6c40e80fc98584c68a9abdd2962b196cdb6a79ba71dd31daee422c4c044d53348e4f4385be9840da0de4a2296f22f305f5546cab7d9f45ec8bfc1"}, @generic="d9195a28ea4edaac2e9cf6ffcddd7dd8298c9a9108e9d092f06d2b601d2a6a9e746dfc1b99031606b02f0dc38872a7e5fe941d98b799374577730f85dfb0b642eb41719a5a14de483bfd4239eaa2f7c5513d016c7841cb49dbe3eb27cc63c82a819e50fb52abbfc6546a1c83da19962b488452ad9d63b39d5e6ef9f97acbbb393ebe35a5a4d4009801d6bd9ecf510cba8cb2eadbf2a423d8a5dedc412ff666aabf4ec1c7d397c44f285c23fc6b1826d99b54b7b496d8762fbd7202e54113f7fab15a16dbc21433e9afe3476cb34e59029d05723137f92d55d10e9d8a1670939271d9b885d568d2535d747595c0348df509e10f27cf4efc6770ef9f4f5fdb9efee4aa5e5b0f06c45688d834842280a1c6ca6d1d696a88165bf953e39b7ac72440d3fc4040462d6fe4ee558b3adaabc48c08369bb9f90a16fa995644836bf6316822dd9a097e3d9de5a2d2616bb31bcb2a538ab15f93e56cfce1ae7e80831815f8d3df61c8c3953c99725434cc29f722ef5b6c1016c1f4eaed8458e631ad440b2f6a82177842d3bb63467158cad3bd83da338059d2c9c87ddee8ac7fff2a0cd92abf73db64d56b70654f9aa29a0f44b85c3648da5f80c25bba68d2a969d4cd5e7ac12b866059a330acb4c0b97013eca87609ded8cf100803e2c566491932758e92cf0c405dcb2cac1f16534be7f8c98e5ca0a4efe44a252850346aeac78d16af16677d81d0398a7ca79174ce8ee4bf4d88040d17598938383c0dc896e9071c6205dc71322cea67206fa862fd8e79a329d6d7a0b3e7dcee4b42029d39aefe9bf09ac0511b8ff155f49b073a348fa501e960988233e1d3361791436a9123a15fa2a444adb29bad6e919a98d7ad4c5e00f13e856e7069b193282c079db551f79496965c5888a91ad8fb9b1c911b6ea3552a0ac4871bce12791833d656f7377b8aff6e1ba51bb4e6a710b8db2be56aa221d22b67c1df54a6a1b54b483bc26ffed76e39fa86432d0a3f88b025855683836af8a7ff14d923c40c418e1baeb9333bce25e6343e847ca311a104b98205186b3e2f1a45b9e73202ef0452fef2957ade5f734eaa626bc37b0f7551ad576756dfb4f04a6a1f3117a8b0ba391a945a0fa2dbb9fee31be9d96dbc21e71f54354938601f000b4fa2692517bcf17d45ed13ff0c369baf8f26884fae41a8b67832fae28b91fa7bcf78eaddeebc648ba789936b4400cd0af7dd43e7988c9f6978efb4a343266c1261161d24c4c98bee7b7328138241c43bc5afb7972178168293d78ffdbb219ecdf71281b431d294f161158665d4bd4de75e91990caf5fba0538c1aa5347b452f9cd05af9953a4f1665aac6983b71aa60ac989a3eae23b279f7d08eb6721c7caa60b9d0521f52d0c080bb603c88e9a6329168c1bf7806f880073788df0bea859678e114e4420ef8ab139822f244469ef8e211ebd9e725454eda08da5bf96bbaa9685c1eb85d6cadd2356c13b243e2eb276f1808bbbd85c6efad4046efb4a52c3ddbbeafae2719fe64e696e67bec6f3ee0c4bac6e95d236d245c92de6dc8e69d7409f7471ae77fe7613a13fc01191a2f977fda0b17459964ed959356d53b8cd05db2250677b1fd49968ff62f6d0064802dd448d0184443371eeec09eccb3d581865eead8ba5e2637bb4bb41d52bed55e1efe88703d6a8ccdace26f0bb884e3456cf1b4064cf2340a325965b6309f5ebf900ab69b21d2bed3cc914a70a6974f6a0147b323b37120f43c454cfff80fdb824232eb5b7dd1d91499e237a5958f2985eea44e59f9510b346def7aaf417f02dc4fe8342f8f654d8cbb696a32451f670d1b06d76c45e54be9d8faf108c7c2dd0b630dab2cc2b0d86ef6379d945a61ce52ec64f144597fc67771cb4073f3c2131870262378d0b837658695481d9a6eee139a8f37eaf5d9a2434c5db440b4550dc1339ac63f08123c9abce7af71e7502dc0c18a91448622f93b1e23469d8490cb6b020c4fbbe239d07f4ed9d499b57f006535280aeb3184036b1b7dbff08f802d908a88b77fc3ae68b1af3e7b62461bce7d1b167d365f2930d588158b95bff881c3f4eac5e27fd5bc3a91c154affa62f62fd5a17c98d76e7b6dcb73c3cbb8cab393166c433ca5caf2992d69ce4ccbaa19b851c35b069e8b0b282aab3aadf2d164080bd7cddf14ff4cbb87f9fa1fe3bcc4326910333dc4b9a463f2562ff27db6c9c7b9a391160a79a7b5e1a979b77ad44f877c2cee0d4c2581a8efb197da2d440800e44536a0cc5078568ea9542f8fee57a981514b07badfb0d2792eb84a61e10dd6f5bc6b11d22b2ee11d5528003a201fa7399fb98e8c64b01ed0190b51b5da3b452fd9934d021bf9d8d85e7a265229cd0946b0abfde2fc383565d5c0508614bde129ffeee43854f127c7ae5c1dc9761d919a71dfd2674395d9ebb32a7c7b603b55fce521948be89e1e7b2b7c60c13cc8df7619e13da47d1f52ba97e0b1b05ef324042e8184dd2aa58a5c8c12808f8e4c49e20134fd8adc02add4d187210ba10838b6ea3388712b58b81a99a6e322e626d0f9cfde0ad158f97f04fda03abf427c643d2fab6500839d61054cd6c699bd20cb1f6cd754873b7dd40b3e9971b7465681ba57786bef153a2b8b27572d6956d9f6a532af2001c784e6360958a5ae82ca9791c580ca7d086c6c3be350fd59d8ee18eddd28b1071e0507ec0e5defd3073b72b4d4bc8c3f64d3b6566dbd55c3843d17aa212decccd8936ba428d27df865423d3f7a397ca61a51cecabdf35acf6438586061eae4cdeaa84d758bff1072d737512c50a0d7e4a3de52b18b3511cc99210ce08e39a7b77523ac41b1b8f1019ca7dadbc5d5d37774fc5e3c9f21a630b0c4384c0f09b318d095c0f80c8ca210ad2ec6c2998108abf38da1dc4043dd4cca2e134f241082b1a200e0cd962f66ebb4aa2bbbcfb25de09d839b4069adaaadb5625205a9b882d37be168e4c9188f914d50472752997d1f79c49b4dc98b651bc10eb845056e16f6ea3d64c6c5d54a0ecd5ee5ce7311c42f4e730cd030293c6262c523b7d4f35584117c5ec26be5deb423a097bc7ee3332aaed3f6b155b5c8c4129ea79fa2d208a1c10dc377ee47ea99cb85116ce0c1fa3d352f12150848525c401ed39e7a71f44c66ecdaed82f8653bcd4b3e04db73cd0ffccbb592ad9c2930827e60f0e5df3d4c94c2be7bbcecfaec07de50e673db3bc3b15e0c0abbd81b2acea5fe9b77b3b8dfbfba6233fcffa7baeea1ee383ae342180a086d7f442a46183e3eb948926be85c31cd796506ccbf3d88101af860c8ac7b4fc07c0c49f6f0a3b4842035ad0d66daffe04e33211b5df990e96670973e85bd89064de4f749980ddd8732486c5024592227997cd4fa870623f9b5a2889ddf324f9257fe7db90830359e48a5ac7de31d28cd880a806ae87eded6f243633a03d9218271aba9227f9bd4eeb00493d36a6ea872ef254ac77d1f1aa4490f180ec12debec98facf1ba13173b23a541c10d3b1b21b552b7dade6e516d7a0992f34fefca8d328be4e70423e19d6290b3d8c7aeb14f4a7c3f09d6f307c053345ad621e92105b192c2912b07f192f887214509804572d0224dd29c0806d0bd568c4e469c3317e85103757bf0bf3370250132fb12cb0478de96e549d2d4f9f6b19f97a508c3a848f049a1889586e84f0a932188011aefc022dc53af89d4b8f5ff60b7074dbd75e1ced54c74c0ecdd935757a5a4766434a0e4a61996a352ca459dbd964fc17d6d403e9b0a23741344748e9c30b4f8133206fee2dd494bcea515a1867fa6e8090b40de1a82b08ade120dcac0be61d7fca8a673ab428b3ccec1c16129e10f2e42343b0b8a0bfe33e1dd2e94e6d2ef5bb6b40b35ec0192a6e805980ad65d0301234cefb8544ba0059aa4a8f758c74c9007907a584941d2465deb192a7ee60b719bf0ba60d89c95181cf13a4d627b613ef9fe3c2f76413bc8c043a9c79440e8ddd2379320a7d2f86009f309a4feab930d0b00c6c08089c837c57214bedd3d02fadf875ea3b8597952fabb08040f936b6f54ee8f03be185049136bf7b74746ddc317faaf6ce05d065c7334a1ad7b9b4503496499219dd0c823aa0ac017068bc62417eb0b94274b7a19873e5fcfc37b1b13de540390aa67fdfbf614f4fb9a26f869f41bf3ca9e52e7859411a96f715ced55e70eef73f0cf624a987579173da81a39686086f6e844c3691541e648272c26a150bccb085a327c61737d37571dc4c61455db33f2117d859500cd90f2d2b58ed58efccc97be02d38ef209c9df2bf805dea92eaa34eb713a909549eb6367b58cf5f9cae20f0d4f6d87c360822bce4e8d3ffdc38de92030545204e4e9ea88a17c04ff87894bfb85404ace83fd9c984d9b5e9a3e8baaa785acaad52702c796a5ebb34929039dad8f4c80124def63db307c8c7405805295ea2042db0cf319fc51c62335e71dfc3f7d650d2c318a2dfbc238781a31b59c9618c188571b30c149019e92298fcaa27a711d4f137ef0ff666884dfbb26444d3233fc84e4461f871d22271258b53dcf1e4edbbc3d8910092779aaaacbc9dcc4c065904e282cccd1bce21f7e6e08452d107fe816345bdea3de76eea40e90fa67137da78fa5e70bd387d2bcda475bd915cf5ac9533b156e1672789d98e1cfdbe71a6f8cb1a000d4899d8dd0018650a2557677ae085157aa154476e3cf2934d56d1a0b834f64f2f569fdbda943f308f87aebb2d73d579ceebf478ba3a051ee40de969c8bdaee777b5663e4dea3ef1496d5ec7acc0a96ee5181ada21787a4048adc3a42a869724c9b51de3c6f768ab135f693d0b2e18684d3885ae42e985ac908c4ce38dd6e0036d588d98fcf4479e0f136255f4f86fa6bda0dff4cfb7d19883382fbf4c3170b1b83ff93d1d7d9cd4b2a0366837c0ff0dbfd67cdfbe63f0d08221e2d25aa4ff0de378ba56c7cf30e64ea799489883b59e843d25c83073669799c6c798b997054942ba21ffa8accf81221a5ce11789da499e3a5f97f3cb1f53a267868b7e05d64e485e07260ce84a7d042cbb67cba25261a171232b7c638610d468b9a39e1c34a389fd1416a18348cf53d2f9f976cf6cc9b49132dc3d2fe1e27fa09f77048d80be78fc174d661319c1e85fee1692a7de4b856a74f68c287d199498246270a62538152b9373a9810518713972ba8ca6bcaf4786aa06b7c6c39189a5527e822b6c56f6e5c29d7e92d20e414034a0f82acf2fdd26ed675ed6982058b99bcd10a24adfd3371b3eb0045a61d25e0114775d665fa7e5e300f5e4cde4d9ebfee87c5571be3f5f9b8931e1c262a04619b9232d7817b0c334ddee49624c40081915511df578aaa8dd3fb1531c6341b17dd96dbacee4494920ba4da45f33d6053d8cb955ce3c42000c821929566330a45c644731de774eeac591d0b994d8395033147cbe251f3ebd3f451363440a73a560a824f161f28dc7e482f0e27c5865c50ac472612ded76ed0e5ea9d195af83dca64c0c384ed79fe013a116f420177059f6e6d1bcb7db841f4341f6a49d774efbff9f42f5cb9fe96962f1b0ac14526f42ea3aef72f5dbf5e752849af6f7532928508fe257952b42eb6e8cd773a1b60c2aba0d5ea71246e533552b418dc7e19da771389dca013ff7fe113ca72a44930f96023b9b0e723014c5c9b9f86e9fe13433190a0684cdcef6b4fdee72c78e52fefd3997901330d5604e6c21c225e7716fb26e0e1dc0b4b3198aad9cf782eb9f9b6160ba1aee6c771442764e37da7911d41c7d654da8538e12bed"]}]}, 0x1608}, {&(0x7f0000001b40)={0x120, 0x41, 0x200, 0x70bd2c, 0x25dfdbfc, "", [@nested={0x110, 0x33, [@typed={0x100, 0x57, @binary="0739e62c2b6125e4cbabc17d6850229b92548170a581441e286872597061089616134343bc1c289342e695ca73acfb58cc561e008af9dab87a9458d0d800474f96b7825694c60fa5c4caa7d28b39fa48ce976f3b8af651d73061e276a38c49fe1358a15fa315cb53ce297b16a29e153bea76c79b219f1deb2f2165b8b61babdbc42b5dc82508ed257bdc9b6becc8170cc00298696b1ab2562ebc4b4b9526c7144c5cfa323ae21c25f431dfc4da5bb086a56303afb7f8ea0689097ea24b95d9151f4bded9c85e817714e045cf7437c22f5cf42fdd2f4e9cacf6692ddae4811acb87caa1eaecca9d4815e009514e72fd6c35deffb98f809d9adaae7522"}, @typed={0xc, 0x40, @u64=0x9}]}]}, 0x120}, {&(0x7f0000001c80)={0x2c8, 0x35, 0x300, 0x70bd26, 0x25dfdbff, "", [@nested={0x248, 0x5, [@generic="0ae535d168bfc5e330997391740b0c49f0d8a271d618070f6e141c13d303dbec22839c3977b875d614a3c6d439a04bb9d5c5aa5fe4b0b5fc8c008b5d40cd113196d0876b6f4bc2085f125f66879516ce7aa42db8fce7d1256d20eb208c6bd4ff1c833a3a119336788681f2941e726a3f2ca9e2eb0133629e0130ad1fa6d30fcd8d4a638415178e748d05be3d7bc340d48a19888860b516087e5f50453ffc820f689a152da26a14bdac2d7038616ecfb7e889e5d57db9cbad93b0b6b9758465ccd0556be4ef136b955be44bd92599705ca9e50b471ffc69bc9ae6468be10191f9a317532e6640b9", @generic="0d86611059d17cbaaabab8bef5ea82548b179631a87d595e239deb37889f86a01b97d2d32e860cd57afb1abfbb4d83df77864557af00ee9b236d6d4feb0416a8fb493f3428c0b8cd4419a2c8da11696824377abae469e13e3804d045b94b129f44ce195df5a4737d6552df1c471bd4b5305ff0816fcf490efdfd90fc2f20bb24a341b4527b79c4e72a0dc64a8d7f461ef12e1f14c441708d8b598e8e7c61b259d10cc2bb9e629bb7c5", @generic="2dc95f04cd5a5f1ae02b03ac7f413e7c61f1ccaabc186a47eaa78a453680196a82217eaec6daa37b2026e5a5d4306ba480e0faf0abe9f358a08bc0013530be4bc4f23abee7fb911d8376e5b264ad92b4d67fdbe6c520533f82090d845d23a29e03e97aeed9ebb6b0ad06c7e5e8849f3ad8c0714cf6750360cef092396874ec5d34f5d465a0d4265270c861bb4a9d955e2be89a58a96c778f14ffe1d8da00440ea303f35b43354e352bab894798075f2bab92132f"]}, @generic="63af476e7e9657b75eb25b2fad488b431d44008aa94ece12a4ff78b54847a56afdcb60a7ec7fd416980c9e35d8387745903f9dfc6021a2c53c20a2220df22bcf6ace9a061bed6f09438a08613db712dad4ec3533232234c5eabc8cdcbe6a54ef75e95ad031647b2910a2ce12b8ca"]}, 0x2c8}, {&(0x7f0000001f80)={0x78, 0x3a, 0x2, 0x70bd28, 0x25dfdbfb, "", [@typed={0x14, 0x88, @ipv6=@loopback}, @generic="f7f8fc63bed2f20e906e3bc563a8bc54de2b2b041dd64feba422b1ff8eb75cb017ea273a598667968fadbb653e6ae76b7128066bf9692d9e45fe1d588857f290d9203fc66e97af19ae6c02699aff1ac6ce"]}, 0x78}, {&(0x7f0000002040)={0x18, 0x3c, 0x200, 0x70bd26, 0x25dfdbfd, "", [@typed={0x8, 0x2a, @pid=r9}]}, 0x18}], 0x5, &(0x7f0000002200)=[@cred={{0x1c, 0x1, 0x2, {r10, r16, r22}}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, r25, r26, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, r27, r28, r29]}}, @rights={{0x18, 0x1, 0x1, [r30, r2]}}, @rights={{0x24, 0x1, 0x1, [r33, r2, r3, r34, r35]}}, @rights={{0x14, 0x1, 0x1, [r36]}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xffffffffffffffff, r86}}}, @cred={{0x1c, 0x1, 0x2, {r1, r92, 0xee01}}}, @cred={{0x1c, 0x1, 0x2, {r94, 0x0, r95}}}], 0x118, 0x8}, 0x880)
sendmsg$nl_netfilter(r3, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
ioctl$sock_netdev_private(r3, 0x89f1, &(0x7f0000000180)="4a283389fb672b1bc60b5c38632e564051fd68804d41d9b00c2559bdcd66765b81e7a86ee195120f8fc84a2273011d3397e2f61de5b966f84037976e1d72397c38196256180c5a4da3a6300262d3eb9ffb9e6bc5")
capget(&(0x7f0000000000)={0x20071026, r1}, &(0x7f0000000080)={0x6, 0x400, 0x72, 0x0, 0x620, 0x400})
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)

[  569.193515] binder: 13248:13270 transaction failed 29189/-22, size 104-24 line 3138
[  569.193532] binder: 13248:13270 ioctl c0306201 20000800 returned -14
[  569.226784] binder: 13285:13288 transaction failed 29189/-22, size 104-24 line 3138
[  569.226801] binder: 13285:13288 ioctl c0306201 20000800 returned -14
[  569.227120] binder: undelivered TRANSACTION_ERROR: 29189
[  569.352375] binder: 13248:13252 ioctl 8904 20000180 returned -22
[  569.387602] binder_alloc: 13298: binder_alloc_buf size 1660752940127748216 failed, no address space
[  569.387918] binder: BINDER_SET_CONTEXT_MGR already set
[  569.387925] binder: 13301:13303 ioctl 4018620d 20000100 returned -16
[  569.388406] binder: 13301:13303 got transaction with invalid parent offset or type
[  569.388430] binder: 13301:13303 transaction failed 29201/-22, size 104-24 line 3454
[  569.388445] binder: 13301:13303 ioctl c0306201 20000800 returned -14
[  569.388589] binder: undelivered TRANSACTION_ERROR: 29201
[  569.391977] binder: 13299:13306 transaction failed 29189/-22, size 104-24 line 3138
[  569.391991] binder: 13299:13306 ioctl c0306201 20000800 returned -14
[  569.392131] binder: undelivered TRANSACTION_ERROR: 29189
[  569.426462] binder: BINDER_SET_CONTEXT_MGR already set
[  569.426471] binder: 13301:13307 ioctl 4018620d 20000100 returned -16
[  569.426598] binder: BINDER_SET_CONTEXT_MGR already set
[  569.426605] binder: 13301:13303 ioctl 40046207 0 returned -16
[  569.562756] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 2097152 (num: 1 largest: 2097152)
[  569.572622] binder: 13298:13302 transaction failed 29201/-28, size 96-1660752940127748120 line 3284
[  569.584721] binder: undelivered TRANSACTION_ERROR: 29201
[  569.590960] binder: BINDER_SET_CONTEXT_MGR already set
[  569.596315] binder: 13298:13311 ioctl 40046207 0 returned -16
[  569.602712] binder: 13298:13311 transaction failed 29189/-22, size 96-1660752940127748120 line 3138
[  569.612382] binder: undelivered TRANSACTION_ERROR: 29189
22:20:04 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
clone(0x3000000a0160101, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000400bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000000000812d6405000000000025040400010000001704000001000a40b7040000000100006a0a00fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00'}, 0x48)
ioctl$sock_netdev_private(r3, 0x89f1, &(0x7f00000001c0)="7db98a90a6ac6f6e12d333705ae2acca03be6d29c6c2439397f3c8")
setsockopt$inet6_tcp_int(r2, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
r4 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000240)=0x7, 0x12)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r4, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r5, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
ioctl$EVIOCGABS3F(r4, 0x8018457f, &(0x7f0000001300)=""/184)
connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c)
setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000040), 0x29)
fcntl$setstatus(r2, 0x4, 0x80000000002c00)
accept(r2, &(0x7f0000000000)=@nfc_llcp, &(0x7f00000000c0)=0x80)
sendmsg$nl_route(r1, 0x0, 0x0)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)
r6 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r6, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
getsockopt$IP6T_SO_GET_ENTRIES(r6, 0x29, 0x41, &(0x7f00000002c0)={'nat\x00', 0x1000, "66eceefffa7b25e440601bc50fe39c1cac50c2eeecc5b1e318f84358f375c17b609969e41660b7003cb2d94b187c009555cba3a9101bf1c3ab83042f64bb87493fb33ded7f88c78bc90d30d23ed8c72cbbde431c224515b9c57f6efb9b0a7d9ecdfb28694cf42126faa7e6167d7c4c37721cf49e34a5dceeaf25118f3da77194f29fb011a5bc8650252cd4198b24a5c16aa3ee040a6a77b99696d687353859c745bbeac1c1a92d0577a0413ad5388bb278c846098c0fd15236926c74137d86e708dd2b73c3584749f558976663d46f528cab0c974c44207cc9da7e8f36a98c9a15d2b1e1271483737a4b8e94a375448dd21ef6c2f185aab4cb474b6647c4745f028b3d2c62159497536d122700b0020c293dd7f2ae55560d231e8f47d2b9450e746be6e0e8ed5b472937bd3af3993bc56c1acb3af7ef0b7fcecf71eaf6d7d6358ac08a84cd3f3017704ef775117f36e3711b98dcd08d36c25f544f6ed4acfc305d6f1998a561f3196281fa68387eb30100e94b52b12e0be4c7b10bdcc80a068e3b3fe91ccea8472f346b32d217a71fc04969ee7cfe02eb755d915cb5ef77a78799bb7dee659968e26987eee74511e832db9ee465b9d126822ca25386fea7ce4a6e28a9b01b305f45be0e48c05072ef0cc56e7a961024898c9b748c5ef78d833dba91a3a8dfa74387f9d82b579743c9ee271e71de106c121c43151bd5516fc619fc0f10ef1b60c82577ee9c3952e8aa771b87acd55b1bf752d64cb5fc897d324ccbeb6074a04764ba32d49fc936fe048bb53ffdf19aac8b38f2810144c9fb453bf65c4c3c45ab27484a61f5b4b984918959954a9d190f8abea4284bdd74e4669dcf601a9358f67177227b1a5e5170c9a981205e065e56440c11a5d9eddef9f9139a6ace61b2682f4896a0fd2358c8a05c5adfe8f937c06bf3b3399a978d9ff05f7386566e04c68eb5828d649b8db7a46266ddd89f347a522e62d78389f2c3b0b62e0407315adaf7212913b9d0024bde406762c6dd55f71e0f6bd09d8568c106e1ac76801f539774afb9708e18829c4fede1a996ad135760da1ecf606090f00a0eaa11e033883e7189bd8450f10ddd213ee143199dfeedb2ffb7e463afb7d8cfb25547fb6f2da365edaa6db219d1f9cfbff8d782acb8c0c32d95b064d573c399195e672025061d2005848116a4ba0d881759ec1f3dc2ef5ff39095c73c782ee4941497c1acb2aea7dd2bb64f4c8e77f18fdaa752c9e8ae039596b2c2ec17977e3d14670046f3b99d6e44cfe0cc871abf662e66a5c551bee8fd18088bf4fa2ffe2a1ce463b63967d7dc42abaeac16c482627a0c6327fb3b88ed0ad2fb38478ae801d27f757d002894b4af5c40bb08a5c4b1a07956b85f66bfbed334ef81db09d91a7f507e95869c27537a9ea2b42d88814f4b9af27e223e0cd24116257e902a23e8a95f97fb467b39ca620cb7a6727823e6ac8e779904aec09e2c110b4e98db278f668bf434cd5e33710d00a4b321a6e59521cfdd0b93b630016237ccaaa654378a519b806253fc48bd06c008fb193cb1c038d0453192183a641b9f566714802785276adb3b9e8b15d7e22ccf192522a6001cc06c1dc8aa017e2ae1b3d9c9c0c3bc7a3a1bf2104d69356a367cf9eb1c22347d12589af37ef28fef4614a9c7cc55b5c27aa3ea717807325e0dbc45798cb857c067827dc5c4267b048d8922907c6151c2959fbb1d6db3ab6824304da8103369213085d3d34534a65988491eb502b95f1b6fdb09218eae565ed158484a7c6534f9684ab555f290db8c153530531ee7f5d6a109f644b0f48e5fa5b2b336348d89c682ffcb7699a99ba2e595aa69222f51eab3bfd274fbd0eab1e6e20d99771b8ef22d68492cec6d9f41ab860d742888910ba1ef30a20866ea71f0504e46f6421933e74994b9b4d7668d672198ec234a5bd21903cd7004a2f8e86b90634435bf09c84008da28508acdbb45db86f1f4d5fc47173099c12d97abebddfa84d39980bb94fde7d4b2d47bfee6cf0befbc8436809c9e385eb81484761106eaceb750e3afa1e2b865dad06c97c8254a34735e21ccee8214342c6da1513254da1799810c3cf8145e886a2103495d2b1048e4274e48d02277798d71b379763a55d0387468e8c6c1342cc7098bc65eeac5527749a682195d1e841d2cced2873ac24bf5d680610139c80432cd9efe605bddfa3d1e365f093c0000f30b4d58f8e2a19d502ed4cfcb406c1f3833b9a41fa068bd1773919bde71c3efe6533fe83de460b395f678d32cfd20116faedaa700976fe0786adfec79cbe3900ff37f3972440d9411100af6ea4ab2077c31a2cf09f3b9293e6cc52594bc74d6385cc198cd60f8fd2dd689f6cb2523c450f12ef9e3b787a1d80b23d157155f3bd0fa9181bfeecb242b6e456f51e2d0cb77f3789f16676eff4eded50a1a7d1d56f0efa84ec3983e6f56195e3d8d5a9fdcde2debcb33e52da3d85d3e877714066fd5d3576d7fda25fc64075ccc5b28bc6af88001a3bf8ae31d9c8e292b6269aba6a5ce3ce9d41a2f3fdf30a067e99bdae44843a8d360105d53c8572742f6a1f5e671e579062291a8860b7187578f8f10d44528b1a7e1410156a00a8df03ea7498eade689187677e9b3397ca78b04292719e1762fcbfe7215b4d27ceb4e7535f465c2633d3a4cb24aa51406f4a56e78975929b98f211f08ef76b74062f5aaa91c26034d1b53b6eb0152a05afab753fd06a1c2a6fb0343546e6d25b6689497bb55c6ccb6dba0ea3306cd971b2457b9a0a919f0a7611ee8e187b84875ca188854af41cf19eb610aa6cab3340de79d4b225746a77bbc64939f1e2f632b16a655bdf4610a76d9d7a82e69003c5818d3845fe8b94350d23d3c8bc9e1819a88f86a9387757f7cf612a9aa589b6d803dcb0d1bce85761165040f1e4ea29d00fd8ee9fdcf0651e995db273a27f7d4d493205655295f07742ed73233da8dad59b9577a06099d45f9a227e136123acb08f254b173d4119739ade7023bca61fce0ffc0e822ad4546b049b606c0be0a8a52deec873e39263260619e9529ad87c34b65fde16f798a6476128703c0a63fa48b102d3617c8545abcf23af41ea918c532f6d92816ecedf4028e38e7a40703639d8a9492b7cdc475a75edc3759147f3876079d229c30b90c6fe1d463f57598c8536cb4633a5c2c7272e9f555c3cf081ff9337c5ac0f890a269138ac58c9c4c06ed22e1cb79814553396fbc8e30d0420c602a6fe8e39ab9b4d5d2912c08b0f450c60ad9da3b5efe68f81b0c7917a9a779428b58482b71bf751f5f299c4d8da5bcfc3d8ae989daae343cb5c9c054deff54135b0b345dc4ff335fe2adb1572f3e950a26157f3671011e479c61b2c554aec8f43355bd5c1a79e0d3238102327ba9919c48e85bc307f688ee83a9c664138662b295d58d7c24ab0bab6783303eafb8f94aa3f58df143beb3161ef3c90516464a327b4fd580a5763be4d568b2ded1e3956dbefa03502fce6424ce8daafc58da804eecffca861c9027b2e1aa8f81fe29852c1c7616b9f659729b9000dd536c2dd92b48165d7f615f798dc69fe15716706319b086796161bb369e6c57de33f9c2036f82b99d203f4efc2eda59f095fe675e30b7e41092fd8b6115f3bb73b3c0f96a1adf922e8a7c2e17545a25b343caddb561e0d67aa071183a3283f3c8bb7df1d1d2a29348deeae5240d135ef72a551b586ce7e06a1d160850069c1f397a38b0d91e0390a806acf17d1559460c0b60c12f06c041708be1908b45d8329f51d518a98e2b32e62bca58e01ec9aae4ed5be85bf5d2eb2bb6dc2c20398299b70acb5d12b3a11dfc968f88b8553eff2adb3fe14f3c862cc3a9913dafe8cbd8a37c3fcdc4942da71db095757eaddad44d6807e22c5f3b733e04ac4ff0895176d43c09c174eb2afde58f445bd0852394c0849310b8ea597e2e26d4bc1b6bc8babd8b70dca359f2d99c654e56bdc5d653fbe6365d608d0314716ae5b4f55a0b11b3041436de66ceda80404c09fa42ea57b1e84c894cd6ce42cd8ab6eea00049afe9834ce9d7e9dd3b97733014824ebc487f650884dff3b46d0cca243d1f94caa28ec86d617b82dcd0c405d6cadd2297c927e96f8977e3f7decc070414ea9821d35db6b3da04ba5e096ce14b57afeb6f75802df69215e71915bbc1d9fe9595e88affc2edb0fcb7010648efb6108b02e734f0e649616738c821546e97add054b7f0c57e8a08d683914388dd237111d26ace0a1f25d16a0c7d886a24a71e630157a03961ef6994c134c8f062afb7fb580d82b483f4020c17e1b7ef294ef771ee79ec99d7cadd43333a2effd39c10a0f1d37a998f6e05496154f52acc33b37a8b52815053c0b7ab4c8dce9a8efa0d67d7059a93b12d9a63fadce593779abfa58b43c7aa1d1526b495ed2bc22fe9307c669f2a07fff3b003886f569cf82e66b2eea69b7b79280bf361ad528e4b19206cf9eeba378d2fcb923366ec62c19037dfd1dd0b7ce7e2d9a35676266848351c6844bed5172894683be491d9a9defa858933df3831fe1fc865b77a62f4a6a6fe0ca8f4e0b555de451ce3976b245ff70616282121ae2996237f6bc87028005f14c2299bc3fc2640b90f97c401cf6a6eafb7e9050a1fdf37cf60963e64b4357d873c2dac3b8e94494b5e66ad5f7fcd8fd0f17ef1c48c80e106b5ae34dd4e7fb2074dafeea4c7d9b81a19ca60fdd790104cf86cc977f7d85c339a760871a6bf41b16054609fea5736ed16e6c0cbd247deeb97b94dd9d79d73a1868df8c275d8d26b44c81f034b3d2ece100d141b5296eb059c45215db577db9609f6620cbceb4eeb2c8941a282b2d68899f7761fbd74000e7b780ba1be4cc30e32610de72dafca8b7aca288ef4c9702fb0719843b01f37d61db2f3a75864126b521920284cdaf27cd4467b5e9d3a82ffbc1a25872d18e4c592d64b83a823b65ac8f9b35b70fa29d529aef2490a1db20d07774995782d1449ade4fcf979af0044746da031e31ac11e9a275f853816714db679acfa258d33121c24b8acfe7b444502606df64f35de1bd2d9b2e2aad6e1493e7dcf884be52c825b04a0b42351e28f9daa0de9dbfb02211e633ad4961ca9c74017ff73964ddda5b3b8f59900d9c0cbaf4aafb12e82ffd944a43b025dcc9f7fb96745e7ecc3d0435abdb4b9db161a71024a3b13efeea68cf670c0baec247c24f85eec8cd8ef9fc9767e0a91f6436982d426c511aeb88267e680139e53ece726080e46a05ec76e6f16bd91d3ac09ef25c49e9d5b729950b43dbcdcfaa64c1415f3c170bd217a41a56a7be1f7d7c6457661696cb4d2463851bf80918310d7ef498d2ee6161d013209a607b96e30ecf755647d9db1ddae497d8e6bba13210e183c2905474a0fdda04a51795f918357ded70431dca0a1cc8b40bb11046e01dcc061299acb9155473cf444f4fa600b41f961b407eef789abfaefabf7c89cda630af12662abdd534aaaba0b246d59b3ceeb0a5e7f7cb3a813d41ad360f4832e4a251f325caa2e7ebd52f0573668c7823ed2552dee4493669eca1df349617c939331343c624813a4ff3b9ff8bfe8b7934858179b00cf934c19a1001dd71ef4e92c317f6995f298588ca41920335aea3bc78e6db301d1bb793132b23836c1dd11dad8ff32d8baeff15e9eecf95e19927282e31e0c56ce2ca86f656d2eac1d64a9ae4edf6dd7892929d355b4c9ca224fd0d3e621aa9a1613c5e88cacd3cf96ad37a11ca8c7fdc14dd11584662f8112127734796a55492e93"}, &(0x7f0000000200)=0x1024)

22:20:04 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r1, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f00000000c0)=0x5, 0x4)
r2 = syz_open_dev$binder(0x0, 0x0, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\b\x00\x00\x00\x00\x00']], 0x1ca, 0x0, 0x0})

22:20:04 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x181000, 0x0)
timerfd_gettime(r1, &(0x7f0000000080))
pidfd_send_signal(r0, 0x2d, 0x0, 0x0)

22:20:04 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
r2 = gettid()
ptrace$setopts(0x4206, r2, 0x0, 0x0)
tkill(r2, 0x3b)
ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r2, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={<r3=>r2, 0xffffffffffffffff, 0x0, 0xd, &(0x7f0000000200)='/dev/binder#\x00'}, 0x30)
get_robust_list(r3, &(0x7f0000000300)=&(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)}, &(0x7f0000000340)=0x18)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
r4 = accept4$unix(0xffffffffffffffff, 0x0, &(0x7f0000000080), 0x800)
getsockopt$SO_TIMESTAMP(r4, 0x1, 0x1c, &(0x7f0000000180), &(0x7f00000001c0)=0x4)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0xffffffffffffffa7, 0x0, &(0x7f0000000600)=[@reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={@fda={0x66646185, 0x1, 0x2, 0x3c}, @flat=@weak_binder={0x77622a85, 0x0, 0x1}, @fda={0x66646185, 0x8, 0x0, 0x34}}, &(0x7f0000000140)}}], 0x0, 0x0, 0x0})

22:20:04 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})
r2 = epoll_create1(0x0)
r3 = epoll_create1(0x0)
r4 = epoll_create1(0x0)
r5 = epoll_create1(0x0)
r6 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r6, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r6, &(0x7f0000000200))
epoll_pwait(r5, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r7 = dup3(r6, r5, 0x0)
ioctl$BLKIOOPT(r7, 0x1279, &(0x7f0000000700))
setsockopt$inet_tcp_int(r7, 0x6, 0x6, &(0x7f0000000080)=0x8, 0x4)
r8 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r8, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r8, &(0x7f0000000200))
epoll_pwait(r3, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r9 = dup3(r8, r3, 0x0)
ioctl$BLKIOOPT(r9, 0x1279, &(0x7f0000000700))
r10 = openat$cgroup_subtree(r9, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0)
tee(r10, r0, 0x7f3, 0x2)

22:20:04 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r4 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r4, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
r5 = openat$cgroup_ro(r4, &(0x7f0000000000)='cpuset.memory_pressure\x00', 0x0, 0x0)
ioctl$RTC_RD_TIME(r5, 0x80247009, &(0x7f0000000040))
dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)
pkey_alloc(0x0, 0x2)

22:20:04 executing program 3:
r0 = syz_open_dev$binder(0x0, 0x0, 0x0)
pipe2(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x40400)
ioctl$PPPIOCATTACH(r1, 0x4004743d, &(0x7f0000000240)=0x4)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r2 = epoll_create1(0x0)
r3 = epoll_create1(0x0)
r4 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r4, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000200))
epoll_pwait(r3, &(0x7f0000000140)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r5 = dup3(r4, r3, 0x0)
ioctl$BLKIOOPT(r5, 0x1279, &(0x7f0000000700))
getsockopt$inet_tcp_int(r5, 0x6, 0x6, &(0x7f0000000000), &(0x7f0000000040)=0x4)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000800)={0xf, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})
ioctl$PPPIOCSNPMODE(0xffffffffffffffff, 0x4008744b, &(0x7f0000000280)={0x1aa396ab11657061, 0x3})

22:20:04 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x20000, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)

[  569.967226] binder: 13319:13322 transaction failed 29189/-22, size 104-24 line 3138
[  569.976856] audit: type=1400 audit(1569277204.617:37): avc:  denied  { prog_run } for  pid=13329 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1
22:20:04 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
r2 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
fcntl$dupfd(r2, 0x518065301228f3d5, r1)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r2, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r3, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r1, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, r3, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, &(0x7f0000000140)="67df948defb13895de12be868d750300", 0xfffffffffffffd0f)

22:20:04 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, &(0x7f0000000180)={0x1, 0x20}, 0x0)

22:20:04 executing program 4:
r0 = epoll_create1(0x0)
r1 = epoll_create1(0x0)
r2 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r2, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000200))
epoll_pwait(r1, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r3 = dup3(r2, r1, 0x0)
ioctl$BLKIOOPT(r3, 0x1279, &(0x7f0000000700))
getsockopt$inet_mreq(r3, 0x0, 0x79, &(0x7f0000000000)={@loopback, @broadcast}, &(0x7f0000000080)=0x8)
r4 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r4, 0x0, &(0x7f0000000100), 0x0)

22:20:04 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r1, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f00000000c0)=0x5, 0x4)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\b\x00\x00\x00\x00\x00']], 0x1ca, 0x0, 0x0})

[  569.987614] binder: 13321:13325 got transaction with invalid data ptr
[  569.987642] binder: 13321:13325 transaction failed 29201/-14, size 96-24 line 3316
[  570.034216] binder: 13319:13322 ioctl c0306201 20000800 returned -14
[  570.050938] binder: undelivered TRANSACTION_ERROR: 29189
22:20:04 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)
r1 = accept$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @broadcast}, &(0x7f0000000080)=0x10)
setsockopt$inet_mreqsrc(r1, 0x0, 0x28, &(0x7f00000000c0)={@local, @empty, @local}, 0xc)

22:20:04 executing program 5:
ioctl$CREATE_COUNTERS(0xffffffffffffffff, 0xc0181b01, &(0x7f0000000080)={0x6, 0xf, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x800, 0x0, 0x4, 0x0, 0x0, 0x0, 0xd})
syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x5916, 0x10000)
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/se|f\x00', 0x44000, 0x0)
geteuid()
pidfd_send_signal(r0, 0x0, 0x0, 0x0)

22:20:04 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r1, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f00000000c0)=0x5, 0x4)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\b\x00\x00\x00\x00\x00']], 0x1ca, 0x0, 0x0})

22:20:04 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0xa000, 0x0)
ioctl$TCGETA(r1, 0x5405, &(0x7f0000000080))
pidfd_send_signal(r0, 0x0, 0x0, 0x0)
r2 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
r4 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r4, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
write$P9_RWRITE(r4, &(0x7f0000000100)={0xb, 0x77, 0x1, 0x7}, 0xb)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r2, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r3, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r5, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r6 = accept$inet(0xffffffffffffffff, 0x0, &(0x7f0000000140))
sendfile(r5, r6, &(0x7f0000000180), 0x1)
write$P9_RUNLINKAT(r2, &(0x7f00000000c0)={0x7, 0x4d, 0x1}, 0x7)

[  570.085366] binder: 13355:13358 transaction failed 29189/-22, size 104-24 line 3138
[  570.093859] binder: 13355:13358 ioctl c0306201 20000800 returned -14
[  570.101245] binder: undelivered TRANSACTION_ERROR: 29189
[  570.131209] binder: 13367:13370 transaction failed 29189/-22, size 104-24 line 3138
[  570.139304] binder: 13367:13370 ioctl c0306201 20000800 returned -14
[  570.150492] binder: undelivered TRANSACTION_ERROR: 29189
22:20:05 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
setxattr$security_capability(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='security.capability\x00', &(0x7f0000000140)=@v1={0x1000000, [{0x1c}]}, 0xc, 0x6)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
r2 = epoll_create1(0x0)
r3 = epoll_create1(0x0)
r4 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r4, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000200))
epoll_pwait(r3, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r5 = dup3(r4, r3, 0x0)
ioctl$BLKIOOPT(r5, 0x1279, &(0x7f0000000700))
setsockopt$inet6_MRT6_ADD_MFC_PROXY(r5, 0x29, 0xd2, &(0x7f0000000180)={{0xa, 0x4e21, 0x401, @rand_addr="d58a97f83ed56f05dd965d581df2c92e", 0x6}, {0xa, 0x4e21, 0x659, @mcast2, 0x1f}, 0x7, [0x8a, 0x7fff, 0x2, 0x59, 0x4c8, 0x6, 0x2, 0x9967]}, 0x5c)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0063b7adf41f7ea822e4a340400000000000000000000000000000000000000000000000000000000085e8259dd5191110cd000000600000000000000018000000000000002a370cf40fba00dce9e886b7da9b"], 0x0, 0x0, 0x0})

[  570.768864] binder: undelivered TRANSACTION_ERROR: 29201
[  570.774523] binder: BINDER_SET_CONTEXT_MGR already set
[  570.779979] binder: 13321:13378 ioctl 40046207 0 returned -16
[  570.786258] binder: 13321:13378 transaction failed 29189/-22, size 96-24 line 3138
[  570.795830] binder: undelivered TRANSACTION_ERROR: 29189
[  570.863527] binder: 13382:13386 unknown command -1380490496
[  570.869335] binder: 13382:13386 ioctl c0306201 20000800 returned -22
[  571.614430] binder: BINDER_SET_CONTEXT_MGR already set
[  571.619953] binder: 13382:13386 ioctl 40046207 0 returned -16
22:20:07 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=@random={'user.', '\x00'}, &(0x7f0000000140)=""/4096, 0x1000)
tkill(r0, 0x10000000001c)

22:20:07 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r1, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f00000000c0)=0x5, 0x4)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\b\x00\x00\x00\x00\x00']], 0x1ca, 0x0, 0x0})

22:20:07 executing program 5:
openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
r0 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r0, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r1, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
pidfd_send_signal(r0, 0x9, 0x0, 0x0)

22:20:07 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

22:20:07 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/pc/self\x00', 0x6b601, 0x0)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)

22:20:07 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
r2 = socket$inet6(0xa, 0x80003, 0x4)
getsockopt$inet6_int(r2, 0x3a, 0x0, 0x0, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="f25849a0139840519f60e48201000067ee00d666400000000000000000000000000000e9ff00000000000000000000000000000000604000000000000018000000002a37"], 0x0, 0x0, 0x0})

22:20:07 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x400)
r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x118)
ioctl$BINDER_GET_NODE_INFO_FOR_REF(r1, 0xc018620c, &(0x7f0000000180)={0x3})
fcntl$addseals(r0, 0x409, 0x2)
r2 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
r3 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/hash_stats\x00', 0x0, 0x0)
ioctl$TIOCEXCL(r3, 0x540c)
pidfd_send_signal(r2, 0xb, &(0x7f0000000100)={0xe}, 0x0)
fsetxattr(0xffffffffffffffff, &(0x7f00000001c0)=@known='trusted.overlay.impure\x00', &(0x7f0000000200)='vmnet1]\x00', 0x8, 0x7a51b5132906b4cc)

22:20:07 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/p\x8foc/\\mlb\x00', 0x0, 0x0)
fcntl$addseals(r0, 0x409, 0x2)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)

22:20:07 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r1, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r2 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\b\x00\x00\x00\x00\x00']], 0x1ca, 0x0, 0x0})

22:20:07 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000140)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10', 0x0, 0x2)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
r2 = epoll_create1(0x0)
r3 = epoll_create1(0x0)
r4 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f00000000c0)={0x20000001})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r5, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
recvmmsg(r5, &(0x7f0000000f40)=[{{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000000)=""/63, 0x3f}, {&(0x7f00000001c0)=""/1, 0x1}, {&(0x7f0000000240)=""/97, 0x61}, {&(0x7f00000002c0)=""/101, 0x65}, {&(0x7f0000000340)=""/217, 0xd9}, {&(0x7f0000000440)=""/150, 0x96}, {&(0x7f0000000500)=""/235, 0xeb}, {&(0x7f0000000600)=""/83, 0x53}, {&(0x7f0000000680)=""/82, 0x52}], 0x9}, 0x9}, {{&(0x7f0000000840)=@pppol2tp={0x18, 0x1, {0x0, <r6=>0xffffffffffffffff}}, 0x80, &(0x7f0000000d80)=[{&(0x7f00000008c0)=""/113, 0x71}, {&(0x7f0000000940)=""/155, 0x9b}, {&(0x7f00000007c0)=""/35, 0x23}, {&(0x7f0000000a00)=""/108, 0x6c}, {&(0x7f0000000a80)=""/32, 0x20}, {&(0x7f0000000ac0)=""/234, 0xea}, {&(0x7f0000000bc0)=""/23, 0x17}, {&(0x7f0000000c00)=""/108, 0x6c}, {&(0x7f0000000c80)=""/38, 0x26}, {&(0x7f0000000cc0)=""/192, 0xc0}], 0xa, &(0x7f0000000e40)=""/196, 0xc4}, 0x1f}], 0x2, 0xa1f5623e196bc6c7, &(0x7f0000000fc0))
r7 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r8 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r7, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r8, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$TIPC_CMD_GET_BEARER_NAMES(r6, &(0x7f00000010c0)={&(0x7f0000001000)={0x10, 0x0, 0x0, 0x40080002}, 0xc, &(0x7f0000001080)={&(0x7f0000001040)={0x1c, r8, 0x2c5946898baacc60, 0x70bd28, 0x25dfdbfb, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x40)
r9 = epoll_create1(0x0)
r10 = epoll_create1(0x0)
r11 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r10, 0x1, r9, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r11, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r11, &(0x7f0000000200))
epoll_pwait(r9, &(0x7f0000000040)=[{}, {}, {}], 0x3, 0x0, &(0x7f0000000080)={0x3f}, 0x8)
timerfd_settime(r4, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000200))
epoll_pwait(r3, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r12 = dup3(r4, r3, 0x0)
mmap$binder(&(0x7f0000efa000/0x2000)=nil, 0x2000, 0x1, 0x11, r12, 0x2)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})

[  572.987396] binder: 13396:13402 transaction failed 29189/-22, size 104-24 line 3138
[  572.998481] binder: 13394:13404 transaction failed 29189/-22, size 104-24 line 3138
22:20:07 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\b\x00\x00\x00\x00\x00']], 0x1ca, 0x0, 0x0})

22:20:07 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)
r1 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r1, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r2, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r3, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r3)

[  572.998497] binder: 13394:13404 ioctl c0306201 20000800 returned -14
[  572.998633] binder: undelivered TRANSACTION_ERROR: 29189
[  572.999274] binder: 13397:13403 unknown command -1605805838
[  572.999281] binder: 13397:13403 ioctl c0306201 20000800 returned -22
[  573.017043] binder: BINDER_SET_CONTEXT_MGR already set
[  573.017051] binder: 13397:13412 ioctl 40046207 0 returned -16
[  573.017800] binder: 13397:13412 unknown command -1605805838
[  573.017809] binder: 13397:13412 ioctl c0306201 20000800 returned -22
[  573.051053] binder: 13416:13421 got transaction with invalid parent offset or type
[  573.051080] binder: 13416:13421 transaction failed 29201/-22, size 104-24 line 3454
[  573.051096] binder: 13416:13421 ioctl c0306201 20000800 returned -14
[  573.051245] binder: undelivered TRANSACTION_ERROR: 29201
[  573.092847] binder: 13430:13434 got transaction with invalid parent offset or type
[  573.092872] binder: 13430:13434 transaction failed 29201/-22, size 104-24 line 3454
[  573.092886] binder: 13430:13434 ioctl c0306201 20000800 returned -14
[  573.093177] binder: undelivered TRANSACTION_ERROR: 29201
[  573.195387] binder: 13396:13402 ioctl c0306201 20000800 returned -14
[  573.203573] binder: undelivered TRANSACTION_ERROR: 29189
22:20:10 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r4, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r4, &(0x7f0000000000)={0x20})
dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

22:20:10 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
mlockall(0x5)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)

22:20:10 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\b\x00\x00\x00\x00\x00']], 0x1ca, 0x0, 0x0})

22:20:10 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r1, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r1, 0x10e, 0x5, &(0x7f0000000040)=0x1, 0x4)
r2 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder={0x77622a85, 0x1, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0})

22:20:10 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = gettid()
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x3b)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r1, 0x0, 0x0)
sched_getattr(r1, &(0x7f0000000040)={0x30}, 0x30, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})

22:20:10 executing program 4:
r0 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r0, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000001500)={&(0x7f0000001480)=[{0x2, 0x4800, 0x22, &(0x7f00000001c0)="6eb0b8a3bad9e4076df8de9282993b2bf32efe59102b94062abba31937c2a42c49fc"}, {0x0, 0x8000, 0xa7, &(0x7f0000000200)="ee4c28485277291b874a82e41c6efca6ae8df7dc394eb6545e50c8186443ebd383d1796c8f36f990ce94825fe59072eaee43625d5a30072aec1a21ecc5e39f2a91b6b97667ebafa5daf31a954e521aa5ce7f1d1ec3047c6f7199769a1ffca40ff44fd25ec3efd3fd70a5e628a1930dcada0736f2ae9c3718b9370a15dd9e75ebdf07869b1599bc803d9b3c019a62474a29fc60e6a009976454dcd33451905cd672129fdace036e"}, {0x5, 0x4000, 0x97, &(0x7f00000002c0)="1fae6f6c3212b41fd0c135217687e8e6fec492b8a9a4aa51e32d17c2206468df5082862e00fafec90178f936fa4e24f0967208a73ed76524485278bd3b7f9d955fa6f06a38cef4524b73bcc7755369df8715614858c303461b38a8490a0909a1c24aaefd976d7db30fe3eabd9df4c37375ff6df982dba9264d4aa39522577fdbcf8d0842f03938aa05c67b4d30ff8872e5d9073295980b"}, {0x7, 0x200, 0x1000, &(0x7f0000000380)="86d77139c75fac366a1b0d94f802c112b76e80a5f3d75212190b77e18a693c44fdda41ab3e83079f5f873bc10583d66e780100eebc5be02f4892d741cffb1b4cb59ca530201da98efed0b136d15e8bcdc874dd75db536c276497ec537e7f56534aac3a537da1542d2c11eb7eeaca4b5feb81662a9c62a360d759e86a7cb100dad5741dae7fd99ef7feec0e55102abd0e39ac1d5aab9ee39fc630695a71b5ec7d427eb6c132d8c6b4288c67ff46f7c5bbbec0d794fc2dbddbe5a741ea34e276bd15e76f2c2033cc48f669b14af6b894e5e9d7efd37ea9dba438e00ba47b172fd95100f0d487b9cfe4dec116867d35e0b89c481af5dcc43c88207a7afb0614b292066b31567affd44e30ed5e0c3ff5c74137a25ebbbbab7c1a3310c99a8cd53c10c80bcdd16e0b3c96feed8e495bf6f9723e8ea8d52e9e68981249757f2462de0675a2ed1b10a921c4cf72238efb456207fb5b76994bb66cfca9a39f3154ef21904a38e677eb767368cc738c3b26dd424527471ce039a643e83af7ebf2b4dd78e797043a9e34b23f42d5c238f0f118c79a9656b2b9ea8074013e49160bb6f7cac7a69e01f92de0f073fb9da37bfa4b84f0eb409ffaddbe173a7e8426fe1ff46732eed075f664bd62df516d8f27e9f8742e67ba92c10f4d4a8f685bd2909a793ec2e5e4d5b9d4f7a3129f8704fc3aed20d7172866141dd9318d1f5d5eabe523264af16b3d6d41508003fe74e459821c76fbeaca6f7871b2a71d593af700ce8aa3c4d8a52011cb9f9539b827d33c0f8b423593a4b4f31eb9aed2b8566c6a18e8ff3b6278c653daf41ab6c811d2e865fd6a109b0dae6a643e3367349089d003c554e9de6d943df9f7edd617b63898341601d8fecbddd94e3e898c73435516a56221401f68f35b634145a26f76b9f1768b4bf1e998f2f7f915e187d4ad0407eb0d647c363c86d2d6940f72d1f080e76942c4923b8313dd4d9a08550be7f022fb509fce9d26931d9c31eb444b6a0211c96b5452b454fb1258081e3a383ad80cd8e9d34aa38468119bad44497c76b1e2ba5888786f033f8158b796694308e276b2276a6255ceea98ede38e5a19875da5a2abdfe40bc8ff399aff2b66aa3f5e193bf9da8be35af78fac3efb9e870a84eeb863708d9cc8789ebba744ce19c3cb4e543f64933684783cacee9e8c93cedcea9ff8a19c847d6ea218167d3a31420dd9fc178f717ccd642869398c6355939cc9c5cb078c8c3d2850e9751220e6e050c56d7026cae4cc9c4ce48bd48879028cb10d9fd560cec83d21f9ccd958ece5f5dd545492c193d7b403a01bd9b1faf83b004d4d1460d8acd5d1894390b8167121d4d78bd20fcb21faff53c002d4c8972317ff3d95c715b906cdc3df19263b375cb7ee4153ec57eff32fc4984af3fc702aca259f8469a1553e53910faf8392938268d9851f2e1670fd6c62482b9106e684dcc1361856a3f4c8c757041d0cde40867d9a0adecdb580be63f7fcde7dd43a674712b0284145751c06dcf6cd63f9599a1f68f725567172814c955eb9e3551dbf063c74167cbb9d989516de7bbdeaf27ac20ec5439307c1eaaff399197caf159c8ff572137a3ceb46d6db1156e59d4c936b546890e031ac4ff3f07faeca48ba1d6051afa6ba6e99bfbb05925d8cdee66ca59a0dda37d8941c18151483a169bece5bdbbf642ecf42411941d3820e4184c83ec5a137f3cd6deacfc9761aa76e4f0956ead864d1dba8fb493edd4c76181eaec879217eb52f08156a0f0982899cf528d3433a323c854ae6ed45a6201fa1017815d7891cbba6282815e7a0828074127becaa9e185bb22a4e4a076a9d3678f7097f2c6104b57c361164f942496876e1524fe8ee5c9222b092166c153616b7ac473f31e5fbcbc6ae86b7b4214049daab3b5577f06f9559b0f4da042cc8fdec3793722da6d76c4aa5368679a438954547981d6eeda94e5b06fb84ae1e00c4bc0d2ed789cffef6d5337bf214d6afdeef223a4ccfc4f62ca8a94a0a9a344dc78e1309719fb542dc3ee7d66caaa31ff15bbbd00c9e3ca95fb44637342e934fb4e47698ca736b30e1fc346bab52cd37d7a1de4e8e09cd2ec330f6bdd444dc970187bf1477c611a2499d77f5dfd41265c678a5d0bc674f814c7d6d2a0e37e8616f6f92d27c27d5fcc614394d87081f571a17dc01c563eceaf4687cfab158775998f196e652777caee37cac2aa20b0a3e66ce9c0f08bdc2281a6f8304d544136985a0d39841903cdbb38115e057aeb7093387e2776cdfb54e9d21040118c763a5d2dc5c1315da961f8606561d56222fbdcfe3701455a846fc7a61136d8d8a96b017d6cbc432274cbb5fcf1a6af3818c9cd4ff23554088b110436bf13a57e9e23aa9378a41a343f51a679f2af5e0695417a3e54e1945e5b632fe7ad77dec4b266109e4d57eded1e1cfb0219ff62ace480ffeca80068d3d86e66ccc420a46bca9b3d524354aa2f799ad5f6f80eaae53f2a7dfbba52065266dcc11e25d33fa72329e44ace54a6bc942865ae09a853f23bb8aca2e3dedae3b8c03cb0855528e5b8a2e989edf1ac7679be0b861524bc427721fc8e8fbecd12adc4d898c77f5687f588056857c6588293b77582384ed13dec79c057ac8a6db7bc37960fe680225fdced6aa35fff74ff6fc71f5c54919e8b949e419e55749bdb4f2f1d1b054a124c0c06536c7ecf040b7adfc79b1737866d0d4ff27f8281aad2084dfde0f6231d708b7a3548146638625847dd6f1f2a8ef79292b155573dfb893b38a74189304fa0c325203db79c047ecbd227da4b05df69084bba6507cf3eccc7b302ab71d23a449ce0dcb0bf8588f5c3b7dbb9f47351f1d6c87a3f75f811967edc65609ba8b85e2a1ba35f2c516c01b694a0bf9b8c9dd9e9124faff7df1e9a772a23ba118ceb3d3726f6e41c60861196c6dff007300a55c9362d076ed6e2495955e11ae1f278fa1be73a788fd72b2e2cd25ea018157ca7ae41ef9fb5639cdd8aa87f5c54d9324fb3f360c984d45cdb177898d9a4bef0b4554e9ed8637c45b3be0f0d971c0fa726012e2d6afccaac03a62d66e7ddbf6ac2ffe2734d2d6f5ad02dfc86cfcb548bd7939599ffa9169aae9fc3860f3efb9e08e12eb2a36f9b3423c74219edbf30a6f531ffc08726889b94fb33990cb35e92729ca023574efcf698de9378490113ee88c419c927215ae1a3988daff452210a431e6a30cee6039e0416d7fe9acd99f1f015715be2d3902c50e82546580ff9bf5d9f945a0830c0bfc764e68c4e276a51503009a08d07e5cc3ca7623c3da97439dfce2703aef475346e8ffd93a420ababc4e0f688605c09065be42f5ce9198cd7a82489d2f4ca8629820aedf0847347bc9fc1928cbdf46c102105e05688f4a8db6e0860a644986fb815ab44392e2ecd94b9673ed88cda1ff2bf61c98522cbc8422e57fdacad19b9dd59d88ec62e673437504af55acb0385f1ee97937ebf1e9c82784163fd367a16de56d625c36c9f615b7af64bc212a2e48a93eae69e7e8f5dcc3b93738e160bb263dac4184eae56c5aa9e78e00ca22653086168a62e8f708780ebd8b6995ba8cc2cf9e1866ea6276f9195cd53a255351e75e64be4471db55c919492d6c6a320df2967898f66df985f9a8272cfd201a4454f7b999cb0c75406c3699bfa7eb84c36a293efba1dae1fe3c8c6c09ae7b3247d7b08265bb7982782ad728d6b360e587daf7528598fe891c1eb01b3c7e90f563687e026abad8c111121a5a20132849d12f6875b29aa6805dfe60294ff54b2a52e715edc7b44306e39235def84364753bc694c1552d4772534b25e0592763c7444e80a3c372ede33e3dbe5a23a95002ea0537c9706efc39840ec466ba22d721ad6f1e5df7eff781b8015a0b98514358ee8983892f87daa8e2673cd69b0ee8ad0a7c61a082b002c5db1989a80ec3d3a017123265def65e9d40c6f148162b64262437accbd6795ad91c56872b4800711e069424d3865d2064e6c51c384535ded3bbc74249b229c1a3e2ad22722a617210e9ade2e0f11d5c1eb329f9773651190132dda4b219fbe6fcf1a36d720f169cdc6b27181e014f675321972b2f3e94e199e84ce87aa7eb19fd2411f7a960dd029d0060dfcd6a2e9d4f6627161bf528e3a6a694fade9876753dc3fbfb43998ae4937e98cf15c702f64ec0a0e045477f492405a085d6b623bedf40cdcd6e7e88730b2add6e2f82cbba225f073ad882ef8897c3ed1596ced9fe47c73bee4b701f6b5d1c2ec9d3a089d2e35b0497cef9201fe5581a80a02282b3962d054cbcb166df844adf19e98ce5977609511e39fdbb730b0036fbac9dcae74866674a0787ea92059309a50e280c4250efd305ebe8692a9f66afd3d23c6e451540aa7e5371269699faf87483ce9c0e2efe8c95b172f484d7406fc46c43d9156596c1e685e1cb0ca6c3027cbc18035d5cf50aff43ad3569eec4ca8cd762722abd1c3be0599ba9c7ee8b7ec5817014e49ff6cc3923a781f746f1f819789877a4ddbc9cc0d5c2e1ada711cfd3f58073577379506704f115bc2b6b2e1a35d040846e7898c9b6f8a765d0fefdf30a6fb5addbfdf0e90aec0f7dd673a9dfd9e95b8ccc357a625aecab3859c72b62c831755a5c4628643e40bc4abe45321c9187e48fb57690e290115d965babecdcd5cd69f506e253e6a5e3142d24d3cb82dc5c7ac8d5b4c8ab42e34ebd5e1037006c1b9a046c562bcd05295f0b4074b2669cfe1f8dfb5249de9d3d2cc11929ea39035a1716287c7d8019625ad4a0165b99f734d162e9488734a47445959cea73d5a263a177552b8809fdb045f130dd70cd523573dd79b27d3647431e536f82e99e133482d711823874258e7a7c82b5cdc777aa32b7c64c183e63851a92e0f4d3d90b96f4955707b514f727dce2e084b581edf0666f4917e7c3761a8df12853834c1c843893a606a4c7074bda414d1de7779af589b2d1ecf59a4ae7eeac7e3652764a0886aaf3f34b955883cf52deeec10afb3fa6b21e57416bfec8244fc8571448e3937d32505656d6290f5a819bfb30c393f98c4935d4afc1642e571f580142fa05a8169d27ddeea02e316be5814b26cece4619e2cba845763e2495bd286e3e850726d103e8ffea17d8be5d111a34a98a5b860dae432dc93a318042de1f802f4426dccb476c3b67c1315fe85095d3e61f726d4ae9debc758f91e7434a853a827ff65f77c4cc4cb8681fb16dbeba1f56bbdb817a9718bb008ce54c2514777b29519614b961b553e1cab0580af1d250b83f1ce4ab5a2c18ed3bf5c23382a5e200729af04ec36554162a70ac847cb6f3df5baf8faff5afe1e6fd62b112c8cdcbe268e7afda28a99e261942ccdf359e7650cb0ec1ac64668fb4215839307763aec1b78a6e971a2c6ebe465c13854fbaf6724a182417ecabe81f0dcfd1752b8098ee3b3348a6674726bebaae74ac2d9301e01be36035e3d2a140488cd96ac5acadadefff44a07528f30d83b7fb6e53025b8bcf0cecb6877979e27a293554b8bd06107f58c47b149096136f1e45ad66b1ea020ca0a0a4a1fb34e6a9a4801d4661cdd3533b0d71b7400a8a7bb9f0f383bf38a11f7d15ed7216162b55a64b7387e7a5595915f297a214963c1aee3f20c52ad21420866776a3a93d87853ef6eda7dc46255ba3be5c0185b422eaec3ab3645f16b053a70dcec876e28b5e6d8e00f3ff9f91f38f3267c077e7550c8cdd2e957e9b935a131a67a174c2dc899f5c5ebf29714f5b610356036b1ca4ab48341b10fb1930aea8f1dee0"}, {0x7f, 0x1200, 0xf2, &(0x7f0000001380)="50af2759a912c248680f8931bcfa78543cc008a19d212a64e6772a236a0b28d61e3798cc5c2b49b46eb7a92ea5f6bfcc6a5e0b4cdb4a37ab17a36f628a1f07ddcf500c8a84b7f0b4eec9a378e40db1e94057789e75650667f3e408b4b73ecc7fe9d414db10669e91889ba29954ef3d608581c9a04ead1bf2fdbda9464e18d672012e0314035d8dbb9130b4df23a1dad0ded16d9a301e3f455a163afd51afe3de10ffb9e52647827ac26598c8eda73abefb43b3d22f85399fe295a6b21ed19b142e4baa0fdb4cba13555b6c740aca7f7c78733b59b1f1a510a8ec296ecc7b1df4568c8de2aa4e3110e1b16b400d5d831c5858"}], 0x5})
r1 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/avc/hash_stats\x00', 0x0, 0x0)
setsockopt$IP_VS_SO_SET_ZERO(0xffffffffffffffff, 0x0, 0x48f, &(0x7f0000000000)={0x8, @empty, 0x4e20, 0x0, 'dh\x00', 0x32, 0xa5dd, 0x4f}, 0x2c)
r2 = syz_open_dev$mice(&(0x7f00000000c0)='/dev/input/mice\x00', 0x0, 0x40)
write$RDMA_USER_CM_CMD_MIGRATE_ID(r1, &(0x7f0000000180)={0x12, 0x10, 0xfa00, {&(0x7f0000000080), 0xffffffffffffffff, r2}}, 0x18)
pidfd_send_signal(0xffffffffffffffff, 0x0, &(0x7f0000000100), 0x0)

22:20:10 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r1, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
recvmsg(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000040)=""/211, 0xd3}, {&(0x7f00000001c0)=""/202, 0xca}, {&(0x7f0000000140)=""/29, 0x1d}], 0x3, &(0x7f0000000300)=""/229, 0xe5}, 0x20)
r2 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000f2ffffff000000000000000000000060000000000000001800000000a95ee6f5f929f515ba"], 0x0, 0x0, 0x0})

22:20:10 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
r2 = epoll_create1(0x0)
r3 = epoll_create1(0x0)
r4 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r4, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000200))
epoll_pwait(r3, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r5, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r6, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r7 = dup3(r4, r6, 0x0)
ioctl$BLKIOOPT(r7, 0x1279, &(0x7f0000000700))
ioctl$TUNGETIFF(r7, 0x800454d2, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x38c, 0x0, &(0x7f0000000600), 0x0, 0x0, 0x0})

[  575.999553] binder: 13453:13456 got transaction with invalid parent offset or type
[  576.007286] binder: 13449:13460 got transaction with out-of-order buffer fixup
[  576.007328] binder: 13449:13460 transaction failed 29201/-22, size 96-24 line 3467
22:20:10 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000005000/0x4000)=nil, 0x4000, 0x0, 0x20010, r2, 0x8000000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x2})
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r3, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r4, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r5 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r5, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
setsockopt$packet_int(r5, 0x107, 0x18, &(0x7f00000000c0)=0x2, 0x4)
openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/avc/cache_stats\x00', 0x0, 0x0)
r6 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r6, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})

22:20:10 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)
r1 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/cache_threshold\x00', 0x2, 0x0)
r2 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0)='nbd\x00')
sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4aa12}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x38, r2, 0x200, 0x70bd2c, 0x25dfdbfc, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x40}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0xa7}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x5}]}, 0x38}, 0x1, 0x0, 0x0, 0x48890}, 0x8000)

22:20:10 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x2, &(0x7f0000000080)={0x400043}, 0x0)

[  576.007492] binder: undelivered TRANSACTION_ERROR: 29201
[  576.044934] binder: 13466:13470 transaction failed 29201/-28, size 96--1846852979710230504 line 3284
[  576.045065] binder: undelivered TRANSACTION_ERROR: 29201
22:20:10 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_PEER_REMOVE(r1, &(0x7f0000000400)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xc01000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000080)={0x310, 0x0, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@TIPC_NLA_MON={0x2c, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfff}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffffff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3f}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x8}]}, @TIPC_NLA_MON={0x1c, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x637d0000}]}, @TIPC_NLA_NODE={0x18, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x4}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_NET={0xc, 0x7, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x5}]}, @TIPC_NLA_BEARER={0x190, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x3, @remote, 0x10000}}, {0x20, 0x2, @in6={0xa, 0x4e23, 0x5, @empty, 0x33e9}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0x0, @ipv4={[], [], @local}, 0x3}}, {0x14, 0x2, @in={0x2, 0x4e22, @rand_addr=0x6}}}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x0, @empty, 0x49cf060e}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0x1ff, @loopback, 0x9}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7fffffff}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e24, @rand_addr=0x5}}, {0x20, 0x2, @in6={0xa, 0x4e21, 0x0, @mcast1, 0x1}}}}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1569}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @multicast2}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x5, @loopback, 0x10001}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e24, @rand_addr=0x8000}}, {0x14, 0x2, @in={0x2, 0x4e21, @remote}}}}]}, @TIPC_NLA_MEDIA={0xb8, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x800}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfa3d}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x101}]}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80000001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xd}]}]}, @TIPC_NLA_MON={0x14, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x2}]}, @TIPC_NLA_MON={0x34, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x70d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8}, @TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x80000001}]}]}, 0x310}, 0x1, 0x0, 0x0, 0x4}, 0x1)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)

[  576.102528] binder: 13453:13456 transaction failed 29201/-22, size 104-24 line 3454
[  576.117076] binder_alloc: 13476: binder_alloc_buf, no vma
[  576.117094] binder: 13476:13478 transaction failed 29189/-3, size 96-24 line 3284
[  576.117423] binder: undelivered TRANSACTION_ERROR: 29189
[  576.120265] binder: 13471:13489 unknown command 0
[  576.120273] binder: 13471:13489 ioctl c0306201 20000040 returned -22
[  576.167211] binder: 13453:13456 ioctl c0306201 20000800 returned -14
[  576.175507] binder: undelivered TRANSACTION_ERROR: 29201
[  576.856330] binder: BINDER_SET_CONTEXT_MGR already set
[  576.861704] binder: 13471:13497 ioctl 40046207 0 returned -16
[  576.914649] binder: 13471:13498 unknown command 0
[  576.919526] binder: 13471:13498 ioctl c0306201 20000040 returned -22
22:20:13 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0xffffffffffffff17)
r4 = dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
ioctl$UI_DEV_SETUP(r4, 0x405c5503, &(0x7f0000000000)={{0x9, 0x8, 0x1}, 'syz1\x00', 0x47})
tkill(r0, 0x10000000001c)

22:20:13 executing program 4:
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x143800, 0x0)
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r3, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r3, &(0x7f0000000200))
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r4 = dup3(r3, r2, 0x0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
fsetxattr$security_evm(r5, &(0x7f0000000540)='security.evm\x00', &(0x7f0000000580)=@ng={0x4, 0x13, "eb62a2eaf431b66a98db8189856683c1886e4c"}, 0x15, 0x0)
ioctl$BLKIOOPT(r4, 0x1279, &(0x7f0000000700))
connect$unix(r4, &(0x7f0000000080)=@abs={0x1, 0x0, 0x4e20}, 0x6e)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)
ioctl$TIOCGPGRP(r4, 0x540f, &(0x7f00000001c0)=<r6=>0x0)
tkill(r6, 0xb)

22:20:13 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000bfe548192a370cf40fba"], 0x0, 0x0, 0x0})

22:20:13 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r1, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
signalfd(r1, &(0x7f0000000000)={0x400}, 0x8)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$EBT_SO_GET_INIT_INFO(r2, 0x0, 0x82, &(0x7f0000000080)={'filter\x00'}, &(0x7f0000000180)=0x78)
r3 = gettid()
ptrace$setopts(0x4206, r3, 0x0, 0x0)
tkill(r3, 0x3b)
ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r3, 0x0, 0x0)
r4 = syz_open_procfs(r3, &(0x7f00000001c0)='net/udplite\x00')
ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000240)={0x3, &(0x7f0000000200)=[{}, {}, {}]})

22:20:13 executing program 1:
r0 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\b\x00\x00\x00\x00\x00']], 0x1ca, 0x0, 0x0})

22:20:13 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r2, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff48, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2}, @fd={0x66642a85, 0x0, r2}}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x0, 0x0, 0x0})

22:20:13 executing program 1:
r0 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\b\x00\x00\x00\x00\x00']], 0x1ca, 0x0, 0x0})

22:20:13 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x2)
r1 = syz_open_dev$binder(0x0, 0x0, 0x800)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$SIOCGSTAMPNS(r2, 0x8907, &(0x7f0000000100))
syz_extract_tcp_res$synack(&(0x7f0000000040), 0x1, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
r3 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/status\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000f23000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})

22:20:13 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)
pipe2(&(0x7f0000000140)={<r1=>0xffffffffffffffff}, 0x0)
r2 = open(&(0x7f0000000200)='./file0\x00', 0x200000, 0x10)
write$FUSE_LSEEK(r2, &(0x7f0000000240)={0x18, 0x0, 0x5, {0x8}}, 0x18)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r3, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r4, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
dup2(r3, r4)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000180), &(0x7f00000001c0)=0xc)
r5 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r5, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
r6 = epoll_create1(0x0)
r7 = epoll_create1(0x0)
r8 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r6, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r8, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r8, &(0x7f0000000200))
epoll_pwait(r7, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r9 = dup3(r8, r7, 0x0)
ioctl$BLKIOOPT(r9, 0x1279, &(0x7f0000000700))
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r10, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r11 = dup3(r1, r10, 0x0)
ioctl$TUNSETSTEERINGEBPF(r11, 0x800454e0, &(0x7f0000000280)=r9)
preadv(r0, &(0x7f0000000000), 0x0, 0x0)

22:20:13 executing program 1:
r0 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\b\x00\x00\x00\x00\x00']], 0x1ca, 0x0, 0x0})

[  579.015818] binder: 13504:13507 got transaction with invalid parent offset or type
22:20:13 executing program 1:
r0 = syz_open_dev$binder(0x0, 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\b\x00\x00\x00\x00\x00']], 0x1ca, 0x0, 0x0})

22:20:13 executing program 0:
syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r0 = syz_open_dev$binder(0x0, 0x0, 0x802)
r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x400000, 0x0)
bpf$BPF_MAP_FREEZE(0x16, &(0x7f00000000c0)=r1, 0x4)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r0, 0x0)
r2 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/enforce\x00', 0x280040, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[], 0x57, 0x0, 0x0})

[  579.018153] binder_alloc: 13502: binder_alloc_buf size 1821958657772879992 failed, no address space
[  579.018160] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 2097152 (num: 1 largest: 2097152)
[  579.018177] binder: 13502:13505 transaction failed 29201/-28, size 96-1821958657772879896 line 3284
[  579.018364] binder: undelivered TRANSACTION_ERROR: 29201
[  579.023303] binder: BINDER_SET_CONTEXT_MGR already set
[  579.023311] binder: 13502:13512 ioctl 40046207 0 returned -16
[  579.023723] binder: 13502:13512 transaction failed 29189/-22, size 96-1821958657772879896 line 3138
[  579.023970] binder: undelivered TRANSACTION_ERROR: 29189
[  579.057251] binder_alloc: 13515: binder_alloc_buf, no vma
[  579.057270] binder: 13515:13518 transaction failed 29189/-3, size 96-24 line 3284
[  579.057431] binder: undelivered TRANSACTION_ERROR: 29189
[  579.077175] binder: BINDER_SET_CONTEXT_MGR already set
[  579.077185] binder: 13515:13522 ioctl 40046207 0 returned -16
[  579.113409] binder: BINDER_SET_CONTEXT_MGR already set
[  579.113419] binder: 13534:13537 ioctl 40046207 0 returned -16
[  579.187982] binder: 13504:13507 transaction failed 29201/-22, size 65352-24 line 3454
[  579.198344] binder: undelivered TRANSACTION_ERROR: 29201
[  579.204218] binder: BINDER_SET_CONTEXT_MGR already set
[  579.209508] binder: 13504:13540 ioctl 40046207 0 returned -16
[  579.216070] binder: 13504:13541 transaction failed 29189/-22, size 65352-24 line 3138
[  579.224405] binder: undelivered TRANSACTION_ERROR: 29189
22:20:16 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
getitimer(0x0, &(0x7f0000000080))
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
r4 = dup3(r3, r2, 0x0)
ptrace$setopts(0x4200, r0, 0xfffffffffffffffe, 0x0)
ioctl$KDGKBDIACR(r4, 0x4b4a, &(0x7f0000000000)=""/65)
tkill(r0, 0x10000000001c)

22:20:16 executing program 1:
r0 = syz_open_dev$binder(0x0, 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\b\x00\x00\x00\x00\x00']], 0x1ca, 0x0, 0x0})

22:20:16 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/exec\x00', 0x2, 0x0)
r2 = request_key(&(0x7f0000000140)='asymmetric\x00', &(0x7f0000000580)={'syz', 0x2}, &(0x7f0000000640)='user\x00', 0xfffffffffffffff8)
request_key(&(0x7f00000006c0)='user\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000440), r2)
r3 = request_key(&(0x7f0000000080)='cifs.spnego\x00', &(0x7f00000000c0)={'syz', 0x3}, &(0x7f0000000100)='\x00', r2)
r4 = request_key(&(0x7f0000000140)='asymmetric\x00', &(0x7f0000000580)={'syz', 0x2}, &(0x7f0000000640)='user\x00', 0xfffffffffffffff8)
r5 = epoll_create1(0x0)
r6 = epoll_create1(0x0)
r7 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r7, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r7, &(0x7f0000000200))
r8 = accept4(r6, 0x0, &(0x7f00000002c0), 0x0)
ioctl$sock_ifreq(r8, 0x894a, &(0x7f0000000300)={'ip6_vti0\x00', @ifru_ivalue=0x6})
epoll_pwait(r6, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r9 = dup3(r7, r6, 0x0)
ioctl$BLKIOOPT(r9, 0x1279, &(0x7f0000000700))
getsockopt$IPT_SO_GET_INFO(r9, 0x0, 0x40, &(0x7f0000000200)={'nat\x00'}, &(0x7f0000000280)=0x54)
request_key(&(0x7f00000006c0)='user\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000440), r4)
r10 = add_key$keyring(&(0x7f0000000140)='keyring\x00', &(0x7f00000001c0)={'syz', 0x1}, 0x0, 0x0, r4)
msync(&(0x7f0000f6d000/0x2000)=nil, 0x2000, 0x2)
keyctl$reject(0x13, r3, 0x6, 0x80000000, r10)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})

22:20:16 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0xfffffffffffffee2}}}], 0xfffffffffffffe49, 0x0, 0x0})

22:20:16 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
write$FUSE_IOCTL(r0, &(0x7f0000000000)={0x20, 0x0, 0x8, {0x2, 0x0, 0x1, 0x6}}, 0x20)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)

22:20:16 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)
r1 = syz_genetlink_get_family_id$team(&(0x7f0000000080)='team\x00')
r2 = epoll_create1(0x0)
r3 = epoll_create1(0x0)
r4 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r4, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000200))
epoll_pwait(r3, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r5 = dup3(r4, r3, 0x0)
ioctl$BLKIOOPT(r5, 0x1279, &(0x7f0000000700))
getsockopt$inet_mreqn(r5, 0x0, 0x24, &(0x7f0000001280)={@initdev, @initdev, <r6=>0x0}, &(0x7f00000012c0)=0xc)
accept4$packet(0xffffffffffffffff, &(0x7f0000001440)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000001480)=0x14, 0x81c00)
r8 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r9 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r8, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r9, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
accept4$packet(r8, &(0x7f00000014c0)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000001500)=0x14, 0x80000)
accept(0xffffffffffffffff, &(0x7f00000003c0)=@can={0x1d, <r11=>0x0}, &(0x7f0000000300)=0x80)
r12 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0x400, 0x0)
write$smack_current(r12, &(0x7f00000004c0)='selinuxeth1\x00', 0xc)
connect$packet(r12, &(0x7f0000000100)={0x11, 0x5, r11, 0x1, 0x2, 0x6, @random="2b41ce5a94a3"}, 0x14)
recvmmsg(0xffffffffffffffff, &(0x7f0000002b00)=[{{0x0, 0x0, &(0x7f0000002880)=[{&(0x7f0000001540)=""/15, 0xf}, {&(0x7f0000001580)=""/57, 0x39}, {&(0x7f00000015c0)=""/5, 0x5}, {&(0x7f0000001600)=""/209, 0xd1}, {&(0x7f0000001700)=""/133, 0x85}, {&(0x7f00000017c0)=""/4096, 0x1000}, {&(0x7f00000027c0)=""/160, 0xa0}], 0x7, &(0x7f0000002900)=""/178, 0xb2}, 0x9}, {{&(0x7f00000029c0)=@can={0x1d, <r13=>0x0}, 0x80, &(0x7f0000002ac0)=[{&(0x7f0000002a40)=""/120, 0x78}], 0x1}, 0x7}], 0x2, 0x0, &(0x7f0000002b80))
accept4$packet(0xffffffffffffffff, &(0x7f0000002bc0)={0x11, 0x0, <r14=>0x0}, &(0x7f0000002c00)=0x14, 0xc00)
r15 = socket$inet_udp(0x2, 0x2, 0x0)
r16 = socket(0x11, 0x800000003, 0x0)
bind(r16, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r16, &(0x7f0000000040)={0x11, 0x0, <r17=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14)
setsockopt$inet_mreqn(r15, 0x0, 0x20, &(0x7f0000000000)={@loopback, @local, r17}, 0xc)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000002c40)={'team0\x00', <r18=>r17})
accept(0xffffffffffffffff, &(0x7f00000003c0)=@can={0x1d, <r19=>0x0}, &(0x7f0000000300)=0x80)
r20 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0x400, 0x0)
write$smack_current(r20, &(0x7f00000004c0)='selinuxeth1\x00', 0xc)
connect$packet(r20, &(0x7f0000000100)={0x11, 0x5, r19, 0x1, 0x2, 0x6, @random="2b41ce5a94a3"}, 0x14)
r21 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r21, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
getsockopt$inet_IP_IPSEC_POLICY(r21, 0x0, 0x10, &(0x7f0000002c80)={{{@in6=@empty, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r22=>0x0}}, {{@in=@multicast2}, 0x0, @in6=@initdev}}, &(0x7f0000002d80)=0xe8)
accept(0xffffffffffffffff, &(0x7f00000003c0)=@can={0x1d, <r23=>0x0}, &(0x7f0000000300)=0x80)
r24 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0x400, 0x0)
write$smack_current(r24, &(0x7f00000004c0)='selinuxeth1\x00', 0xc)
connect$packet(r24, &(0x7f0000000100)={0x11, 0x5, r23, 0x1, 0x2, 0x6, @random="2b41ce5a94a3"}, 0x14)
r25 = socket$inet_udp(0x2, 0x2, 0x0)
r26 = socket(0x11, 0x800000003, 0x0)
bind(r26, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r26, &(0x7f0000000040)={0x11, 0x0, <r27=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14)
setsockopt$inet_mreqn(r25, 0x0, 0x20, &(0x7f0000000000)={@loopback, @local, r27}, 0xc)
accept(0xffffffffffffffff, &(0x7f00000003c0)=@can={0x1d, <r28=>0x0}, &(0x7f0000000300)=0x80)
r29 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0x400, 0x0)
write$smack_current(r29, &(0x7f00000004c0)='selinuxeth1\x00', 0xc)
connect$packet(r29, &(0x7f0000000100)={0x11, 0x5, r28, 0x1, 0x2, 0x6, @random="2b41ce5a94a3"}, 0x14)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000002ec0)={{{@in=@broadcast, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r30=>0x0}}, {{@in6=@mcast2}, 0x0, @in6}}, &(0x7f0000002fc0)=0xe8)
sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000003440)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000003400)={&(0x7f0000003000)={0x3c4, r1, 0x200, 0x70bd2c, 0x25dfdbfc, {}, [{{0x8, 0x1, r6}, {0x178, 0x2, [{0x44, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x8}, {0x14, 0x4, [{0x9, 0x0, 0xff}, {0x3, 0x1, 0x7f, 0x20}]}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r7}}}, {0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x8}, {0x8, 0x4, 0x9}}, {0x8, 0x6, r10}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r11}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8}, {0x8, 0x4, r13}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8}, {0x8, 0x4, 0x9}}}]}}, {{0x8, 0x1, r14}, {0x1a0, 0x2, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x8}, {0x8, 0x4, 0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x8}, {0x8, 0x4, 0x1}}, {0x8, 0x6, r18}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r19}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8}, {0x8, 0x4, r22}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r23}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x8}, {0x8, 0x4, 0x3}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8}}, {0x8}}}]}}, {{0x8, 0x1, r27}, {0x80, 0x2, [{0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r28}}}, {0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x8}, {0x8, 0x4, 0x80000000}}, {0x8, 0x6, r30}}}]}}]}, 0x3c4}, 0x1, 0x0, 0x0, 0x4004081}, 0x4040004)

22:20:16 executing program 1:
r0 = syz_open_dev$binder(0x0, 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\b\x00\x00\x00\x00\x00']], 0x1ca, 0x0, 0x0})

22:20:16 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r0, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
write$P9_RATTACH(r0, &(0x7f0000000000)={0x14, 0x69, 0x2, {0x0, 0x4, 0x3}}, 0x14)
r1 = gettid()
r2 = epoll_create1(0x0)
r3 = epoll_create1(0x0)
r4 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r3, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r4, r3, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x10000000001c)

22:20:16 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r3, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r3, &(0x7f0000000200))
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$BLKIOOPT(r4, 0x1279, &(0x7f0000000700))
ioctl$sock_inet_SIOCSARP(r4, 0x8955, &(0x7f0000000080)={{0x2, 0x4e20, @loopback}, {0x306, @random="763f73c8f35f"}, 0x56, {0x2, 0x4e22, @local}, 'veth1\x00'})

22:20:16 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\b\x00\x00\x00\x00\x00']], 0x1ca, 0x0, 0x0})

[  582.034736] binder: 13552:13555 got transaction with invalid parent offset or type
[  582.060052] binder: 13552:13555 transaction failed 29201/-22, size 104-24 line 3454
22:20:16 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\b\x00\x00\x00\x00\x00']], 0x1ca, 0x0, 0x0})

22:20:16 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
r2 = epoll_create1(0x0)
r3 = epoll_create1(0x0)
r4 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r4, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000200))
epoll_pwait(r3, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r5 = dup3(r4, r3, 0x0)
ioctl$BLKIOOPT(r5, 0x1279, &(0x7f0000000700))
write$selinux_load(r5, &(0x7f00000000c0)={0xf97cff8c, 0x8, 'SE Linux', "6a9b925cea206285c0ad43b43b3bcf8044f86a7f82f7bbb4dd46f606bc560ef643f3df1e9dd51ed86972dc24eee1c58f8fd63685a1ba13a3d3a342c6390db58d98741a66e7c9204ad3832e375a88f08a12636a90e496b65922f7faa8c47810bd45e01777897276d16872973597afeced932706e5f55a01236397c1744d04be6a95135892dac1035119eb36ebe929e9ebd0f9c9159e9d47df576d3a8114bed494eedfbd93f436c199617bcb634081"}, 0xbe)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a747000000000000000000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561646600"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB="0000000000000004000000000000004800000000000000"]], 0x1ca, 0x0, 0x0})

[  582.093593] binder: 13552:13555 ioctl c0306201 20000800 returned -14
[  582.103245] binder: 13549:13580 got transaction with invalid data ptr
[  582.103796] binder: undelivered TRANSACTION_ERROR: 29201
[  582.104555] binder: 13579:13581 transaction failed 29189/-22, size 104-24 line 3138
22:20:16 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\b\x00\x00\x00\x00\x00']], 0x1ca, 0x0, 0x0})

22:20:16 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\b\x00\x00\x00\x00\x00']], 0x1ca, 0x0, 0x0})

[  582.104569] binder: 13579:13581 ioctl c0306201 20000800 returned -14
[  582.104793] binder: undelivered TRANSACTION_ERROR: 29189
[  582.107861] binder: BINDER_SET_CONTEXT_MGR already set
[  582.107869] binder: 13552:13582 ioctl 40046207 0 returned -16
[  582.108120] binder: 13552:13582 transaction failed 29189/-22, size 104-24 line 3138
[  582.108135] binder: 13552:13582 ioctl c0306201 20000800 returned -14
[  582.108398] binder: undelivered TRANSACTION_ERROR: 29189
[  582.140949] binder: 13586:13591 transaction failed 29189/-22, size 104-24 line 3138
[  582.140964] binder: 13586:13591 ioctl c0306201 20000800 returned -14
[  582.141105] binder: undelivered TRANSACTION_ERROR: 29189
[  582.161558] binder: 13594:13595 transaction failed 29189/-22, size 104-24 line 3138
[  582.161572] binder: 13594:13595 ioctl c0306201 20000800 returned -14
[  582.161863] binder: undelivered TRANSACTION_ERROR: 29189
[  582.190281] binder_alloc: 13597: binder_alloc_buf, no vma
[  582.190298] binder: 13597:13598 transaction failed 29189/-3, size 104-24 line 3284
[  582.190313] binder: 13597:13598 ioctl c0306201 20000800 returned -14
[  582.190447] binder: undelivered TRANSACTION_ERROR: 29189
[  582.202102] binder: 13587:13599 got transaction with invalid offset (288230376151711744, min 0 max 104) or object.
[  582.202171] binder: 13587:13599 transaction failed 29201/-22, size 104-24 line 3379
[  582.202188] binder: 13587:13599 ioctl c0306201 20000800 returned -14
[  582.284961] binder: 13549:13580 transaction failed 29201/-14, size 96-24 line 3316
[  582.836536] binder: undelivered TRANSACTION_ERROR: 29201
[  582.842299] binder: BINDER_SET_CONTEXT_MGR already set
[  582.847585] binder: 13549:13601 ioctl 40046207 0 returned -16
22:20:17 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
prctl$PR_SET_FPEMU(0xa, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})

22:20:17 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\b\x00\x00\x00\x00\x00']], 0x1ca, 0x0, 0x0})

22:20:17 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x80000)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

[  582.914419] binder_alloc: 13612: binder_alloc_buf, no vma
[  582.926774] binder: 13616:13620 got transaction with invalid data ptr
[  582.926800] binder: 13616:13620 transaction failed 29201/-14, size 96-24 line 3316
[  582.926942] binder: undelivered TRANSACTION_ERROR: 29201
[  582.927636] binder: BINDER_SET_CONTEXT_MGR already set
[  582.927643] binder: 13616:13620 ioctl 40046207 0 returned -16
[  582.935604] binder: undelivered TRANSACTION_ERROR: 29201
[  582.943103] binder: BINDER_SET_CONTEXT_MGR already set
[  582.943113] binder: 13587:13624 ioctl 40046207 0 returned -16
[  582.989241] binder: 13587:13629 transaction failed 29189/-22, size 104-24 line 3138
[  582.989258] binder: 13587:13629 ioctl c0306201 20000800 returned -14
[  582.989590] binder: undelivered TRANSACTION_ERROR: 29189
22:20:17 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x2000, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)

22:20:17 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000040)=@req={0x59e3, 0x8001, 0x5, 0x7}, 0x10)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340a19138f0400000001800004000000000000000000000000000000000000000000000000000600000000000000018000000000000002a37"], 0x0, 0x0, 0x0})

22:20:17 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
r2 = epoll_create1(0x0)
r3 = epoll_create1(0x0)
r4 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r4, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000200))
epoll_pwait(r3, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r5 = dup3(r4, r3, 0x0)
ioctl$BLKIOOPT(r5, 0x1279, &(0x7f0000000700))
accept4$inet6(r5, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast1}, &(0x7f0000000180)=0x1c, 0x800)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r1, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
r6 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r7 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f0000000940)=ANY=[@ANYBLOB="00000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000180000000000100000000000100000000000000060000000000000008000000000000000000000000000000000000000000000000000000000000000500000001000000d719000000000000ffff00000000000005000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a64b571681931177000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e7ffffff000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000f3d0fe8440cb1d1ac6fe5d83e0170b64ac9be2670f18"])
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r6, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r7, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r6)
ioctl$PIO_FONT(r1, 0x4b61, &(0x7f0000000080)="8d98d0ccbdc9d898fcf9a10093c3b545607839b142b3228ecec5ad2d6709f8de295435015307a6cfebf045d90e2eb698a76d8f8d2d6a31f1fa2699eb4d37a22b1b8ceb70e173c565ac8a9c189df7f87c8745cbbac493f74afcd7ff752bfb221f72c3a34593d2cd073cb294831a80adcfd732676f")
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)

22:20:17 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x40000, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)

22:20:17 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_SET_MAX_THREADS(r0, 0x40046205, &(0x7f0000000040)=0x1)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
r2 = accept$packet(0xffffffffffffffff, 0x0, &(0x7f0000000080))
ioctl$SIOCGIFHWADDR(0xffffffffffffffff, 0x8927, &(0x7f0000000100))
fcntl$getown(r2, 0x9)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})

[  583.013986] binder: 13612:13613 transaction failed 29189/-3, size 104-24 line 3284
[  583.034509] binder: 13632:13637 unknown command -1589615872
[  583.034518] binder: 13632:13637 ioctl c0306201 20000800 returned -22
[  583.046859] binder: BINDER_SET_CONTEXT_MGR already set
[  583.046870] binder: 13632:13638 ioctl 40046207 0 returned -16
22:20:17 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x3)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000e1ce20ab00000000000000000070000000000000001800000000000000", @ANYPTR=&(0x7f00000009c0)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000000000000000000000000000008561646600000000000000000000000002000000000000003700000000000000852a747000000000", @ANYPTR=&(0x7f0000000900)=ANY=[@ANYBLOB='\x00'/183], @ANYBLOB="b70000000000000000000000000000001f00000000000000"], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r2, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r3, &(0x7f0000d65000)={0x0, 0xa, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r4, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r5, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r6, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r7 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000340)='/selinux/enforce\x00', 0x40, 0x0)
r8 = creat(&(0x7f0000000000)='./file0\x00', 0x2)
r9 = socket$netlink(0x10, 0x3, 0xa)
fcntl$dupfd(r9, 0x0, r9)
r10 = syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r9, &(0x7f00000005c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000480)={0x110, r10, 0x1, 0x70bd25, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_DEST={0x60, 0x2, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@rand_addr=0x59}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x2f7f}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@initdev={0xac, 0x1e, 0x1, 0x0}}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x7}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e22}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@loopback}]}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x8}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x3b}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xa24}, @IPVS_CMD_ATTR_DAEMON={0x14, 0x3, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0xfee5}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}]}, @IPVS_CMD_ATTR_DAEMON={0x64, 0x3, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @broadcast}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth0_to_bond\x00'}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e20}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x3}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @initdev={0xac, 0x1e, 0x6, 0x0}}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'caif0\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @broadcast}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x101}]}, 0x110}, 0x1, 0x0, 0x0, 0x8800}, 0x4)
r11 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r12 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r11, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r12, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
execveat(r11, &(0x7f0000000680)='./file0\x00', &(0x7f00000007c0)=[&(0x7f00000006c0)='IPVS\x00', &(0x7f0000000700)='veth0_to_bond\x00'], &(0x7f00000008c0)=[&(0x7f0000000880)='vmnet0&\x00'], 0x1000)
sendmsg$IPVS_CMD_GET_DAEMON(r8, &(0x7f0000000840)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x4010080}, 0xc, &(0x7f0000000800)={&(0x7f0000000780)={0x2c, r10, 0x112, 0x70bd28, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x7}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4043}, 0x40000)
sendmsg$IPVS_CMD_GET_CONFIG(r7, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x800401}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x70, r10, 0x300, 0x70bd26, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x80000001}, @IPVS_CMD_ATTR_DAEMON={0x38, 0x3, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e21}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @initdev={0xfe, 0x88, [], 0x1, 0x0}}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}]}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x1}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x3}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x7ff}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x20000001}, 0x4000000)
r13 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r13, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r14 = accept4(r13, &(0x7f0000000200)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @remote}}}, &(0x7f0000000000)=0x80, 0x80000)
clock_gettime(0x0, &(0x7f0000000280)={<r15=>0x0, <r16=>0x0})
ppoll(&(0x7f00000000c0)=[{r2, 0x730d57de896ccb9c}, {r4, 0x8409}, {r5, 0x1002}, {r2, 0x4}, {r6, 0x80}, {r1, 0x20}, {r14, 0x80}], 0x7, &(0x7f00000002c0)={r15, r16+30000000}, &(0x7f0000000300)={0x5aa7}, 0x8)
dup2(r2, r3)

22:20:17 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x501800, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)
getsockopt$netlink(0xffffffffffffffff, 0x10e, 0x3, &(0x7f0000001080)=""/25, &(0x7f00000010c0)=0x19)
uname(&(0x7f0000000080)=""/4096)
chdir(&(0x7f0000000000)='./file0\x00')

22:20:17 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r2, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r3 = dup(r2)
write$P9_ROPEN(r3, &(0x7f0000000040)={0x18, 0x71, 0x1, {{0x5, 0xfffffffa, 0x7}, 0x6}}, 0x18)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba00000000"], 0x0, 0x0, 0x0})

[  583.067851] binder: 13612:13613 ioctl c0306201 20000800 returned -14
[  583.075651] binder: 13641:13643 got transaction with invalid data ptr
[  583.075677] binder: 13641:13643 transaction failed 29201/-14, size 96-24 line 3316
[  583.075820] binder: undelivered TRANSACTION_ERROR: 29201
22:20:17 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)
ioctl$UI_DEV_CREATE(r0, 0x5501)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000001080)={&(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ff9000/0x3000)=nil, &(0x7f0000000080)="67b2f6fe90791a76f1e57a274d408397c147ae6af54353ac406612cf0daa5d7d732364a6eaa4db44df082f8d391e0ff5c674d670031ca9c079e7a2949a52970a734f399cd24046d5dd442a733280513615242eff805f2bee689988c5461050db4146523f35ea07b40aff958a37dd8710a1aac45cbcac74450c211fbc3089fabf72042096bfc1d6869b4e15462c4e0df43cc59874de1807cef42646b0ee492ec4333d5c93953d4522492f743716c2bb3ec348fba56464b17f5c9d1a3ed26cf8468c12ee61adc8b8024c05ede09396c1f70247d6c09ca643ffe0e775a2f8981969a908e97949ac6d6c3e68add1e89a8a28ed0db3da70ecbde9b3fbc099df3cbd6c01a68657535b7b0e292d722d823b24e6a45fa3c061d430ff36fd26772f619976a8fcdb930aff0a63f7a37f3b2bdee104b3403451c3b0674eadf82d94913b535dd72ca917a2b752180be4436a63cb53799786b171b351498fcaeb78c0c74af794e273815a327c4639e97df2b02d3cd8962b4110d8de3d7f277554fab209009a1ba2d62d5ba4609dee9d8dbe0ca1c27d999082af1d60e909a965723a6b5bf04b1d56e7500c7df4e53102b38f3673a273994c874ac91f3859ae2462484c64b2a04844ff83b75789a9f24e228a9c00507131c2e2bbfda48e20ad78a07bbacc0c594dab7cf9a5b462cd67e8d999a297a0a4bdcac16d75ea406b2f440714961a6edad3b3e7961a34d8430a6cf9178add74c75f213159faac6b3a4a769568bb4620ea81e342c22e063bd8e3e8f4ee260e007d3aa8b81da3a88cbe885206a15f87d1e635d785b5c37b7d07bd725dec81c9b9f93064cbb743ca0a4f26631c63b22251b0ba2b8e8442ebcdc73a754512c6004be2b9db91dd769d8629879ffb4dff5b8aba4bb98fe7fb7db9825f2fa5e233d018f5618f794631784d2016d54021595e38ccf0e8ca1e815ea7bfe7ed8fe66decac26614184e7d16ba8e34ecb8a78d546c47db5e09fc67fb326ed63adb9ed8029ebc341f2095c3f64cccfb5136ddeba26fa0fe436e3787abe7a15bcfc8ee6a708da00961243f0d7bebc31c28d2f8a87ebc565d8fa265402b33063b55fb93f2b59d6ac9d1caf8cfb7fe6579fa78637e9f6d5bb54720f9306c3646d874f6476fc520817edc8ba035fd54a3bb8ca5d97e7be286926429131664f15f9fdf100d789f912fad4428b6025b03866bbb932f7ccbd8725fbd7eb220b9f46187853d549e5ee47375419cf4ee6171bcdfe389cbc41279ac18ab6b625e775a8e9202a1f3779dd3c8e6e8beee1abace4082f575c39736f2475cd8d3891e8e8ca662bfb19ab8524b2b263779a3cd1d3a7368ad2664faeb8e34009d4c2df194eb2e2cdccbd3ba6121e5aa8f6f177a4bd334d62b8a76cf680c40766182064009f02ba6d42d1797f7ca394a066e500d864c8237a2f36fa419753f8567d63506dcba4ee33751d65fe2a5f5fb25f45f0733b0cde8718a806a4ddfa1ef19d9f66e48528d8a5c13123373a68077d362d0c3795e411e627ca1f4208ab55c369c160b7c2a2b2239264ff2e8863e533e8af071ba7ba453e050597f1f8d4e6adbbd8a594fdf442d2b5d1bcd44085e7462d30e5cf76da908f0ebc919005d8c81b97dcfe5522f0ffb5f327c2cb41a4d46943d459cd7434313c26cc7ebf4ac47165f341b15c28b3a27b8d43dd032d6955d999447c5bf337f1c9485ecccdd6d46cddf2fcdd279f9ae2abd0e52c50f99a9d1b9bb2397ca0773982c81abc9630cd6a1438deecf45e3f927c089adb3c0e762596df5e51dd4ec01890ad642ad8b849947c6a85675f8023af110915a4e6edbeb539db6434bc16aff2b9beeef3acc2a7143f5126c5a49a29708b4105282f90a03c11fafadecbb055deeb139fec49324a4c3e60aea7cbb2aaa00d750e71271d084168065a991e74f36540521cecebf3ed3be05a3db2bb4c0a70a5f74531f0c7a572025d48d4257a5593ea59edbab3aafbd95955c037a933e461dff484b8e4991dc591d59a3bd3a05da8ca128a0e80f3abcb17fb753ba9e36d32223dfe5578d14498b3f1546662958f6e5bad840f9b8a52642cc4bb501ca10baf449f9244ba140e2986ad40e2f5436d981a478d2654eaba2453d2c099af25899864a1009399d3bf3bf502198998d9676fe9d9410e4a618344b3cf704739a8b5eb14a959e94f8a6aac0c17a7573a07b6ae827759c35cca2ec789fcba7e836ef97cbf76f99506cb1d500b30c9ca83d7e78b2833adfba8f3970754315ffa7ecd6bc221bd8c1f69edc6eab32461870b93d525cf446f4f097b155fbecb57c864c26226db5db81a164b529f9b264ab1eec72a92884dfdea0eebe6960fa1c32c594e53fa551b7c25f51bb1790f8662f8cc8d45ca89aa13c6c08feee02f533552fd7652803b2e12b897e3d9dfb3c70391e26329ab3828d4f04e4cb7f2548c97e86456d762242c6a5950207199915daa8bc6f6319bbd0031224993dc2ac163ac9605e542228c420a5868f8be2467272c8e0ee456c5be3020bfdd5d44252f37b476b24b7be2fc2cb7453bb4b65dddf84ccb3a71997f34737626c024f7489f08f5cef7d5ea627e67a4aabdf6674a623b36371efaa87c45d93290c6d3353188e91cbe29c3696493c20eea091f192ee6b2823c493ee6fc7085e865d7b2824355388cc1072f43e62ee5e9563dc8304f3a230013df14b51ce5ca5064dcbd6092f1c1ebee4b1738b6d48d762d7aaf27f79009808fddae2c3f0ef508c5573f68f0d9be2e2eaa772d5340971c3ae4c9d156e78aec54c6f1dc93d3571afdac841fba39f179beddedd3cea37d59c5b8f3beb94f9c60bc63b9eac1bb11e71d034bfacbef529553bfaa58118f41b915bc67586e005b9f7f36628e0d3416518a4c13c4d620dd62d5717b167803bd86999122f6f816839e160b41bad68f813c52d08e18e2229948686d4620dd1ec6b7303bcf4d7df6e0ebea11646e05aa0b8ef894781bba1c23d5e55da8920d1e466ccc63850f2b34a273b4979032523ed5d1594b8d63cdfe56fabce4fe2afba6c96f38ef425f8e5bfc8fc6c8beddc65e88a945216c8fb94cf5a18382d8917592df5f5630fa0e6bc2bb8c6fc533a360e982881e2112b67b28f004ff5d49714dfc9b1471b21e2a1b143b463ac17f9cfd98b0e725b5fa2890223e5250172917b7f08b723049ff24bae083a2688607805b1ba16768b09e8ace5b13c9ba0ab6b43fdd3736dc39b5c40a52524a61e00575e2bba30879a5ab4788c136ae9df689e2c93b46cfe86e26f3789d246e44389a274ea1d7add5e649154a85ad6c026de3a3de03f9da8c734227aa40cc240f5f9fe2dede50e901c317f90ee1a276f0cf5486fa47b464f6f1539c83e248b1e3c9b36d513e3f054a2aa8aa3f62e819250013722e7ff51b0c0d01eb40c54a22342d7d7d5e6e1cf0305ce68bfe9650cb869cb2205b2e0232663c89b6f2f5822cc07d2a55d74fc56f252a652c9755df79b5322f983723f86c913d3a409d2dab2c4e3e4345e2d3e500ec2335617f53a0fc4e6a0566cbe3810625ede64963b322523165cd45fd8241f04eeea991157ccc72ee80bebd54e991cee218d7961bd8dba3a76837f5c235e5fc8d1ca1a59ec98080f5d90e58b57ad7dded4276022e12ad8a758ed21cb62056447c6c8ee02c6917e24b320c69cbccfa9d66c8a40365e6e66acfbc57a55fefea17ded86d0d17fdd520e3b9b8b0711f9866a5681c85f96a8021ad525d61ba11983eb10ab629bd60441d235fdf2c710fc4d8976d20a0c1c200ff2467bbea02b0bc47eb9a26e40dd90eb3907b4d5b9c25254c2bffa96481de813addea0ab7ca67bcfbc7df5744d216ca6789681038731dbb91d3ab39916039c89411466482d60cf452b81fa0073ef42867104c683fecac421df02f82c3bc7ce367c50c47cbc4548dc628917d9f955855a5d40af742d8dce1972049fc1554d0083b3722231fa7d671b0eff4cf52bf0bdcda00f1da84f25d4a57afac46bcbada0fbb4175750bf16562fd93e76b07246d65fea29ea68a0d4192878d7b9148c0b00c7f6953b268856d34624d0453735e79b0a074867197829625c751939d785f69483700e82f9a6c1528110b50b0a5462f191d183735279d01e080add7fd2ec7e1ce8956be872ecd48bc9abee1836a266e2e036d080b99edfc8a48bb2dc2d125dafd1d122f5d2c3aec0e270f43f8b8452354710a317105ff7eccb3ed1b7bda261bc8ae303dd66276b22306bb7c5578f34953ee9425b99301cb270160ba0ae0cd88165c958ecac7ad089c7279d6ba815a0d476a03782da3f9c787f302b147709418851523ff60ce919d4c07c28675936a344abe6d67ba5a43a04303ee2a346c806a372b184437bc58d75e367ae40dc6105ad65e2547db40ef726c87eb7930ceba46bf97636fe4a30c4e32e176370da6c58d23fb0028110651163b177b259b6e4b3a1c5709ac7b33cc6893b3e3f2393c41e0ea3d100f41e51444f215548252dfb7f4ba8eaceb54eb48f3465ced3bb72a98dec419bb632753fbc8e5236363e4e8510cd8fec0c4ad6a89d8136821283bdacefafae1d6cae0cf4bd253b38f2cc9f223c54502c468932c1697bd7dbda445393a6a38eb0d106a47713b8bba74dc1d163bf44978554f0fbb43bd13139c869f18badb3ca6d8e3e966ecd254c872233b3b5fdb4824550e30f70bb6c34ed35af51a865f7f0f7e3437d3eb4d2e20b2fc17d5cd33c85c04d2e9916738f2fc228f327360a8d24877818323689af54e66fda8ca42f3c19c6b6c13a0947c3994196919c62710ec93a25ab2bc80eee6532b724c6277cdc85a1d2448b8ddc3c72b0b4a775a7928141c49e3316d9116bf435f29aff316519c2cb2851b324b764286fcc089764c1df25c2c5275612ddb7bd3d87e8478daa45e2d6d6eccacc0302b3327b6d6436202ac4d84315c3000af9f64fcbfa09b431631fbc906654ce474e35e0340d110223ce35d39f98f302df7186a54bad20c1a08f48faa953f38902ed5499bf74743856af7b68060e9fcb7ce06ce415e57c4f2b7f84ed6350f2353faf9640b6bdc805eb44d5256c6132f76d769b16a4e341b354f0db04c5497ad860e54ea9c08750b1f20215d81bd66ea5d8f3a52b62d70fffc770567d74149302b050d6e24207e02d88a5ec51498100c681b703c4661d9aedfad26109302294459cdf6a8daa006b696c28c36c2d87e8c5921c6b65540b6f8c4b1532d61809f8945ef4d3a286df0c04dedafc1738ec60aa4b7fe2d002d8f44bd0cb555cb11f682b05fbdf10ae5254905fda05e567e741ec3fb47a658c324227d7e5ab5f9006528989463835735fbe27b2d53420b0beb7991d78938e0561f8904dcca8f488de4d724735405a50ce56aeade22aff2d1e83a00755238ac80e0984f5d69b87b2dca73d5cb3628f77c3825beed98cf19b6055bf6a6ae8990d55dff46a4b611bbe9f229c734542655af876f866e3a1bc1b79c09e811c9c8c7b91fb000689877ad9079a9a870a2d6d955452adb381ede4bc1a836037fcd8092605cddde20afb3d345901bc32c6a43963b7b600d5ebca444cad6149188eda8a4f276d3ea5f1f9009ab69e6c54b1de94588b317a197f9cbafe4a308243a3eb337d03832b40f891a2e862e5b86de4c17971af4b654aaa057b07dcd777196b3e86356489d17ce58bd829e3752e18b2752f0d01d9d4b929ba3992a6df73f58d7c2ad07281133185906c7263d36f0d35e86f96acc6ca6f638f7e2beee12b39f472c842a85bf0f480c8f1dbf7ea86a2ca97aee83c3429afc", 0x1000}, 0x68)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
recvfrom(r1, &(0x7f0000000000)=""/41, 0x29, 0x0, 0x0, 0x0)

[  583.084835] binder: BINDER_SET_CONTEXT_MGR already set
[  583.084846] binder: 13641:13645 ioctl 40046207 0 returned -16
[  583.085330] binder: 13641:13645 transaction failed 29189/-22, size 96-24 line 3138
[  583.085560] binder: undelivered TRANSACTION_ERROR: 29189
[  583.105130] binder_alloc: 13644: binder_alloc_buf, no vma
[  583.105327] binder: 13644:13646 transaction failed 29189/-3, size 112-24 line 3284
22:20:17 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})
r2 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r2, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r3, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r4 = gettid()
ptrace$setopts(0x4206, r4, 0x0, 0x0)
tkill(r4, 0x3b)
ptrace$setregs(0xd, r4, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r4, 0x0, 0x0)
write$P9_RGETLOCK(r2, &(0x7f0000000040)={0x2b, 0x37, 0x2, {0x2, 0x2a4, 0x8000, r4, 0xd, '/dev/binder#\x00'}}, 0x2b)

[  583.116219] binder_alloc: 13649: binder_alloc_buf size -861252672127238144 failed, no address space
[  583.116227] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 2097152 (num: 1 largest: 2097152)
[  583.116245] binder: 13649:13652 transaction failed 29201/-28, size 103079215104--861252775206453248 line 3284
[  583.116538] binder: undelivered TRANSACTION_ERROR: 29201
[  583.122473] binder: BINDER_SET_CONTEXT_MGR already set
[  583.122487] binder: 13649:13655 ioctl 40046207 0 returned -16
[  583.123288] binder: 13649:13655 transaction failed 29189/-22, size 103079215104--861252775206453248 line 3138
[  583.123585] binder: undelivered TRANSACTION_ERROR: 29189
[  583.157050] binder_alloc: 13644: binder_alloc_buf, no vma
[  583.157070] binder: 13644:13660 transaction failed 29189/-3, size 112-24 line 3284
[  583.170404] binder: undelivered TRANSACTION_ERROR: 29189
22:20:17 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\b\x00\x00\x00\x00\x00']], 0x1ca, 0x0, 0x0})

[  583.198160] binder: undelivered TRANSACTION_ERROR: 29189
[  583.240075] binder: 13666:13667 got transaction with invalid parent offset or type
[  583.240104] binder: 13666:13667 transaction failed 29201/-22, size 104-24 line 3454
[  583.240120] binder: 13666:13667 ioctl c0306201 20000800 returned -14
[  583.255795] binder: undelivered TRANSACTION_ERROR: 29201
[  583.311493] binder: undelivered TRANSACTION_ERROR: 29189
[  583.340275] binder_alloc: 13671: binder_alloc_buf, no vma
[  583.346147] binder: 13671:13672 transaction failed 29189/-3, size 104-24 line 3284
[  583.355451] binder: 13671:13672 ioctl c0306201 20000800 returned -14
[  583.363169] binder: undelivered TRANSACTION_ERROR: 29189
22:20:20 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/exec\x00', 0x2, 0x0)
ioctl(r3, 0x7, &(0x7f0000000140)="d6db20a1d746c8452fe8d742be476f09b725e3dc9c8f6cdb30e49876be5936ddaaa6261e88156049cf1efe8d9ceb2b0e3e8f0f6d723e5b3fbbb0d0dbb9776b534ca132eb300c6daffb0b5e581516f3697d96eef4ae6cbb48a3a596e47c58d252ce10c153a2a6057dca0aa72d21b8d2ac94d0a00491a9bc254a59123567b465786c47e91864cf80eec38501eca699b46dc5a88f250597956af35b7af0a246473c7e90b2eae42ebb0ad743fe94e317a89f1c4783b0ba05da4a4c01fdf1")
r4 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r5 = dup3(r4, r2, 0xc0000)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)
ioctl$BLKIOMIN(r4, 0x1278, &(0x7f0000000000))
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r5, &(0x7f0000000080)="16b5c9102eade38537a9bc5931a30f0cbdf99e29983ddf1f78fc4166ba9b13134aac", &(0x7f0000000200)="36ad694d91a9128b2cb3a6f03abc0b22f5f97878f1287c055985261c6aa4cc569e6f56c353a17dd738be56e24970975a6d704b93fd256b40b67b0d90b94c3cc68d6d22b21654c1acc7a43954406c0d9c3d0f2f4bc975ddbf8698238acaf459ad65a2e371e6732f92b4bb16712b32e1a62dd2da400d8149b5eccea88c72bdbe1ac26ebe4051e62ca2bcd3465fbc3fbb6ee6793f01d85d15cdf28db9f5de1a798a377e5c1b74a28d85af9a84da69e5fc5403f16c25c015fa3e04dc28ea81"}, 0x20)

22:20:20 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r2, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
fcntl$setpipe(r2, 0x407, 0x7)

22:20:20 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x800)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000180)='/dev/binder#\x00', 0x0, 0x0)
r3 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$SNDRV_TIMER_IOCTL_START(r2, 0x54a0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000280)='/dev/full\x00', 0x2400, 0x0)
ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000400))
syz_open_dev$binder(&(0x7f0000000500)='/dev/binder#\x00', 0x0, 0x804)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = mmap$binder(&(0x7f0000005000/0x4000)=nil, 0x4000, 0x1, 0x11, r2, 0x3ff)
r7 = mmap$binder(&(0x7f0000005000/0x2000)=nil, 0x2000, 0x1, 0x11, r4, 0x0)
r8 = mmap$binder(&(0x7f0000008000/0x1000)=nil, 0x1000, 0x1, 0x11, r2, 0x0)
socketpair(0x5, 0x80000, 0x6, &(0x7f0000000000))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000006c0)={0x88, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="03630840", @ANYRES64=r6, @ANYBLOB="086310400000000000000000000000000000000003630840", @ANYRES64=r7, @ANYBLOB="00634040020000000000000000000000000000000000000011000000000000000000000048000000000000001800000000000000", @ANYPTR=&(0x7f0000000440)=ANY=[@ANYBLOB="852a646600000000", @ANYRES32=r5, @ANYBLOB="000000000000000000000000852a62730010000003000000000000000000000000000000852a6277001000000100"/60], @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="000000000000000018000000000000003000000000000000"], @ANYBLOB="03630840", @ANYRES64=0x0, @ANYBLOB="0363084050016f0851238a83c2d99a0f8ad72f1ef6633915a1d1e3ab5a3eadf703345a4301d43cf28cf6", @ANYRES64=r8], 0xa6, 0x0, &(0x7f0000000600)="d25aaf31891fb94f4d5c356e32e66fd2fd301b31b78e2d539c63f5455e5ed20af59886e0c11ccbd0f948967a981320c563df8176a12e68ac44bcc131e3430470a56d43da6676723099df8e80d5184b456459b2bdddb6bfc9811f901bc1b28d5bac9423278e8a2e1fbfbe90a6189e91b1f4f86689f89f40519d23c537cac9aa8d8b3f53ef9757dfdfd3ba5b9dd985ed1d59df3b6988b802d1dd1bc237b3f9767afdab702ca428"})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x34, 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0f630c400100000000000000000000000f630c4002000000000000000000000003630840", @ANYRES64=r7, @ANYBLOB="892b7349c5f8ad6e502d25000000"], 0x8b, 0x0, &(0x7f0000000080)="cacba519dc741c1a84b24fb9dcc0d283c8cbe20da57b23f3a9cdfb4292b2a64d2161c21205f3e3915c231e6115fcbe71a56ba65303ddbd1a552765289282be44b793b0829802b20b08523befc7d9122fee2a2da95f75fb7a50c1bcecf95eb5573a1e3c29560d37ef9711b3191cd361e41d01eaff588bfc27112cc4a4790dc4d562ade891a7c7348c75133d"})
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
r9 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r10 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r9, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r10, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
ioctl$BINDER_GET_NODE_INFO_FOR_REF(r3, 0xc018620c, &(0x7f00000004c0)={0x1})
ioctl$RTC_VL_READ(r9, 0x80047013, &(0x7f0000000200))
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="003af54c02000000fe000019000000000000000000000000000000000000000000004f798647c421cc0f2d8000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})

22:20:20 executing program 1:
syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r0 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\b\x00\x00\x00\x00\x00']], 0x1ca, 0x0, 0x0})

22:20:20 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x400080, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r2, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
fcntl$setflags(r2, 0x2, 0x0)
ioctl$TIOCSPTLCK(r1, 0x40045431, &(0x7f0000000080))
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)
r3 = epoll_create1(0x0)
r4 = epoll_create1(0x0)
r5 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r5, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r5, &(0x7f0000000200))
epoll_pwait(r4, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r6 = dup3(r5, r4, 0x0)
ioctl$BLKIOOPT(r6, 0x1279, &(0x7f0000000700))
ioctl$LOOP_GET_STATUS64(r6, 0x4c05, &(0x7f0000000240))
ioctl$BLKRRPART(r6, 0x125f, 0x0)

22:20:20 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)

22:20:20 executing program 1:
syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r0 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\b\x00\x00\x00\x00\x00']], 0x1ca, 0x0, 0x0})

22:20:20 executing program 5:
openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
r0 = epoll_create1(0x0)
r1 = epoll_create1(0x0)
r2 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r2, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000200))
epoll_pwait(r1, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r3 = dup3(r2, r1, 0x0)
ioctl$BLKIOOPT(r3, 0x1279, &(0x7f0000000700))
pidfd_send_signal(r3, 0x0, 0x0, 0x0)

22:20:20 executing program 1:
syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r0 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\b\x00\x00\x00\x00\x00']], 0x1ca, 0x0, 0x0})

[  585.934499] binder: 13680:13690 got transaction with invalid parent offset or type
[  585.934579] binder: 13681:13687 ioctl 54a0 0 returned -22
[  585.956800] binder: 13681:13687 BC_FREE_BUFFER uffffffffffffffff no match
[  585.956808] binder: 13681:13687 BC_INCREFS_DONE u0000000000000000 no match
22:20:20 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x1802)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})

22:20:20 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)

22:20:20 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)

[  585.956819] binder: 13681:13687 BC_FREE_BUFFER uffffffffffffffff no match
[  585.956842] binder: 13681:13687 got transaction to invalid handle
[  585.956849] binder: 13681:13687 transaction failed 29201/-22, size 72-24 line 3138
[  585.957806] binder: 13681:13687 BC_CLEAR_DEATH_NOTIFICATION invalid ref 1
[  585.957813] binder: 13681:13687 BC_CLEAR_DEATH_NOTIFICATION invalid ref 2
[  585.957821] binder: 13681:13687 BC_FREE_BUFFER uffffffffffffffff no match
[  585.957827] binder: 13681:13687 unknown command 1232284553
[  585.957833] binder: 13681:13687 ioctl c0306201 20000140 returned -22
[  585.975013] binder: 13681:13687 ioctl c018620c 200004c0 returned -1
[  585.975491] binder: 13681:13687 unknown command 1291139584
[  585.975498] binder: 13681:13687 ioctl c0306201 20000800 returned -22
[  585.976548] binder: 13681:13703 ioctl 54a0 0 returned -22
[  585.983630] binder: 13681:13687 BC_FREE_BUFFER uffffffffffffffff no match
[  585.983640] binder: 13681:13687 BC_INCREFS_DONE u0000000000000000 no match
[  585.983647] binder: 13681:13687 BC_FREE_BUFFER uffffffffffffffff no match
[  585.983655] binder: 13681:13687 got transaction to invalid handle
[  585.983663] binder: 13681:13687 transaction failed 29201/-22, size 72-24 line 3138
[  585.983766] binder: 13681:13703 BC_CLEAR_DEATH_NOTIFICATION invalid ref 1
[  585.983774] binder: 13681:13703 BC_CLEAR_DEATH_NOTIFICATION invalid ref 2
[  585.983781] binder: 13681:13703 BC_FREE_BUFFER uffffffffffffffff no match
[  585.983787] binder: 13681:13703 unknown command 1232284553
[  585.983796] binder: 13681:13703 ioctl c0306201 20000140 returned -22
[  585.983868] binder: BINDER_SET_CONTEXT_MGR already set
[  585.983874] binder: 13681:13687 ioctl 40046207 0 returned -16
[  585.984482] binder: 13681:13703 ioctl c018620c 200004c0 returned -1
[  585.993101] binder: 13681:13703 unknown command 1291139584
[  585.993108] binder: 13681:13703 ioctl c0306201 20000800 returned -22
[  586.018125] binder: 13714:13717 ioctl c0306201 0 returned -14
[  586.030508] binder: 13718:13719 got transaction with invalid data ptr
[  586.030535] binder: 13718:13719 transaction failed 29201/-14, size 96-24 line 3316
[  586.030687] binder: undelivered TRANSACTION_ERROR: 29201
[  586.034024] binder: 13720:13722 ioctl c0306201 0 returned -14
[  586.037732] binder: BINDER_SET_CONTEXT_MGR already set
[  586.037740] binder: 13718:13721 ioctl 40046207 0 returned -16
[  586.037983] binder: 13718:13721 transaction failed 29189/-22, size 96-24 line 3138
[  586.040917] binder: undelivered TRANSACTION_ERROR: 29189
[  586.258791] binder: 13680:13690 transaction failed 29201/-22, size 104-24 line 3454
[  586.266863] binder: 13680:13690 ioctl c0306201 20000800 returned -14
[  586.275448] binder: undelivered TRANSACTION_ERROR: 29201
[  586.281590] binder: 13680:13705 got transaction with invalid parent offset or type
[  586.289762] binder: 13680:13705 transaction failed 29201/-22, size 104-24 line 3454
[  586.297730] binder: 13680:13705 ioctl c0306201 20000800 returned -14
[  586.304756] binder: undelivered TRANSACTION_ERROR: 29201
22:20:23 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
lstat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000300))
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
recvfrom$inet(0xffffffffffffffff, &(0x7f0000000240)=""/162, 0xa2, 0x40000000, &(0x7f0000000040)={0x2, 0x4e24, @multicast1}, 0x10)
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x37b)
dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
r4 = epoll_create1(0x0)
r5 = epoll_create1(0x0)
r6 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f00000000c0)={0x20000001})
r7 = epoll_create1(0x0)
r8 = epoll_create1(0x0)
r9 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r9, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r9, &(0x7f0000000200))
epoll_pwait(r8, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r10 = dup3(r9, r8, 0x0)
ioctl$BLKIOOPT(r10, 0x1279, &(0x7f0000000700))
getsockopt$EBT_SO_GET_ENTRIES(r10, 0x0, 0x81, &(0x7f00000004c0)={'nat\x00', 0x0, 0x3, 0x57, [], 0x3, &(0x7f00000001c0)=[{}, {}, {}], &(0x7f0000000440)=""/87}, &(0x7f0000000540)=0x78)
timerfd_settime(r6, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r6, &(0x7f0000000200))
epoll_pwait(r5, &(0x7f0000000100)=[{}], 0x1, 0x8, 0x0, 0xfffffffffffffe0b)
r11 = dup3(r6, r5, 0x0)
ioctl$BLKIOOPT(r11, 0x1279, &(0x7f0000000700))
ioctl$KDGETLED(r11, 0x4b31, &(0x7f0000000000))
tkill(r0, 0x10000000001c)
r12 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r12, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
write$P9_RLCREATE(r12, &(0x7f0000000080)={0x18, 0xf, 0x2, {{0x44, 0x40002, 0x3}, 0x8}}, 0xfffffffffffffef2)

22:20:23 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)

22:20:23 executing program 0:
r0 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r1, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
ioctl$FS_IOC_GETFLAGS(r1, 0x80086601, &(0x7f0000000000))
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r2, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
lseek(r2, 0x0, 0x4)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000040)=ANY=[], 0xffc9, 0x0, 0x0})

22:20:23 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
fstat(r0, &(0x7f0000000080))
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)

22:20:23 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x20000000000}, @fda={0x66646185, 0x0, 0x2}, @fd}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x0, 0x0, 0x0})
r2 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000000c0)={&(0x7f0000000040)='./file0\x00', 0x0, 0x10}, 0x10)
pwrite64(r2, &(0x7f0000000200)="69f80d29d1c58617a788feac29031690057d6125c7d2912edd86310384ac736d07e16f4f7bf80b602a168d685b0f31bde0f585ad3c91ba20f3e5ed17708d3be37c56d004ece3c71d24b951ca71ec71541e222309e614432ac2c0f4d60bbb2a2698f82a872273cc3dcdb6968654065e489190b68e1ee37ff940794e93ea097da10a5892d5aae93dbdbf4a85318b021bfb2efce56b5e08d6828e182ce886f036376e416d", 0xa3, 0x0)

22:20:23 executing program 5:
ioctl$GIO_FONTX(0xffffffffffffffff, 0x4b6b, &(0x7f0000000080)=""/52)
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r1, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0xb, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x4040}, 0x0)
accept4(r1, 0x0, &(0x7f0000000000), 0x800)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)

22:20:23 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/member\x00', 0x2, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})

22:20:23 executing program 4:
openat$selinux_create(0xffffffffffffff9c, &(0x7f00000003c0)='/selinux/create\x00', 0x2, 0x0)
r0 = syz_open_dev$mice(&(0x7f0000000240)='/dev/input/mice\x00', 0x0, 0x400000)
r1 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r1, 0x0, &(0x7f0000000100), 0x0)
clone(0x20000000, &(0x7f0000000180)="d05ecfdd6d81f0f4f2326bb9d982a43f3a3c7c7191a5ace50bd619bb62b8c677a2785ee4e671c20a882a9110630816f0a91638f94ccd902c8ba99d1d643424d5cd2f5a5ae02212b3631097564a19f6977068d3394cabe54f91709415463af228932f69c68ea6cdee1515e780f542076baa521cad1a47e0d5e05c3b6d582638d3833be9143f74cb37e5c45c56c451cb5a36ac7b51c3a3cb7b3a530b30", &(0x7f0000000000), &(0x7f0000000080), &(0x7f0000000480)="72a96060049711dd37cd35f2d2f5494b934d7c83a3789b403f9b56d0ea1018edf8a287fb40d73f31f23e7141ea181e460cd1e6f31ed62b79cb4c1d3f7d7e777890c44ebdb349f163d956f5a72b4aec7f9b0bd182021cb3c9770260d340b4e87523b57219c8a04287864429c8b3131bff0f8426f64e3cfbb6ec5bbf787edcd0bb351da9e57447f5475820e2dc327e0eb766e714654e6c9baeda5ceccf82bc7de97292712784541da48eb609ba44dd9581bfee0cc65199c3ebfd0fa80d9c3a")
getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000280)={0x0, @local, @dev}, &(0x7f00000002c0)=0xc)
vmsplice(r1, &(0x7f0000000380)=[{&(0x7f0000000300)="477abec5ee8a0fa9b7c0f72cf62f9b6666f8cef73e1156a4a4a3a7c761626c48d97f6a08b3a320a9fee75fdf2df4f893e68bb6a3e570b9166045a81dab9d2b9745f324f546d845f686b0ffc1886cd560c6c740cfd3139f90e3b899afc53b29ce94f3943720deb49577e334d210e3f2649280cb6735b1268a9c69", 0x7a}], 0x1, 0x9)
syz_genetlink_get_family_id$fou(&(0x7f0000000400)='fou\x00')
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000440)='TIPCv2\x00')
sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f00000006c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000680)={&(0x7f0000000540)={0x110, r2, 0x1, 0x70bd2d, 0x25dfdbfb, {}, [@TIPC_NLA_LINK={0x48, 0x4, [@TIPC_NLA_LINK_PROP={0x44, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80000001}]}]}, @TIPC_NLA_LINK={0xb4, 0x4, [@TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8001}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xdf}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x81}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8e}]}]}]}, 0x110}, 0x1, 0x0, 0x0, 0x10}, 0x24000894)

[  588.953663] binder: 13733:13742 ioctl c0306201 0 returned -14
[  588.965666] binder: 13734:13740 got transaction with invalid parent offset or type
22:20:23 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/enforce\x00', 0x20000, 0x0)
r2 = open(&(0x7f0000000100)='./file0\x00', 0x141000, 0x8)
setsockopt$ARPT_SO_SET_ADD_COUNTERS(r2, 0x0, 0x61, &(0x7f0000000200)={'filter\x00', 0x4}, 0x68)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)={0x90000000})
r3 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

22:20:23 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cgroup.controllers\x00', 0x0, 0x0)
ioctl$HDIO_GETGEO(r2, 0x301, &(0x7f0000000080))
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})

[  588.965695] binder: 13734:13740 transaction failed 29201/-22, size 96-24 line 3454
[  588.966036] binder: undelivered TRANSACTION_ERROR: 29201
[  588.970708] binder: BINDER_SET_CONTEXT_MGR already set
22:20:23 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1e0, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0, 0xfffffffffffffdc5}, @fda={0x66646185, 0x0, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0xfffffffffffffe2e, 0x0, 0x0})

[  588.970717] binder: 13734:13750 ioctl 40046207 0 returned -16
[  588.971870] binder: 13734:13750 transaction failed 29189/-22, size 96-24 line 3138
[  588.975852] binder: undelivered TRANSACTION_ERROR: 29189
22:20:23 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x1000})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000180)={@flat=@weak_handle={0x77682a85, 0x1e, 0x3}, @fda={0x66646185, 0x0, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0})

[  589.004871] binder: 13749:13751 got transaction with invalid data ptr
[  589.004897] binder: 13749:13751 transaction failed 29201/-14, size 96-24 line 3316
[  589.005079] binder: undelivered TRANSACTION_ERROR: 29201
[  589.043973] binder: 13758:13759 got transaction with invalid parent offset or type
[  589.044001] binder: 13758:13759 transaction failed 29201/-22, size 104-24 line 3454
[  589.044016] binder: 13758:13759 ioctl c0306201 20000800 returned -14
[  589.044268] binder: undelivered TRANSACTION_ERROR: 29201
[  589.049074] binder: BINDER_SET_CONTEXT_MGR already set
[  589.049082] binder: 13758:13763 ioctl 40046207 0 returned -16
[  589.049397] binder: 13758:13763 transaction failed 29189/-22, size 104-24 line 3138
[  589.049413] binder: 13758:13763 ioctl c0306201 20000800 returned -14
[  589.049656] binder: undelivered TRANSACTION_ERROR: 29189
[  589.094656] binder: 13764:13767 got transaction with invalid data ptr
[  589.094683] binder: 13764:13767 transaction failed 29201/-14, size 96-24 line 3316
[  589.094883] binder: undelivered TRANSACTION_ERROR: 29201
[  589.095232] binder: 13768:13770 got transaction to invalid handle
[  589.095240] binder: 13768:13770 transaction failed 29201/-22, size 480-24 line 3138
[  589.095253] binder: 13768:13770 ioctl c0306201 20000800 returned -14
[  589.095449] binder: undelivered TRANSACTION_ERROR: 29201
[  589.099782] binder: BINDER_SET_CONTEXT_MGR already set
[  589.099795] binder: 13768:13772 ioctl 40046207 0 returned -16
[  589.100117] binder: 13768:13772 got transaction to invalid handle
[  589.100125] binder: 13768:13772 transaction failed 29201/-22, size 480-24 line 3138
[  589.100139] binder: 13768:13772 ioctl c0306201 20000800 returned -14
[  589.100409] binder: undelivered TRANSACTION_ERROR: 29201
[  589.101520] binder: BINDER_SET_CONTEXT_MGR already set
[  589.101530] binder: 13764:13771 ioctl 40046207 0 returned -16
[  589.102195] binder_alloc: 13764: binder_alloc_buf, no vma
[  589.102213] binder: 13764:13771 transaction failed 29189/-3, size 96-24 line 3284
[  589.102313] binder: undelivered TRANSACTION_ERROR: 29189
[  589.192008] binder: BINDER_SET_CONTEXT_MGR already set
[  589.192017] binder: 13779:13780 ioctl 4018620d 20000040 returned -16
[  589.193170] binder: 13779:13780 got transaction with invalid handle, 3
[  589.193195] binder: 13779:13780 transaction failed 29201/-22, size 88-24 line 3411
[  589.193414] binder: undelivered TRANSACTION_ERROR: 29201
[  589.198280] binder: BINDER_SET_CONTEXT_MGR already set
[  589.198289] binder: 13779:13781 ioctl 40046207 0 returned -16
[  589.198357] binder: BINDER_SET_CONTEXT_MGR already set
[  589.198362] binder: 13779:13781 ioctl 4018620d 20000040 returned -16
22:20:26 executing program 2:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r0, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000000201ffff00000000000000000002000049df76e85598384a26792ea40e8ed6fbb5c5927ec1593bdecaaf5bf8b3ef92527e7bb6a33b07e8f6a7208773f09f5c1fd1a397390117f3b91a63d64d84ed0b0c774cc3f995e856fe815526227f96bc7978ad0e4f7f6bc42ca109b20d62aaea8af5bc155bf9c518333d00000000000000"], 0x14}}, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r2 = fcntl$dupfd(r1, 0x406, r1)
r3 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r4=>0x0, <r5=>0x0})
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000500)={0x0, <r6=>0x0}, &(0x7f0000000540)=0xc)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r7=>0x0})
ioctl$LOOP_SET_CAPACITY(r2, 0x4c07)
write$P9_RRENAME(r2, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000160000,user_id=', @ANYRESDEC=r7, @ANYBLOB=',group_id=', @ANYRESDEC=r5, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r6, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r4, @ANYBLOB=',pcr=00000000000000000049,rootcontext=staff_u,dont_hash,\x00'])
fstat(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0})
fchown(r0, r7, r8)
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r9 = gettid()
r10 = epoll_create1(0x0)
r11 = epoll_create1(0x0)
timerfd_create(0x0, 0x80800)
epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, r10, &(0x7f00000000c0)={0x20000001})
r12 = epoll_create1(0x0)
r13 = timerfd_create(0x0, 0x81000)
epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, 0xffffffffffffffff, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r13, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r13, &(0x7f0000000200)={0x2000})
r14 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f00000001c0)='/selinux/mls\x00', 0x0, 0x0)
epoll_pwait(r14, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r15 = dup3(r13, r12, 0x0)
ioctl$BLKIOOPT(r15, 0x1279, &(0x7f0000000700))
ioctl$TUNGETIFF(r15, 0x800454d2, &(0x7f0000000000))
epoll_pwait(r11, &(0x7f0000000100)=[{}], 0x1, 0xfffffffd, 0x0, 0x0)
ptrace$setopts(0x4206, r9, 0x0, 0x0)
tkill(r9, 0x10000000001c)

22:20:26 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
r1 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/avc/cache_threshold\x00', 0x2, 0x0)
timerfd_gettime(r1, &(0x7f0000000140))
r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f0000000180)={0x81, 0xcc, 0x100, 0x2})
openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/current\x00', 0x2, 0x0)
pidfd_send_signal(r0, 0x21, &(0x7f0000000080)={0x34, 0xf8}, 0x0)

22:20:26 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000840)={{0x7f, 0x45, 0x4c, 0x46, 0x5, 0x3, 0x80, 0x0, 0xfff, 0x3, 0x6, 0x5, 0x21f, 0x40, 0x10f, 0x81, 0x2e, 0x38, 0x1, 0x7a, 0xfff9, 0x4}, [{0x70000000, 0x86d, 0x101, 0x800, 0x7, 0x8001, 0x7, 0x8}, {0x60000000, 0x1, 0x4, 0x3f, 0x4965, 0x7, 0x480, 0xc76f}], "c7f15edd2f529906ed5917b62adbe9dcfa5ae5b61eebaac9b44eed31ec94c099a3c18eee6d5b27fc6a20ed15b377690b3fb8606eb5e0a8457f63f3f57cc4a0cd464c60fcfe6b495bc71516854924a12feac96550b13aee60d715e2ba49bd0d90f840144d064018eb79eb745d05e3c0480ad68ed5181d511899bc4eb6f65057a38147a518292ddfdf0dd5bcadefc82255fa8a5e556bbf3ee9ab0973cf38dfb1550f325e42b57c477efcb8aeb2bad2f1575fe61b9896881109a60e31a120d51c7bd660d0a4d773242187d8549eb36a3ef9f4ad40e1cd40a5b0956a125067a13e667ec883929796b080e2244e799b393f0875abeeb1f83c2d737d9336f1aaebe47299c09b6706996696da9d3867dfda9a5798fb94de5724ac46b12cd6547bccf13112733ce8da5c8023fc13336cd957b58e6c1bcddbca7a0af55606e19bbf610429b5580971b66ee37a0b1c6bab0e3d261a5dcf4c6bc5b9b460619f3556b73bf2727831879299fa1d543c960190b0c7d88fa1a32a0d88273e7adfd0543f75d71d12dc849e4f458bcf7d5d63f7043e20abd0f4129ea9f81bffd1f9c00416924bc4c441547f6d5aa785db46892be88a344f4e00632b7489dc6e1a4bd1bfe548ffc637e0b79c1322dc909f7ad7d37e7418e3f5190d1aae08be759ab21e3ab464f9330a77549352e225328e317fb5da902f758d4869adfaed32cb4a0adb8d55f90627d105eb1e6edcec9f10e25ebf35016a971fab466d8769b454011ec2ba1c50d171ff06e8124664243a1d188945e4a8d9ce18aa4c78fded7102e7b22b293a20dfb1654e202d9eaa34211b9d2f84e5f941c48d55dbf1997815a713d042fc10b6393fed0cbbad7bbe5ec0a2ba79556031a117edcc5ee8a57e44c3d2a22ac7ed2471617b5030919869af23a99bcde507b7dfe25cca3df25330edd14fe1505973c8dfedf21d540f9d144277c7e610464d3a347baf8ea6a531a749075df0294475a598c5488f15b032b4a2c8e806c02ec5c80847d10e6e8cb53074f52a5bc98dcaceccbb643dbe2643dbe89d83706ecb297d864f2d94d5a9fe11200ede97a54eeeb9428584bfa7ac627634b1c702b98d4728eb5d86b72084b4f6eef6451e14ffe00b1ee56e7f7ceb44fb8ed5dcd972606e878fca65ac47c9e08709d5cf872bd9ad86e7404ce02dde0f939df2e40c00a5c4745fe827103dd226dad7a89eaed4202fd0deb45e4df043f832dfab82b109a9dbeb5191d8e8a09904a06ba572ce91cdd12d22d32a610946c302fe67bfe5d596a145da00cd961e0b5c1274a479af7c69a568bb0897b5d4aea9c21368dd6c4dfc67b0eef94bc269bfd457c9a3d9661c66fe882da6f3e116393f2bc59e44f4f2b9f53d7e2767ebba223859f31da7b85a00a49ce61b2455acbed14000f2528e53cdccea799db076db671e5edbb9974375855d75414b9082134204a597fc5567c38dd923099186e7eb1c353ee54ffd98c19ed647ee233e3d5434a691878d701cf29274f8ee14ff7b9a2af302712887fb1426c468ba9942ba3f99ac06ba98064f3d056addfb7489b68d28cc415ee8fcc099569fcb9b31ed122eabae137ae78bfd6e0a219a68fd5fa4ba78acac87e1c9446b25faad5c5098c0fbe7fe28da88befb147676aafb3a7e76d906343404e61aeb0e10b680f63f4eeec4bcb590338f42a8346262e62d485e72a66d27be6927381f685db3a1f0dc06066fe57e33176b5d52bc7d97a0a01b7352c9bbb783ef98406ebbdfde679efa78977d528be87d9cb8759e62b7847e43e6624800eebf124fd4a3e8c696abd86cba0486787c61d6a2a0a78ac2bf92f0f0d9372845ea4eacf4ed7eac393271e851209b981dd1d807cd56bdc78667de8fc031adca09651b86b2e93aaabd6141b45251bda2dd05dca0f498f6c63da44bb7e82e17633eabcc14982fac9d2cbfac637f343062f09f01f326eab54ee17e8b2922e90e96e3a29c09c0069ffc4e154080d77cdb90ff743a8164bb3ca4daac8978c1fddf8adc6f08fdaa10e9d5c2fc5dea481aac55e89ad227e9f21b91d28416681d4f8bc0eb978d39d23e16c86332409a8b964eb69ea0076aebd841c944490432c8c5a7a07385ead88a39ef208daaba74cb7c7d998cbeb6ebaf7d15055c24b9676b9196a3d964008cf64c34de43cb728d16f8ba10f2c20227efbc21a0507685a5242e23c45acf4505af09bd0e884bed39e4d1f0706770b0ecf1e9df38a176b1984f3ddbbed177c4f5af86b1bd6b234dfab415dd6b9b4a650dd9413c0877a7dbde64c92d24c03ce19538380d7b24b2e597486a425a68e342c86afff339764fc93de9671f4c982f8450f0beac5424286dae67603d423d742a2a7adcf832714703547f5217058401e563095fcf6369426723ba7c3d7936e229a004f94eef3f9ff8d174fea8d5222af8bb23a98c71309e204856307d376ffe1175c4cfac20eafe9b3ef93051c7624a27e8342f4367c3f1a555cb88c08e9f9c607296854e659638a6f4f2415683cec1c29d059b8b26bcdd1bf8b55a5553596a988fcf9f8097412af8bbeb899e2738b12b29600e257f53f16761ac2a9d09428de7b06201c53aa528ec09ac379bab28eb60482c5fa4be170814ab11e7ba2d4ab9f461ad24251375f0a290e0165ede5a5b5cb5e17d29039e23804798694fa6a022128436e0c2d03bb6a3d6717f928745b69037b5e8ab2c6ce8381a5e85ff3d1e703652a7ae8533bb03b82ddf142a47a758fbdc14b487b594b2fb55a53cf5f40b60a2dafc00260c07b5fa4f51d2df7b2402f7c1d0b0977aafec027706a4609874231e1ea5d9f76df0bbc7433164c761d90c08d17b64cbfa352a7e72bbd5c0503b9dcb8ca471d41e144d6a6752aa139cfda89a0a83805b1161f323ee0f9f973e1da1e8ac8f212c5eaad3463947411a41ebe6a36acde668e4ca82c484513a3f3cc7401b1701a2d769c858242f2653cb118f2c6672ea512153e5609cb78529d0286adfd70fc6426501e3d06f803ca88a94924a46ebade20268dee77db8899a2750a05c824b71021d797923c9a476bc2daa76e627c28df4ee4b1c29ef88a861f0faf8f6a2812094214da21d8188583944d1b5e265e5d8586cf15609fd6c43bd7fc5910d66d41d51bcff5d6f91601fd261b531ecf6da12097c4abfec4c42ba932c475f67cb61c1c4ea0eca782aecdf25f1f8c8f9740edd512d1c965e692ea36ea705d6033782ae73973d42397ffdc5d2db44522001d5eb73d43d617b7024e39024497f26499e04d16f9bb059c497ecb874b969165c0c551b925cfccb1b9d69c5798a3ffc5b67397a0753e265c0beb5a201a287ef29504745099b5b6daeefb8e7e16badef9ffcf839b7b78b8b548ff9dbad9eea2c7cdcaa526822dfffc825db92fce4fe2bda158b2d794492d7a2684127c16002cc86e25a9682716be18475cf14c670385e968ac4532f947309329cbf440c18e6583ecfe1c5533855b7c8926f12678f8aaa43120afd6be1e1f89add82a19bda21eec2475146545a22deb629c96e7902d843702cbad5dab80163c3bdc14d1a72feef9e814a6df156f602938972df630f68fe4b1bbd6385e91f4e8b4942cdb54f5ed1e04b3736292bef3d8e243abac6e6a4f5fbfdd51280dbf25bcac1f6c20b484b76e81a4f9b4b1f87b3d1ca3b4d51e8dd873501e64d898318c30f4c023027529647ced7cb05743d7e60d87b9375f33d40537bcdc11b641de8c5d5019acb84df1347fa227c534a19abae79642e901acb3fd2d80cfdd6b013f526381067f5d3e7caa295a8fbf31143c6575bf4a3816489a01de4888432004bca8f11abc89b25559c9ed080dce5a614f410c0b8c68f6c77f7bd68051147c63708c538053af9a7fadad095f0f40d664ac85fb12377aaf23b37a33a334a6fc0ce7eec822de6f619efe8ff06fe21a920f7e1f0eb6b1eb1481268a071be166bba9374778aebc3b7b018f1cee424732955dbf21dbbcf06c293475dc4a5fd9cf335879a819eadf79b70f7d39bcf0e07515c3fc83e9d8554230a6baf17d7a9de39a91597b2a0b0f02d4519e15196135314691fe182f2b2bba935fd56cdca7d4b6242b776fd5e9e4d6eba455e412867409658c59958eab891be1403065de6fef3eceefa736f45661ca24a84e29cdf2e279033addf11c3a1d5e08012e4260ace220346f3a986151096a523ec79c96e2bce8ecd5bb9787fc992aa06d2453c9bc8ba939d31a0499fba94742e56a3749a12577969a636d1ea139737dea625b4e6201e6d51f9216bc8f34b390af408bd8594c9cce02baf03615241ad66514d7e8aca51503d9400138daaaf2bca2e6ba76f52836aa4104b3c09f9fe2b463ac335e0ee22df0a37d48cfa3d71a19db4351f0bf744f14e586551ab681c709d493b44c78ae3e1095da28bfc5fd26f96085a4e992216cf909f182a3b128f543cae182d6c5377d8fd896d6dcb358071f993ce361901b3748e32f40422985914555f3b593efd79c1714b206419e07b9d076079ee77359a3f0b76ae443a81b36e8b270b189ec57cb1144c71ee5ec5d2fc32165ab2fdd5d39740c5548102a9868ae2633ff497304632abb6218e791995168a1a1a405f181c04ac48df1aaecd4aae3f6e297c8098e9078d5fcc6fe152096a1ea848bb5de2142fb117517c5f6b74afc3aa12ec460ac7c918aabbc0ae2aed660203ef1dff66b0f76432a4c0cc53391ca2c2ebd3ac81994aa1add5844244f3a525210b5826d5fc8929d29685b072e863ddd4586f53556605bfcd45e77e915f366085484142e93404d8ea4e8df71a111a81fea9cb0caf8ed0630417a316ffc93f6c2e7cfd51e07dccb4efa6283cd1f813b856577434b5f5e9fb28b393b21934c90c28fa0a67454fd6003a8abee96e048608b7785197556f4355a3294ef52baef9876c79a22cf1d9e6d0f6ce63a1196f08fa89e4252f4838164eb6c2b31f501740d040a5675cd7c69ff7440e0b460bd8aa1a9077003e53040afe1fb82480ca709533220a08aba7291db56c709011b732897d02cf52897fe55b235a9e668df510979b3c74811714989425d1233b8a41d4f43948408be6b9f94d28047b447b60c76873463685e603fb03f0d87ec097d97bd14c4bd5f17944434d834a3d5e78fbacf258e692de041d2247306fd0a63abf3ec687ad04d20b94397199d9fedb38a746dc49eca6191e8f1a32e0af41219d142a107a2f645dec73bf8704897ca066ad7395c8ee76636b78a7444260795efbcf8ad112486dc2954b275834a3c6861ebbdd9a8e63051173ad2500e36ece6561857feaa8a099e6f6a3cad66f3e649999218b689cc8bffd26e3bdc64843bbe44b78646da00b9ae365d69838eb18a828ecc2a9df0b937fee36d8921081ad64f3a63439fbbd3e3ba8ce27593d69275acf55e3b465a0d7b4cc285d16252078dba10f1380f2fbdb310bb15e47444a46609d5520575f0e54889fa302bda696081f2912c60f07d69cc3b61ecf0b8862bd476012a1439a7a940632d48e74f465d4c79dcaedaa6f9d6bd2d8e8cbe73af2ec2f7ed1272541c977cb0439bb8b9ea43d9aca2e72c4e89e34bf529ab7dabbdfb633836690ba4f3185888a32e8fce85a9a0f2c134f115169205ec9b8d17d66118748f7ef5b06eb575b89afabc95000438231bea130d65f99382f11c1017e8804fb11e4642bc5ec19259debc673707fc61567a06b913543bff43df3b31cccb9effbd66efe804270969a160129b5ad997275d79297f048b19684e41644a61ce8b4aafc591e542dc06836e1679aa70d2934378bfce9c4ebae", [[], []]}, 0x12b0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

22:20:26 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
write$selinux_access(r2, &(0x7f0000000040)={'system_u:object_r:dpkg_lock_t:s0', 0x20, '/usr/sbin/ntpd', 0x20, 0x7}, 0x45)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})

22:20:26 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x8000, 0x0)
r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x200000, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(0x0)
sendmsg$TIPC_NL_NAME_TABLE_GET(r2, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x24409000}, 0xc, &(0x7f0000000280)={&(0x7f0000000580)=ANY=[@ANYBLOB="0800ad2846bee24ac4c074d74eb7c0a0c8ab5b15d2fe45b39c1da54ad1143459bc50dc07641ec79583ae054ac7340d04abf3fc62b85074a7cffe78c4600148dc7cdec497f5c4f40517798001", @ANYRES16=r3, @ANYBLOB="04002bbd7000fbdbdf251000000004000600a4000400440007000800010003000000080001001900000008000200020000000800030001000000080002009c07000008000200050000000800040009000000080001000d0000000c000700080004004a0000000c00010073797a30000000000c00010073797a30000000000c00010073797a31000000000c00070008000200050000000c00010073797a31000000001400010062726f6164636173742d6c696e6b00002400060008000100ff0f000008000100f8ffffff080001004f0000000800010001ffffff"], 0xe0}, 0x1, 0x0, 0x0, 0x8004}, 0x4000004)
sendmsg$TIPC_NL_PEER_REMOVE(r1, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000400}, 0xc, &(0x7f00000002c0)={&(0x7f00000000c0)={0x1e8, r3, 0x100, 0x70bd25, 0x25dfdbfe, {}, [@TIPC_NLA_BEARER={0xe4, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x4}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x0, @remote, 0x1}}, {0x20, 0x2, @in6={0xa, 0x4e23, 0x1, @mcast1, 0xc097}}}}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}]}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'ib', 0x3a, 'ip_vti0\x00'}}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, [@TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_BEARER_PROP={0x4}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0xf407, @empty}}, {0x14, 0x2, @in={0x2, 0x4e23, @multicast2}}}}]}, @TIPC_NLA_MEDIA={0xb8, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffffffff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1000}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1f}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x49d1}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8d}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}]}, @TIPC_NLA_LINK={0x38, 0x4, [@TIPC_NLA_LINK_PROP={0x34, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3ff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1000}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffff}]}]}]}, 0x1e8}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)

22:20:26 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

22:20:26 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

22:20:26 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)
mount(&(0x7f0000000000)=@sr0='/dev/sr0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='bfs\x00', 0x1, &(0x7f0000000100)='/proc/self\x00')

22:20:26 executing program 4:
openat$pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/pR\x15X}telf\x00', 0x400000, 0x0)

22:20:26 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r1, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
ioctl$EXT4_IOC_MIGRATE(r1, 0x6609)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)

[  591.972789] binder: 13795:13798 got transaction with invalid data ptr
[  591.989001] binder: 13794:13802 got transaction with invalid parent offset or type
[  591.989028] binder: 13794:13802 transaction failed 29201/-22, size 104-24 line 3454
22:20:26 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

22:20:26 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
io_setup(0x6, &(0x7f0000000040)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r3, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r4, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r5, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='cpuacct.stat\x00', 0x0, 0x0)
r7 = epoll_create1(0x0)
r8 = epoll_create1(0x0)
r9 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r9, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r9, &(0x7f0000000200))
epoll_pwait(r8, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r10 = dup3(r9, r8, 0x0)
ioctl$BLKIOOPT(r10, 0x1279, &(0x7f0000000700))
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r11, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
pipe2(&(0x7f0000000580)={0xffffffffffffffff, <r12=>0xffffffffffffffff}, 0x8000)
io_submit(r2, 0x6, &(0x7f0000000680)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x3, r1, &(0x7f00000000c0)="bcc54f2d9ff4825b4229e1a46f", 0xd, 0x5, 0x0, 0x0, r3}, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x7, r5, &(0x7f0000000140), 0x0, 0x9, 0x0, 0x2, r6}, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x2, 0x230, r1, &(0x7f0000000280)="627b839cfbee4d78951351df435572692dc0a08f28a28a663e59c79daba8e261775ec3e261f892d7f6aace740b07f5bdca6fca63013c5895663ad9fa528a1b43d6fd7a23f0641edd6e931fa85d996b53", 0x50, 0x2, 0x0, 0x2}, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x6, 0x0, r1, &(0x7f0000000340)="c7b0a33837ea012aa6b7d595a9764e850f946a7c62099eee67a43d39272b0e7d084d481da24a626e03584b15cf8a4c3b1b0c937b1dcc786e3adfbbc9bb13c0db2df258a11d1ab95a4fa41891736e5fa34c1f96425ef9b90e2ea5925073", 0x5d, 0x101, 0x0, 0x3}, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x3, 0x4, r0, &(0x7f0000000400)="ff2b777e64ae6d4565ea1b6b33dc24cfab93102fcf6da18875abdb618b64bfb3e7b4627c38ad79", 0x27, 0xecd, 0x0, 0x2, r10}, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x7, 0x7, r11, &(0x7f0000000480)="63834511f69212d825ab9467339eb2457ecb440684f763ffb601228251e4d5c3464508522823b6606e7e3d72fc0c14b07c56d7574bf73d8eaf2f3cba00c9f4579f6900d69f4a7b4e74b8da3e55f5352e0148f32bd8ecb01cae28944b7d4a14039eda55a3f2da8e748955e1ad0dca61d9826ad47acd508ca9f0815ed7f9f75e1ede4427ec0c4472fe3456f90e1222d8570fb61414346f5a2582a26a145c28aed2af18d8bff3a6d8929a50ed57b5915c49fe1f2e4b955bb0046621c837cd260c7dece38d5abfc1a8a9fcfc7e3dc65221e9b0d173b3eed0", 0xd6, 0xf5, 0x0, 0x2, r12}])
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

[  591.989042] binder: 13794:13802 ioctl c0306201 20000800 returned -14
[  591.989361] binder: undelivered TRANSACTION_ERROR: 29201
[  592.000357] binder: BINDER_SET_CONTEXT_MGR already set
[  592.000366] binder: 13794:13814 ioctl 40046207 0 returned -16
[  592.078712] binder: 13795:13798 transaction failed 29201/-14, size 96-24 line 3316
[  592.090055] binder: undelivered TRANSACTION_ERROR: 29201
[  592.092663] binder: BINDER_SET_CONTEXT_MGR already set
[  592.092672] binder: 13795:13832 ioctl 40046207 0 returned -16
[  592.123790] binder: 13825:13834 got transaction with invalid parent offset or type
[  592.131816] binder: 13825:13834 transaction failed 29201/-22, size 104-24 line 3454
[  592.139627] binder: 13825:13834 ioctl c0306201 20000800 returned -14
[  592.853839] binder: undelivered TRANSACTION_ERROR: 29201
[  592.855883] binder: BINDER_SET_CONTEXT_MGR already set
[  592.855891] binder: 13825:13834 ioctl 40046207 0 returned -16
[  592.865563] binder_alloc: 13825: binder_alloc_buf, no vma
[  592.865580] binder: 13825:13837 transaction failed 29189/-3, size 104-24 line 3284
[  592.865595] binder: 13825:13837 ioctl c0306201 20000800 returned -14
[  592.890356] binder: undelivered TRANSACTION_ERROR: 29189
22:20:29 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
prctl$PR_SET_NAME(0xf, &(0x7f0000000000)='$\x00')
tkill(r0, 0x10000000001c)

22:20:29 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)
r1 = socket$inet6(0xa, 0x6, 0x80)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000001c0)=[@window={0x3, 0x7, 0x1}], 0x1)
r2 = syz_open_dev$rtc(&(0x7f0000000000)='/dev/rtc#\x00', 0x3, 0x80220)
pipe(&(0x7f00000000c0)={<r3=>0xffffffffffffffff})
ioctl$TIOCGSID(r3, 0x5429, &(0x7f0000000180))
ioctl$RTC_WIE_ON(r2, 0x700f)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x80000, 0x80)
ioctl$TIOCCBRK(r4, 0x5428)
r5 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r5, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r6, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
ioctl$VT_GETSTATE(r5, 0x5603, &(0x7f0000000200)={0x3ff, 0x6, 0x100})
dup2(r4, r0)

22:20:29 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r3, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r3, &(0x7f0000000200))
ioctl$void(r1, 0x5451)
epoll_pwait(r2, &(0x7f0000000080)=[{}], 0xc4, 0x7fffffff, 0x0, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$BLKIOOPT(r4, 0x1279, &(0x7f0000000700))
ioctl$TIOCGPGRP(r4, 0x540f, &(0x7f0000000000))

22:20:29 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3c, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104]], 0x0, 0x0, 0x0})

22:20:29 executing program 0:
syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x804)
r0 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0xa, 0x1})
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r0, 0x0)
getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000080), &(0x7f00000000c0)=0x14)
r1 = gettid()
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x3b)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r1, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000180)=ANY=[], 0x123, 0x0, 0x0})

22:20:29 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x207, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x2}, @fda={0x66646185, 0x0, 0x1, 0x4}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x0, 0x0, 0x0})

22:20:29 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})

22:20:29 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x100, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

22:20:29 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='\x02\x00\x00\x00k\xc1\x00', 0x0, 0x1807)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000080)=ANY=[@ANYBLOB="01a3a10300067d56d8"])
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
r2 = epoll_create1(0x178e1f1a7f38a0b0)
fgetxattr(r2, &(0x7f0000000280)=@random={'osx.', '\x02\x00\x00\x00k\xc1\x00'}, &(0x7f00000002c0)=""/18, 0x12)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0)
stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100))
r3 = epoll_create1(0x0)
r4 = epoll_create1(0x0)
r5 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r5, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r5, &(0x7f0000000200))
ioperm(0x3, 0x1, 0x3)
r6 = epoll_create1(0x0)
r7 = epoll_create1(0x0)
r8 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r6, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r8, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r8, &(0x7f0000000200))
epoll_pwait(r7, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r8, r7, 0x0)
epoll_pwait(r7, &(0x7f0000000240)=[{}], 0x155555555555571f, 0xffffffffffffffff, 0x0, 0x10e)
r9 = dup3(r5, r4, 0x0)
write$P9_RREADLINK(r9, &(0x7f00000001c0)=ANY=[@ANYBLOB="1000000017020007002e2f66696c8530"], 0x10)
ioctl$BLKIOOPT(r9, 0x1279, &(0x7f0000000700))
ioctl$PERF_EVENT_IOC_REFRESH(r9, 0x2402, 0x9)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
eventfd2(0x101, 0xfde261be99500434)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})

22:20:29 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000005000/0x4000)=nil, 0x4000, 0x0, 0x20010, r2, 0x8000000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x2})
mmap$binder(&(0x7f0000f3e000/0x1000)=nil, 0x1000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r3, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
getsockopt$bt_hci(r3, 0x0, 0x0, &(0x7f0000000200)=""/232, &(0x7f0000000040)=0xe8)

[  594.973175] binder: 13842:13846 got transaction with invalid offsets ptr
[  594.982437] binder: BINDER_SET_CONTEXT_MGR already set
[  594.982446] binder: 13843:13848 ioctl 40046207 0 returned -16
22:20:29 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)
r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x200, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f00000002c0)={{{@in6=@mcast1, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in6=@ipv4={[], [], @loopback}}, 0x0, @in6}}, &(0x7f00000003c0)=0xe8)
r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r3, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r5 = fcntl$dupfd(r4, 0x406, r4)
r6 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r7=>0x0, <r8=>0x0})
getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000500)={0x0, <r9=>0x0}, &(0x7f0000000540)=0xc)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r10=>0x0})
ioctl$LOOP_SET_CAPACITY(r5, 0x4c07)
write$P9_RRENAME(r5, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000160000,user_id=', @ANYRESDEC=r10, @ANYBLOB=',group_id=', @ANYRESDEC=r8, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r9, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r7, @ANYBLOB=',pcr=00000000000000000049,rootcontext=staff_u,dont_hash,\x00'])
setsockopt$inet6_IPV6_IPSEC_POLICY(r3, 0x29, 0x22, &(0x7f0000000180)={{{@in=@dev={0xac, 0x14, 0x14, 0xb}, @in6=@mcast1, 0x4e20, 0x101, 0x4e24, 0x8000, 0x2, 0x0, 0x80, 0x3c, 0x0, r7}, {0x55, 0xac2, 0xe33f, 0x8000, 0x709, 0xfffffffffffffff9, 0x5, 0x7a}, {0x6, 0xd44, 0x4, 0x7}, 0x2c, 0x6e6bb8, 0x0, 0x0, 0x1}, {{@in6=@ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x25}}, 0x4d5, 0x3e}, 0x2, @in=@empty, 0x0, 0x4, 0x2, 0x9, 0x773, 0x1, 0x6}}, 0xe8)
mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000004, 0x8010, r0, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f0000000400)={@initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x7f, r2})
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r11, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="130208000201ffff000000000200000000000000"], 0x14}}, 0x0)
ioctl$FS_IOC_SETVERSION(r11, 0x40087602, &(0x7f0000000000)=0x6878c02c)

22:20:29 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000100000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a747000cf0000000000000000000000000000000000000000008f00000000000000000000ff0085616466000000000000000000000000020000000000000000008561646600000000000000000000000000000000000000000000000000000000000000000000392403b0b323857f70a884efba40206f6b019253b9356e326471f84b61b3c126de3e6e7b2f914a72ce17c1e744cb4be972bd49735c39a53a44e30072424ea9182d5011005c897c4825c82359645347eb28acfbc1b665e53b6b172368a6f1ee50827eeb8e84978417452cd413a230944ce66e70611835b6d3daeb47ca0d3d3bf616aa17b28fff52e3e2c8cdb3c0fc29e8a7fd6c90cf61c944501cf64ecc38a563d30edd45bbfc47a0338ac64d739e661dc8d79e59a13801d6687fd27c2fea6daeda"], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00']], 0x1ca, 0x0, 0x0})
socketpair(0x1, 0x80000, 0x2c, &(0x7f0000000040))

[  594.984935] binder: 13841:13849 got transaction with invalid parent offset or type
[  594.984963] binder: 13841:13849 transaction failed 29201/-22, size 104-24 line 3454
[  594.985148] binder: undelivered TRANSACTION_ERROR: 29201
[  594.988047] binder: BINDER_SET_CONTEXT_MGR already set
[  594.988056] binder: 13841:13855 ioctl 40046207 0 returned -16
[  594.997025] binder: 13841:13855 transaction failed 29189/-22, size 104-24 line 3138
[  594.997324] binder: undelivered TRANSACTION_ERROR: 29189
[  595.006335] binder: 13860:13862 got transaction with invalid data ptr
[  595.006359] binder: 13860:13862 transaction failed 29201/-14, size 96-24 line 3316
[  595.006530] binder: undelivered TRANSACTION_ERROR: 29201
[  595.011169] binder: BINDER_SET_CONTEXT_MGR already set
[  595.011180] binder: 13860:13864 ioctl 40046207 0 returned -16
[  595.011476] binder: 13860:13864 transaction failed 29189/-22, size 96-24 line 3138
[  595.011789] binder: undelivered TRANSACTION_ERROR: 29189
[  595.015814] binder: 13863:13867 got transaction with invalid parent offset or type
[  595.015837] binder: 13863:13867 transaction failed 29201/-22, size 104-24 line 3454
[  595.015850] binder: 13863:13867 ioctl c0306201 20000800 returned -14
[  595.016008] binder: undelivered TRANSACTION_ERROR: 29201
[  595.016501] binder: BINDER_SET_CONTEXT_MGR already set
[  595.016509] binder: 13863:13868 ioctl 40046207 0 returned -16
[  595.041320] binder_alloc: 13872: binder_alloc_buf, no vma
[  595.041341] binder: 13872:13873 transaction failed 29189/-3, size 104-24 line 3284
[  595.041357] binder: 13872:13873 ioctl c0306201 20000800 returned -14
[  595.042002] binder: undelivered TRANSACTION_ERROR: 29189
[  595.058941] binder: BINDER_SET_CONTEXT_MGR already set
[  595.058950] binder: 13872:13873 ioctl 4018620d 20000100 returned -16
[  595.059230] binder_alloc: 13872: binder_alloc_buf, no vma
[  595.059247] binder: 13872:13873 transaction failed 29189/-3, size 104-24 line 3284
[  595.059262] binder: 13872:13873 ioctl c0306201 20000800 returned -14
[  595.060095] binder: undelivered TRANSACTION_ERROR: 29189
[  595.089227] binder: 13882:13885 got transaction with invalid parent offset or type
[  595.089254] binder: 13882:13885 transaction failed 29201/-22, size 104-24 line 3454
[  595.089268] binder: 13882:13885 ioctl c0306201 20000800 returned -14
[  595.089815] binder: undelivered TRANSACTION_ERROR: 29201
[  595.093916] audit: type=1400 audit(1569277229.737:38): avc:  denied  { execute } for  pid=13881 comm="syz-executor.4" path="/proc/13881" dev="proc" ino=41231 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=dir permissive=1
[  595.095957] binder: BINDER_SET_CONTEXT_MGR already set
[  595.095966] binder: 13882:13886 ioctl 40046207 0 returned -16
[  595.096262] binder: 13882:13886 transaction failed 29189/-22, size 104-24 line 3138
[  595.096277] binder: 13882:13886 ioctl c0306201 20000800 returned -14
[  595.096495] binder: undelivered TRANSACTION_ERROR: 29189
[  595.359525] binder: 13842:13846 transaction failed 29201/-14, size 104-24 line 3330
[  595.369293] binder: undelivered TRANSACTION_ERROR: 29201
22:20:32 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x8, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$LOOP_SET_CAPACITY(r4, 0x4c07)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

22:20:32 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
r2 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r3 = epoll_create1(0x0)
r4 = epoll_create1(0x0)
r5 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r5, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r5, &(0x7f0000000200))
epoll_pwait(r4, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
times(&(0x7f0000000380))
r6 = dup3(r5, r4, 0x0)
ioctl$BLKIOOPT(r6, 0x1279, &(0x7f0000000700))
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r7, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r7, 0xc028660f, &(0x7f0000000480)={0x0, r6, 0x80000000000, 0x5, 0x6, 0x401})
r8 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r9 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r8, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r9, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$TIPC_CMD_SET_LINK_PRI(r6, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1920}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x30, r9, 0xb20b03e19e6b4e0b, 0x70bd2c, 0x25dfdbfd, {{}, 0x0, 0x4108, 0x0, {0x14, 0x18, {0x1, @bearer=@l2={'eth', 0x3a, 'bridge0\x00'}}}}, ["", "", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x80}, 0x40000)
r10 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
timer_create(0x7, &(0x7f0000000040)={0x0, 0x15, 0x0, @thr={&(0x7f00000000c0)="34b53952aa4cb04be54ca31d9e1eab89a61ef56983c1d20d58f63b6785b92658626ba6e64c1b69dc89968b076e47a842a330ca20e7ff25fed5858fe759cd00b15136e78ac01f4f8a2b9396b711343c9c8c07e4c07b559b33f6191761cc1c1a568e3477902af7a0c73b4fa2517c5a0c3fdd7793ae17edc7a870b5cf554852a29b1cbf863128452340be20", &(0x7f0000000680)="baea2513cc993e8a5300ca9f5c77dc4ff0c356dc6042de05ec1879d44fe41fc8f4ec801bdc9db99c50cb6194640c7d008d07e66fd1c665fe77c208bb146e23d8582df23a510a400f471e0cc3a1c1e238eb673fc662b5a1cfd9199c15cbe2a60e50e1658bdcd1c9a05f60e39ae2d75f38ee76f025c06343e97d24a5c2fbd852fe7a37d4ac3d5bdb24c2fe4ae6616e5f1482fa786150269c9af408da5efc1a9cf5430d8922b3171c28ec0708203dbc5e926d86b9346fb93153d203087ab30d461e7d9fa5d274b06bee68b8"}}, &(0x7f0000000200))
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r2, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r10, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
ioctl$KDSETMODE(r2, 0x4b3a, 0x4)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

22:20:32 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)
statfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000180)=""/173)
setxattr$trusted_overlay_upper(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='trusted.overlay.upper\x00', &(0x7f0000000240)={0x0, 0xfb, 0x3e, 0x4, 0x4, "86c75a13531f904959ecf985483e82a8", "38b4f8c6476685f529aeb4a7432c9a5bfb416a75b75816b7e3b7180d5ce984ec15b91afdb9868ff152"}, 0x3e, 0x6)

22:20:32 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3c, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104]], 0x0, 0x0, 0x0})

22:20:32 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80000)
ioctl$ASHMEM_SET_SIZE(r1, 0x40087703, 0x3f54)

22:20:32 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0063f3404000000000000000000000000000000000000000000000000000000000000000006000000000000000002a370cf40fba"], 0x0, 0x0, 0x0})

22:20:32 executing program 4:
r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x4)
ioctl$TCSBRK(r0, 0x5409, 0x80000000)
ioctl$SNDRV_TIMER_IOCTL_INFO(r0, 0x80e85411, &(0x7f0000000180)=""/169)
r1 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000080)='/seli\x02\x00', 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_PVERSION(r1, 0x80045400, &(0x7f00000000c0))
r2 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r2, 0x0, &(0x7f0000000100), 0x0)

22:20:32 executing program 5:
socket$nl_netfilter(0x10, 0x3, 0xc)
perf_event_open(&(0x7f0000000340)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x99, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x23b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000000000, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x100000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0)
mkdir(&(0x7f0000000880)='./file0/file0\x00', 0x0)
add_key(0x0, 0x0, &(0x7f0000000080)="01900e261a7d6cf6c65b14701b0c26f0758d7a6829440268ed19ffe10445b03803a54404a414a59e1c065dcd8209d78c", 0x30, 0xfffffffffffffffd)
mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0)
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xffffffffffffffff)
mount$bpf(0x20000000, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x2001002, 0x0)
mount$bpf(0x0, &(0x7f00000003c0)='./file0/file0\x00', &(0x7f0000000580)='bpf\x00', 0x80000, 0x0)
setxattr$trusted_overlay_upper(0x0, 0x0, 0x0, 0x0, 0x0)
mount$bpf(0x20000000, &(0x7f0000000300)='./file0/file0\x00', 0x0, 0x5004, 0x0)
getpgrp(0x0)
mount$bpf(0x20000000, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x588e, 0x0)
mount$bpf(0x0, &(0x7f00000005c0)='./file0/file0\x00', &(0x7f0000000a40)='bpf\x00', 0x0, 0x0)
setpgid(0x0, 0x0)
open(0x0, 0x0, 0x2)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
geteuid()
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000000680)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB, @ANYBLOB, @ANYRES32])
umount2(0x0, 0x0)
openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r1, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x800, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
pidfd_send_signal(r1, 0xffffffff, 0x0, 0x0)

22:20:32 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
r2 = request_key(&(0x7f0000000040)='.dead\x00', &(0x7f0000000080)={'syz', 0x0}, &(0x7f00000000c0)='/dev/binder#\x00', 0xfffffffffffffffe)
keyctl$describe(0x6, r2, &(0x7f00000001c0)=""/179, 0xb3)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_mreq(r3, 0x29, 0x4, &(0x7f0000000300)={@mcast2}, 0x14)
r4 = epoll_create1(0x0)
r5 = epoll_create1(0x0)
r6 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r4, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r6, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
setsockopt$sock_int(r3, 0x1, 0x2d, &(0x7f0000000340)=0x8001, 0x4)
pipe2$9p(&(0x7f0000000380)={0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x80000)
write$P9_RRENAMEAT(r7, &(0x7f00000003c0)={0x7, 0x4b, 0x2}, 0x7)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r6, &(0x7f0000000200))
epoll_pwait(r5, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r8 = dup3(r6, r5, 0x0)
ioctl$BLKIOOPT(r8, 0x1279, &(0x7f0000000700))
r9 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000005000/0x4000)=nil, 0x4000, 0x0, 0x20010, r9, 0x8000000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r9, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x2})
r10 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f00000002c0)='/selinux/policy\x00', 0x0, 0x0)
openat(r10, &(0x7f0000000280)='./file0\x00', 0x80000, 0x8834337c3b36c257)
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r11, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r12 = dup(r11)
mmap$binder(&(0x7f0000fd6000/0x3000)=nil, 0x3000, 0x1, 0x11, r12, 0x2008000000000007)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})

[  597.986120] binder: 13898:13901 got transaction with invalid offsets ptr
[  597.988773] binder: 13902:13905 unknown command 1089692416
[  597.988782] binder: 13902:13905 ioctl c0306201 20000800 returned -22
[  597.998540] binder: BINDER_SET_CONTEXT_MGR already set
22:20:32 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='lf\x00', 0x20000, 0x0)
pidfd_send_signal(r0, 0xfffffffe, &(0x7f0000000100), 0x0)

22:20:32 executing program 4:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r0, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000000201ffff000000000000000000020000cb6cf2af15e7f3d8f5350e9c313f203df0fcc37018bc759c17ad7312e17ec3b3abed2d4a23cbaedd27ae2bd90dfa357ea860d44cb1e3f03081785edc"], 0x14}}, 0x0)
ioctl$sock_inet_SIOCGIFBRDADDR(r0, 0x8919, &(0x7f0000000000)={'lapb0\x00', {0x2, 0x4e24, @remote}})
r1 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r1, 0x0, &(0x7f0000000080)={0x2b}, 0x0)

[  597.998551] binder: 13902:13909 ioctl 40046207 0 returned -16
[  597.998831] binder: 13902:13909 unknown command 1089692416
[  597.998839] binder: 13902:13909 ioctl c0306201 20000800 returned -22
[  598.064747] binder: 13898:13901 transaction failed 29201/-14, size 104-24 line 3330
22:20:32 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)
r1 = syz_open_pts(0xffffffffffffffff, 0x20000)
ioctl$VT_GETMODE(r1, 0x5601, &(0x7f0000000000))

[  598.066820] binder: 13897:13921 got transaction with invalid parent offset or type
[  598.066843] binder: 13897:13921 transaction failed 29201/-22, size 104-24 line 3454
[  598.066858] binder: 13897:13921 ioctl c0306201 20000800 returned -14
[  598.115030] binder: BINDER_SET_CONTEXT_MGR already set
[  598.115039] binder: 13922:13936 ioctl 4018620d 20000100 returned -16
[  598.124390] binder_alloc: 13922: binder_alloc_buf, no vma
[  598.124408] binder: 13922:13936 transaction failed 29189/-3, size 96-24 line 3284
[  598.161273] binder: undelivered TRANSACTION_ERROR: 29201
[  598.787484] binder: undelivered TRANSACTION_ERROR: 29201
[  598.798949] binder: BINDER_SET_CONTEXT_MGR already set
[  598.804344] binder: 13897:13943 ioctl 40046207 0 returned -16
[  598.810810] binder_alloc: 13897: binder_alloc_buf, no vma
[  598.816502] binder: 13897:13942 transaction failed 29189/-3, size 104-24 line 3284
[  598.824464] binder: 13897:13942 ioctl c0306201 20000800 returned -14
[  598.831844] binder: undelivered TRANSACTION_ERROR: 29189
[  598.858627] binder: undelivered TRANSACTION_ERROR: 29189
[  598.906509] binder: BINDER_SET_CONTEXT_MGR already set
[  598.912036] binder: 13922:13936 ioctl 4018620d 20000100 returned -16
[  598.912056] binder_alloc: 13922: binder_alloc_buf, no vma
[  598.912146] binder: 13922:13949 transaction failed 29189/-3, size 96-24 line 3284
[  598.912651] binder: undelivered TRANSACTION_ERROR: 29189
22:20:35 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
r4 = epoll_create1(0x0)
r5 = epoll_create1(0x0)
r6 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r6, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r6, &(0x7f0000000200))
epoll_pwait(r5, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r7 = dup3(r6, r5, 0x0)
ioctl$BLKIOOPT(r7, 0x1279, &(0x7f0000000700))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='\xcc]&t@\x00', r7}, 0x10)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

22:20:35 executing program 4:
r0 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r0, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r1, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r2 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r2, 0x0, &(0x7f0000000100), 0x0)

22:20:35 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3c, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104]], 0x0, 0x0, 0x0})

22:20:35 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x21ce02, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000004800)=[{{&(0x7f0000000080)=@pppol2tpin6={0x18, 0x1, {0x0, <r1=>0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback}}}, 0x80, &(0x7f00000003c0)=[{&(0x7f0000000100)=""/98, 0x62}, {&(0x7f0000000180)=""/232, 0xe8}, {&(0x7f0000000000)=""/15, 0xf}, {&(0x7f0000000280)=""/117, 0x75}, {&(0x7f0000000300)=""/130, 0x82}], 0x5, &(0x7f0000000440)=""/169, 0xa9}, 0x2}, {{&(0x7f0000000500)=@xdp, 0x80, &(0x7f0000000640)=[{&(0x7f0000000580)=""/149, 0x95}], 0x1, &(0x7f0000000680)=""/4096, 0x1000}, 0x1}, {{&(0x7f0000001680)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000001ac0)=[{&(0x7f0000001700)=""/85, 0x55}, {&(0x7f0000001780)=""/14, 0xe}, {&(0x7f00000017c0)=""/192, 0xc0}, {&(0x7f0000001880)=""/127, 0x7f}, {&(0x7f0000001900)=""/227, 0xe3}, {&(0x7f0000001a00)=""/56, 0x38}, {&(0x7f0000001a40)=""/77, 0x4d}], 0x7, &(0x7f0000001b40)=""/240, 0xf0}, 0xf6da}, {{&(0x7f0000001c40)=@in={0x2, 0x0, @multicast1}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001cc0)=""/179, 0xb3}, {&(0x7f0000001d80)=""/107, 0x6b}], 0x2, &(0x7f0000001e40)=""/168, 0xa8}, 0xaf6}, {{&(0x7f0000001f00)=@ethernet={0x0, @dev}, 0x80, &(0x7f0000002280)=[{&(0x7f0000001f80)=""/13, 0xd}, {&(0x7f0000001fc0)=""/161, 0xa1}, {&(0x7f0000002080)=""/226, 0xe2}, {&(0x7f0000002180)=""/217, 0xd9}], 0x4, &(0x7f00000022c0)=""/4096, 0x1000}, 0xec9c}, {{&(0x7f00000032c0)=@nfc_llcp, 0x80, &(0x7f0000003780)=[{&(0x7f0000003340)=""/214, 0xd6}, {&(0x7f0000003440)=""/54, 0x36}, {&(0x7f0000003480)=""/165, 0xa5}, {&(0x7f0000003540)}, {&(0x7f0000003580)=""/228, 0xe4}, {&(0x7f0000003680)=""/211, 0xd3}], 0x6, &(0x7f0000003800)=""/4096, 0x1000}, 0x5}], 0x6, 0x40, &(0x7f0000004980)={0x0, 0x1c9c380})
getsockopt$inet_udp_int(r1, 0x11, 0x66, &(0x7f00000049c0), &(0x7f0000004a00)=0x4)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)

22:20:35 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000000000000000000000000000008561646600000000000000000000000000008561646600"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00']], 0x1ca, 0x0, 0x0})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r2, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
ioctl$sock_SIOCOUTQNSD(r2, 0x894b, &(0x7f0000000040))

22:20:35 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fbab6ebe5ee1b15f3ee7035226ca1b6c75e79bf4adacb7e2ed139fcf6c7e0729f5a393aa553367e085df61ecb5df805853df3515294b0fc954d6a"], 0x0, 0x0, 0x0})
r2 = gettid()
ptrace$setopts(0x4206, r2, 0x0, 0x0)
tkill(r2, 0x3b)
ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r2, 0x0, 0x0)
sched_setattr(r2, &(0x7f0000000040)={0x30, 0x5, 0x2, 0x1ff, 0x8001, 0x8, 0x5, 0x5}, 0x0)

22:20:35 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR], 0x0, 0x0, 0x0})

22:20:35 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x802)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
write$binfmt_aout(r0, &(0x7f0000000840)=ANY=[@ANYBLOB="000000095d03000041020000ff0300004000000003000000000000000000000043876335bcd1fdd63543e831d1cd1186e450dbc0f90700bbe169f445b1e90eebd0a7480d7e66c3a5326df4331996adb47bd22aea2568ef01a2b5fbb3d03fa25ded28d4f77f362feb9ae0742e2ff572aa5215ca2446681eb7092aaa11ca3a76227bda1fad17d20adf3a67a2f5e226d6d3fa4f44414097153d4aa877537459ddc9728154e13f63aea9f2eb44eee5f87f3b45fe254e36763cde62e1ca47a9021c86271bd74b55e720000800000000000037517571c25328bd5906d22c8a4b9dce3abc15d0ea5652624470a4140b5983dbff28049e53e8306b88171444094f8b406fa4cae8b82c9f4f63440fda6ff17871a8f3438727004fd15515cc09075cc30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000bd000000000000005882832f83ad79ab91113c3d3e26c5021dd1d86b9693e5b5d8b9df049130c9b1d907765acee3602c737613e958c16c5dd7af5b4725"], 0x71e)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYRES32], 0x0, 0x0, 0x0})

22:20:35 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f0000000000)='TIPC\x00')
r1 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/avc/hash_stats\x00', 0x0, 0x0)
getsockopt$inet6_buf(r1, 0x29, 0x15, &(0x7f00000000c0)=""/218, &(0x7f00000001c0)=0xda)

22:20:35 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100)={0xffffffff}, 0x0)

[  600.999953] binder: 13958:13961 got transaction with invalid parent offset or type
[  601.000152] binder: 13953:13959 got transaction with invalid offsets ptr
22:20:35 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR], 0x0, 0x0, 0x0})

22:20:35 executing program 0:
syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r0 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r0, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0x0, 0x1)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000800)={0x115, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba4f60db19d25c9400881ea2b00bcb830ae4e8c7c87364566d48cbb50bda6fa4929f21a8162933cf5c23d9d05f8f0bf3759bf2f16dca54a741d2a396bfdda0e137b1391d3cdffbd19f2af7b8ed9adf77e306368145086157b06f3eb04776074ef7ec53969936d51ac422d09015a9a10bd339f67a5a613f43a71fae73e50e330f664791c6ac971c3a4ddc9ce5b0af3d3a2652ee9c9812780d9bf3ed75ab247bf79a6d0677fa107b55bc6d99f7a5d7e831b0c2975996d85ce71a9c559c8fcc3e5b48203da7fc302f1d8ad2060abe8b83ba70afbf088b6f570953cf907e"], 0xfffffffffffffd4f, 0x0, 0x0})

[  601.000176] binder: 13953:13959 transaction failed 29201/-14, size 104-24 line 3330
[  601.000614] binder: undelivered TRANSACTION_ERROR: 29201
[  601.013260] binder: 13954:13964 got transaction with invalid data ptr
[  601.013281] binder: 13954:13964 transaction failed 29201/-14, size 96-24 line 3316
[  601.017396] binder: undelivered TRANSACTION_ERROR: 29201
[  601.035817] binder: 13972:13974 got transaction with invalid offsets ptr
[  601.035842] binder: 13972:13974 transaction failed 29201/-14, size 104-24 line 3330
[  601.036051] binder: undelivered TRANSACTION_ERROR: 29201
[  601.054036] binder: 13973:13975 unknown command -1
[  601.054044] binder: 13973:13975 ioctl c0306201 20000800 returned -22
[  601.065590] binder: 13973:13980 unknown command -1
[  601.065599] binder: 13973:13980 ioctl c0306201 20000800 returned -22
[  601.074310] binder: 13982:13985 got transaction with invalid offsets ptr
[  601.074336] binder: 13982:13985 transaction failed 29201/-14, size 104-24 line 3330
[  601.074582] binder: undelivered TRANSACTION_ERROR: 29201
[  601.119863] binder: 13988:13991 got transaction with invalid data ptr
[  601.119888] binder: 13988:13991 transaction failed 29201/-14, size 96-24 line 3316
[  601.119902] binder: 13988:13991 ioctl c0306201 20000800 returned -14
[  601.120073] binder: undelivered TRANSACTION_ERROR: 29201
[  601.120501] binder: BINDER_SET_CONTEXT_MGR already set
[  601.120508] binder: 13988:13994 ioctl 40046207 0 returned -16
[  601.225776] binder: 13958:13961 transaction failed 29201/-22, size 104-24 line 3454
[  601.233847] binder: 13958:13961 ioctl c0306201 20000800 returned -14
[  601.242499] binder: undelivered TRANSACTION_ERROR: 29201
[  601.248422] binder: 13958:13977 got transaction with invalid parent offset or type
[  601.256549] binder: 13958:13977 transaction failed 29201/-22, size 104-24 line 3454
[  601.264582] binder: 13958:13977 ioctl c0306201 20000800 returned -14
[  601.271376] binder: undelivered TRANSACTION_ERROR: 29201
22:20:36 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

22:20:36 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x80220, 0x0)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)

22:20:36 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR], 0x0, 0x0, 0x0})

22:20:36 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, <r1=>0xffffffffffffffff, 0x0, 0xb, &(0x7f0000000000)='/proc/self\x00', 0xffffffffffffffff}, 0x30)
pwrite64(r1, &(0x7f00000000c0)="84747046b41cca7af8974f2042881130d1ec9fc8", 0x14, 0x0)

22:20:36 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000040)={@in6={{0xa, 0x4e22, 0x2, @remote, 0x70}}, 0x0, 0x200, 0x0, "1ab7986399f25e89bf5d4a6e6b068e40e434fc0fd0eb21b2058b0e73b1d3bd3be8e746440737ef9b0f5f8aacc069ee6a1caed3b5f85b8d12a4aa09311f8f8fc19ebad930d08949a2eec5ac8959beca7c"}, 0xd8)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})

22:20:36 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r2, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x20, {0x0, 0x2}}, 0x14}}, 0x0)
r3 = dup3(r1, r2, 0x80000)
ioctl$BLKGETSIZE(r3, 0x1260, &(0x7f0000000040))
syz_emit_ethernet(0x102c, &(0x7f0000000840)={@empty, @dev={[], 0x26}, [], {@ipx={0x8137, {0xffff, 0x101e, 0xfd, 0x4, {@current, @random="e0fe0d470881", 0x1}, {@broadcast, @random="9f8d84c3796c"}, "2e27b7ef21094747e3b38cc60c270e56d52bb790ebd5c6b7e53e98c972f043adc0b1dd30abc9d929bb533ef78ea254097869b6ac410be182608087363d85d64ad5a8ca9ffec913da045a24ac8f7e983378bb9ff4d625320f8159c0205bb30315672092615ed4f4bec0057b7b8f33bbdcc8e170cce0b7f7d16f216a93f91871ac9574ac372632f01932e8a00fe0c187ff19281e21e5e413ebf69501d9452462ddfbc354063d2baa4e0688dc6985c2eadafc4397baaa8d05ad8f23dbdff19075c524597919988b0cba29924bbbc0d9600a4d2470b15d0b39a5ea37b7582292052f2f6b5972e28522a5646378fcbff87672b8007130073b46e6959dc0078cc2112c64acc3053a0766ef2ff7e35c15bffdeecb049cc937f2ac35e9a4706001cc9a7e354853c1b0be0217a41fdb9aec7b5d1bbc9c369b7f01447fd8f1498278f0d636af5a426dad9e67b8fbc4dca712858609f9a7e73d0b1486ae65998c991e535c43185e1d1b71665eaebda2d18e00bc836229b0d96916b0ca92428aaf1e21d9deaa66a756a6f909596e8cb8327c62691c08eecc523d202cb81489d2bda33e75026a3339f3d2207aec0a621ee22ba9c652d36ec4be0d6c7f6a05bf49662d273bcf67bf842e257f86ab8c63c884a92efdbf1fc915f5c0e92af6459bd0f072f0016d3470871a47ebfc6540438802bda73a54f082be3a142e8a0c35b0eab788d4baedf453a61d1973d8b5d540d3a820629f321daffffdc001927548728bd3dd968d336c6b38dc581bed2282c120f23589eb55657e08b77f87fa602ed3e965b2c2b989380d502f4b7c7d0f8b885a6bc4712778da54873de2fa3161e025d1a37ce5e6c0b430b1970846535b6a61f15f99c12da9326fd0ee08f0371d43ed566b437e436a431306e08532efda86e581823ec076e356131d5497b2db8bbaef13ee6f0138b4f1b1b96b50063306bc6fae7e4c21d6a87b25d32ec9f8538a6d64223e3edeaddbbaf301261de2613e2b0a3bc4f660e217974830500edc77581aaece5b7dc19fa95493764d1cf2d944282e3bdfd0337700865d8ea9ff2cffe85bd6446147e2091750b3d6c47840d9d812be8d533d4bbe95ea37ea60c8a7788644f81cb399b0d86456762919954c0d4c9fdbbe4794b6f7988190dbea396455930cba787915c88e1b84d0d77a9905a9a0c4914be525aa392b42397f813787c264a4294861f7878353dd86178d78e9612191d8092eb93ce2d58cb9cc7acefbf288450ed25260665bacde7ac3919fc7f34ec263c8f058bfdc5f26e049a26086766eb3782f04fa2e96ad92b1568a01361a94867fcbba01f58841ae9998f777648de16c55fc479da07e1ac1d943ee9f305701481035b13efb610f056bcc6a3ccdacf381b5ba5ae6cf3f8c7e3f9fd74a1736e6e4d3e04abee7dda89821e5b36d48abeecefaecde1d4535e133c05061c97a18094a79b9700a0e35dd861472e431f8aade985c24bb7a791b26546e6610e04f5205ea0c7dc5e1976ff72e6c6ce902c04353e86fcb303795232b0809ab23d636c995d695bc36204f1c7e9d420beca92411df51ae49d4badf982e7ee85699f4103c97a478d268c496b9a003dd84d88e0a5eaa931cace6c446704e41c5952595bc1e754a660107db4cbbc12ae73242189a272121acc87bb31148156d7710951edd9602f60de3f37621a771011aee38853297faba572248a0e7b63c715f31a03ecbc0f7435db59508cb4ab08991c84cdfd64e9bee9e7c79308265a5220c4c529d2ba733d80237f81a5cb395a09b94378926a2f1d5f7c2504cf69bcf59518c36baa14f685e7c793900f3eeb10706ee1a591c05866e6db8f74fb7eaefd1873a8fc69236d6e9d3211a1b5d91b26f85bf75ed58a76cb3b868fa878041c48ba5b988dcdc046c82234e9b63af95aa8997b3ab4fd51e256c1bf704192a666d327407842c82fc249dde0287207875826669491f406d968190c12b6c189cfb10172cf71a249c57fd855163409dbbdef2df1cafcf89eb502b30c3df16cf696840910261cc47c23becb36d92ee26ec3d8a4eedf8471de1423a2c3f6fdb7af97585f718a76722e65428d3c386db8483bd42f53ed9009b3154050615af15fb6477292a4d236813d22510feb78ed5380de28c856caeacd8149a5aab07073227b1094547f726956da3ba2970a1b2c345d4384969f149049b4783bbbd5ac417d97e0eb08a4bf58e4ab11e4d97a41ff7f2b1c7ef5b9ef1765d7385b78ba32e07ea5bea0ff20e5c098c233e8c3f940226e16529d9e5715926d187cbd3676e016ce19990c96ad9f87c2668df699f258c01124e08ed81a458387cd7609580c2997c003b9fc9f0cc792a6e9273808d0d860c0388932a7c8416f9da67f03f6c50819bd5c1e7e7fb8a408606538126c0edfa0065ece805839def0bf059a18c9bfd424ccebe1bbc73a586ed575979e7b2fea73371349979627cf036728090e7457faa4b22f5d2fe088b636fbcbaa79e6b071d8a62b725a1105c8f3b033bf447bdc73242e6812350039502cd8a6e1791688ffb7d54ce220a603530abc8049e748193e953aafb10aaa99a9187cf5b3fc61973f0cde2232e97425397d465984c0deb131d4f7a5856eafba7f08fa205a65ebac39b48649df18baa8646e62f2f15138301e54f1d7d35822b72a713c821ef294fe0a7015fcf4a98cf58f452992bef4dd6581ddbb9fd3ed974bc331ecab2ad4969a2dcb5da91ee0e4eaf41668216ff2739f6080e8d444c1ed0350df3d6dfd37263bbece54a6b6b717eae36905b2579ed42b7f2132bcc591a7a8b211c8ded7d3e6b9d8463c543418125bcc4c65beeda09a8de6bc0d06d44b0a6599615d2c97e1639a8c0470700e7b11bb85bed5a0de5d7624b1eecf4caf8b7a47228d7fd3e28a8b54fb5592e240c713dfcdd1faecca943d0d76a7676c9531a22089d52921c2d7238076e6ed6683e06e8829a2db8236146dcc888ec32594c58e565bbaba78aa94ac57ae9565d5ce4dc56aa53c9a33c605266c2f6c2fa6de33882d01cb389ea5985b536c52a2355c79e737476425b4bdcad8414f781806d7fd5e3c5e63e03b87986f2f54f108c81ec9a7766339191506a39ec97aac710c4a0e11dabb9ce8ac0a23fbc3c1dea73b61e3190295cde7ba2b23ae16427cd7fdb34d54b762b5cf83b8f1912ceb9046233b9dbbfd2c39df3ed82fe00051a859e640d324d9fe63259ce6f68172eea6f486497c035bd53707cc209ea66ba439508efe8e23c5b3e6141db34a5c55c4b83d9ddcf7c54937d19309fcbc3a6f89b841749e07f16c3e9347828b35b42770bdcaa1043b697133e0fd3230472f1e2539163a96746914cf157e75fc2cc4df952eaa457fb5db575a0bee69bd16611f7bccfd780ade7725978dd37bacdc8e1623f4a911d78446db27ce4b8285fda189e89702634ff703805fb469e9b12f52075e1daa4ae05c1287b994bd650c5659a0f45ca68e26be84168f5d59638af25fd88e00e6501504b676391e9fe9fd42641a18b3a67a8384aa3373d24ff6acc021b8866879dc973042d3fc9c587e88965712fa97301a10d2e97f3f08e50a137eba0ddbbf5178d735ce28f06684958f5a85f1f3d77b4958367f642b02a5050356ca652a08e007360669172eb9a87bbc8765cb770765033f7490776af0a06aedd36612b5b60c759ca063cdb8a442353315b3aad38db49efc1e90f2d2811d951393d1bb2295a924a5a82feec3a4c64cc3725176be647b49c0f9fcfde4c9efd0e4487b5c750ebf4e3f2eae44f7827aae1fe9e9f4bd8b614e5389b4c0b040e00e69a97e2870d60d8643be8f3d333b46affe1eebea9611333f107eb26e42640d6809a8adf8366a3274cbfc29395319912f68a16e7f34ada7c4939d21c84171bd35825895c06cbaf902f46acbe1a799970dc185116130ae6f51c9f57c9147dcc7e006e7b5bc13f35f4ee3b8595ca8482dfbbdb23824aa5ccbab86e91079c5e9129eb97b1e47c09b02ed2c7139152202bcc028b16d1cd201f693548abddbdcee4d516d5db4416bcd3aa0a0eb71ccb13a3f888acde3c7cb0fac5d58b18a6220ee31392bc488a241d813fe0aff6a6639ea5d4e23ca0f85f4732497a2d97de3c4e7c279872fc8263efc024841964334df77d3dc8d2ea7f514b6835d46308aecd84f14f5e3d4016aa2783c6579bcfae8b1ad73204588c7a351970093faacc34e52a1b142dcb2fe81194056b2f4fbd60c7a30ddca8e6ac829c533d23d434311b0b736954e0be6b78273ddcf8f48da7849868d04333323e27e676f2e48fa07fb2ba61183483d239c6f8edaf95fadec8d36360541c4366098ba18ca8185fd77ded8b9f1aba8ee0d8ac62590ace0a03d6f599855c31fd11d8536fb77159671c6b4ace7720969804a79f3854bde9dc3976eba68256cc5e7c470bee89be75b839a5aa0d5964452f744dbcf871c78839316ea7ac8b573b093a1b68c79cd116c248a638578deef50a4fe2f398ed48a5aae0be0acad7d638f00fcfb4f3d940f31cce20dae258fe2c1bff3315dab213c200db9fe43912a74480b977ee4e8671728841abfcd79df4296b42733ea38fabba64c2a9b96f318fe84b52e39ace5849a27ace1f9bad66a11c212f9c73d388472115be188094321d4a527e5eb751de51c13090dab389a769b7ddcb15c634464e561f779353e56ecb17157190e3270c21a19ce605adf9a436d4b7ce458df144b3f4d7226a121e24b11045a5c8ccf73dd55308dc205a0db459b456866dde1e1f47a0a013db85c468e7fdaee91bbaa91f49da8834038b697301573bdad8084a247eacb13dce702e8f381f2053f69861c42b80f6ca380a053eb542d3bb1f987178caa3ddd6daf859825af1812020af13b8567dee56bd7cd8afaced0dcb54e570c6844a02d3ebecee855186d8fa3cafc6d577e84e1981c2f21c263a00c9449b0bcfc552227ee70e9b7c71d7650b3ad286d6d925e8fca1e608eb58285a48d4468a8f7ccebbde026c932ba469ee0baeedbf3cbd1c851e6de60585817b87939408dfd4a5a95dff3e65ce61d96e0f6a454adfa5508e01ecac787e0182f8e2445aa1772d7850f05946cd510780debb6351e2e12f688729093d7585887992cfb11df009d335cae1b061b8c3ddf78ce794ae53541103d74020c696e6dc9c6acfe8b014a858b444b8510766ebbe8f44bd45657995f33cde842e2b590f494ac700f90059f16b923583cdbfd18f626fb253ab0e8f4fe3d132c04820a96f7a18f3f628c05803d0a133b7654164ff2e7b0b6954d6426f2e3c3c83a87df84552ca81fa26b634208d5db019bcc02e4e49582f741b320c38dce6889ac8b73f9c8a727b2648ffd3c0ce7b8306a7066bbddf2348372afcc720ca82999ddcb9e4c59157c0692120899fd3febef72402a6f9acc90235fe82e38e50472dea08fc1502c28a45b083a8e9da8a60b451aaa51baa0de9ce4ac6df29f9c0cff31f0ff5f333f223a20e58d7256b29517d46418ad1a8a3d2cc102d686fce5b95665abb63ea602c94d557fc5be39aa367224fd473ac05b2f3b2dc5fcbd721caf9502abefe010a2193471303d357be48e71400ee40497ec15a8f6dc8c5f797c7bf9a12a328cc86e917c639c1892dae978471459ccee5115777c7dd12e369784dab2a68baf0aad70086b7e6425d2166eddbed795118ac877e72ebd4f1be17f84c0d547b52c7c66c038b2bea94b3a4840380c35e74c111c1f67bf39c47f8128b164c6adac423de1a6acc30148b106c8ea514856c88c8a76a161730baa5d1e65e17bb4dd778e7f5"}}}}, &(0x7f0000000180)={0x0, 0x2, [0x16f, 0x772, 0x7de, 0xfe2]})
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000008561646600000000000000008000000002000000000000000000000000280000856100000000000000000000000000000000000000000078046955b85aff6bfa514ee4db9ff299000000000000000000"], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00']], 0x1ca, 0x0, 0x0})

22:20:36 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)

22:20:36 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100)={0x0, 0x0, 0x200}, 0x0)

22:20:36 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
signalfd(r1, &(0x7f0000000000)={0x10000}, 0x8)
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

22:20:36 executing program 3:
syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r0 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000180)={@flat=@binder={0x73622a85, 0x900, 0x1}, @fda={0x66646185, 0x0, 0x2}, @fda={0x66646185, 0x0, 0x0, 0xfffffffffffffffc}}, &(0x7f0000000080)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0})
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='cpuset.effective_cpus\x00', 0x0, 0x0)
sendmsg$TIPC_NL_MEDIA_GET(r1, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80080002}, 0xc, &(0x7f0000000140)={&(0x7f0000000680)={0x148, 0x0, 0x0, 0x70bd27, 0x25dfdbff, {}, [@TIPC_NLA_LINK={0x24, 0x4, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x100}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}]}]}, @TIPC_NLA_MON={0x4}, @TIPC_NLA_MEDIA={0x70, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffc0}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3ff}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}]}, @TIPC_NLA_MEDIA_PROP={0xffffffffffffff59, 0x2, [@TIPC_NLA_PROP_MTU={0x8}]}]}, @TIPC_NLA_LINK={0x34, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x401}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5adb}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8000}]}]}, @TIPC_NLA_BEARER={0x3c, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e22, @broadcast}}, {0x20, 0x2, @in6={0xa, 0x4e23, 0x1, @mcast1, 0x40}}}}]}, @TIPC_NLA_NODE={0x18, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x9}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x72}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_NODE={0x14, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x101}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x148}, 0x1, 0x0, 0x0, 0x10008}, 0x20000000)
r2 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
ioctl$sock_inet_SIOCGIFBRDADDR(r1, 0x8919, &(0x7f0000000380)={'sit0\x00', {0x2, 0x4e21, @rand_addr=0x1}})
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000240)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r2, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x4008140}, 0xc, &(0x7f0000000440)={&(0x7f0000000200)={0xffffffffffffff87, r3, 0x300, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc8, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x4000080}, 0x0)
accept4$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000300)=0x14, 0x80000)
mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r2, 0x23)
write$selinux_load(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB="8c6ec5910b32b5c2aec246b08d268cc2"], 0x10)

22:20:36 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self\x00', 0x128002, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)

[  601.854503] binder: 14003:14005 got transaction with invalid offsets ptr
[  601.866251] binder: 14003:14005 transaction failed 29201/-14, size 104-24 line 3330
[  601.876502] binder: 14007:14010 ioctl 1260 20000040 returned -22
[  601.877529] binder: 14007:14010 got transaction with invalid offset (40, min 40 max 104) or object.
22:20:36 executing program 4:
r0 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180)='TIPC\x00')
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r3, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r4 = dup2(r3, 0xffffffffffffffff)
r5 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r5, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
getdents64(r5, &(0x7f0000000200)=""/243, 0xf3)
ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f00000001c0)=0x200)
sendmsg$nl_netfilter(r2, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000000201ff840000080000000000ed2b2792d08d4df81a4c7ce1ff00"], 0x14}}, 0x0)
dup(r2)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r0, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r1, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
write$P9_RXATTRCREATE(r0, &(0x7f00000000c0)={0x7, 0x21, 0x2}, 0x7)
r6 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r6, 0xfbfffffd, &(0x7f0000000100), 0x0)
r7 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$SO_ATTACH_FILTER(r7, 0x1, 0x1a, &(0x7f0000000080)={0xb9, &(0x7f0000000000)=[{0x9, 0x80, 0x26, 0x6}, {0x101, 0x22, 0x0, 0xff}, {0x6a, 0x2, 0x4, 0x2}, {0x400, 0x3f, 0x6, 0x6}, {0x80, 0x7, 0xeb, 0x7}]}, 0x33b)
r8 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/hash_stats\x00', 0x0, 0x0)
ioctl$BLKDISCARD(0xffffffffffffffff, 0x1277, &(0x7f00000004c0)=0x8)
ioctl$TUNGETVNETHDRSZ(r8, 0x800454d7, &(0x7f0000000340))
ioctl$INOTIFY_IOC_SETNEXTWD(r4, 0x40044900, 0x1)

22:20:36 executing program 5:
r0 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/status\x00', 0x0, 0x0)
ioctl$PPPIOCGIDLE(r0, 0x8010743f, &(0x7f0000000080))
r1 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r1, 0x0, 0x0, 0x0)

22:20:36 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="006340c0000000000000000000000000000000006000000000000000180000000000fe1055b055dd1182ceb8e200"/61], 0x0, 0x0, 0x0})

[  601.877557] binder: 14007:14010 transaction failed 29201/-22, size 104-24 line 3379
[  601.877575] binder: 14007:14010 ioctl c0306201 20000800 returned -14
[  601.877754] binder: undelivered TRANSACTION_ERROR: 29201
[  601.894609] binder: BINDER_SET_CONTEXT_MGR already set
[  601.894617] binder: 14007:14014 ioctl 40046207 0 returned -16
[  601.894975] binder: 14007:14014 ioctl 1260 20000040 returned -22
[  601.902174] binder: 14002:14013 got transaction with invalid data ptr
[  601.902199] binder: 14002:14013 transaction failed 29201/-14, size 96-24 line 3316
[  601.902384] binder: undelivered TRANSACTION_ERROR: 29201
[  601.927097] binder: BINDER_SET_CONTEXT_MGR already set
[  601.927107] binder: 14002:14013 ioctl 40046207 0 returned -16
[  601.940739] binder: 14031:14034 got transaction to context manager from process owning it
[  601.940751] binder: 14031:14034 transaction failed 29201/-22, size 88-24 line 3129
[  601.975380] binder: BINDER_SET_CONTEXT_MGR already set
[  601.975389] binder: 14031:14043 ioctl 40046207 0 returned -16
[  601.975622] binder: undelivered TRANSACTION_ERROR: 29201
[  601.975724] binder: 14031:14043 transaction failed 29189/-22, size 88-24 line 3138
[  601.988154] binder: 14041:14049 unknown command -1069522176
[  601.988162] binder: 14041:14049 ioctl c0306201 20000800 returned -22
[  601.992472] binder: BINDER_SET_CONTEXT_MGR already set
22:20:36 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[]], 0x0, 0x0, 0x0})

22:20:36 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r1, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x9, 0xffffffffffffffff, 0x2, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
ioctl$sock_SIOCBRDELBR(r1, 0x89a1, &(0x7f00000000c0)='rose0\x00')
r2 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$EVIOCSKEYCODE(0xffffffffffffffff, 0x40084504, &(0x7f0000000040)=[0xc6e8, 0x7b])
openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/mls\x00', 0x0, 0x0)
r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r3, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0400800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x10)
ioctl$RTC_ALM_SET(r3, 0x40247007, &(0x7f0000000200)={0x22, 0x1d, 0x11, 0x1e, 0x6, 0x5, 0x6, 0x68})
mmap$binder(&(0x7f0000f06000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0)
ioctl$RTC_VL_CLR(0xffffffffffffffff, 0x7014)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340408a401209d4cc35584c000000000000000000000000000000000400000000000000000000000900020000000000000000001800000000"], 0x0, 0x0, 0x0})

22:20:36 executing program 5:
openat$pidfd(0xffffffffffffff9c, &(0x7f0000000000)='\x00\x00\x00\x00\x00\x00\x10\x00 \x00', 0x2, 0x0)
r0 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000080)='/seli\x11Nx/avc/hash_stats\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
r2 = epoll_create1(0x0)
r3 = epoll_create1(0x0)
r4 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r4, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000200))
epoll_pwait(r3, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r5 = dup3(r4, r3, 0x0)
ioctl$BLKIOOPT(r5, 0x1279, &(0x7f0000000700))
write$P9_RLOPEN(r5, &(0x7f0000000180)={0x18, 0xd, 0x2, {{0x80, 0x4, 0x6}, 0x4}}, 0x18)
sendmsg$TIPC_CMD_GET_LINKS(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x21100000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r1, 0x200, 0x70bd25, 0x25dfdbfe, {{}, 0x0, 0x4, 0x0, {0x8, 0x11, 0xfb7}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x4000042}, 0x20000040)

22:20:36 executing program 4:
r0 = socket$inet(0x2, 0x4, 0x3f)
r1 = syz_open_dev$mice(&(0x7f0000000200)='/dev/input/mice\x00', 0x0, 0x20000)
fallocate(r1, 0x16, 0x4, 0x4)
getsockopt$sock_int(r0, 0x1, 0xb, &(0x7f0000000180), &(0x7f00000001c0)=0x4)
r2 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='.pr\x00lf\x00', 0x0, 0x0)
pidfd_send_signal(r2, 0x0, &(0x7f0000000100), 0x0)
r3 = dup2(r2, 0xffffffffffffffff)
r4 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r4, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
write$P9_RGETLOCK(r4, &(0x7f0000000440)=ANY=[@ANYBLOB="1f00000037010000060000e5630000004100000000000000", @ANYRES32=0x0, @ANYBLOB="01005d"], 0xfffffe28)
r5 = creat(&(0x7f00000002c0)='./file0\x00', 0xa2)
write$tun(r5, &(0x7f0000000300)={@void, @void, @x25={0x3, 0x8, 0x17d, "21eb53d0e19b863f6c2b8077fb941273bcec343bb78b8e4290edb45cbf16ee5618b23a362170de70c14beda29acaf7af878c2f19e4d621a3e5f3d7539b9b5db8c4bdd9dcfc5d704adbdc76"}}, 0x4e)
socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$IP_VS_SO_GET_SERVICES(r3, 0x0, 0x482, &(0x7f0000000080)=""/84, &(0x7f0000000000)=0x54)

22:20:36 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$RTC_EPOCH_SET(0xffffffffffffffff, 0x4008700e, 0x1)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

[  601.992480] binder: 14041:14051 ioctl 40046207 0 returned -16
[  601.993018] binder: 14041:14051 unknown command -1069522176
[  601.993025] binder: 14041:14051 ioctl c0306201 20000800 returned -22
[  602.035084] binder: undelivered TRANSACTION_ERROR: 29189
[  602.145566] binder: undelivered TRANSACTION_ERROR: 29201
22:20:36 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[]], 0x0, 0x0, 0x0})

22:20:36 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[]], 0x0, 0x0, 0x0})

[  602.181118] binder: 14061:14072 got transaction with invalid parent offset or type
[  602.182545] binder: 14070:14073 got transaction with invalid offset (0, min 40 max 104) or object.
[  602.182575] binder: 14070:14073 transaction failed 29201/-22, size 104-24 line 3379
[  602.182807] binder: undelivered TRANSACTION_ERROR: 29201
[  602.204616] binder: 14060:14063 got transaction to invalid handle
[  602.204626] binder: 14060:14063 transaction failed 29201/-22, size 144125083680505856-0 line 3138
[  602.204924] binder: undelivered TRANSACTION_ERROR: 29201
[  602.210805] binder: 14077:14080 got transaction with invalid offset (0, min 40 max 104) or object.
[  602.210828] binder: 14077:14080 transaction failed 29201/-22, size 104-24 line 3379
[  602.211080] binder: undelivered TRANSACTION_ERROR: 29201
[  602.242149] binder: 14082:14084 got transaction with invalid offset (0, min 40 max 104) or object.
[  602.242173] binder: 14082:14084 transaction failed 29201/-22, size 104-24 line 3379
[  602.242484] binder: undelivered TRANSACTION_ERROR: 29201
[  602.302272] binder: 14061:14072 transaction failed 29201/-22, size 104-24 line 3454
[  602.310684] binder: 14061:14072 ioctl c0306201 20000800 returned -14
[  602.320528] binder: undelivered TRANSACTION_ERROR: 29201
[  602.326400] binder: BINDER_SET_CONTEXT_MGR already set
[  602.332746] binder: 14061:14072 ioctl 40046207 0 returned -16
22:20:39 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
r4 = socket$inet6(0xa, 0x4, 0xff)
accept4(r4, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}}}, &(0x7f0000000080)=0x80, 0x81800)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
r5 = epoll_create1(0x0)
r6 = epoll_create1(0x0)
r7 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r7, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r7, &(0x7f0000000200))
epoll_pwait(r6, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r8 = dup3(r7, r6, 0x0)
ioctl$BLKIOOPT(r8, 0x1279, &(0x7f0000000700))
setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r8, 0x6, 0x15, &(0x7f0000000140)=0x7, 0x4)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

22:20:39 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB]], 0x0, 0x0, 0x0})

22:20:39 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)

22:20:39 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r1, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="208000100000000c021de88862699680e9048114"], 0x14}}, 0x0)
read(r1, &(0x7f00000000c0)=""/39, 0x27)
r2 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x80800)
accept4$inet(r3, 0x0, &(0x7f0000000080), 0x80000)
open(&(0x7f00000001c0)='./file0\x00', 0xc15aedc89a2845d9, 0x28)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})

22:20:39 executing program 3:
r0 = syz_open_dev$binder(&(0x7f00000001c0)='\xbe|\x01\x11\xc2\x82\x8b\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB="852a7470000000000000000000f700000000000000000000000000000000000000000000000000008561000000000000000000000000000085616466000000000000000000000000000000000000000000000000000000000000000000000000000000ec00000000cf01bbc2059054d938c764ac"], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00']], 0x1ca, 0x0, 0x0})
preadv(r1, &(0x7f0000000480)=[{&(0x7f0000000200)=""/61, 0x3d}, {&(0x7f0000000240)=""/32, 0x20}, {&(0x7f0000000280)=""/21, 0x15}, {&(0x7f00000002c0)=""/177, 0xb1}, {&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000000380)=""/9, 0x9}, {&(0x7f00000003c0)=""/148, 0x94}], 0x7, 0x0)
accept4$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev}, &(0x7f00000000c0)=0x1c, 0x80000)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000180)='trusted.overlay.redirect\x00', &(0x7f0000000580)='./file0\x00', 0x8, 0x4)

22:20:39 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r1, &(0x7f0000d65000)={0x0, 0xffffffffffffff09, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x6, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r1, 0x400c6615, &(0x7f0000000000))
pidfd_send_signal(r0, 0x0, 0x0, 0x0)

22:20:39 executing program 5:
ioctl$TIOCGWINSZ(0xffffffffffffffff, 0x5413, &(0x7f0000000040))
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)

22:20:39 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r1, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000000201ffff0000000000000000000200001c8b40822435222024bcb70f19d5cc3918c8c43f8b0dae668bd80ca7303f00000000000000a0f32dea"], 0x14}}, 0x0)
r2 = dup2(r0, r1)
ioctl$SNDRV_TIMER_IOCTL_GINFO(r2, 0xc0f85403, &(0x7f0000000180)={{0xffffffffffffffff, 0x6, 0x93c, 0xb9ed49a69133fb6f, 0xc6}, 0x3, 0x9c3, 'id0\x00', 'timer1\x00', 0x0, 0x4, 0x9, 0x7fff, 0x80})

22:20:39 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000600), 0x0, 0x0, 0x0})
r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r3, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r4, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
ioctl$BLKROTATIONAL(r3, 0x127e, &(0x7f0000000080))

22:20:39 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
getresuid(&(0x7f00000000c0)=<r1=>0x0, &(0x7f0000000180), &(0x7f00000001c0))
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r3 = fcntl$dupfd(r2, 0x406, r2)
ioctl$sock_inet_SIOCGIFADDR(r3, 0x8915, &(0x7f0000000300)={'ip6_vti0\x00', {0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}})
r4 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r5=>0x0, <r6=>0x0})
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000500)={0x0, <r7=>0x0}, &(0x7f0000000540)=0xc)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r8=>0x0})
ioctl$TUNSETCARRIER(r3, 0x400454e2, &(0x7f0000000380)=0x1)
ioctl$LOOP_SET_CAPACITY(r3, 0x4c07)
write$P9_RRENAME(r3, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000160000,user_id=', @ANYRESDEC=r8, @ANYBLOB=',group_id=', @ANYRESDEC=r6, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r7, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r5, @ANYBLOB=',pcr=00000000000000000049,rootcontext=staff_u,dont_hash,\x00'])
stat(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, <r9=>0x0})
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='fuse\x00', 0x0, &(0x7f0000000640)={{'fd'}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id', 0x3d, r6}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x77}}, {@default_permissions='default_permissions'}, {@blksize={'blksize', 0x3d, 0x77554e6943b94fdc}}, {@allow_other='allow_other'}, {@allow_other='allow_other'}, {@default_permissions='default_permissions'}, {@default_permissions='default_permissions'}, {@blksize={'blksize', 0x3d, 0x29751b441991c09d}}], [{@subj_role={'subj_role', 0x3d, 'em1'}}, {@hash='hash'}, {@fsmagic={'fsmagic', 0x3d, 0x3f}}, {@measure='measure'}, {@fowner_eq={'fowner', 0x3d, r9}}]}})
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)

22:20:39 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)
utime(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)={0xfaeb, 0x17})

22:20:39 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB]], 0x0, 0x0, 0x0})

[  604.934724] binder: 14098:14101 got transaction with invalid offset (0, min 40 max 104) or object.
[  604.947305] binder: 14098:14101 transaction failed 29201/-22, size 104-24 line 3379
[  604.973746] binder: undelivered TRANSACTION_ERROR: 29201
[  605.004449] binder: 14104:14127 transaction failed 29189/-22, size 96-24 line 3138
[  605.023414] binder: 14130:14135 got transaction with invalid offset (0, min 40 max 104) or object.
[  605.024785] binder: BINDER_SET_CONTEXT_MGR already set
[  605.024793] binder: 14119:14138 ioctl 40046207 0 returned -16
[  605.063217] binder: 14130:14135 transaction failed 29201/-22, size 104-24 line 3379
[  605.073254] binder: undelivered TRANSACTION_ERROR: 29201
22:20:40 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x80000)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

22:20:40 executing program 4:
r0 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r0, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
ioctl$CDROMVOLCTRL(r0, 0x530a, &(0x7f0000000000)={0x8, 0xfe, 0x6, 0x1f})
r1 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r1, 0x0, &(0x7f0000000100)={0x0, 0x3}, 0x0)

22:20:40 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})
r2 = epoll_create1(0x0)
r3 = epoll_create1(0x0)
r4 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r4, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000200))
epoll_pwait(r3, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r5 = dup3(r4, r3, 0x0)
ioctl$BLKIOOPT(r5, 0x1279, &(0x7f0000000700))
connect$netlink(r5, &(0x7f0000000240)=@proc={0x10, 0x0, 0x25dfdbfb, 0x120000}, 0xc)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r6, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
epoll_ctl$EPOLL_CTL_MOD(r5, 0x3, r6, &(0x7f0000000040)={0xe56c882533a38491})

22:20:40 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
r1 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/avc/cache_threshold\x00', 0x2, 0x0)
getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000140)={{{@in6=@local, @in=@local}}, {{@in6=@local}, 0x0, @in6=@mcast1}}, &(0x7f0000000240)=0xe8)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)
r2 = syz_open_dev$mice(&(0x7f0000000100)=')1ef\x06iacI\xb4\x00', 0x0, 0xfbc310f939d93941)
mkdir(&(0x7f0000000000)='./file0\x00', 0x1c6)
ioctl$RTC_VL_READ(r2, 0x80047013, &(0x7f0000000080))

22:20:40 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB]], 0x0, 0x0, 0x0})

22:20:40 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000e46000/0x1000)=nil, 0x1000, 0x1, 0x11, r1, 0x80)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000010000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})
r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/policy\x00', 0x0, 0x0)
ioctl$PIO_UNIMAP(r2, 0x4b67, &(0x7f00000002c0)={0x3, &(0x7f0000000280)=[{0x5}, {0x80, 0x1}, {0x1ff}]})
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r4, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000000201b233c62d9dab4bc3ff13cfffff00"], 0x14}}, 0x0)
r5 = epoll_create1(0x0)
r6 = epoll_create1(0x0)
r7 = timerfd_create(0x5, 0x80000)
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r7, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r7, &(0x7f0000000200))
epoll_pwait(r6, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r8, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r9, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r10, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
epoll_create1(0x80000)
r11 = dup3(r9, r0, 0x1c0000)
ioctl$BLKIOOPT(r11, 0x1279, &(0x7f0000000700))
ioctl$TIOCGWINSZ(r11, 0x5413, &(0x7f0000000300))
r12 = epoll_create1(0x0)
r13 = epoll_create1(0x0)
r14 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r13, 0x1, r12, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r14, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r14, &(0x7f0000000200))
epoll_pwait(r13, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r15 = dup3(r13, r13, 0x0)
ioctl$BLKIOOPT(r15, 0x1279, &(0x7f0000000700))
bpf$BPF_MAP_FREEZE(0x16, &(0x7f0000000340)=r15, 0x4)
getsockopt$sock_buf(r4, 0x1, 0x1f, &(0x7f00000001c0)=""/180, &(0x7f0000000080)=0xb4)
r16 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_ADD(r2, 0x4c80, r16)
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x8, 0xd, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2, 0x6}}, 0x14}}, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000040))

[  605.734466] binder: undelivered TRANSACTION_ERROR: 29189
[  605.736857] binder: 14104:14145 transaction failed 29189/-22, size 96-24 line 3138
[  605.760535] binder: undelivered TRANSACTION_ERROR: 29189
22:20:40 executing program 5:
sigaltstack(&(0x7f0000ffb000/0x2000)=nil, 0x0)
openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x240280, 0x0)
r0 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r0, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
write$UHID_DESTROY(r0, &(0x7f0000000000), 0x4)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)

22:20:40 executing program 4:
r0 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r0, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000000)={0x2, 0x20f, 0xfffffffe, 0xffffffff}, 0x10)
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r3, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
pipe(&(0x7f0000000300)={<r4=>0xffffffffffffffff})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r5, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r6 = syz_open_dev$mice(&(0x7f0000000340)='/dev/input/mice\x00', 0x0, 0xc0000)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r7, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
ioctl$FIDEDUPERANGE(r4, 0xc0189436, &(0x7f0000000480)={0x7, 0x3, 0x5, 0x0, 0x0, [{r1, 0x0, 0xfffffffffffffffd}, {r5, 0x0, 0x1000}, {r6, 0x0, 0x5}, {r7}, {r3, 0x0, 0x1}]})
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r3, &(0x7f0000000200))
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r8 = dup3(r3, r2, 0x0)
ioctl$BLKIOOPT(r8, 0x1279, &(0x7f0000000700))
r9 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r10 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r9, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r10, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r8, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x2c, r10, 0x20, 0x70bd2d, 0x25dfdbfb, {{}, 0x0, 0x4102, 0x0, {0x10, 0x13, @l2={'eth', 0x3a, 'gre0\x00'}}}, ["", ""]}, 0x2c}, 0x1, 0x0, 0x0, 0x24008004}, 0x8010)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000080)={'#! ', './file0', [{0x20, 'vmnet0\x9f'}, {0x20, 'eth1,wlan1self'}, {0x20, 'em1^'}], 0xa, "4a939adeb28caeca0473981f41d6bcf02240a964fb2fc16f82e7e281c8a296a3a42da2893fd3fbdb0e2729c5b8440b1e9e3fbffab12376"}, 0x5e)
r11 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r11, 0x0, &(0x7f0000000100), 0x0)

[  605.777981] binder: 14152:14157 got transaction with invalid offset (0, min 40 max 104) or object.
[  605.785138] binder: 14154:14158 got transaction with invalid parent offset or type
[  605.785163] binder: 14154:14158 transaction failed 29201/-22, size 104-24 line 3454
[  605.785179] binder: 14154:14158 ioctl c0306201 20000800 returned -14
[  605.794165] binder_alloc: 14160: binder_alloc_buf, no vma
22:20:40 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r3, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r3, &(0x7f0000000200))
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$BLKIOOPT(r4, 0x1279, &(0x7f0000000700))
getsockopt$inet6_tcp_int(r4, 0x6, 0x17, &(0x7f0000000000), &(0x7f0000000080)=0x4)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)

22:20:40 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00']], 0x0, 0x0, 0x0})

[  605.794182] binder: 14160:14166 transaction failed 29189/-3, size 96-24 line 3284
[  605.838365] binder: 14152:14157 transaction failed 29201/-22, size 104-24 line 3379
[  605.849262] binder: undelivered TRANSACTION_ERROR: 29201
[  605.868301] binder: 14180:14181 got transaction with out-of-order buffer fixup
[  605.875848] binder: 14180:14181 transaction failed 29201/-22, size 104-24 line 3467
22:20:40 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00']], 0x0, 0x0, 0x0})

[  605.884653] binder: undelivered TRANSACTION_ERROR: 29201
22:20:40 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00']], 0x0, 0x0, 0x0})

[  605.907100] binder: 14187:14188 got transaction with out-of-order buffer fixup
[  605.914665] binder: 14187:14188 transaction failed 29201/-22, size 104-24 line 3467
[  605.923381] binder: undelivered TRANSACTION_ERROR: 29201
[  605.943627] binder: 14190:14191 got transaction with out-of-order buffer fixup
[  605.951163] binder: 14190:14191 transaction failed 29201/-22, size 104-24 line 3467
[  605.959721] binder: undelivered TRANSACTION_ERROR: 29201
[  606.575721] binder: undelivered TRANSACTION_ERROR: 29201
[  606.581599] binder: BINDER_SET_CONTEXT_MGR already set
[  606.581610] binder: 14154:14193 ioctl 40046207 0 returned -16
[  606.587293] binder_alloc: 14154: binder_alloc_buf, no vma
[  606.587313] binder: 14154:14193 transaction failed 29189/-3, size 104-24 line 3284
[  606.587335] binder: 14154:14193 ioctl c0306201 20000800 returned -14
[  606.606843] binder: BINDER_SET_CONTEXT_MGR already set
22:20:41 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
r4 = gettid()
ptrace$setopts(0x4206, r4, 0x0, 0x0)
tkill(r4, 0x3b)
ptrace$setregs(0xd, r4, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r4, 0x0, 0x0)
r5 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x280680, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x7, 0x8, 0xfa, 0x7, 0x0, 0x0, 0x21000, 0x3, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1e3aa80e, 0x2, @perf_bp={&(0x7f0000000000), 0x8}, 0x26072, 0x4aa, 0x100, 0x2, 0x100000000000000, 0x5921eb96, 0x9}, r4, 0x8, r5, 0xc)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
removexattr(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)=@random={'system.', '/dev/vga_arbiter\x00'})
tkill(r0, 0x10000000001c)

22:20:41 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00']], 0x0, 0x0, 0x0})

22:20:41 executing program 3:
ioctl$SCSI_IOCTL_GET_PCI(0xffffffffffffffff, 0x5387, &(0x7f0000000040))
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000180)={@flat=@weak_handle={0x77682a85, 0x100}, @fda={0x66646185, 0x0, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0})

22:20:41 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(0xffffffffffffffff, 0x8, 0x0, 0x0)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r0, 0x660c)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_LINK_STATS(r1, &(0x7f0000000140)={&(0x7f0000000000), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x28, r2, 0x200, 0x70bd25, 0x5, {{}, 0x0, 0xb, 0x0, {0xc, 0x14, 'syz1\x00'}}, ["", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x10}, 0x40500)

[  606.606852] binder: 14160:14196 ioctl 40046207 0 returned -16
[  606.613567] binder_alloc: 14160: binder_alloc_buf, no vma
[  606.613587] binder: 14160:14196 transaction failed 29189/-3, size 96-24 line 3284
[  606.642051] binder: undelivered TRANSACTION_ERROR: 29189
[  606.647556] binder: undelivered TRANSACTION_ERROR: 29189
22:20:41 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
r2 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r2, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r3, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f0000000080)={0x30, 0x5, 0x0, {0x0, 0x6, 0x6cf, 0x685c}}, 0x30)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
creat(&(0x7f0000000040)='./file0\x00', 0x8f)
setsockopt$IP6T_SO_SET_ADD_COUNTERS(r2, 0x29, 0x41, &(0x7f00000000c0)={'nat\x00', 0x4, [{}, {}, {}, {}]}, 0x68)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})

22:20:41 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)
r4 = gettid()
r5 = gettid()
ptrace$setopts(0x4206, r5, 0x0, 0x0)
tkill(r5, 0x3b)
ptrace$setregs(0xd, r5, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r5, 0x0, 0x0)
ptrace$setopts(0x4206, r5, 0x4, 0x9b5662bbd871d30c)
tkill(r4, 0x3b)
ptrace$setregs(0xd, r4, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r4, 0x0, 0x0)
sched_setattr(r4, &(0x7f0000000000)={0x30, 0x0, 0x0, 0x1000, 0x1000, 0x1, 0xcd, 0xf5}, 0x0)

22:20:41 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00']], 0x0, 0x0, 0x0})

[  606.673161] binder: undelivered TRANSACTION_ERROR: 29189
[  606.687078] binder: 14206:14210 got transaction with invalid handle, 0
[  606.698631] binder: 14205:14215 got transaction with invalid parent offset or type
22:20:41 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x400, 0x0)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)

22:20:41 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00']], 0x0, 0x0, 0x0})

22:20:41 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
r1 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r1, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r2, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e24, 0x2260, @local, 0x7fffffff}, 0x1c)
setsockopt$inet_mtu(r1, 0x0, 0xa, &(0x7f0000000000)=0xe819eaf759ee3e8, 0x4)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)
r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000140)='IPVS\x00')
sendmsg$IPVS_CMD_SET_CONFIG(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x104000021}, 0xc, &(0x7f00000001c0)={&(0x7f0000001580)=ANY=[@ANYBLOB="d8ec5e61be5a5df553ee5530837116e008b53146b560dde3c3657e899d9bc52df37f1563c00c50c8bd75ca9a3bfa1f9637a029107d19d082b36f8de07eaa7dcabedfb9b1d5f59906c1895b776c386abb52a82529e81344bf15163f8154fb4ea418ef61f0f0621a2e3e0f9e5807a35e25aef848197e0b01f94a6ac48f2b1b382f5790dd0e1def97be52dd63c94c71196b177a80fc29bc1cea0b3b915c8ae08628ee79c2dcd2eb3c0846e8c9a9a3e7dcc9cd", @ANYRES16=r3, @ANYBLOB="200025bd7000fcdbdf250c00000008000500020000001400030008000300030000000800080001000000"], 0x30}, 0x1, 0x0, 0x0, 0x4000000}, 0xc000)
r4 = gettid()
ptrace$setopts(0x4206, r4, 0x0, 0x0)
tkill(r4, 0x3b)
ptrace$cont(0x7, r4, 0x0, 0x0)
r5 = syz_open_procfs(r4, &(0x7f00000000c0)='net/icmp\x00')
setsockopt$inet6_tcp_buf(r5, 0x6, 0x7cea9fe54be64ea7, &(0x7f0000000580)="0dbcabec3cc6b308f4318e9479604500112a9f7ec8ecf26c4b963f675a452a6238c82a12dedd8ef41c12cab3909e6bfbd52ab83ce326c634e4e083e7c10c74cf468ade1b10fae58b2da302b765f1133b6b2216182009fce1268d88bf5f722712452532150fdd132d80e22db260ad3c56d0fb3c6622f0a5cf9513527f923f82f9ff45630bc87438b45f2d10e4fcd2276b9cb799caf57a1ead83517ab236f6b5ee03f0375265bbb17c75191d0bceecfba9476e99cf0e8660d3ba7b355f8536304e995e84e8ee3cc0c2fe7bddc2d03c137b4c5e0e7c3c30b0c1b880bd86ee97b56b1e43f1d4ac17bd1df3eed24b4c45852016a0d120ea70b540ac73f4e8d7d38795fb55ce96152557ec2f000415f1e60df9c1355ae30c5abe27b45df85e9437b5b4e590e14b89a54e275f43b0c6956c08ca68bf8a989ff8f83eeba5f773827f3104194c55a9d7c0c052eb576b6bf8891f8b89dab33999140972838c1de59c9b5ae0f45625333c257772a66c1548977aa0ea3e8820031269d6e53b4c063f29c6fa5c12817019bab914c7ae2c7cdd18a64902858e575f5d017ecb46a7ab0592afb34a7fc594134cabe9e180e233b960255376828d40f5f627bf5c2043e7de3f53156fcbb343fff6869bbd945aea94b23773df251b0bf809d820c0135959d79fc8c45374df7fafffe01729a0221952298f1b2719fe27c94551d7da8d182164272747bd37c091739a1b7b609e425afaf0fa0ded84a04479a5951f578a18f5edf0d70fa6cc9dbbfca85d4e2cdae821c819d1c0c825cf18cad89b55d0ddc38de1cfad409f1e151ce7e0980d7e453eef2b102763c8ae85222fd75c48404ab13cee6c5bd02d4735c6efff4d1cfda411219746e29c6c0b94d4ee202f92c308e5d4708dc1ddd8b2689bffe1a15ef3f8060097dd94c1d087cabd534080eef9a731133de98d76908c63aa6859428cab6e495f11f7a5ea1f6d96deb51d488d0f6e09a2932b8838999cb5a34fd20a553f3f4df5488c7ba9e66b071a65ef9c5631d1e7da7cd4353073258826d46c428d80ee233e55a9c734600b0ea9752a1d8e9b7b1ad55048de7d1e1751518d85f7cd4df3ab23f05022d08f2cd1909ff9faef35dcd3a1e0302148a64b098833b566571ed367dac52a04535b04db1af82d591f07ad986e105fce3dde0c16a4c4e295b849bfb00fda2755ce563fef36065895d8baf23927c6ff97bc5f1d7c1b37542f4977414fc72dd579549262a219d24abe74d15a9d70b5cefb9681fcecdf5e936e56f207b8ab6adc968b45983d003bf7d9df4999ef7982160e99db1cdc73941300d3da50129d0bc70918ff6b409c447c62b510388c2ffcad5186df7593c91bda95bb347b8451390dcb727621bcb8b5b9a9f0908c458d1e0e86d8bb67db21d41f0463045d4dc4f3231d37b5017ce783d5eb0dd3279a29d0045d12b4269f22f52113fe0e7daed435769c5500ac574747b44453ed90db89624366929c436fd0862695b88490c6685417a4016ec25702920cd6266b782c3f7a8eee57c83b848b19d84482c029c7ea979f7bf557dd33e0e916ba704661e01436016f130617d162d122d4f676fc4d3318c10c8541ff62f5c1cd7486d38f363cb705e52021301e9ec23099ea4fb97c6589878ec4bc5114b7b8f9e83e34b6959a7b171c35a95bb425e1d305582588881a89aa79d647613e0b4bf15c411e8c8c0109679836603532309b9199605921592375de49bd91734a81ea4a6d58c31a50f4dffbeaa325dfbdbc9a57179de8968cdd6ab3d0575f86252e62550dfd0a36718aad8099aec419ace441c662967c1d87ab2075ef7c7f4a04543f3eae236d172042ffbdae35f1b54fa71a510984933b862315deed4dfda35dd5c0227dc6896b6a433c89481826f6e92b6ed49956148fb681e941c24f62d6e5f9b53667e0fddbfe1733761d9a0ca92ec066e0e30764f185d06559d2fe3fd7a7705ccb1109d24a9e2d64390ab2d14b8895ab272592593b6afb67bb584025fd4a17cc1b50a098e7278dc558c46dd0d3f5d99a4eb232fee5c66fc1d0e673759991ba7d76abc04a5faf4f1a2166d9f4c37d76607b3ad3836d53bad783bc2a99024f057b5a066abbf6910ff27075cbb97e53a91559a1605f7cc5bad07687303c63e0f8b474366136d7100ff3794cab743cfaba426229e84e1dd37d52b699991904b5f061a47b72cf084d835872fbcef213141f2fd4f9e39ff169594fca302557ae6e0561c4419a11d8c8a5329cb6a8b5d9c532f4c5868124d72f5d665ac0fe19a3de6d0059e16d7eaeb887864654767502f8da1ac935755eacaf348ed0cb1d4764f07675ab34d0973f7be713ccec6e41aea82d97f184959a98b3f345093b7875284d1aa1814e900a857ae48a5613217ca98963ef109e11ca5fd2bf2c414e1c4a04b4dfef54bef893defafc7030e3ec8a47fc62dd526c22bd9793c71026a7a8d856b93e44d4010d63b9aa0abfbca4dd5ab7a1113514445524385c1b968034321cce360ba2fe97d517f41641d1edac308bf088c2cbbacc5ce9bff299b96d50940db24845ab9ea44774db1fdde4eaecf9cf4b355182fa04d593292cc261a12f8d413d94fe699d2cbdfdefe649553a6e5505146b085c796229319db5335803f4152eda07278702c391b79562dddeff088417c688203363f05d8a055ad9fd75c3d3c179563719c9eca28d7eeeaef13c06bdd3960c0ac77f2fc70c1e6391c6011ae9129f84695014b80e0105dcef7c8d21626f5e53bcef3bd8631fc10763264ca576f761a33e9a57f19cecc97606364adb5bc578c41abfd25c22ea19af5f56422f23c432b7582eee5c3f6c5cc5f8011bd978f360ec646669675a49cdb511c618fdcadba5ce6d2c86b5dc3d4cc521735bed050612a7d059553095bbdd64d812b76022ca1dab0638777a17bc980e0cbb204644578a29a8c0e57227b4c795f761a01485fb1e50b0ab8865bfcb25381e33d76ce90c95e6aa570afe8c39c3a9b6bfdc6baab9e60c1f7c93da980141ada9aca5af685228954a8ab0ea11af8b12b49477992289cdb7eac4afd5c066d889b24bf944b5e6d598860c13ac8b94f6d83e7922625d6b419c6ece0919419fd5c3962d7ca9cfc2d7d1782ed796dce53162434a3d8c3b054dcb5415d1a85611d8498daa7ac31a78f03cbd07d0cc4f489cfd05d6026822bfb5ee3ac6f3a3f4616500c32c42b171d16c5f4f4ab384f6d81f4f0a013c934ea0417b8ee5b5f972e0c3b23f68da3979736409be7ecb977f3c100cf262c1773709baf19625184ec474b5dad508f6a4eb69c6808858a59937af4f601f3362c91e9b10c96d7dc2f3d5e15fd255b3057e6f3d9c2f86c4f0de8af82741cf9f680a89b742a089a8efe015814f057ba36b0df79b41a8d7d949efc458f3da6616fd3abc1b9a6e40e82ff85eedce69f79e8170686ebe1e39e4c88469e9939aeb547b8786f27bd4022338d0aa7a7a3f2d79e8786871d64af8e730334ade55081c992192d8aacaff597bf1684d71470e414352c2a4018e6effb7062f335c6bb147036d4e8594cf285587f37359cd364aef42dcbf3bb9ccbfb6b9f6bbaf12c5f6c6c4462cc31056d6b06302c285fbb40fcc98239e02acf4fd6bc9bd181934e827d88c0d5031da17a3a3166f678349b216423c3e1d3cb0ced5b169823a38dd231430183819681d201faf77b4e406937448613a0cdabc7f877530d7e41d3ca39771986eb1cf5a140c0a5c0d7acd1bd6bd49b52a8c6d109c5f13faded9859bf3e5271732048dd7144647e14f5460ac5d670095875c41914744422f255b57ad2682c5ca98b2076c86bf6fc9c24a884f8e21b2cec2c164931bd8252c0c21c5096d2331ff09e492314e7ef6c78bc2c9348c8cfeb5c2488ae4013f148909650317d984fba2b8dc754c71b97832ae8dc6950be51efc404822345a2d563469347f0750a675c412a43a2b7d553a8ec0d3375b84d55b24436d15ef9be2ce0487f9dfa7b75ef75909255ea4507848133c711429f17d76d1525028c92217d5aa74e2beaf1f47b8ed45a561ddf29f089ba50c769c9edee64173c9aaebd57d706a62fbaabc26e37f499ece5b7bfefb155ae5d157fd0055d6d973a82a43be1dcb8827a4f9092ce3afac77a2c477ca8df539122d9df951cdba300ed7f0f69e95cfa086e88c10fbbd8633f7507bdca210b2c0f21930380cf8d879cf17224409b54533b9a0d48077d0f05136cc4b1cd5bb62ce1ced374659739ed56a16db2d72f756d0107b86212866f315b2fc05a57f7080fdb902c4f0e6427c99242944e30b8ff25dfb32f6b029a5d07277c7ce15b02f2f7a6d39def98290d3eeac8a0cac02c74e22bef31e16b08df1f446d646c0b99a3b49f6f04751efc59f3aacccc96032be7700196ba47195a3c4793ea0d5bd994a6c5c9ee73c8ce66a37faca05e01ba9b155c29260bc886294a5aa879f8cba41ab2ed46d2481a67136af186c3dd0076ffb66de18fdeb8be6272d63e6c4d9055a61c1e1f88e2843bc4225eceb94de7545a03f5ebb4d657b1d66fed369273f0d17be4446546bef2085431fc140d20dfb6417418aa40f55d3cf7d91462a9f713751131252ad87bcab3ec1851bdea4dde77be8b640a7a1892a2c818ad1d9f8eef074bad8a5247127e38929fc7a71f48e4ceac1a0a65810afea73ac0c144c2b95caa27a59b5a7838285d1db739333dc5aeaeed55b3c9c33434c1db48fddd23fbb5b2af98ed9e48828aaa2af43b43dd0bb4800ce2445aff90821d5eb68581621183b19abf1258de001af57b39f05c261d530eaf07fd6911def8c325b2f499e04315d71e4401596c9bb415ebdb9e9189d8e279d10afb6ce4ccc3804688fb83dcbe1217fb80ea3502d27dc095cf980b40f8dfc1c2f0c35c4b73e488a74306b914c71d0144d3ce46b31ea045903a7719c1313148b8729a642ff271603048dbd909b4d0bf67972265bfb0d5528a65604ee55e230551d9c39f7a790e88eed6dfcbda31ba7747122c86d459bdaf8e7b198a8c9ef8c85435a5e8eb08123a0105df4cbedd1305d9d8192bf8949bbe34b25dc2b6f6f9e80e8ae13567c04fa55c22daa607ef830a650a4772ad3799dc0bc89faf3ae6d2e5281c99f556aa9511195c4f5b042763ab880ccdd4774e9ee6451858c825b0523ca0c08ec5883902b55282617cd9177855f196aed0f7017721c064adcd3abb13325bf07fe09b4df6cce50b2ffbf5e5d48c2d85aa5a6159dbcfea4a33c84072b14e0f7b8280ef49fbc80cdd5382189cc2747898cab1d004324b3c26efa7072681b826a10ce4427ba4c99ffae2e1129ce55bfb95b96cbc4a5984cb21cfafa60a3bd075d588b234687f37d560a3dc8c85b3d9116ff94c81feb4c2bb4da58909b186048b4cfdd16d3c0b941f6ba1bc0e8d7064bc98aafc97dd00667c0d19dc7d8e835489e2726a2145d18397492507b9da6c1b1923b5c9a132742bbdadd0b4e3d6674195c914b19b3fda61e4a8e63f2e29ee1e92b26ed107c4d337a0e0f36ea3e8e60fc592625edf65f5d9a7166d2b71726a79d24c1b070da096207c9bc59f3287b655bbb56062053bd3426ace31c1b8f07dc2cb499eb86315f811b1204efd07aa75d16e61e0a9faf3773a767fdba5e9d4244bfd11c460910a4f67020d39899f7bab617c65f1dc90c8d7680e20b0dffa1cfd9ffc280a6970069190952e8c6cca0516b656f6f29e397fdaa01dc6b5ac5dc8223751500a9b94a23904f76d6be4c56c4786d9e4cc34b066876c15c1f6ba5016c2cae84983b0f00d81abde868562ed4fc628e", 0x1000)

22:20:41 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x1000)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/avc/cache_stats\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
r2 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r2, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000240)={&(0x7f0000000400)={0x30, r3, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
ioctl$TUNSETOFFLOAD(r2, 0x400454d0, 0x1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f00000001c0)=ANY=[@ANYPTR=&(0x7f00000000c0)=ANY=[]], 0xfffffffffffffedb, 0x0, 0x0})
r4 = epoll_create1(0x0)
r5 = epoll_create1(0x0)
r6 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r5, &(0x7f00000000c0)={0x80000013})
timerfd_settime(r6, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r6, &(0x7f0000000200))
epoll_pwait(r5, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r7 = dup3(r6, r5, 0x0)
creat(&(0x7f0000000080)='./file0\x00', 0x80)
ioctl$BLKIOOPT(r7, 0x1279, &(0x7f0000000700))
r8 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000340)='T\x0f\xbfo\xc92^')
sendmsg$TIPC_NL_PUBL_GET(r7, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x60, r8, 0x200, 0x70bd29, 0x25dfdbfd, {}, [@TIPC_NLA_MON={0x34, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x10000}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}]}, @TIPC_NLA_NET={0x18, 0x7, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x9}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x4b}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x110}, 0x20000000)

[  606.698658] binder: 14205:14215 transaction failed 29201/-22, size 104-24 line 3454
[  606.698813] binder: undelivered TRANSACTION_ERROR: 29201
[  606.730156] binder: 14221:14227 got transaction with out-of-order buffer fixup
[  606.730183] binder: 14221:14227 transaction failed 29201/-22, size 104-24 line 3467
[  606.730397] binder: undelivered TRANSACTION_ERROR: 29201
22:20:41 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = epoll_create1(0x0)
r4 = epoll_create1(0x0)
r5 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r5, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r5, &(0x7f0000000200))
epoll_pwait(r4, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r6 = dup3(r5, r4, 0x0)
ioctl$BLKIOOPT(r6, 0x1279, &(0x7f0000000700))
sendmsg$nl_route(r6, 0xffffffffffffffff, 0x24048094)
r7 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r7, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

22:20:41 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x101000, 0x0)
r1 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/cache_stats\x00', 0x0, 0x0)
ioctl$sock_inet_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000080))
ioctl$EVIOCSMASK(0xffffffffffffffff, 0x40104593, &(0x7f00000000c0)={0x17, 0xcd, &(0x7f0000000180)="67bf3bcd599267f64952d44d4ac254f3dc28a964606392fea3c77506b6747c004cbf310829a3a5502da7cf12d7941c5992721950ec0718404ee8749b9a38122d38680f2812d0e1253a71dd942be9353ac9a662d009eaf07124145cfdaed5c2848eded5960b964fa791ce9140722fdfb4dec3825ecb12d2b0fec516f44ae233e983a638029c2bf46c9e19345437a53908025e9b4f602e72bd5e020d272bdbdb650ffde31a91f1653c4fd1d7bd6db5353b127ae618ef71865237a43f6e33397a94d41c5e955ae4b0aa47ce9658cb"})
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)

22:20:41 executing program 4:
syz_open_dev$sndtimer(&(0x7f0000000000)='/dev/snd/timer\x00', 0x0, 0x20400)
openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x107002, 0x0)
pidfd_send_signal(0xffffffffffffffff, 0x7, &(0x7f0000000100)={0x0, 0xb4a3, 0x20000}, 0x0)

[  606.742843] binder: 14213:14219 got transaction with invalid data ptr
[  606.742868] binder: 14213:14219 transaction failed 29201/-14, size 96-24 line 3316
[  606.743078] binder: undelivered TRANSACTION_ERROR: 29201
[  606.750532] binder: BINDER_SET_CONTEXT_MGR already set
[  606.750541] binder: 14213:14233 ioctl 40046207 0 returned -16
[  606.767701] binder: 14213:14233 transaction failed 29189/-22, size 96-24 line 3138
[  606.767981] binder: undelivered TRANSACTION_ERROR: 29189
[  606.819213] binder: 14241:14246 unknown command 536871104
[  606.819221] binder: 14241:14246 ioctl c0306201 20000800 returned -22
22:20:41 executing program 3:
syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r0 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r0, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000005000/0x4000)=nil, 0x4000, 0x0, 0x20010, r1, 0x8000000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x2})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2}, @fda={0x66646185, 0x0, 0x0, 0x10000000}}, &(0x7f0000000080)={0x36f, 0x28, 0x48}}}], 0x0, 0x0, 0x0})

22:20:41 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00']], 0x0, 0x0, 0x0})

22:20:41 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r3, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r3, &(0x7f0000000200))
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$BLKIOOPT(r4, 0x1279, &(0x7f0000000700))
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180)='TIPCv2\x00')
sendmsg$TIPC_NL_BEARER_DISABLE(r4, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2004102}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x4c, r5, 0x800, 0x70bd2c, 0x25dfdbfb, {}, [@TIPC_NLA_NET={0x38, 0x7, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x4}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x8001}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x4}, @TIPC_NLA_NET_NODEID_W1={0xc}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x3860}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40004}, 0x10)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)
mount(&(0x7f0000000000)=@md0='/dev/md0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='vxfs\x00', 0x8, &(0x7f0000000100)='ppp1vboxnet0\x00')

22:20:41 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='>proc/se\x83f\x00', 0x501002, 0x0)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)
r1 = socket(0xa, 0x3, 0x20)
getsockopt$EBT_SO_GET_INFO(r1, 0x0, 0x80, &(0x7f0000000080)={'nat\x00'}, &(0x7f0000000000)=0x78)

[  606.827011] binder: 14238:14243 got transaction with out-of-order buffer fixup
[  606.827086] binder: 14238:14243 transaction failed 29201/-22, size 104-24 line 3467
[  606.827315] binder: undelivered TRANSACTION_ERROR: 29201
[  606.920147] binder: 14206:14210 transaction failed 29201/-22, size 88-24 line 3411
[  606.929206] binder: undelivered TRANSACTION_ERROR: 29201
22:20:41 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0xc00)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

22:20:41 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='\xff\x7f\x00', 0x482c42, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x4, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r3 = fcntl$dupfd(r2, 0x406, r2)
r4 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r5=>0x0, <r6=>0x0})
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000500)={0x0, <r7=>0x0}, &(0x7f0000000540)=0xc)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r8=>0x0})
ioctl$LOOP_SET_CAPACITY(r3, 0x4c07)
write$P9_RRENAME(r3, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
r9 = gettid()
ptrace$setopts(0x4206, r9, 0x0, 0x0)
tkill(r9, 0x3b)
ptrace$setregs(0xd, r9, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r9, 0x0, 0x0)
r10 = gettid()
ptrace$setopts(0x4206, r10, 0x0, 0x0)
tkill(r10, 0x3b)
ptrace$setregs(0xd, r10, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r10, 0x0, 0x0)
r11 = gettid()
ptrace$setopts(0x4206, r11, 0x0, 0x0)
tkill(r11, 0x3b)
ptrace$setregs(0xd, r11, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r11, 0x0, 0x0)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYPTR64=&(0x7f0000000180)=ANY=[], @ANYRESDEC, @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYRESDEC=0x0, @ANYRES32=r11, @ANYRESDEC=r0], @ANYRESDEC=r6, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r7, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r5, @ANYRES32=r10])
ioctl$TUNSETOWNER(r1, 0x400454cc, r8)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)

22:20:41 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r1, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)

[  606.956596] binder: 14268:14272 got transaction with out-of-order buffer fixup
[  606.960430] binder: BINDER_SET_CONTEXT_MGR already set
[  606.960437] binder: 14267:14273 ioctl 4018620d 20000100 returned -16
[  606.960549] binder: 14267:14273 got transaction with invalid offset (879, min 0 max 104) or object.
22:20:41 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r2, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
finit_module(r2, &(0x7f0000000040)='wlan1\x00', 0x4)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

[  606.960572] binder: 14267:14273 transaction failed 29201/-22, size 104-24 line 3379
[  606.960961] binder: undelivered TRANSACTION_ERROR: 29201
[  606.961398] binder: BINDER_SET_CONTEXT_MGR already set
[  606.961405] binder: 14267:14276 ioctl 40046207 0 returned -16
[  606.961721] binder: BINDER_SET_CONTEXT_MGR already set
[  606.961728] binder: 14267:14276 ioctl 4018620d 20000100 returned -16
[  607.001010] binder: 14277:14281 got transaction with invalid parent offset or type
[  607.001034] binder: 14277:14281 transaction failed 29201/-22, size 104-24 line 3454
[  607.001048] binder: 14277:14281 ioctl c0306201 20000800 returned -14
[  607.001215] binder: undelivered TRANSACTION_ERROR: 29201
[  607.010075] binder: BINDER_SET_CONTEXT_MGR already set
[  607.010085] binder: 14277:14283 ioctl 40046207 0 returned -16
[  607.018166] binder: 14277:14283 transaction failed 29189/-22, size 104-24 line 3138
[  607.018185] binder: 14277:14283 ioctl c0306201 20000800 returned -14
[  607.018440] binder: undelivered TRANSACTION_ERROR: 29189
[  607.039307] binder: 14291:14292 got transaction with invalid parent offset or type
[  607.039343] binder: 14291:14292 transaction failed 29201/-22, size 104-24 line 3454
[  607.039358] binder: 14291:14292 ioctl c0306201 20000800 returned -14
[  607.039652] binder: undelivered TRANSACTION_ERROR: 29201
[  607.042390] binder: BINDER_SET_CONTEXT_MGR already set
[  607.042398] binder: 14291:14294 ioctl 40046207 0 returned -16
[  607.165819] binder: 14268:14272 transaction failed 29201/-22, size 104-24 line 3467
[  607.175872] binder: undelivered TRANSACTION_ERROR: 29201
[  607.604886] binder: BINDER_SET_CONTEXT_MGR already set
[  607.610294] binder: 14241:14260 ioctl 40046207 0 returned -16
[  607.619673] binder: 14241:14296 unknown command 536871104
[  607.625307] binder: 14241:14296 ioctl c0306201 20000800 returned -22
22:20:42 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x802)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0)
ioprio_set$pid(0x1, 0x0, 0x7fff)
syncfs(r3)
ioctl$sock_proto_private(r2, 0x89ed, &(0x7f00000001c0)="b2f4165f35152370d79aa8c889f14aef7ae340fc15fb14b9a1613d2eb3c3656797a09ee84912b1996bc11a9911684bb9da51fd0a0e5d4104572b53bfbc335ca9288c5f2d2149735b11ea8835836208dd9a0c4a154ad01ca2c0a0b486e25335b55e48afb9771c2835af115a3f942f5b5b69366572ef097cdc19a137be6c9bd7b69ec698547ce38c9a31f1baf1d63a700751758ff01918fa66d4c02bbb34ba67b7a187cf61d5446b20547b35538028aed9383b047e962d3873c2a4e5131f")
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})

22:20:42 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
rt_sigtimedwait(&(0x7f0000000140)={0xffffffffffff8000}, &(0x7f0000000240), &(0x7f00000001c0), 0x8)
r4 = epoll_create1(0x0)
r5 = epoll_create1(0x0)
r6 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r6, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r6, &(0x7f0000000200))
epoll_pwait(r5, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r7 = dup3(r6, r5, 0x0)
ioctl$BLKIOOPT(r7, 0x1279, &(0x7f0000000700))
sendto$unix(r7, &(0x7f0000000000)="d020f500321fd1268dec5e5ce343e254eb6d510fa12fa20dfc6dca4f98c949f1bdb9860f3b3d3bb38b9510e8", 0x2c, 0x14, &(0x7f0000000040)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

22:20:42 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, &(0x7f0000000080), 0x0)

22:20:42 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
fcntl$setsig(0xffffffffffffffff, 0xa, 0x6)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
r2 = epoll_create1(0x0)
r3 = epoll_create1(0x0)
r4 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r4, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000200))
epoll_pwait(r3, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r5 = dup3(r4, r3, 0x0)
ioctl$BLKIOOPT(r5, 0x1279, &(0x7f0000000700))
r6 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_SET_SERVICE(r5, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="e4000000", @ANYRES16=r6, @ANYBLOB="010026bd7000fcdbdf250200000040000206000000000000000008000600ffffffff080005000300000008000b000a00000014000100000000000000000000000000000000000800060007000000080004001f0000003000020008000e004e240000080009000800000008000800010000801400010000000000000000000000ffffe00000025000020008000e004e24000008000b000200000008000900ff0100000800030003000000080004005d3a000008000800ff7f000008000900af07000014000100ff0100000000000000000000000000010800060001000100"], 0xe4}, 0x1, 0x0, 0x0, 0x20000840}, 0x4800)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@request_death={0x400c630e, 0x3}], 0x0, 0x0, 0x0})

22:20:42 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0})

22:20:42 executing program 0:
open$dir(&(0x7f0000000040)='./file0\x00', 0x10100, 0x1a0)
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0)='TIPC\x00')
sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000003c0)={&(0x7f0000000000)={0x1c, r3, 0x800, 0x70bd2c, 0x27dfdbfe, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x4000014)
ioctl$VT_ACTIVATE(r2, 0x5606, 0x80000000)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3, 0x0, &(0x7f0000000180)=ANY=[@ANYPTR64], 0x39c, 0x0, 0x0})

[  607.705654] binder: 14304:14305 got transaction with invalid data ptr
[  607.712377] binder: 14304:14305 transaction failed 29201/-14, size 96-24 line 3316
[  607.720890] binder: undelivered TRANSACTION_ERROR: 29201
22:20:42 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
ioctl$TUNATTACHFILTER(r2, 0x401054d5, &(0x7f00000000c0)={0x4, &(0x7f0000000080)=[{0x6, 0x80, 0x3f, 0x1}, {0x3ff, 0x6, 0x2, 0x6}, {0x9, 0x10, 0x9, 0x7e}, {0x0, 0xb3, 0xc0, 0x4}]})
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/avc/hash_stats\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a2701f40fba"], 0x0, 0x0, 0x0})
finit_module(0xffffffffffffffff, &(0x7f0000000100)='/dev/binder#\x00', 0x6)
openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/avc/cache_threshold\x00', 0x2, 0x0)

22:20:42 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r4, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r5, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
write$smack_current(r4, &(0x7f0000000000)='broute\x00', 0x7)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r3, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r3, &(0x7f0000000200))
r6 = accept4$inet(0xffffffffffffffff, &(0x7f0000000080), &(0x7f00000001c0)=0x10, 0x800)
r7 = openat$null(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/null\x00', 0x440002, 0x0)
write$P9_RLERRORu(r7, &(0x7f0000000600)={0x12, 0x7, 0x1, {{0x5, 'TIPC\x00'}, 0x4}}, 0x12)
getsockopt$EBT_SO_GET_INIT_ENTRIES(r6, 0x0, 0x83, &(0x7f0000000500)={'broute\x00', 0x0, 0x3, 0x26, [], 0x6, &(0x7f0000000480)=[{}, {}, {}, {}, {}, {}], &(0x7f00000002c0)=""/38}, &(0x7f0000000580)=0x78)
ioctl$PPPIOCGUNIT(0xffffffffffffffff, 0x80047456, &(0x7f0000000240))
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r8 = dup3(r3, r2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(r8, 0xc008240a, &(0x7f0000000280)={0x7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$BLKIOOPT(r8, 0x1279, &(0x7f0000000700))
write$nbd(r8, &(0x7f0000000300)=ANY=[@ANYBLOB="674466980000000003000200d498abc5ba68cc84a7e5c649cdae79f2a3c35cbc2264a6a9b144bf7ed54e7f23b1c9ca00b8f063e418dae763669f6f05e0d75071438425643d86c334f3b54c54d203c96f2b0ec608683a4e3b77dcde9d9f462ffaafd631991ab2162974192c6329ec523ff9aa477579160ad7a5a6138574d232dd067fbac1477e54dc82b26abb3d20bff796726464b6ee9df79e20d1bf59f25d6f04bb12fd3bf7839135cf4c393aac2096a56447c7ac775242483ceac836d8990ef63c3aa6e703537a40b69bc0af34b829f5df29d57efcafb581c5e15d2d9d075c1e5f4807b7bc31d717804f95f8017adfd884a87eaa9d266c4f080ad4152d386d6ff79977683d8578f96d7bd61c9ebf642dc46f8f88411b83c87c4b35bf75c46a55a09ea91746ff034fa7393662dba0a4b84e82a55cfaa353155300ea56798019b4dcb324403b1460e287a813fe1d3b3f3e12edb9e8d1e7c769756443a7cff1fec39b7160e24494acff"], 0x101)

22:20:42 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)
r1 = request_key(&(0x7f00000000c0)='cifs.idmap\x00', &(0x7f0000000100)={'syz', 0x0}, &(0x7f0000000140)='/proc/self\x00', 0xfffffffffffffffa)
add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000080)={'syz', 0x1}, 0x0, 0x0, r1)

22:20:42 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
r3 = timerfd_create(0x94d1793a14c9714e, 0x800)
timerfd_settime(r3, 0x0, &(0x7f0000000240)={{0x77359400}}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r4, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r4, &(0x7f0000000200))
epoll_pwait(r1, &(0x7f0000000000)=[{}, {}], 0x2, 0x1, &(0x7f0000000080)={0x5cf0}, 0x8)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r5, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$KDGETLED(r6, 0x4b31, &(0x7f0000000280))
fremovexattr(r5, &(0x7f00000001c0)=@random={'user.', '/proc/self\x00'})
socket$nl_generic(0x10, 0x3, 0x10)

[  607.765220] binder: 14308:14317 got transaction with out-of-order buffer fixup
[  607.765401] binder: 14312:14316 unknown command 0
[  607.765408] binder: 14312:14316 ioctl c0306201 20000800 returned -22
[  607.816260] binder: 14307:14331 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3
[  607.816269] binder: 14307:14331 unknown command 0
[  607.816276] binder: 14307:14331 ioctl c0306201 20000800 returned -22
[  607.842197] binder: 14308:14317 transaction failed 29201/-22, size 104-24 line 3467
[  607.855689] binder: undelivered TRANSACTION_ERROR: 29201
[  607.861655] binder: 14329:14338 got transaction with invalid data ptr
22:20:42 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0})

[  607.861681] binder: 14329:14338 transaction failed 29201/-14, size 96-24 line 3316
[  607.877962] binder: BINDER_SET_CONTEXT_MGR already set
[  607.877971] binder: 14329:14343 ioctl 40046207 0 returned -16
[  607.879317] binder_alloc: 14329: binder_alloc_buf, no vma
22:20:42 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0})

22:20:42 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H']], 0x0, 0x0, 0x0})

[  607.879335] binder: 14329:14343 transaction failed 29189/-3, size 96-24 line 3284
[  607.911417] binder: BINDER_SET_CONTEXT_MGR already set
[  607.911426] binder: 14342:14347 ioctl 40046207 0 returned -16
[  607.925027] binder_alloc: 14308: binder_alloc_buf, no vma
[  607.925045] binder: 14342:14347 transaction failed 29189/-3, size 104-24 line 3284
[  607.944855] binder: BINDER_SET_CONTEXT_MGR already set
[  607.944863] binder: 14348:14350 ioctl 40046207 0 returned -16
[  607.945253] binder_alloc: 14308: binder_alloc_buf, no vma
[  607.945271] binder: 14348:14350 transaction failed 29189/-3, size 104-24 line 3284
[  607.990848] binder: BINDER_SET_CONTEXT_MGR already set
[  607.990860] binder: 14351:14352 ioctl 40046207 0 returned -16
[  608.002314] binder_alloc: 14308: binder_alloc_buf, no vma
[  608.002385] binder: undelivered TRANSACTION_ERROR: 29189
[  608.002494] binder: undelivered TRANSACTION_ERROR: 29189
[  608.002576] binder: undelivered TRANSACTION_ERROR: 29189
[  608.002668] binder: undelivered TRANSACTION_ERROR: 29201
[  608.030953] binder: 14351:14352 transaction failed 29189/-3, size 104-24 line 3284
[  608.040100] binder: undelivered TRANSACTION_ERROR: 29189
22:20:43 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H']], 0x0, 0x0, 0x0})

22:20:43 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
r2 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r2, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r3, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(0x0)
sendmsg$TIPC_NL_NAME_TABLE_GET(r4, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x24409000}, 0xc, &(0x7f0000000280)={&(0x7f0000000580)=ANY=[@ANYBLOB="08008d2846bee24ac4c074d74eb7c0a0c8ab5b15143459bc50dc07641ec79583ae054ac7340d04abf3fc62b85074a7cffe78c4600148dc7cdec497f5c4f40517798001", @ANYRES16=r5, @ANYBLOB="04002bbd7000fbdbdf251000000004000600a4000400440007000800010003000000080001001900000008000200020000000800030001000000080002009c07000008000200050000000800040009000000080001000d0000000c000700080004004a0000000c00010073797a30000000000c00010073797a30000000000c00010073797a31000000000c00070008000200050000000c00010073797a31000000001400010062726f6164636173742d6c696e6b00002400060008000100ff0f000008000100f8ffffff080001004f0000000800010001ffffff"], 0xe0}, 0x1, 0x0, 0x0, 0x8004}, 0x4000004)
sendmsg$TIPC_NL_MON_GET(r2, &(0x7f00000004c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000480)={&(0x7f0000000340)={0x70, r5, 0x51cd3bd0e37c0ac6, 0x70bd2a, 0x25dfdbfd, {}, [@TIPC_NLA_SOCK={0x14, 0x2, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x101}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xfffffff9}]}, @TIPC_NLA_BEARER={0x38, 0x1, [@TIPC_NLA_BEARER_PROP={0x34, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7fffffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}]}]}, @TIPC_NLA_SOCK={0x10, 0x2, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8000}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x8800}, 0x8040)
setsockopt$inet_mreq(r2, 0x0, 0x24, &(0x7f0000000100)={@rand_addr=0xc7, @dev={0xac, 0x14, 0x14, 0x19}}, 0x8)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
r6 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/avc/hash_stats\x00', 0x0, 0x0)
ioctl$LOOP_GET_STATUS64(r2, 0x4c05, &(0x7f00000006c0))
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$tipc2(0x0)
sendmsg$TIPC_NL_NAME_TABLE_GET(r7, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x24409000}, 0xc, &(0x7f0000000280)={&(0x7f0000000580)=ANY=[@ANYBLOB="0800ad2846bee24ac4c074d74eb7c0a0c8ab5b15d2fe45b39c1da54ad1143459bc50dc07641ec79583ae054ac7340d04abf3fc62b85074a7cffe78c4600148dc7cdec497f5c4f40517798001", @ANYRES16=r8, @ANYBLOB="04002bbd7000fbdbdf251000000004000600a4000400440007000800010003000000080001001900000008000200020000000800030001000000080002009c07000008000200050000000800040009000000080001000d0000000c000700080004004a0000000c00010073797a30000000000c00010073797a30000000000c00010073797a31000000000c00070008000200050000000c00010073797a31000000001400010062726f6164636173742d6c696e6b00002400060008000100ff0f000008000100f8ffffff080001004f0000000800010001ffffff"], 0xe0}, 0x1, 0x0, 0x0, 0x8004}, 0x4000004)
sendmsg$TIPC_NL_PEER_REMOVE(r6, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x3000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x78, r8, 0x100, 0x70bd2c, 0x25dfdbfc, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x3}]}, @TIPC_NLA_NET={0x58, 0x7, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x2}, @TIPC_NLA_NET_ID={0x8}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0xfffffffa}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x5}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xfd36}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x800}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x1}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x6}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x1}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x8000}, 0x80)
accept4$inet(r6, &(0x7f0000000080)={0x2, 0x0, @empty}, &(0x7f00000000c0)=0x10, 0x80000)
r9 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r9, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
sendmsg$TIPC_CMD_SHOW_LINK_STATS(r9, &(0x7f0000000880)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000840)={&(0x7f00000007c0)={0x28, r3, 0x4, 0x70bd2d, 0x25dfdbfb, {{}, 0x0, 0xb, 0x0, {0xc, 0x14, 'syz0\x00'}}, ["", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x94c31925cf63c46a}, 0x400c080)
ioctl$sock_inet6_tcp_SIOCOUTQNSD(r6, 0x894b, &(0x7f00000008c0))
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000bbb7f4d02894db6fb4ce997a1ff763fe0000000000000000000000000000600000000000"], 0x0, 0x0, 0x0})

22:20:43 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0xf)
r2 = syz_open_procfs(0x0, 0x0)
getsockopt$EBT_SO_GET_INIT_INFO(r2, 0x0, 0x82, &(0x7f0000000680)={'filter\x00'}, &(0x7f0000000700)=0x78)
r3 = syz_genetlink_get_family_id$fou(&(0x7f0000000140)='fou\x00')
sendmsg$FOU_CMD_DEL(r2, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000002c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="18000000", @ANYRES16=r3, @ANYBLOB="200026bd7000bff6098a6df7c302ae99ffdb"], 0x18}, 0x1, 0x0, 0x0, 0x24000800}, 0x4)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000140)={<r4=>0x0, @initdev, @multicast2}, &(0x7f0000000180)=0xc)
sendmsg$FOU_CMD_ADD(r1, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x808}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x24, r3, 0x180, 0x70bd2b, 0x25dfdbff, {}, [@FOU_ATTR_PORT={0x8, 0x1, 0x4e21}, @FOU_ATTR_IFINDEX={0x8, 0xb, r4}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x8b88fec6dad7c1f0)

22:20:43 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
write$selinux_attr(0xffffffffffffffff, &(0x7f0000000000)='system_u:object_r:crond_unit_file_t:s0\x00', 0x27)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r4, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0, <r5=>0x0}, &(0x7f0000000080)=0xc)
r6 = getegid()
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r8 = fcntl$dupfd(r7, 0x406, r7)
r9 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r10=>0x0, <r11=>0x0})
getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000000500)={0x0, <r12=>0x0}, &(0x7f0000000540)=0xc)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r13=>0x0})
ioctl$LOOP_SET_CAPACITY(r8, 0x4c07)
write$P9_RRENAME(r8, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r8, @ANYBLOB=',rootmode=00000000000000000160000,user_id=', @ANYRESDEC=r13, @ANYBLOB=',group_id=', @ANYRESDEC=r11, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r12, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r10, @ANYBLOB=',pcr=00000000000000000049,rootcontext=staff_u,dont_hash,\x00'])
getgroups(0x4, &(0x7f0000000140)=[<r14=>r11, 0x0, 0xffffffffffffffff, 0xee00])
r15 = getgid()
getgroups(0x4, &(0x7f0000000180)=[r5, r6, r14, r15])

22:20:43 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110a, 0x3})
r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x109400, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

[  608.548821] binder: BINDER_SET_CONTEXT_MGR already set
[  608.554358] binder: 14307:14354 ioctl 40046207 0 returned -16
[  608.564995] binder: 14307:14357 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3
[  608.572256] binder: 14307:14357 unknown command 0
[  608.577097] binder: 14307:14357 ioctl c0306201 20000800 returned -22
22:20:43 executing program 4:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0x0, 0x0)
pread64(r0, &(0x7f0000000740)=""/225, 0xe1, 0x40)
pidfd_send_signal(r0, 0x0, &(0x7f0000000100), 0x0)
r1 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0)
r2 = add_key(&(0x7f0000000080)='rxrpc_s\x00', &(0x7f00000000c0)={'syz', 0x1}, &(0x7f00000002c0)="6403cd01747e1f688c20a2a15d341ec281d0a20585a5fb924ca45068b6e27fa81fb974953f783387b8ab75b242de56441d23f1a20f427f47fa7ad29d7d3cca1e0ccdc1e6554e122246297df4333f28e1119935ab1fff06314724883cb1ea351fc03a2174705089e31013a12fc355e4af53569fc39aca8327591939fb630a8e7fa8258db839c985e4f95f6c56a60c84a1be634f99643b9c8c9cad44ca6a70673190474878451edb67f846defa06e13ab605e14f36359412e66813f4b22d1e1a23573184462a4e936dcf65d17f0f5597124dde7f2f2b6b2fb7fbd5f392d56bfc3f63aa67e2117c4bb67c73cdc4af6c73", 0xef, 0xfffffffffffffffa)
r3 = add_key(&(0x7f00000003c0)='.request_key_auth\x00', &(0x7f0000000400)={'syz', 0x0}, &(0x7f0000000440)="6b1c5d5abc29d4b348bdd45e80b0026f53728dd6a96468558c076ebf358fcea895b8dfe92fa513848817bc8b075a1bf3c8b536", 0x33, 0xfffffffffffffffe)
r4 = request_key(&(0x7f0000000140)='asymmetric\x00', &(0x7f0000000580)={'syz', 0x2}, &(0x7f0000000640)='user\x00', 0xfffffffffffffff8)
request_key(&(0x7f00000006c0)='user\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000440), r4)
sched_setattr(0xffffffffffffffff, &(0x7f0000000840)={0x30, 0x1, 0x1, 0x2, 0x8, 0x8, 0x190, 0x82}, 0x0)
r5 = add_key$user(&(0x7f0000000480)='user\x00', &(0x7f00000004c0)={'syz', 0x0}, &(0x7f0000000500)="d2d604f274f19de618ac0dbe78fb19b402d1681611dda0631b200bf32e17eb5d524449440751a2670a571cdd14a3c348fc0dc4e1740e254763f63b6138ea58967383757cf6fc63d9e1db1c3dcf4203", 0x4f, r4)
keyctl$dh_compute(0x17, &(0x7f0000000580)={r2, r3, r5}, &(0x7f00000005c0)=""/89, 0x59, &(0x7f0000000700)={&(0x7f0000000640)={'sha1-avx\x00'}, &(0x7f0000000680)="f8dc69d3fd630c3eb0c27e2884ec717be39d123bef636e49f15da07d0154c69af44dd109b8d8345243b2be792becbe53bcceeded52adbafd968dc10d23c36150624867a9a16bc2b3bc642e5bff623a179be3426a2d2a2ac08b3ba9cea4d8ddd103fafa5a3f2a1f291128e9f8d887c10c2f42e5be", 0x74})
ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000180)={0x7, 0x200, 0x4, 0xfbf, 0x5, [{0x4, 0x8, 0x7fffffff, 0x0, 0x0, 0x200}, {0xfffffffffffffe01, 0xff, 0xfff, 0x0, 0x0, 0x5000}, {0x6, 0x3f343107, 0x4, 0x0, 0x0, 0x400}, {0x80000001, 0x5, 0x4, 0x0, 0x0, 0x80}, {0x67, 0x6, 0x8, 0x0, 0x0, 0x812}]})

22:20:43 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
r2 = epoll_create1(0x0)
r3 = epoll_create1(0x0)
r4 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r4, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000200))
epoll_pwait(r3, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r5 = dup3(r4, r3, 0x0)
ioctl$BLKIOOPT(r5, 0x1279, &(0x7f0000000700))
ioctl$BINDER_GET_NODE_INFO_FOR_REF(r5, 0xc018620c, &(0x7f0000000040)={0x1})
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

22:20:43 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc\xafself\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, 0x0, 0x0)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r1, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
r2 = socket$netlink(0x10, 0x3, 0x10)
listen(r2, 0x20000000)
ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f0000000000)=0x40010)

22:20:43 executing program 4:
r0 = getpid()
prctl$PR_SET_PTRACER(0x59616d61, r0)
clone(0x2000000002800100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x38)
ptrace$cont(0x18, r1, 0x0, 0x0)
mount$bpf(0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={[{@mode={'mode'}}], [{@mask={'mask', 0x3d, 'MAY_EXEC'}}, {@dont_appraise='dont_appraise'}]})
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x1f, r1, 0x0, 0x0)

[  608.631543] binder: 14362:14368 got transaction with invalid parent offset or type
[  608.641534] binder_alloc: 14367: binder_alloc_buf, no vma
[  608.641552] binder: 14367:14374 transaction failed 29189/-3, size 104-24 line 3284
22:20:43 executing program 5:
r0 = syz_open_dev$sndtimer(&(0x7f0000000000)='/dev/snd/timer\x00', 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0xc0f85403, &(0x7f0000000100))

22:20:43 executing program 5:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r0, &(0x7f0000007040)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={[], [], @multicast2}}, 0x1c, 0x0}}], 0x1, 0x34002001)

[  608.641568] binder: 14367:14374 ioctl c0306201 20000800 returned -14
[  608.641901] binder: undelivered TRANSACTION_ERROR: 29189
[  608.643583] binder_alloc: 14367: binder_alloc_buf, no vma
[  608.643603] binder: 14367:14378 transaction failed 29189/-3, size 104-24 line 3284
[  608.643618] binder: 14367:14378 ioctl c0306201 20000800 returned -14
22:20:43 executing program 5:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070")
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x17, 0x0, 0x201000, 0x1, 0x0, 0x1}, 0x3c)
fchmod(r1, 0x408)

[  608.644206] binder: undelivered TRANSACTION_ERROR: 29189
[  608.702195] audit: type=1400 audit(1569277243.347:39): avc:  denied  { listen } for  pid=14396 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[  608.717025] binder: 14363:14371 got transaction with invalid data ptr
[  608.717089] binder: 14363:14371 transaction failed 29201/-14, size 65123-0 line 3316
[  608.717455] binder: undelivered TRANSACTION_ERROR: 29201
[  608.747299] binder: 14389:14412 got transaction with invalid parent offset or type
[  608.747328] binder: 14389:14412 transaction failed 29201/-22, size 104-24 line 3454
[  608.747343] binder: 14389:14412 ioctl c0306201 20000800 returned -14
[  608.754694] binder: BINDER_SET_CONTEXT_MGR already set
[  608.754704] binder: 14363:14402 ioctl 40046207 0 returned -16
22:20:43 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0})

22:20:43 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
ioctl$TCSBRK(r2, 0x5409, 0x81)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
write$binfmt_aout(r2, &(0x7f0000000840)={{0xcc, 0xf8, 0xfe, 0xc6, 0x1f7, 0x1, 0x3a7, 0x5}, "4a245a16920e75726e19b710b5d5a91581ac2d6dac2647ade2853e9435da933b929ebc28e2067c6a7d358e2e44fba84de153720ba549cf8e8f541a2c5ca64422243f2a1142dd4863ae063fef39a4a2861d763a24e2956e5445edbc9e9a33cb4ca287680f1445dfb75b8cb7c4fcc94db59833ff938c2dc8bb606e6798f3f05277af388ce2b705c3362016537ca65a7540d03bf175ecd86a1047d072114fca59c046b45cffd09b017e4e5fcdf6", [[], [], [], [], [], [], [], [], [], []]}, 0xacc)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})
ioctl$KDSKBLED(r2, 0x4b65, 0x800)
io_setup(0x8, &(0x7f0000000080)=<r3=>0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r4, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r5 = epoll_create1(0x0)
r6 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f00000000c0)={0x20000001})
timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, 0xffffffffffffffff, &(0x7f0000000200))
epoll_pwait(r6, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r7 = dup3(0xffffffffffffffff, r6, 0x0)
ioctl$BLKIOOPT(r7, 0x1279, &(0x7f0000000700))
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r8, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r9 = epoll_create1(0x0)
r10 = epoll_create1(0x0)
r11 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r10, 0x1, r9, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r11, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r11, &(0x7f0000000200))
epoll_pwait(r10, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r12 = dup3(r11, r10, 0x0)
r13 = epoll_create1(0x0)
r14 = epoll_create1(0x0)
r15 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, r13, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r15, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r13, 0x1, r15, &(0x7f0000000200))
epoll_pwait(r14, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r16 = dup3(r15, r14, 0x0)
ioctl$BLKIOOPT(r16, 0x1279, &(0x7f0000000700))
ioctl$BLKIOOPT(r16, 0x1279, &(0x7f0000000700))
r17 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r18 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r17, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r18, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r19 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r19, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001380)=ANY=[@ANYBLOB="1400000002f2ffff000000000000000000020000257723eb7b8f8defb4749c20c90100000000000000854e5d86f28d69f7290b378007c2bc83b704ef4e7909930055ee79ab1b87c382442ae4092e54628e25de7290cff31cfa0ee7aa"], 0x14}}, 0x0)
r20 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r20, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
io_submit(r3, 0x8, &(0x7f0000001340)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0xbd, r4, &(0x7f0000000440)="5eba92c59e947ff58620caecaa0b58537935e82a84fc79ff12d0640156a5ede9e29b06bc80f88be7c5246c5287bf37a004a919e873f059717f64f6aa993e2e1e336e55b824e8da9b5f9865c2f88174c4e1d3019c51b99d034199dd81323691848fb116a2fb2a6d1bd13e55c108739c9673f5aa113f264ff91465a8a57a265f292d60715e173522a36dfef56b8f09e5a75443facfe337cf46aa264d53eadf52ff51a4443d2066478e8b7e05951adaeb22ff45ec42535928f6558198dd3ae521d4ebf8f1168004d59ad66183d1c9307406994e075705f108edef6f8cc6610b9c6ac3f4f84e927b2d10bc8d1ca3fc7476102fe669ad", 0xf4, 0xff, 0x0, 0x3, r7}, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x2, r8, &(0x7f0000000100)="099f284e169c9a82e1ff02b98ebda6a250e6b8d368ca789a50e9634c8c39e9ca8d3a0da8fa3e8fd435a0119bcb43ea39a1084de36e49772838b8509d27793876f2a44ace222e4e6567625e4d", 0x4c, 0x6, 0x0, 0x0, r2}, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x7, r0, &(0x7f0000000200)="781aaf3c9076cb75ff0050456ec1c285a18a53cffc5251697c49b200d01a8a54ec91f77ecae64e4ae6f6", 0x2a, 0x3ff, 0x0, 0x1, r12}, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x3, 0x80, r1, &(0x7f00000002c0)="85", 0x1, 0xff, 0x0, 0x2, r17}, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x2, 0x7ff, 0xffffffffffffffff, &(0x7f0000000340)="7b9225be42132733eada08dea74b31287cc481c5cf4f7951d1bc8797951f8066fa97232cba2f71e6594cc92eaae3be32bac2e18e8786434bf917", 0x3a, 0x5, 0x0, 0x3}, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x7, 0x2, r19, &(0x7f0000000580)="ad14a98079bf8eb1d6b8812475c34dd2a27dd356e56f69596f721e57f790dba21afa0c9db21e1418c723b19f5baca9e8043a13698b592b4b947cf52b29395bda707a7a15d1b46b314d31662ae7c9b34e0a7507da949cebc8994bc4a30fb85f323dfa5714dcc5", 0x66, 0x21fc, 0x0, 0x2, r2}, &(0x7f0000000680)={0x0, 0x0, 0x0, 0xe, 0xff, r20, &(0x7f0000000640)="7e42118fd1351443b95560612bd577e2ae7f64e725b6b15a1aff0f8c6ffd0048", 0x20}, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x3, 0x0, r1, &(0x7f00000006c0)="8e4507dc13635f0c10b9938d04e5758dfc101d12bbb58d7901657c9d52d07b679a16ae27811c8441d8f8552c3f49487930b96d2075081d95bc9b29429b0c0e6531c2d17be8ac218ca3c797e97e73fc94a94b4cd9628a3d54fec31693b5887b1f7c1451b341323dc195bd203705c39e5ded5e339d279e7ddafb67e07dc8bd713794c14b86ca8328aaecd088143cdaaffd4b53af4605ef42c4eadc4bae543aacf8a4f84d68375cc9c9b5339aa30505115f5445a71490c87cfe293c7625340f2ae2693a6a8674c76515038dcf717aae2016b5bbcfe4fa077c7c1b3a9181cc6fba6cb9c8231b80fb463c50c0bea558559396760076286ee8e0b9", 0xf8, 0x5, 0x0, 0x1, r2}])

22:20:43 executing program 4:
r0 = syz_open_dev$sndtimer(&(0x7f0000000000)='/dev/snd/timer\x00', 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x40045402, &(0x7f0000000100)={{0x2}})

[  608.862852] binder: 14362:14368 transaction failed 29201/-22, size 104-24 line 3454
[  608.872534] binder: undelivered TRANSACTION_ERROR: 29201
[  608.897394] binder: 14422:14427 got transaction with invalid data ptr
[  608.903515] binder: 14425:14428 got transaction with out-of-order buffer fixup
[  608.903539] binder: 14425:14428 transaction failed 29201/-22, size 104-24 line 3467
[  608.903674] binder: undelivered TRANSACTION_ERROR: 29201
[  608.932140] binder: 14422:14427 transaction failed 29201/-14, size 96-24 line 3316
[  609.485021] binder: undelivered TRANSACTION_ERROR: 29201
[  609.533342] binder: BINDER_SET_CONTEXT_MGR already set
[  609.538678] binder: 14389:14437 ioctl 40046207 0 returned -16
[  609.544736] binder: 14389:14437 got transaction with invalid parent offset or type
[  609.552493] binder: 14389:14437 transaction failed 29201/-22, size 104-24 line 3454
[  609.560340] binder: 14389:14437 ioctl c0306201 20000800 returned -14
[  609.567140] binder: undelivered TRANSACTION_ERROR: 29201
[  609.695107] binder: undelivered TRANSACTION_ERROR: 29201
[  609.700976] binder: BINDER_SET_CONTEXT_MGR already set
[  609.706330] binder: 14422:14433 ioctl 40046207 0 returned -16
[  609.712677] binder: 14422:14439 transaction failed 29189/-22, size 96-24 line 3138
[  609.862354] binder: undelivered TRANSACTION_ERROR: 29189
22:20:46 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = epoll_create1(0x0)
r4 = epoll_create1(0x0)
r5 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r5, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r5, &(0x7f0000000200))
epoll_pwait(r4, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r6 = dup3(r5, r4, 0x0)
ioctl$BLKIOOPT(r6, 0x1279, &(0x7f0000000700))
r7 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000040), 0xc)
fsetxattr$trusted_overlay_redirect(r7, &(0x7f0000000080)='trusted.overlay.redirect\x00', &(0x7f0000000140)='./file0\x00', 0x8, 0x1)
write$FUSE_INTERRUPT(r6, &(0x7f0000000000)={0x10, 0x0, 0x4}, 0x10)
r8 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x142, 0xffffffffffffffff, 0x0, 0x0)
dup3(r8, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

22:20:46 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0005404000000000100000000000000000000000000000000000000002deffff5f0000000000000000002a370cf40fba00"/58], 0x0, 0x0, 0x0})

22:20:46 executing program 5:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r0, &(0x7f0000007440)=[{{&(0x7f0000000400)={0xa, 0x0, 0x0, @loopback}, 0x1c, 0x0}}], 0x1, 0x34002001)

22:20:46 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x17, 0x0, 0x201000, 0x1, 0x0, 0x1}, 0x3c)
fchmod(r0, 0x408)

22:20:46 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0})

22:20:46 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000005000/0x4000)=nil, 0x4000, 0x0, 0x20010, r2, 0x8000000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x2})
mmap$binder(&(0x7f0000ed7000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000058000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a62770000000002856164660000000000000072000000000200000000000000000000000000000085616466000000000000000000000000005b169e1922b3e278fe4b87000b00"/88], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB="000000000000000018000000000000003800000000000000"]], 0x0, 0x0, 0x0})

22:20:46 executing program 5:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r0, &(0x7f00000088c0)=[{{&(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x1c, 0x0}}], 0x1, 0x20000000)

22:20:46 executing program 5:
r0 = syz_open_dev$sndtimer(&(0x7f0000000000)='/dev/snd/timer\x00', 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x40345410, &(0x7f0000000100))

22:20:46 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_inet6_SIOCADDRT(r0, 0x890c, &(0x7f0000000000)={@ipv4={[], [], @remote}, @loopback, @mcast2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xf00})

22:20:46 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})
ustat(0x9, &(0x7f0000000040))

[  611.637775] binder: 14447:14451 got transaction with out-of-order buffer fixup
[  611.646519] binder_alloc: 14448: binder_alloc_buf, no vma
[  611.646538] binder: 14448:14452 transaction failed 29189/-3, size 88-24 line 3284
[  611.646785] binder: undelivered TRANSACTION_ERROR: 29189
22:20:46 executing program 5:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r0, &(0x7f0000003500)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x25}}}, 0x1c, 0x0}}], 0x1, 0x34002001)

22:20:46 executing program 4:
r0 = syz_open_dev$sndtimer(&(0x7f0000000000)='/dev/snd/timer\x00', 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x40485404, &(0x7f0000000100))

[  611.687944] binder: 14447:14451 transaction failed 29201/-22, size 104-24 line 3467
[  611.695324] binder: 14445:14459 unknown command 1077937408
[  611.695332] binder: 14445:14459 ioctl c0306201 20000800 returned -22
[  611.700900] binder: BINDER_SET_CONTEXT_MGR already set
[  611.700909] binder: 14445:14468 ioctl 40046207 0 returned -16
[  611.701691] binder: 14445:14468 unknown command 1077937408
[  611.701700] binder: 14445:14468 ioctl c0306201 20000800 returned -22
[  611.707827] binder: 14467:14471 got transaction with invalid parent offset or type
[  611.707854] binder: 14467:14471 transaction failed 29201/-22, size 104-24 line 3454
[  611.707867] binder: 14467:14471 ioctl c0306201 20000800 returned -14
[  611.708062] binder: undelivered TRANSACTION_ERROR: 29201
[  611.708952] binder: BINDER_SET_CONTEXT_MGR already set
[  611.708960] binder: 14467:14473 ioctl 40046207 0 returned -16
[  611.709329] binder: 14467:14473 transaction failed 29189/-22, size 104-24 line 3138
[  611.709344] binder: 14467:14473 ioctl c0306201 20000800 returned -14
[  611.719686] binder: undelivered TRANSACTION_ERROR: 29189
[  611.829321] binder: undelivered TRANSACTION_ERROR: 29201
22:20:47 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
ptrace$setopts(0x4200, r0, 0xfffffffffffffffd, 0x10)
tkill(r0, 0x10000000001c)

22:20:47 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000654400010000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})

22:20:47 executing program 5:
r0 = syz_open_dev$sndtimer(&(0x7f0000000000)='/dev/snd/timer\x00', 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x80045400, &(0x7f0000000100))

22:20:47 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x20000, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x0, 0x0, 0x0})

22:20:47 executing program 4:

22:20:47 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f00"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0})

22:20:47 executing program 5:
socketpair$unix(0x1, 0x800000000000001, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_mount_image$msdos(&(0x7f0000000000)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='gid=', @ANYRESHEX=0x0])

22:20:47 executing program 4:
r0 = socket(0x2, 0x3, 0x100000000000005)
close(r0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = socket$unix(0x1, 0x5, 0x0)
close(r2)
close(r1)
pipe(&(0x7f00000000c0))
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
close(r3)
close(r4)
socket$inet_udplite(0x2, 0x2, 0x88)
r5 = socket(0x800000000000011, 0x2, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
splice(r0, 0x0, r4, 0x0, 0xc0, 0x0)
close(r4)
write$binfmt_elf64(r2, &(0x7f0000000100)=ANY=[@ANYBLOB="c4"], 0x1)
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r6, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070")

22:20:47 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3c, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H']], 0x0, 0x0, 0x0})

22:20:47 executing program 0:
syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r0 = syz_open_dev$binder(0x0, 0x0, 0x0)
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r3, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r3, &(0x7f0000000200))
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r4 = dup3(r3, r2, 0x0)
ioctl$BLKIOOPT(r4, 0x1279, &(0x7f0000000700))
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r5, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r6 = dup3(r5, r0, 0x100000)
r7 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000280)='/dev/uinput\x00', 0x1, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000015c0)={0xe4, 0x0, &(0x7f00000004c0)=[@register_looper, @transaction_sg={0x40486311, {0x2, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x60, 0x18, &(0x7f00000001c0)={@flat=@weak_binder={0x77622a85, 0x1000, 0x2}, @ptr={0x70742a85, 0x0, &(0x7f0000000080)=""/219, 0xdb, 0x1, 0x30}, @fda={0x66646185, 0x2, 0x2, 0x1f}}, &(0x7f0000000240)={0x0, 0x18, 0x40}}, 0x1440}, @transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x48, 0x18, &(0x7f00000002c0)={@flat=@binder={0x73622a85, 0x281}, @fd={0x66642a85, 0x0, r6}, @fd={0x66642a85, 0x0, r7}}, &(0x7f0000000340)={0x0, 0x18, 0x30}}}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000400)={@fda={0x66646185, 0x7, 0x0, 0x30}, @ptr={0x70742a85, 0x1, &(0x7f0000000380)=""/27, 0x1b, 0x0, 0x2b}, @ptr={0x70742a85, 0x0, &(0x7f00000003c0)=""/31, 0x1f, 0x0, 0xd}}, &(0x7f0000000480)={0x0, 0x20, 0x48}}, 0x10c0}, @register_looper], 0x1000, 0x0, &(0x7f00000005c0)="8f7422291e0aa8368901000e2899d62553a573afd3299050a1bea719c0c2fadd2a9dc2987d35f869a7ca2978bee072f247e6f741aa4c0b226ceaaf6d736303369ce0a09ddaa70b0d82d4062a31264819a6c6fe71c0757f8a7c611f431592b51d6f5f4d17db9cd91e860b9e1bef059ba0354998fa3e3a8aef0d5042c24895b6ce7b65366ab955d79f439d247a67584c5a5465b18f56605f96ce3fad22a95b0885759408269524afcf2ed3d61fa5dffadcf849c9fdfcc5c7ac7afeddaed94aec9fbdf1a643b604db2241f58d4584b028be20228dd6bca26354f9bddbe327c4555db5a92bd08eb1e3fde7a80d6799e6c7382e5f2b01382b5a67d9bbf9b3782f7f1dd59b7d26f34222620ab9bffdd1fb235685420a083b5017f805ac34de3a08f4a53d2f4be71528b0e4ca2edb8980188d6c5d22ccc7a8ba5aeb64a7b8b41b811af4eeb39deb52b421e7e13a8a34032af1d39cd61cb29dbfecef4da4f8834e6e101d14d29ecf786cd4f4932ed031f52873eae5b47792a549a7b5a33fbfc238ba876cbbcb940696b8c133c0d592e596212df13c3be2b9d4cdc1ff2c597e4801ce62c175b73913d19283251ea6aa1de8c64ee9e3ca235a617ce76c70466af059feedb0ef0d6069219868dca4b1f22a8b9808a0d13f90e0a81aceca1427437a09f8febe93af09e8c21a65a8f3dcf72e477b1e049f8ab749a1e50cbbe64bc6691ae220572640b1c00e1c58251372d5f36f9cca4b2a01af737c93691eeda58e019a72475932b44325d47af31ded3c3ff95f64def0040223bcba94a74699e98b75d925e6169320c32e4c93463ab992ec51884497668c9138b3d03a7b9258e7bcda0969708047bfff3bbc45f575f14eb2201c259364c3878271f909bd75b23a4891f4f0069e87a84cf4c89eb34f80cdb77ea3abaccf53b30c3f52a1db2e1d704306489a57cad1ddd8bc61e0da44d33283b06e4ae809887328f988501dff873deac0b09ee4bd4831e2fff73b9b6d770f615af5f49e23f987089fa3ab87762de7733bc04166830608aa4a357fb9126839a2aad355535224443f604922b033e7a1ffa08a50009399a7b04c6d51b53b8ebd6a6c4914bf18a0ef3eae86d5c8d224f120af3e5b3c873cd044667858b6ab147beb12b2c230677cbf8a00c838ceeddac92066bdb5c2949930d2b26e9d928fefa751255ba15e1575bf21fb59a6fb20f6b346658008626d0109b82cf5f29d854c18e48dd62dbff6c352c73b8cd33dfb21252cec2910cad1930f6f9899a9ed87a38dc4c9a9815d63c05470f5ae238a17f63882d3ffbd9f9a82f09e5ef47488bc69a7a44630396df3a0ee8f767c4dcf28e8ccb5d21e7f68fddc2643a1665c45b02e586fe0e82488ca72bfc388489ef03ead36d299157d615aee8e8e9f5865df474cbfcc0a5ced33a3bfe9c17e17f77fe56be681a4793617c80a5d5710f2cc47cfda92bfe867d839e45ebc0212c955bd2681f9adc46b36c5ae2601595f46efb26d84171cac4847fc0ec7cdb0ed804722cbd357f6f40bb081c31786a84d1a2de0c2cad2f768e2dbba621e517973977b5978dbb6106b077bf88455277f3017b2cc0f92cca7b5014b538c6fb17d35bf5f118b2bda197f001d87f1aa06789cb57ff12b37611f8c510801cfd3b7cb292c41ef87712f029eee8f97f1838383bc88f55e43aae3890a1797242b2cbba36e996f07e1a42582aeafa1b9b5b2a0294cbc72c3c0769bedd2f7b1e42b855e983caa23d1f7eb76e963d0eec21072bfb38c27fced700b65b47545c24db40dfbcde1413394fcb78fc514a4b4b7048198a5235ff23c5318ef97f0ee613fa03c3357df610fcccf0cc4526f864b96821541bbf94d64c33535e254a3b9095abe362fa1fd0bcd65df54f752dceeafcb02167118e66d3a598b047501ca4a5f02a50856e6f16fcb61c763c97282b8e36f5409cf9de7c54db6e73546235a80c794997494d50605e084f000b37ce6103ed3905cb317f58d750b250616edcc42318403b1350741d4846dccf557c8dc42139c9b00a56a3ac7bfd1df2ec2545e3f4ca50db0a57fdd62841654f7f0480a127a052635e4e7996136f553f988b358dc6f977d077adcb61ffa6de4e6a38716e3c283783af4f632e698ab7585b03f92e42e528265e3b462afb114e4a98e39b433e55dcfa5ab59c256caf0fea45cd5f64e12a858f3100e22702e1a251fcec2b570575e1bc780d4bd3ca6bffa277ca43a930f160842d9ca04983ea2716b087c69211a64494cc5cef963ea15b19f2102afc921528bebd8f030deec1fc57185197b0062280d036066d8beb79a3b5923b2d95bf2c7ce110ce2673d827337e1e30a8e904575ba9acef41bf5b84e09071c60c42d0c4c9a5d0da0983db040de7dfd0bf97cc3f59b895a82226eb446379eedbfaab8fd75baec7a1902b52037ac953f2d5cda37d1fa3430d5978f2e93a9209ea54a55660674d7b219a6f973c1202e1308b47663614284801691351125a545062fd81ee5915630061d2374d5201ca5884e2e227c1fd506e89f3d580df5bec73298504b5710898b491af2325dab9424260b859708c75af91d5cca9533ef91c00da0ba675582e37a60bd7fe00e9eab7111df7529562089c8f665f10186afaed7207dc22b6ece71441aa70f2cf7e7cd406536a6648126d32391fb4f221a4037b4087608dc400364405a3fc8e78b87a700ac923825f175dc10cd062fcb00b8a91a3586c398ea03acea3ccbffe95a98a2005af84e73f90f620c76f30dd2963b44547ec756587f69fdf1704bf2edcf7caa01116f788d28517f8a8a61df4f6b086df2b899ad236ed0468f0936db78141f945c9c85b68828f66327eea8a71c0498c8371cdf4ae5fa6613778bc1eb15a3dd1afd0de272ecba8092fc9a40e5e245b44fdefae78d7ac789d07b86c501c16e62ecae103daacb507d466e72e27c2927b0a51dd87fe7f42f85cfd5d5d37cc50318d6344823837ceacdbdd77092a3188b83245bb0a3c3a37bd9856c7c5815a2156a583c10d4b1a7883e731c9dddfdd91df68b29165b84b90cd919e432b46c7e3d40600677bee65f3b5ccae515177c6fa786af23a4e726483cfab7b5dad29e6e6e7224b1979ea8ddfc335072b8352eeaff0c37c4030ac270c684fa3afca6d2faf15badca6efac7b8808c6c5e58480aaa880bd6cdb3eaca6b54f6638b6cf29f62c2a3e950fc472af299296b1483252b93c61d26b1bd61b2c3d4c35471c887e5585de315c542155c0ddb96f06dfaad2fa05cda7c08bdb79b6f62756d0c169cf6051af14a8f0c57c2c54cc2be00511d54305517828b545a9210d1c555f88819dbefea48dfb8258cf54a5671094feb66098eeaa85ddc642142690e41fec3f593067938a829ada9dec63fc351e06e0cb9b12298d3328bd5612009b812c9bc37900f5b85b11ab2349bf38c8167d33641fd49a06ece016da631263be11fd62aa395f88a0d53f7c0031a107d68c5c3ad1bcbd3251d1c49442f59ca16ac6d786b19c86226d1cc4d9dfaaa6f439799a78b364cc8ec3b2910b64076d708bbe5cdc79e20309531300b8260ec10bce0310630919cbd9f1a6cbd1fd7c0df15f64613a7df830e862c691d81aa0cd4abd237cfca64d6597c94a137948c986ddb77d98860b9ed9bff1c07dc8d773545c3c1e100f86ef5ec610e87e30229ba7a30969251c7372c95684fea741f100be2bb0735ed44a13036e087b37ffb986f72f0b169e99410d77cac6b05a56bbfd60dfde9a13d9803da764b2e8887239537598dc993cd66330e7b2084858242c8802c7187fe813c9fb3b9360c2acef2311b902211503da809bec24cb8440349912aae11099ef746bd46ad840e32aea763c6be8c56ee323f06306ee89076595919e10053541f8a154817a17f1c5df563f87e637c1db07eda40a2ca062d9b2f877527d5126486cbe3de1a8fd81be154b06987354cb798e6e103300a2b123e1d55be7f9edc4946b8ccdd0d6d0e92642d218c6c7c9a30cd72cb7036d14ad7416ca58e5451ee68e437e1a9c497230bf3d5907742a199b9246d6cea0d57af05f7d8e04953ac145a02a7d5ed62c05c85769b3180c3ceb77e5ba6b5cb878893c39d78c110f47d4d87a1d7e4424077d986e70d62235a456f7357ad5335f9e0903c7817937a57fda55087931e83883ed1370711d69c5b90fe36dcf709557ba2a47eebe2f47f2766e6941ba0280f134cadf51621676ad493bd520862ecdac4c0e62c37e058862a0681de365c3ef9b85307bcc2012fba3aeab8661edcc1a657722631370f2afeeb0be4e3f0e7bfd7894338d52e08d6b99b63b7323ab16e78d7a49d2b13a157cb7a049d127a4502add65527485b834dae88964a49c1b1d29440343fdae00128cbfbb01334d758a81739230c74e8f8ac1c665d0dd336abd502d959c9541776357c88fe81cac055fe08a8ad711bc317afa02969a35b6ea98758fce9ecc5a3f7453e556fa0ef4d260b8c24031c34fb32055a7ecff5260f0290d1dd4094e063758598681e065173501c48215bee17207b404ef5889338a14ecb4a19f18ebbac2721e17f1698332420993a8b5b2a57fde67a63f11817507eafb1008cbfb7b39a82e03e77d27d5f90a166c7500fee6eb35a7590dfb7cf14ab9c904c75d8d88c3e05c9afe7ab71b6e75a7c755f8d7e51002941468f0e1d352099f17d9ad6fb7dd8779a0068ad6c5629806fb4265bb2d0daba051e89075a8b44ba4c321cbfe59da2b59c2eaedcea6ad4d7f9e936bf509cd043f9a62e77cec4b3b2994be23f50a7a36f6dd4f178c1949e198aef91b275aaa8c8e0bdb2d4b619b1a1582f13d3bfb03818d52f3f05b2e9143a8795c60a7c50f3c584b2bbf09f6d611996425d6edb5ea1a1c15aac6c38d95ef1ab5469014c87b5f3edc73902d72bbee03b2a9fd161e6ef00c594fb0ae295df773c2d0b75770456dea7e5b03795f3dad9eb20c21e1fc7d0bff76ee13f9fb92762f2f27765469fc0fda53b83e745d40de3d65fa7e04c678547d4cc8d850756a8ca20188b4610df9d15a12440e5e24daef1b0f717040c6933f4a968ac76a338d549a904c947cb129e40e26e9425ff75b8165b33750c88e9b033412f250ae691e782b40486237ba89fd16fd71866420847967d515b5df187abfa42e5b2135bbfac7289228e1a147fb079280937a9abfb450c9161942fde884c00935ac24fe6315fb34f2f853b1c1b3385c65dc58a4f749be6cec7c905e45c521b908062cf2577c60a31cf6669e3c3564ebe27b7b9406e8433f385ae335564fdeb7075c6bbcd9880bde8e3d811ec24fd9fa1eefd9e65503f66cf3817f73b1bfc9b1cfd545126e31ae6660f24df531bf9d51a753ed665afbbb834cf330b45a91446960d598a39b925292cf8bb95f86de3c595c95421bea9a573153a0a1901bc06bff7213bd819066e472b3b52415b0950ae579a81c3c622e8864a35c381fa66947f7e5a40118590161eddab43647a3c4325c321e7f41f922d77cf29dc5eb0baad698057838a1d2962c30bdddedaaef1b1ed40d1f4cf487c589df024f88a98ecf64a7a91b6a4ffd47cb5c1b8bd46ffb843511e1d621ddb2aebabe66bee6bd9bed0d0b4753ab0f5234b95d0048719a1b4a04cc2bef83093d8296055140eb6118633c322b0a0784ede870f23853824ddfe2cdda822497cd57e3ad9edfcb798c1243dd2cfe0f4af88798bc7fb954294482ee0804ed7edf4bf88fdb028c37e003df4bdba2fc6e276afc3a0670d9dd07f93fa9c020dd01031b5f7996054ccc91c7be86da85990d337b79d20e1"})
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000040)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000002000000000000000000000000000000000000195b00000020000000600000000000000018000000000000002a370cf40fba"], 0xffffffffffffff7e, 0x0, 0x0})

[  612.575820] binder: 14489:14491 got transaction with invalid parent offset or type
[  612.584176] binder: 14490:14494 got transaction with out-of-order buffer fixup
22:20:47 executing program 5:
r0 = syz_open_dev$sndtimer(&(0x7f0000000000)='/dev/snd/timer\x00', 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0xc0505405, &(0x7f0000000100))

22:20:47 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3c, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H']], 0x0, 0x0, 0x0})

[  612.584723] binder: 14490:14494 transaction failed 29201/-22, size 104-24 line 3467
[  612.584891] binder: undelivered TRANSACTION_ERROR: 29201
[  612.595029] binder: 14487:14495 got transaction to invalid handle
[  612.595038] binder: 14487:14495 transaction failed 29201/-22, size 96-24 line 3138
[  612.595264] binder: undelivered TRANSACTION_ERROR: 29201
22:20:47 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
r4 = epoll_create1(0x0)
getcwd(&(0x7f0000000140)=""/49, 0x31)
r5 = epoll_create1(0x0)
r6 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r6, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r6, &(0x7f0000000200))
epoll_pwait(r5, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r7 = dup3(r6, r5, 0x0)
ioctl$BLKIOOPT(r7, 0x1279, &(0x7f0000000700))
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r8, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="1400000002010013f804a3190000000000000000"], 0x14}}, 0x0)
ioctl$sock_SIOCGIFCONF(r8, 0x8912, &(0x7f00000001c0)=@buf={0x98, &(0x7f00000002c0)="267553bd46177211af6b7a89428dea102179b5885714211d57f4a4b9c4dfb15879c228f21b759b1d8f9b0ed42a60d26cec3a1c2d867b0e960583b47ecb95d2b25704d5efc35d45c2012684c97db2f01209a22c29012d97c805b030f1b5a15d4a2befecbd2e837b2cd65a1b184b4b50b664c19782afcba0fa925a13749d9828a80f9adac9c685553aa8fbb0b8d256bb1eb436c7e303c38111"})
r9 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r9, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
accept$packet(r9, &(0x7f0000000000)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
setsockopt$inet_mreqn(r7, 0x0, 0x20, &(0x7f0000000080)={@initdev={0xac, 0x1e, 0x1, 0x0}, @local, r10}, 0xc)
tkill(r0, 0x10000000001c)

22:20:47 executing program 5:
r0 = syz_open_dev$sndtimer(&(0x7f0000000000)='/dev/snd/timer\x00', 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x40045402, &(0x7f0000000100))

22:20:47 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3c, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H']], 0x0, 0x0, 0x0})

[  612.602778] binder: BINDER_SET_CONTEXT_MGR already set
[  612.602788] binder: 14487:14500 ioctl 40046207 0 returned -16
[  612.602868] binder: 14487:14500 got transaction to invalid handle
[  612.602878] binder: 14487:14500 transaction failed 29201/-22, size 96-24 line 3138
[  612.603124] binder: undelivered TRANSACTION_ERROR: 29201
[  612.630126] binder: 14505:14508 got transaction with invalid offsets ptr
[  612.630319] binder: 14505:14508 transaction failed 29201/-14, size 104-24 line 3330
[  612.630467] binder: undelivered TRANSACTION_ERROR: 29201
[  612.666517] binder: 14517:14518 got transaction with invalid offsets ptr
[  612.666541] binder: 14517:14518 transaction failed 29201/-14, size 104-24 line 3330
[  612.666770] binder: undelivered TRANSACTION_ERROR: 29201
[  612.730898] binder: 14525:14530 got transaction with invalid offsets ptr
[  612.730925] binder: 14525:14530 transaction failed 29201/-14, size 104-24 line 3330
[  612.731067] binder: undelivered TRANSACTION_ERROR: 29201
[  612.793850] binder: 14489:14491 transaction failed 29201/-22, size 104-24 line 3454
[  612.803671] binder: undelivered TRANSACTION_ERROR: 29201
[  612.809486] binder: BINDER_SET_CONTEXT_MGR already set
[  612.814856] binder: 14489:14535 ioctl 40046207 0 returned -16
[  612.821170] binder: 14489:14535 transaction failed 29189/-22, size 104-24 line 3138
22:20:47 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x18, 0x0, &(0x7f0000000040)=[@request_death, @register_looper, @exit_looper], 0x0, 0x0, 0x0})

22:20:47 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR, @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H']], 0x0, 0x0, 0x0})

22:20:47 executing program 5:
r0 = syz_open_dev$sndtimer(&(0x7f0000000000)='/dev/snd/timer\x00', 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x40485404, &(0x7f0000000100)={{0x3}})

22:20:47 executing program 4:
r0 = socket(0x2, 0x3, 0x100000000000005)
close(r0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = socket$unix(0x1, 0x5, 0x0)
close(r2)
close(r1)
pipe(&(0x7f00000000c0))
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
close(r3)
close(r4)
socket$inet_udplite(0x2, 0x2, 0x88)
r5 = socket(0x800000000000011, 0x2, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
splice(r0, 0x0, r4, 0x0, 0xc0, 0x0)
close(r4)
write$binfmt_elf64(r2, &(0x7f0000000100)=ANY=[@ANYBLOB="c4"], 0x1)
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r6, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070")

[  612.829239] binder: undelivered TRANSACTION_ERROR: 29189
22:20:47 executing program 5:

22:20:47 executing program 5:

[  612.853098] binder: 14539:14544 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  612.862190] binder: 14539:14544 ERROR: BC_REGISTER_LOOPER called without request
[  612.870151] binder: 14536:14543 got transaction with invalid data ptr
[  612.876987] binder: BINDER_SET_CONTEXT_MGR already set
[  612.876996] binder: 14539:14546 ioctl 40046207 0 returned -16
[  612.877287] binder: 14539:14546 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  612.877296] binder: 14539:14546 ERROR: BC_REGISTER_LOOPER called without request
[  612.913295] binder: 14536:14543 transaction failed 29201/-14, size 104-24 line 3316
[  612.922833] binder: undelivered TRANSACTION_ERROR: 29201
22:20:48 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
syz_open_dev$binder(&(0x7f0000000180)='/dev/binder#\x00', 0x0, 0x802)
ioctl$KDGKBTYPE(r0, 0x4b33, &(0x7f0000000080))
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x6a3040, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x101000, 0x0)
ioctl$TIOCMIWAIT(r2, 0x545c, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r3, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="14000000020167000100000000000000e840ffd5"], 0x14}}, 0x0)
r4 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r4, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
write$P9_RLCREATE(r4, &(0x7f0000000200)={0x18, 0xf, 0x2, {{0x10, 0x1, 0x5}, 0x7}}, 0x18)
fcntl$F_GET_RW_HINT(r3, 0x40b, &(0x7f00000000c0))
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000019000000000000002a370cf40fba8c13c0441d194f8499156325b14c7edc35db08d70ddd2e783aadf9bfe401e184c39f793624ad68186d22d0e1edc39c984170127697f6d1a3d95a33c9ca68128b5eb0e6f3cea4b7e599dac5e9942701064c83f6c7fc3cad298ac6ce"], 0x0, 0x0, 0x0})
socket$inet_udp(0x2, 0x2, 0x0)

22:20:48 executing program 5:

22:20:48 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
socketpair(0xa, 0xa, 0x0, &(0x7f0000000040))
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

[  613.487508] binder: BINDER_SET_CONTEXT_MGR already set
[  613.493238] binder: 14509:14553 ioctl 40046207 0 returned -16
[  613.526367] binder: 14557:14562 ioctl 4b33 20000080 returned -22
[  613.533674] binder: 14556:14558 got transaction with invalid parent offset or type
[  613.534565] binder: 14557:14562 got transaction with invalid data ptr
[  613.534589] binder: 14557:14562 transaction failed 29201/-14, size 96-25 line 3316
[  613.535048] binder: undelivered TRANSACTION_ERROR: 29201
[  613.535536] binder: 14557:14564 ioctl 4b33 20000080 returned -22
[  613.535666] binder: BINDER_SET_CONTEXT_MGR already set
[  613.535672] binder: 14557:14564 ioctl 40046207 0 returned -16
[  613.536657] binder: 14557:14562 transaction failed 29189/-22, size 96-25 line 3138
[  613.537073] binder: undelivered TRANSACTION_ERROR: 29189
[  613.592135] binder: 14556:14558 transaction failed 29201/-22, size 104-24 line 3454
[  613.600037] binder: 14556:14558 ioctl c0306201 20000800 returned -14
[  613.608767] binder: undelivered TRANSACTION_ERROR: 29201
[  613.621373] binder: BINDER_SET_CONTEXT_MGR already set
[  613.626816] binder: 14556:14558 ioctl 40046207 0 returned -16
22:20:50 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
sync_file_range(r2, 0xe951, 0x9b, 0x1)
epoll_pwait(0xffffffffffffffff, &(0x7f0000000000)=[{}, {}, {}, {}, {}, {}], 0x6, 0x1, &(0x7f0000000080)={0x5}, 0x8)
tkill(r0, 0x10000000001c)

22:20:50 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR, @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H']], 0x0, 0x0, 0x0})

22:20:50 executing program 4:
r0 = socket(0x2, 0x3, 0x100000000000005)
close(r0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = socket$unix(0x1, 0x5, 0x0)
close(r2)
close(r1)
pipe(&(0x7f00000000c0))
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
close(r3)
close(r4)
socket$inet_udplite(0x2, 0x2, 0x88)
r5 = socket(0x800000000000011, 0x2, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
splice(r0, 0x0, r4, 0x0, 0xc0, 0x0)
close(r4)
write$binfmt_elf64(r2, &(0x7f0000000100)=ANY=[@ANYBLOB="c4"], 0x1)
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r6, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070")

22:20:50 executing program 5:

22:20:50 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
accept4$unix(0xffffffffffffffff, &(0x7f0000000100)=@abs, &(0x7f0000000180)=0x6e, 0x180c00)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xa, &(0x7f00000001c0)=0x6, 0x4)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="006340400000000000000020000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba5e5ce337244bb2c63038a2ab470f242fa9961a0b63ab7c648c425dc23fe16f5a93f67c0c0f16abec6113ca46e10336cca780d96ec984983a26a11e478d1f517e420d001da9f50d73de2c931e9e5f17699e89924f608616a5777ca0e58c0d31f61fe718970b700f87fbf08a44f9"], 0xffffffffffffffd5, 0x0, 0x0})

22:20:50 executing program 3:
prctl$PR_SET_SECUREBITS(0x1c, 0x2)
r0 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
truncate(&(0x7f0000000380)='./file0\x00', 0x3)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r0, 0x0)
fsetxattr$trusted_overlay_origin(0xffffffffffffffff, &(0x7f0000000000)='trusted.overlay.origin\x00', &(0x7f0000000040)='y\x00', 0x2, 0x1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000340)={0x5c, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0f630c4002000000000000000000000000634040000000000000000000000000000000000000000011000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000400)=ANY=[@ANYBLOB="2594b77d1ecc90b2b42e3435a9c667c8059c7bcff32996f14b102ebfd8bafadd425dd498db0b396e041fdcf933cec1e4c7d1b9d963f30ed6842f9c374bbef35c8b9ed262e615c92934f647150f516e95fe7af1b0db807fefe06bc00913f1358e9c9b1fc9786bac12f7019707643e15f6e69f951f100908135372b9f802114be618eb8d77c205f4d604233f49f92ec5329e382ab5a8c534daf779d6afd0318baf0630f847ce405351996b15f539a9d5742c1dbd81851d818a308a287a55a567e7ee93f0fdd060d7cd1bcb0d1b241030b757f34002ea0fc7c4d0808fd2bcf12ab61ad3f517c934003ca48834a4acc2d24c9fa4bdd6e703e1c239bcfb6b41fe07d5e1e83a70fcf5429b25619c5e2512805bfaa4944df35112e55e3490e9cab7519fb493c58591b4ac678ebbcce0a2325d72d5287f31edf78e5e7fd92deea4c8ff4829375c62a291d6ac6382a5e6282d925d7127f4b257297cb61fc0504f48bec3d851df75b659fb410d67d03c38c294865cf3c26e6612c3675e052ef0b13938408d7cf181f69e56", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB='\x00'/39], @ANYBLOB="27000000000000000000000000000000390000000000000085616466000000000100000000000000010000800000000029000000000000008561646600000000070000000000000000000000000000001a00000000000000"], @ANYPTR=&(0x7f0000000200)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00'], @ANYBLOB="0763044003000000"], 0x73, 0x0, &(0x7f00000002c0)="695d5cc4c6c4e5d6ee736cdfb720097e3d98a6a443354e41d7af1ffb60896c1691f8bc1875f911ff9fcf4c68f189c1ecd7c555c6cb4a218761c1a6c6db563894f8df6a18167ea35fd23a088be4033690e77ff2931508e1a9787bce3dea3c60d4555a195e0015b940507d3f26bfc302f81d86f7"})
syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0x0, 0x1004)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

22:20:50 executing program 5:

22:20:50 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000040)={0x0, r0, 0xfffffffffffffff7, 0x8, 0x3ff, 0x10000})
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

22:20:50 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
r2 = accept$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @initdev}, &(0x7f0000000080)=0x55)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r2)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})

22:20:50 executing program 5:

[  615.733655] binder: 14573:14578 got transaction with invalid data ptr
[  615.742469] binder: 14574:14577 got transaction with invalid data ptr
[  615.742523] binder: 14574:14577 transaction failed 29201/-14, size 96-24 line 3316
22:20:50 executing program 5:

22:20:50 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x800)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})

[  615.742540] binder: 14574:14577 ioctl c0306201 20000800 returned -14
[  615.742783] binder: undelivered TRANSACTION_ERROR: 29201
[  615.748261] binder: BINDER_SET_CONTEXT_MGR already set
[  615.748270] binder: 14574:14583 ioctl 40046207 0 returned -16
[  615.749207] binder: 14574:14583 transaction failed 29189/-22, size 96-24 line 3138
[  615.749221] binder: 14574:14583 ioctl c0306201 20000800 returned -14
[  615.749466] binder: undelivered TRANSACTION_ERROR: 29189
[  615.751274] binder: 14576:14584 BC_CLEAR_DEATH_NOTIFICATION invalid ref 2
[  615.751286] binder: 14576:14584 transaction failed 29189/-22, size 104-24 line 3138
[  615.790741] binder: 14591:14593 got transaction with invalid data ptr
[  615.790765] binder: 14591:14593 transaction failed 29201/-14, size 96-24 line 3316
[  615.790965] binder: undelivered TRANSACTION_ERROR: 29201
[  615.791049] binder: 14588:14592 ioctl c028660f 20000040 returned -22
[  615.792239] binder: 14588:14592 got transaction with invalid parent offset or type
[  615.792262] binder: 14588:14592 transaction failed 29201/-22, size 104-24 line 3454
[  615.792278] binder: 14588:14592 ioctl c0306201 20000800 returned -14
[  615.792430] binder: undelivered TRANSACTION_ERROR: 29201
[  615.792977] binder: 14588:14592 ioctl c028660f 20000040 returned -22
[  615.796316] binder: BINDER_SET_CONTEXT_MGR already set
[  615.796325] binder: 14591:14595 ioctl 40046207 0 returned -16
[  615.796671] binder: 14591:14595 transaction failed 29189/-22, size 96-24 line 3138
[  615.796864] binder: undelivered TRANSACTION_ERROR: 29189
[  615.831995] binder: 14602:14603 got transaction with invalid data ptr
[  615.832166] binder: 14602:14603 transaction failed 29201/-14, size 96-24 line 3316
[  615.832405] binder: undelivered TRANSACTION_ERROR: 29201
[  615.832943] binder: BINDER_SET_CONTEXT_MGR already set
[  615.832951] binder: 14602:14604 ioctl 40046207 0 returned -16
[  615.833469] binder: 14602:14604 transaction failed 29189/-22, size 96-24 line 3138
[  615.833682] binder: undelivered TRANSACTION_ERROR: 29189
[  616.009326] binder: 14573:14578 transaction failed 29201/-14, size 104-24 line 3316
[  616.019012] binder: undelivered TRANSACTION_ERROR: 29201
22:20:51 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x6, 0x40000)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
dup3(r3, r2, 0x0)
r4 = epoll_create1(0x0)
r5 = epoll_create1(0x0)
r6 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r6, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r6, &(0x7f0000000200))
epoll_pwait(r5, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r7 = dup3(r6, r5, 0x0)
ioctl$BLKIOOPT(r7, 0x1279, &(0x7f0000000700))
ioctl$PPPIOCDISCONN(r7, 0x7439)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

22:20:51 executing program 3:
syz_open_dev$binder(&(0x7f0000000000)='\x13dev/qi\xa2\x9feV#\x00', 0x0, 0x0)
r0 = syz_open_dev$binder(0x0, 0x0, 0x800)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r0, 0x0)
r2 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r2, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r3, 0x300, 0xe01b, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x1, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000856164660000000000000000000000000200000000000000000000000000000085616466000000000000000000000000000000000000000000faff0000000000"], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYRESOCT=r1]], 0x0, 0x0, 0x0})

22:20:51 executing program 5:

22:20:51 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00634040000000000000007e84000000000000000000000000000000000000ed00000002aa2b69600000000000000018000000733100002a370cf40fba00"], 0x0, 0x0, 0x0})

22:20:51 executing program 4:
r0 = socket(0x2, 0x3, 0x100000000000005)
close(r0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = socket$unix(0x1, 0x5, 0x0)
close(r2)
close(r1)
pipe(&(0x7f00000000c0))
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
close(r3)
close(r4)
socket$inet_udplite(0x2, 0x2, 0x88)
r5 = socket(0x800000000000011, 0x2, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
splice(r0, 0x0, r4, 0x0, 0xc0, 0x0)
close(r4)
write$binfmt_elf64(r2, &(0x7f0000000100)=ANY=[@ANYBLOB="c4"], 0x1)
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r6, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070")

22:20:51 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR, @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H']], 0x0, 0x0, 0x0})

22:20:51 executing program 5:

22:20:51 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H']], 0x0, 0x0, 0x0})

22:20:51 executing program 5:

22:20:51 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H']], 0x0, 0x0, 0x0})

22:20:51 executing program 5:

[  616.615741] binder_alloc: 14613: binder_alloc_buf size 8286623316381871024 failed, no address space
[  616.626113] binder: 14616:14620 got transaction with invalid data ptr
[  616.626138] binder: 14616:14620 transaction failed 29201/-14, size 104-24 line 3316
22:20:51 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="8597c0e3eb4d63417c0000000000000000000000001955da7003990000000000000000000000000000000000000085616466000000000000000000000000020000660000000000000000000000000000000900000000000000000000000041b63484d692913504fcb4d3b962eed5544b37959fc946018c4786b8eefdd2efd14419fbd6e87869b64023939accad9f812ab98bbfd900"/164], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00']], 0x1ca, 0x0, 0x0})

[  616.626289] binder: undelivered TRANSACTION_ERROR: 29201
[  616.648731] binder: 14625:14627 got transaction with invalid offset (0, min 0 max 104) or object.
[  616.648793] binder: 14625:14627 transaction failed 29201/-22, size 104-24 line 3379
[  616.649059] binder: undelivered TRANSACTION_ERROR: 29201
[  616.670782] binder: 14631:14634 got transaction with invalid offset (0, min 0 max 104) or object.
[  616.670879] binder: 14631:14634 transaction failed 29201/-22, size 104-24 line 3379
[  616.671119] binder: undelivered TRANSACTION_ERROR: 29201
[  616.699003] binder: 14637:14639 got transaction with invalid offset (0, min 0 max 104) or object.
[  616.699112] binder: 14637:14639 transaction failed 29201/-22, size 104-24 line 3379
[  616.699129] binder: 14637:14639 ioctl c0306201 20000800 returned -14
[  616.699271] binder: undelivered TRANSACTION_ERROR: 29201
[  616.708381] binder: BINDER_SET_CONTEXT_MGR already set
[  616.708391] binder: 14637:14642 ioctl 40046207 0 returned -16
[  616.709799] binder: 14637:14642 transaction failed 29189/-22, size 104-24 line 3138
[  616.710389] binder: 14637:14642 ioctl c0306201 20000800 returned -14
[  616.711435] binder: undelivered TRANSACTION_ERROR: 29189
[  616.811087] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 2097152 (num: 1 largest: 2097152)
[  616.820310] binder: 14613:14619 transaction failed 29201/-28, size 1617505194-8286623314764365824 line 3284
[  616.832038] binder: undelivered TRANSACTION_ERROR: 29201
[  616.838107] binder: BINDER_SET_CONTEXT_MGR already set
[  616.843500] binder: 14613:14645 ioctl 40046207 0 returned -16
[  616.849747] binder: 14613:14645 transaction failed 29189/-22, size 1617505194-8286623314764365824 line 3138
[  616.859881] binder: undelivered TRANSACTION_ERROR: 29189
22:20:52 executing program 5:

22:20:52 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H']], 0x0, 0x0, 0x0})

22:20:52 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x4, 0x0, &(0x7f0000000040)=[@register_looper], 0x0, 0x0, 0x0})

22:20:52 executing program 4:
r0 = socket(0x2, 0x3, 0x100000000000005)
close(r0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = socket$unix(0x1, 0x5, 0x0)
close(r2)
close(r1)
pipe(&(0x7f00000000c0))
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
close(r3)
close(r4)
socket$inet_udplite(0x2, 0x2, 0x88)
r5 = socket(0x800000000000011, 0x2, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
splice(r0, 0x0, r4, 0x0, 0xc0, 0x0)
close(r4)
write$binfmt_elf64(r2, &(0x7f0000000100)=ANY=[@ANYBLOB="c4"], 0x1)
socket$inet_udplite(0x2, 0x2, 0x88)

22:20:52 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000060dd00000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})

22:20:52 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
getresuid(&(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000080))
ioctl$EXT4_IOC_GROUP_EXTEND(r0, 0x40086607, &(0x7f0000000140)=0x9)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0xa0000, 0x40)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a747000000000000000000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561646600"/104], @ANYPTR=&(0x7f0000000200)=ANY=[@ANYBLOB="0000000000000000075fee2b4093280000c8660fedf63f4509d42c41eba4e20594e9ecff"]], 0x1ca, 0x0, 0x0})

22:20:52 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000005000/0x4000)=nil, 0x4000, 0x0, 0x20010, r2, 0x8000000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x2})
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r2, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x4a, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000005a2e0000e3ffffffffffffff0e00600000000b4be440c4907d965478ed59bb60e4670000000018af0000140000002a370cf414ba"], 0x0, 0x0, 0x0})

22:20:52 executing program 5:
r0 = syz_open_dev$sndtimer(&(0x7f00000002c0)='/dev/snd/timer\x00', 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0xc0145401, &(0x7f0000000140)={0xfffffffffffffffd})

[  617.534170] binder: 14653:14656 got transaction with invalid offset (0, min 0 max 104) or object.
[  617.534811] binder: 14654:14658 ERROR: BC_REGISTER_LOOPER called without request
22:20:52 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000002000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})

22:20:52 executing program 5:
r0 = inotify_init1(0x0)
ppoll(&(0x7f0000000000)=[{r0}], 0x1, 0x0, 0x0, 0x0)

22:20:52 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000068000000000000001800"/52, @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a747000000000000000000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561646600"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00']], 0x1ca, 0x0, 0x0})

22:20:52 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba00"/58], 0x0, 0x0, 0x0})

22:20:52 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[], 0xfffffe40, 0x0, 0x0})

[  617.535526] binder: BINDER_SET_CONTEXT_MGR already set
[  617.535534] binder: 14654:14661 ioctl 40046207 0 returned -16
[  617.535784] binder: 14654:14661 ERROR: BC_REGISTER_LOOPER called without request
[  617.538067] binder: 14657:14660 transaction failed 29201/-28, size 1149557235953696768-186 line 3284
[  617.538207] binder: undelivered TRANSACTION_ERROR: 29201
[  617.540514] binder: BINDER_SET_CONTEXT_MGR already set
[  617.540522] binder: 14657:14662 ioctl 40046207 0 returned -16
[  617.540846] binder: 14657:14662 transaction failed 29189/-22, size 1149557235953696768-186 line 3138
[  617.541040] binder: undelivered TRANSACTION_ERROR: 29189
[  617.576920] binder: BINDER_SET_CONTEXT_MGR already set
[  617.576927] binder: 14666:14669 ioctl 4018620d 20000100 returned -16
[  617.577028] binder_alloc: 14666: binder_alloc_buf, no vma
[  617.577045] binder: 14666:14669 transaction failed 29189/-3, size 4675944823734141024-6479967743553409220 line 3284
[  617.577212] binder: undelivered TRANSACTION_ERROR: 29189
[  617.581007] binder: 14665:14668 ioctl 40086607 20000140 returned -22
[  617.581047] binder: BINDER_SET_CONTEXT_MGR already set
[  617.581054] binder: 14666:14669 ioctl 4018620d 20000100 returned -16
[  617.581744] binder: 14665:14668 got transaction with invalid offset (11420902892658439, min 40 max 104) or object.
[  617.581773] binder: 14665:14668 transaction failed 29201/-22, size 104-24 line 3379
[  617.581790] binder: 14665:14668 ioctl c0306201 20000800 returned -14
[  617.581954] binder: undelivered TRANSACTION_ERROR: 29201
[  617.588072] binder: 14665:14668 ioctl 40086607 20000140 returned -22
[  617.588074] binder: BINDER_SET_CONTEXT_MGR already set
[  617.588082] binder: 14665:14672 ioctl 40046207 0 returned -16
[  617.612764] binder: 14675:14676 got transaction with invalid data ptr
[  617.612790] binder: 14675:14676 transaction failed 29201/-14, size 96-24 line 3316
[  617.612962] binder: undelivered TRANSACTION_ERROR: 29201
[  617.613473] binder: BINDER_SET_CONTEXT_MGR already set
[  617.613483] binder: 14675:14679 ioctl 40046207 0 returned -16
[  617.613920] binder: 14675:14679 transaction failed 29189/-22, size 96-24 line 3138
[  617.614171] binder: undelivered TRANSACTION_ERROR: 29189
[  617.633072] binder: 14680:14683 ioctl c0306201 20000800 returned -14
[  617.633221] binder: release 14680:14683 transaction 1480 out, still active
[  617.633224] binder: undelivered TRANSACTION_COMPLETE
[  617.634560] binder_alloc: 14682: binder_alloc_buf size -861252775206405616 failed, no address space
[  617.634567] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 2097152 (num: 1 largest: 2097152)
[  617.634583] binder: 14682:14685 transaction failed 29201/-28, size -861252775206453248-47631 line 3284
[  617.634786] binder: undelivered TRANSACTION_ERROR: 29201
[  617.635302] binder: BINDER_SET_CONTEXT_MGR already set
[  617.635310] binder: 14682:14686 ioctl 40046207 0 returned -16
[  617.635604] binder: 14682:14686 transaction failed 29189/-22, size -861252775206453248-47631 line 3138
[  617.635848] binder: undelivered TRANSACTION_ERROR: 29189
[  617.651242] binder: BINDER_SET_CONTEXT_MGR already set
[  617.651250] binder: 14680:14684 ioctl 40046207 0 returned -16
[  617.651491] binder: send failed reply for transaction 1480, target dead
[  617.651662] binder: 14680:14684 transaction failed 29189/-22, size 0-0 line 3138
[  617.651677] binder: 14680:14684 ioctl c0306201 20000800 returned -14
[  617.651962] binder: undelivered TRANSACTION_ERROR: 29189
[  617.686679] binder: 14688:14691 unknown command 0
[  617.686688] binder: 14688:14691 ioctl c0306201 20000800 returned -22
22:20:52 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H']], 0x0, 0x0, 0x0})

22:20:52 executing program 4:
r0 = socket(0x2, 0x3, 0x100000000000005)
close(r0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = socket$unix(0x1, 0x5, 0x0)
close(r2)
close(r1)
pipe(&(0x7f00000000c0))
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
close(r3)
close(r4)
socket$inet_udplite(0x2, 0x2, 0x88)
r5 = socket(0x800000000000011, 0x2, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
splice(r0, 0x0, r4, 0x0, 0xc0, 0x0)
close(r4)
write$binfmt_elf64(r2, &(0x7f0000000100)=ANY=[@ANYBLOB="c4"], 0x1)
socket$inet_udplite(0x2, 0x2, 0x88)

22:20:52 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)

22:20:52 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x802)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000e27000/0x1000)=nil, 0x1000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
r2 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/load\x00', 0x2, 0x0)
fsetxattr$trusted_overlay_origin(r2, &(0x7f0000000080)='trusted.overlay.origin\x00', &(0x7f00000000c0)='y\x00', 0x2, 0x3)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="006340400000000000000002000000000000000000001f907a5231da220ee2d8978c0000000000000000000000006100450f9ea2f50000000000001800000000000000"], 0x0, 0x0, 0x0})

[  617.687390] binder: BINDER_SET_CONTEXT_MGR already set
[  617.687399] binder: 14688:14692 ioctl 40046207 0 returned -16
[  617.687611] binder: 14688:14692 unknown command 0
[  617.687617] binder: 14688:14692 ioctl c0306201 20000800 returned -22
[  618.021846] binder: 14653:14656 transaction failed 29201/-22, size 104-24 line 3379
[  618.032946] binder: undelivered TRANSACTION_ERROR: 29201
22:20:52 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x400, 0x0)
r2 = gettid()
ptrace$setopts(0x4206, r2, 0x0, 0x0)
tkill(r2, 0x3b)
ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r2, 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000080)=r2, 0x12)
r3 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})

[  618.074480] binder: 14695:14699 got transaction with invalid offset (0, min 0 max 104) or object.
[  618.077963] binder_alloc: 14698: binder_alloc_buf size -6728924004211425280 failed, no address space
22:20:52 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000800000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a747000000000000000000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561646600"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00']], 0x1ca, 0x0, 0x0})

22:20:52 executing program 0:
syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
fsetxattr(0xffffffffffffffff, &(0x7f0000000040)=@known='security.apparmor\x00', &(0x7f0000000080)='/dev/binder#\x00', 0xd, 0x2)
r0 = syz_open_dev$binder(0x0, 0x0, 0x0)
fchmod(0xffffffffffffffff, 0x179)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$VT_RELDISP(0xffffffffffffffff, 0x5605)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r0, 0x0)

[  618.077970] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 2097152 (num: 1 largest: 2097152)
[  618.077986] binder: 14698:14701 transaction failed 29201/-28, size 0--6728924004211425280 line 3284
22:20:52 executing program 4:
r0 = socket(0x2, 0x3, 0x100000000000005)
close(r0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = socket$unix(0x1, 0x5, 0x0)
close(r2)
close(r1)
pipe(&(0x7f00000000c0))
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
close(r3)
close(r4)
socket$inet_udplite(0x2, 0x2, 0x88)
r5 = socket(0x800000000000011, 0x2, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
splice(r0, 0x0, r4, 0x0, 0xc0, 0x0)
close(r4)
write$binfmt_elf64(r2, &(0x7f0000000100)=ANY=[@ANYBLOB="c4"], 0x1)
socket$inet_udplite(0x2, 0x2, 0x88)

[  618.078205] binder: undelivered TRANSACTION_ERROR: 29201
[  618.082538] binder: BINDER_SET_CONTEXT_MGR already set
[  618.082546] binder: 14698:14703 ioctl 40046207 0 returned -16
[  618.086476] binder: 14697:14700 got transaction with invalid parent offset or type
[  618.086502] binder: 14697:14700 transaction failed 29201/-22, size 104-24 line 3454
[  618.086518] binder: 14697:14700 ioctl c0306201 20000800 returned -14
[  618.086793] binder: undelivered TRANSACTION_ERROR: 29201
[  618.096006] binder: BINDER_SET_CONTEXT_MGR already set
[  618.096016] binder: 14697:14704 ioctl 40046207 0 returned -16
[  618.097305] binder: 14697:14704 transaction failed 29189/-22, size 104-24 line 3138
[  618.097321] binder: 14697:14704 ioctl c0306201 20000800 returned -14
[  618.097519] binder: undelivered TRANSACTION_ERROR: 29189
[  618.163439] binder: 14710:14711 got transaction with invalid parent offset or type
[  618.163467] binder: 14710:14711 transaction failed 29201/-22, size 104-24 line 3454
[  618.163482] binder: 14710:14711 ioctl c0306201 20000800 returned -14
[  618.163635] binder: undelivered TRANSACTION_ERROR: 29201
[  618.168530] binder: BINDER_SET_CONTEXT_MGR already set
[  618.168539] binder: 14710:14715 ioctl 40046207 0 returned -16
[  618.169132] binder: 14710:14715 transaction failed 29189/-22, size 104-24 line 3138
[  618.169149] binder: 14710:14715 ioctl c0306201 20000800 returned -14
22:20:53 executing program 5:

22:20:53 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})
mlockall(0x4)
syz_mount_image$f2fs(&(0x7f0000000040)='f2fs\x00', &(0x7f00000000c0)='./file0\x00', 0x306f, 0x0, &(0x7f0000000100), 0x800000, &(0x7f0000000140)=ANY=[@ANYBLOB='active_logs=6,Smackfstransmute=/dev/binder#\x00,\x00'])

22:20:53 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0xc5ab4c59c1cf1086)
r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuset.effective_mems\x00', 0x0, 0x0)
setsockopt$SO_TIMESTAMP(r2, 0x1, 0x3f, &(0x7f0000000080)=0x4, 0x4)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000fcc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0)
r3 = syz_open_dev$mice(&(0x7f0000000100)='/dev/input/mice\x00', 0x0, 0x40)
ioctl$BINDER_SET_MAX_THREADS(r3, 0x40046205, &(0x7f0000000140))
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})
arch_prctl$ARCH_SET_GS(0x1001, 0x1ff)
ioctl$EXT4_IOC_SETFLAGS(r2, 0x40086602, &(0x7f00000000c0)=0xc1)
r4 = ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x3)
ioctl$TIOCSSERIAL(r4, 0x541f, &(0x7f0000000240)={0xe0000000, 0x6, 0x2, 0x9, 0x8, 0x0, 0x9, 0x4, 0x4, 0xff, 0x8d, 0x80, 0xffff, 0x0, &(0x7f00000001c0)=""/89, 0x4, 0x3, 0x5})

22:20:53 executing program 4:
r0 = socket(0x2, 0x3, 0x100000000000005)
close(r0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = socket$unix(0x1, 0x5, 0x0)
close(r2)
close(r1)
pipe(&(0x7f00000000c0))
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
close(r3)
close(r4)
socket$inet_udplite(0x2, 0x2, 0x88)
r5 = socket(0x800000000000011, 0x2, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
splice(r0, 0x0, r4, 0x0, 0xc0, 0x0)
close(r4)
write$binfmt_elf64(r2, &(0x7f0000000100)=ANY=[@ANYBLOB="c4"], 0x1)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070")

22:20:53 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H']], 0x0, 0x0, 0x0})

22:20:53 executing program 5:

[  618.169458] binder: undelivered TRANSACTION_ERROR: 29189
[  618.386709] binder: 14695:14699 transaction failed 29201/-22, size 104-24 line 3379
[  618.413250] binder: undelivered TRANSACTION_ERROR: 29201
22:20:53 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H']], 0x0, 0x0, 0x0})

22:20:53 executing program 5:

22:20:53 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d09000000000000000000000000000000000000000000000000000000000000856164660000000000000000"], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H']], 0x0, 0x0, 0x0})

[  618.451865] binder: 14728:14733 transaction failed 29189/-22, size 96-24 line 3138
[  618.452269] binder: 14727:14731 got transaction with invalid parent offset or type
22:20:53 executing program 5:

22:20:53 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d09000000000000000000000000000000000000000000000000000000000000856164660000000000000000"], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H']], 0x0, 0x0, 0x0})

22:20:53 executing program 5:
r0 = syz_open_dev$loop(&(0x7f0000000100)='/dev/loop#\x00', 0x0, 0x165801)
ioctl$LOOP_SET_STATUS64(r0, 0x127d, &(0x7f0000001340)={0xa00, 0x60000, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "abb4291ede5e270dd3f0a272133483bbf2df4849c6faf88a21befeff0000000000000000000000000000008000000800000000000000bda5282df52e4cdf00", "141f99c942e1460e4000000049d5d1f8efaf6bb5b3000000000000000000000008f6ffffff00defffffdffa531ff00001100000000000000804000", "be926e81f06197ab930dd70400000000005f780000375887cf0061ad00"})

[  618.452294] binder: 14727:14731 transaction failed 29201/-22, size 104-24 line 3454
[  618.452308] binder: 14727:14731 ioctl c0306201 20000800 returned -14
22:20:53 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
r2 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r2, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r3, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r4 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r4, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0x0, 0x1)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100, 0x3})
ioctl$LOOP_SET_DIRECT_IO(r4, 0x4c08, 0x6928)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

22:20:53 executing program 4:
r0 = socket(0x2, 0x3, 0x100000000000005)
close(r0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = socket$unix(0x1, 0x5, 0x0)
close(r2)
close(r1)
pipe(&(0x7f00000000c0))
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
close(r3)
close(r4)
socket$inet_udplite(0x2, 0x2, 0x88)
r5 = socket(0x800000000000011, 0x2, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
splice(r0, 0x0, r4, 0x0, 0xc0, 0x0)
close(r4)
write$binfmt_elf64(r2, &(0x7f0000000100)=ANY=[@ANYBLOB="c4"], 0x1)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070")

[  618.456663] binder: 14732:14737 got transaction with invalid offset (0, min 0 max 104) or object.
[  618.456685] binder: 14732:14737 transaction failed 29201/-22, size 104-24 line 3379
[  618.456937] binder: undelivered TRANSACTION_ERROR: 29201
[  618.468316] F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  618.468322] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  618.468431] F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  618.468436] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[  618.477155] binder: 14739:14741 got transaction with invalid offset (0, min 0 max 104) or object.
[  618.477181] binder: 14739:14741 transaction failed 29201/-22, size 104-24 line 3379
[  618.477359] binder: undelivered TRANSACTION_ERROR: 29201
[  618.491998] binder: undelivered TRANSACTION_ERROR: 29201
[  618.495413] binder: BINDER_SET_CONTEXT_MGR already set
[  618.495431] binder: 14727:14743 ioctl 40046207 0 returned -16
[  618.507882] binder: 14727:14743 transaction failed 29189/-22, size 104-24 line 3138
[  618.507902] binder: 14727:14743 ioctl c0306201 20000800 returned -14
[  618.519728] F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  618.519734] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  618.519949] F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  618.519955] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[  618.522995] binder: 14744:14750 got transaction with out-of-order buffer fixup
[  618.523024] binder: 14744:14750 transaction failed 29201/-22, size 104-24 line 3467
[  618.523293] binder: undelivered TRANSACTION_ERROR: 29201
[  618.542049] binder: undelivered TRANSACTION_ERROR: 29189
[  618.567552] binder: 14753:14756 got transaction with out-of-order buffer fixup
[  618.567579] binder: 14753:14756 transaction failed 29201/-22, size 104-24 line 3467
[  618.567810] binder: undelivered TRANSACTION_ERROR: 29201
[  618.615372] binder: BINDER_SET_CONTEXT_MGR already set
[  618.615380] binder: 14759:14761 ioctl 4018620d 20000040 returned -16
[  618.615777] binder: 14759:14761 got transaction to context manager from process owning it
[  618.615790] binder: 14759:14761 transaction failed 29201/-22, size 104-24 line 3129
[  618.615805] binder: 14759:14761 ioctl c0306201 20000800 returned -14
[  618.616014] binder: undelivered TRANSACTION_ERROR: 29201
[  618.617473] binder: BINDER_SET_CONTEXT_MGR already set
[  618.617481] binder: 14759:14766 ioctl 4018620d 20000040 returned -16
[  618.617927] binder: 14759:14768 got transaction to context manager from process owning it
[  618.617939] binder: 14759:14768 transaction failed 29201/-22, size 104-24 line 3129
[  618.617953] binder: 14759:14768 ioctl c0306201 20000800 returned -14
[  618.618342] binder: undelivered TRANSACTION_ERROR: 29201
[  618.940796] binder: undelivered TRANSACTION_ERROR: 29189
[  618.950221] binder: 14728:14745 transaction failed 29189/-22, size 96-24 line 3138
22:20:53 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})
r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000040)={0x2})

22:20:53 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d09000000000000000000000000000000000000000000000000000000000000856164660000000000000000"], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H']], 0x0, 0x0, 0x0})

22:20:53 executing program 5:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x0, 0x0)
ioctl$RTC_SET_TIME(r0, 0x4024700a, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x6, 0x0, 0xea})

[  619.003260] binder: undelivered TRANSACTION_ERROR: 29189
22:20:53 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000b07700000000000000000000000068000000000000001800"/52, @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a747000000000000000000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561646600"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00']], 0x1ca, 0x0, 0x0})

22:20:53 executing program 4:
r0 = socket(0x2, 0x3, 0x100000000000005)
close(r0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = socket$unix(0x1, 0x5, 0x0)
close(r2)
close(r1)
pipe(&(0x7f00000000c0))
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
close(r3)
close(r4)
socket$inet_udplite(0x2, 0x2, 0x88)
r5 = socket(0x800000000000011, 0x2, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
splice(r0, 0x0, r4, 0x0, 0xc0, 0x0)
close(r4)
write$binfmt_elf64(r2, &(0x7f0000000100)=ANY=[@ANYBLOB="c4"], 0x1)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070")

22:20:53 executing program 5:
openat$tun(0xffffffffffffff9c, &(0x7f0000000180)='/dev/net/tun\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0xfffffd1e, 0x0, 0x229}}], 0x0, 0x0, 0x0)
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0xffffeffffffffff9)
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00')
ioctl$UI_ABS_SETUP(0xffffffffffffffff, 0x401c5504, &(0x7f0000000240)={0x0, {0x0, 0x0, 0x400}})
preadv(r0, &(0x7f00000017c0), 0x333, 0x0)

22:20:53 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r1, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r2, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
openat$cgroup_ro(r1, &(0x7f0000000040)='rdma.current\x00', 0x0, 0x0)
r3 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})

[  619.044971] binder: 14775:14777 got transaction with out-of-order buffer fixup
[  619.048346] binder: 14774:14779 got transaction with invalid data ptr
22:20:53 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x2000000000}, @fda={0x66646185, 0x0, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x0, 0x0, 0x0})

22:20:53 executing program 5:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
syz_emit_ethernet(0x66, &(0x7f0000000180)={@link_local={0x1, 0x80, 0xc2, 0x4888, 0x5800f000}, @link_local, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x30, 0xffffff29, 0x0, @ipv4={[0x3580], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff80, 0x0, 0x0, 0x0, [0x9, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[], [], @broadcast}, @ipv4={[], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0)

[  619.048371] binder: 14774:14779 transaction failed 29201/-14, size 96-24 line 3316
[  619.048688] binder: undelivered TRANSACTION_ERROR: 29201
[  619.052503] binder: BINDER_SET_CONTEXT_MGR already set
[  619.052513] binder: 14774:14780 ioctl 40046207 0 returned -16
[  619.057321] binder: 14774:14780 transaction failed 29189/-22, size 96-24 line 3138
22:20:53 executing program 5:
socketpair$unix(0x1, 0x4000000000002, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x0, 0x0)

22:20:53 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000008000000002a370cf40fba"], 0x0, 0x0, 0x0})

[  619.057673] binder: undelivered TRANSACTION_ERROR: 29189
22:20:53 executing program 4:
r0 = socket(0x2, 0x3, 0x100000000000005)
close(r0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = socket$unix(0x1, 0x5, 0x0)
close(r2)
close(r1)
pipe(&(0x7f00000000c0))
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
close(r3)
close(r4)
socket$inet_udplite(0x2, 0x2, 0x88)
r5 = socket(0x800000000000011, 0x2, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
splice(r0, 0x0, r4, 0x0, 0xc0, 0x0)
close(r4)
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r6, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070")

[  619.082708] binder: 14781:14783 got transaction to invalid handle
[  619.082718] binder: 14781:14783 transaction failed 29201/-22, size 0-0 line 3138
[  619.082736] binder: 14781:14783 ioctl c0306201 20000800 returned -14
[  619.082884] binder: undelivered TRANSACTION_ERROR: 29201
[  619.089392] binder: BINDER_SET_CONTEXT_MGR already set
[  619.089402] binder: 14781:14787 ioctl 40046207 0 returned -16
[  619.089474] binder: 14781:14787 got transaction to invalid handle
[  619.089502] binder: 14781:14787 transaction failed 29201/-22, size 0-0 line 3138
[  619.089906] binder: 14781:14787 ioctl c0306201 20000800 returned -14
[  619.090140] binder: undelivered TRANSACTION_ERROR: 29201
[  619.142225] binder: 14790:14794 got transaction with invalid parent offset or type
[  619.142249] binder: 14790:14794 transaction failed 29201/-22, size 104-24 line 3454
[  619.142441] binder: undelivered TRANSACTION_ERROR: 29201
22:20:54 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x6)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x3a, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000002a370cf40fba"], 0x0, 0x0, 0x0})

[  619.145316] binder: 14789:14792 got transaction with invalid data ptr
[  619.145339] binder: 14789:14792 transaction failed 29201/-14, size 96-24 line 3316
[  619.145532] binder: undelivered TRANSACTION_ERROR: 29201
[  619.156016] binder: BINDER_SET_CONTEXT_MGR already set
[  619.156026] binder: 14790:14797 ioctl 40046207 0 returned -16
[  619.156144] binder: 14790:14797 got transaction with invalid parent offset or type
[  619.156171] binder: 14790:14797 transaction failed 29201/-22, size 104-24 line 3454
[  619.156306] binder: undelivered TRANSACTION_ERROR: 29201
[  619.177398] binder: 14789:14798 got transaction with invalid data ptr
[  619.177426] binder: 14789:14798 transaction failed 29201/-14, size 96-24 line 3316
[  619.177678] binder: undelivered TRANSACTION_ERROR: 29201
[  619.377687] binder_alloc: 14810: binder_alloc_buf size 134217848 failed, no address space
[  619.377694] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 2097152 (num: 1 largest: 2097152)
[  619.377713] binder: 14810:14812 transaction failed 29201/-28, size 96-134217752 line 3284
[  619.377923] binder: undelivered TRANSACTION_ERROR: 29201
[  619.385127] binder: BINDER_SET_CONTEXT_MGR already set
[  619.385136] binder: 14810:14814 ioctl 40046207 0 returned -16
[  619.387174] binder: 14810:14814 transaction failed 29189/-22, size 96-134217752 line 3138
[  619.392680] binder: undelivered TRANSACTION_ERROR: 29189
[  619.439711] binder: 14817:14818 got transaction with invalid data ptr
[  619.439736] binder: 14817:14818 transaction failed 29201/-14, size 96-24 line 3316
[  619.439988] binder: undelivered TRANSACTION_ERROR: 29201
[  619.444804] binder: BINDER_SET_CONTEXT_MGR already set
[  619.444814] binder: 14817:14819 ioctl 40046207 0 returned -16
[  619.444984] binder_alloc: 14817: binder_alloc_buf, no vma
22:20:54 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561640f0000"], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H']], 0x0, 0x0, 0x0})

[  619.445000] binder: 14817:14819 transaction failed 29189/-3, size 96-24 line 3284
[  619.445289] binder: undelivered TRANSACTION_ERROR: 29189
[  619.670216] binder: 14775:14777 transaction failed 29201/-22, size 104-24 line 3467
[  619.689358] binder: undelivered TRANSACTION_ERROR: 29201
22:20:54 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
r2 = epoll_create1(0x0)
r3 = epoll_create1(0x0)
r4 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r4, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000200))
epoll_pwait(r3, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r5 = dup3(r4, r3, 0x0)
ioctl$BLKIOOPT(r5, 0x1279, &(0x7f0000000700))
r6 = gettid()
ptrace$setopts(0xffffffffffffffff, r6, 0x0, 0x0)
tkill(r6, 0x12)
r7 = open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0)
r8 = open$dir(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
write$9p(r7, &(0x7f0000000800)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949ccc6e2e54c2d5c8f0b7932b69797f217168b0c1feb128ae34f0daf487a70b5c117acd43725fe17993634f1695dabd7f998cd55e9d5bd911e86aa7a4ad75a574bb9693dd6018b25d942a9544bca1ebb0e8d10c092cdcb85797673972099e4041aaf8d676f66cb1103ef2050ad28fabaed33d6927889d97f4b5ce0de71d3fd832980f4f088d0d824e20549b4bbd906ffa51ce9de54d779eb4de462faac20a3ab0ed9934373ca22cea5454f4c2a740cd461e39956bb5f98df2aebc60cf32623adbffbcc378fa7250b6a3fc863dadcf6d4f8b804bfe70f0796eee6218445dad2811dd6b540ff52efa2f167dd9c1b8b016268d37db430983fefc0645d20614c8df2eb0872c58e09664e672b0b6a9970fec199257e1c606ec3e364c66a0f4d258c74accd43b987c756d602fd8787fed3aa43fd8d84e9656d4a413fa9a423bc54b873583d6d497005e54712fafc71384988d80134fbf84f53fdd74b354848006b8b5b67e7cc5a472475d3ae545ca1fcf7628b873e31ba83a98a7ad5b0cfbe9711b517a9a1388ad0efa2a3b4e22152021d631b731e2e100a9831111db7acce948bb5deeea260463c140ac929e77c58402776caf85d4569a75dde2f64c4491508afb541ed9b2c81fc95c06706235f383e31cf662c95b1e49cfd94871e22720a41535756e419b271276941692bd023dd9ca8bec4f7db1e5c00d8b3be7b8e826a6aadd001edd0dfeb00f8048442b5c48456fd642e629dcb2ff55592665ff491cd832672ce4d999da186db2c3a1f8b6b1f7d3750d7cdb3097954e6e14fb2183ad662c63d4ce8b82dc2487f0fe2ea2827b53a7c6dcced878d2fb29c1d3ff583570e7bc172d1a5c716e0447cb08ce3c468ffdf975da372f3f3eb455aaf5822bc04a51b6cad24a2331369df81c123b009a2381b42e9aeb077f621608d81c12a5f5c6c295d74afd4dd5c051296be0b54c70bf899b347c36bff62f313079983409d7f9cf1242c917985c1b5d0736fe21f8514f63d0369a374c42da40bd5140bc3e602d00c3cb4f8e621863ab47422778d67d72de34753fd72cef80649a1548e4e8dcbcffe4054cc9d8a1f922623a75904cbdaacde768131e587269a4a99d82f7009c1b8ab79aa232a2fd45ad71b60fca627576ba979fa6a87525884b08d721a21400fb1f950b96ead82f408cc4388d3b78fb456616429a520656d5e5a876fd04748498902c86f58d45f4c1b3919eb846a00edf07e7a830bf723e4774f085f15534dd3b5246c0c0970b5ad7bb39b30b156a9430378c5b0aab1261c78d72ac301cd552d5e8dd4b642ec1dc0672745d593bb26d095b5b23576e3cfd6ab580f6e09419d0f0c64250fafaa3759aa1888da48d89c3f7c9454b0b3d0ab40445f5bed4493ef43ab08f31b1345ac4ffd94ad79c9eee53904ed6f572817153190d2e6863f2e39356bb99926419fd314341a536b7e76cae60bf7750a4c29e3f4c7f005530b1d4ee0e25b93b76fcc1108222f0b00de52cf4100e97adfd7b9db1370586ba27e1e183299be00d0df8439c380edf2f79deb441eac59b814b04accdff5e17f02046139f91f0332661676ff506e575f0cb2850bcc9f8666f6d1f69f8f4271cb804a79fccd7016f049d1a494c46a527c437fa0be6d516194ebe3c99080a6c9b5119863dfe865f8e60cae29f50b67dbfaa0a3c9794d73034485ca1613344c572783db3dfab01b28089c51cda99cefa4c1c881a29e229f04c7e0fd04dc425ae8417852e6e31520c6207e9d4e35285feef2a2cb8a3bceb08a166fa4284a516362621e2c06731a442791f1db063a32cf1f005c914102c7273cb4d7ab1bf567d72f230783d2ea99c43a60e8729132441ee6c5362c33f9b613f84417c3c5549f4e3d9e73c6f83f16c8e57ae22fe5f54515e111fe43ad7c400d214281452bb6141cecad84b23a695f061988d906d03be5d89584634b9e9d9a9b072f8e7cbb47c47719318a2001cafa665dd2c82672d16877ea115bd023fc1975f7c59664bfb06f66a1a5e3f05cb283fb45ea67a2727ee6e10bf35b31fdd03d43ec67b753f6737e0d2f4a5275031595878cefc8f0ca0000000000000000", 0x600)
sendfile(r7, r8, 0x0, 0x10000)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xc0, &(0x7f0000000300)={0x0, <r9=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=0x5c, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x2}, 0x0, 0x0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0xffff}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=0x20}}, 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000440)={0x0, 0xffffffffffffffff, 0x0, 0xc8, &(0x7f00000007c0)='\x00\x01\xceh\xde!Rs\xe2,@\x15\n_b\xc4XuE0\xd3\xe3\x11m\x12D\xe4\x9d)7\xd3\b\xaf\x8d\xb8m\xa4\xcc]\x01\xde\x86\xea\v\xe3mF|\x98V6\xf5\x9fp\xdc\x83qy\x02\xb0\xed\xaf\x99\xd7\x9cK&\x96\x14\x01\xb1#\xb0\xcd\xca\rk_\x93\x03\xfcT\xa3\xa3\x9a}\xb3FVQS\x9fv\xa2\xd5R~P\xde\xe8`\xd8\xb6\xb3\xfe\xab\x96s\xbe\xfa\xf2\x16\xba\xb1\xedm\xf2E\xb1\x8f\xb6H\xe7\xa8\xce\x8e6j\x82\xa6q\xfcI\al\x17Z\xe6\xcd\xeax\x9b\x87\x96\x17\xad\xe4\xde\xfc\xa3\xad\x17\xd6W\xdc\xc2\xa9X\xec\xed\x87L\xf2\x14\x00\xd65sX\xdcv\x18d\xd0A\xd0\xac=\xff\xbd,\x8d4\xa2\x13\xc2z5R\xd5\xd5\xab\xf5!z\xbf\xc8\xa1L\xd1', r9}, 0x30)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000200)={0x0, 0xffffffffffffffff, 0x0, 0x6, &(0x7f00000000c0)='sysfs\x00', r9}, 0x30)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={r6, r7, 0x0, 0x0, 0x0, r9}, 0x30)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, <r10=>r5, 0x0, 0xd, &(0x7f0000000040)='/dev/binder#\x00', r9}, 0x30)
fcntl$getownex(r10, 0x10, &(0x7f0000000100))
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x0, 0x2}, @fda}, &(0x7f0000000080)={0x0, 0x28, 0x48}}}], 0x1ca, 0x0, 0x0})

22:20:54 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d09000000000000000000000000000000000000000000000000000000000000856164660000000000000000"], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H']], 0x0, 0x0, 0x0})

[  619.720576] binder: 14822:14823 got transaction with invalid parent offset or type
[  619.735876] binder: 14822:14823 transaction failed 29201/-22, size 104-24 line 3454
[  619.754691] binder: undelivered TRANSACTION_ERROR: 29201
22:20:54 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d09000000000000000000000000000000000000000000000000000000000000856164660000000000000000"], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H']], 0x0, 0x0, 0x0})

[  619.799888] binder: 14827:14828 got transaction with out-of-order buffer fixup
[  619.816725] binder: 14827:14828 transaction failed 29201/-22, size 104-24 line 3467
[  619.835469] binder: undelivered TRANSACTION_ERROR: 29201
22:20:54 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d09000000000000000000000000000000000000000000000000000000000000856164660000000000000000"], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H']], 0x0, 0x0, 0x0})

[  619.866677] binder: 14824:14831 got transaction with invalid parent offset or type
[  619.873668] binder: 14832:14833 got transaction with out-of-order buffer fixup
22:20:54 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000"], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H']], 0x0, 0x0, 0x0})

[  619.873692] binder: 14832:14833 transaction failed 29201/-22, size 104-24 line 3467
[  619.873996] binder: undelivered TRANSACTION_ERROR: 29201
[  619.906313] binder: 14835:14836 got transaction with out-of-order buffer fixup
22:20:54 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d09000000000000000000000000000000000000000000000000000000000000856164660000000000000000"], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H']], 0x0, 0x0, 0x0})

22:20:54 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d09000000000000000000000000000000000000000000000000000000000000856164660000000000000000"], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H']], 0x0, 0x0, 0x0})

[  619.906340] binder: 14835:14836 transaction failed 29201/-22, size 104-24 line 3467
[  619.906488] binder: undelivered TRANSACTION_ERROR: 29201
[  619.947329] binder: 14838:14839 got transaction with invalid parent offset or type
[  619.947354] binder: 14838:14839 transaction failed 29201/-22, size 104-24 line 3454
[  619.947498] binder: undelivered TRANSACTION_ERROR: 29201
[  619.998230] binder: 14841:14842 got transaction with out-of-order buffer fixup
[  619.998254] binder: 14841:14842 transaction failed 29201/-22, size 104-24 line 3467
[  619.998543] binder: undelivered TRANSACTION_ERROR: 29201
[  620.047804] binder: 14844:14845 got transaction with out-of-order buffer fixup
[  620.047831] binder: 14844:14845 transaction failed 29201/-22, size 104-24 line 3467
[  620.048153] binder: undelivered TRANSACTION_ERROR: 29201
[  620.111010] binder: 14824:14831 transaction failed 29201/-22, size 104-24 line 3454
[  620.118944] binder: 14824:14831 ioctl c0306201 20000800 returned -14
22:20:54 executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)={0x18, 0x6a, 0xfffffffffffffffd, 0x0, 0x0, {0x0, 0x2}, [@nested={0x4}]}, 0x18}}, 0x0)

22:20:54 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d09000000000000000000000000000000000000000000000000000000000000856164660000000000000000"], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H']], 0x0, 0x0, 0x0})

22:20:54 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r4 = dup3(r3, r2, 0x0)
r5 = epoll_create1(0x0)
r6 = epoll_create1(0x0)
r7 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r7, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r7, &(0x7f0000000200))
epoll_pwait(r6, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r8 = dup3(r7, r6, 0x0)
r9 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r9, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xc0480008}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}}, 0x8014)
r10 = openat$full(0xffffffffffffff9c, 0x0, 0x2400, 0x0)
r11 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r10, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r11, 0x2584261267656ac4, 0xe01a, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x3, 0xc7, 0xfff, 0x6}}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r12 = perf_event_open(&(0x7f0000001000)={0x3, 0x70, 0x0, 0xff, 0x2, 0x9, 0x0, 0x80000001, 0xed827dbf73522e51, 0xf, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x2, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0xfffffc01, 0x2, @perf_config_ext={0x3, 0x3ff}, 0x9100, 0x9, 0x1f, 0x0, 0x3, 0xbc, 0x400}, 0x0, 0xe, r10, 0xa)
r13 = openat$uinput(0xffffffffffffff9c, &(0x7f0000001080)='/dev/uinput\x00', 0x802, 0x0)
r14 = perf_event_open(&(0x7f00000010c0)={0x5, 0x70, 0x80, 0x4, 0x1, 0x80, 0x0, 0x27, 0x40000, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80, 0x6, @perf_config_ext={0x3, 0xdb99}, 0x4a80, 0x2, 0x0, 0x3, 0x3, 0x1b7a19b4, 0x1ff}, r0, 0x3, 0xffffffffffffffff, 0x2)
r15 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r15, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r16 = epoll_create(0x5)
r17 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r17, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r18 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r18, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r19 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r19, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r20 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r20, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r21 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r21, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r22 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r22, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
getsockopt$sock_cred(r22, 0x1, 0x11, &(0x7f0000001140)={<r23=>0x0}, &(0x7f0000001180)=0xc)
getsockopt$inet6_IPV6_IPSEC_POLICY(r4, 0x29, 0x22, &(0x7f00000011c0)={{{@in=@loopback, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r24=>0x0}}, {{@in=@local}}}, &(0x7f00000012c0)=0xe8)
r25 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r26 = fcntl$dupfd(r25, 0x406, r25)
r27 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r28=>0x0, <r29=>0x0})
getsockopt$sock_cred(r27, 0x1, 0x11, &(0x7f0000000500)={0x0, <r30=>0x0}, &(0x7f0000000540)=0xc)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r31=>0x0})
ioctl$LOOP_SET_CAPACITY(r26, 0x4c07)
write$P9_RRENAME(r26, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r26, @ANYBLOB=',rootmode=00000000000000000160000,user_id=', @ANYRESDEC=r31, @ANYBLOB=',group_id=', @ANYRESDEC=r29, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r30, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r28, @ANYBLOB=',pcr=00000000000000000049,rootcontext=staff_u,dont_hash,\x00'])
r32 = gettid()
ptrace$setopts(0x4206, r32, 0x0, 0x0)
tkill(r32, 0x3b)
ptrace$setregs(0xd, r32, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r32, 0x0, 0x0)
r33 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r33, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
getsockopt$sock_cred(r33, 0x1, 0x11, &(0x7f0000001300)={0x0, <r34=>0x0}, &(0x7f0000001340)=0xc)
r35 = gettid()
ptrace$setopts(0x4206, r35, 0x0, 0x0)
tkill(r35, 0x3b)
ptrace$setregs(0xd, r35, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r35, 0x0, 0x0)
r36 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r37 = fcntl$dupfd(r36, 0x406, r36)
r38 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r39=>0x0, <r40=>0x0})
getsockopt$sock_cred(r38, 0x1, 0x11, &(0x7f0000000500)={0x0, <r41=>0x0}, &(0x7f0000000540)=0xc)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r42=>0x0})
ioctl$LOOP_SET_CAPACITY(r37, 0x4c07)
write$P9_RRENAME(r37, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r37, @ANYBLOB=',rootmode=00000000000000000160000,user_id=', @ANYRESDEC=r42, @ANYBLOB=',group_id=', @ANYRESDEC=r40, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r41, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r39, @ANYBLOB=',pcr=00000000000000000049,rootcontext=staff_u,dont_hash,\x00'])
r43 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r44 = fcntl$dupfd(r43, 0x406, r43)
r45 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r46=>0x0, <r47=>0x0})
getsockopt$sock_cred(r45, 0x1, 0x11, &(0x7f0000000500)={0x0, <r48=>0x0}, &(0x7f0000000540)=0xc)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r49=>0x0})
ioctl$LOOP_SET_CAPACITY(r44, 0x4c07)
write$P9_RRENAME(r44, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r44, @ANYBLOB=',rootmode=00000000000000000160000,user_id=', @ANYRESDEC=r49, @ANYBLOB=',group_id=', @ANYRESDEC=r47, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r48, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r46, @ANYBLOB=',pcr=00000000000000000049,rootcontext=staff_u,dont_hash,\x00'])
r50 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r50, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r51 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r51, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r52 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r52, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
stat(&(0x7f0000001380)='./file0\x00', &(0x7f00000013c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r53=>0x0})
r54 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r55 = fcntl$dupfd(r54, 0x406, r54)
r56 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r57=>0x0, <r58=>0x0})
getsockopt$sock_cred(r56, 0x1, 0x11, &(0x7f0000000500)={0x0, <r59=>0x0}, &(0x7f0000000540)=0xc)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r60=>0x0})
ioctl$LOOP_SET_CAPACITY(r55, 0x4c07)
write$P9_RRENAME(r55, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r55, @ANYBLOB=',rootmode=00000000000000000160000,user_id=', @ANYRESDEC=r60, @ANYBLOB=',group_id=', @ANYRESDEC=r58, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r59, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r57, @ANYBLOB=',pcr=00000000000000000049,rootcontext=staff_u,dont_hash,\x00'])
r61 = getegid()
r62 = gettid()
ptrace$setopts(0x4206, r62, 0x0, 0x0)
tkill(r62, 0x3b)
ptrace$setregs(0xd, r62, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r62, 0x0, 0x0)
r63 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r64 = fcntl$dupfd(r63, 0x406, r63)
r65 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r66=>0x0, <r67=>0x0})
getsockopt$sock_cred(r65, 0x1, 0x11, &(0x7f0000000500)={0x0, <r68=>0x0}, &(0x7f0000000540)=0xc)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r69=>0x0})
ioctl$LOOP_SET_CAPACITY(r64, 0x4c07)
write$P9_RRENAME(r64, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r64, @ANYBLOB=',rootmode=00000000000000000160000,user_id=', @ANYRESDEC=r69, @ANYBLOB=',group_id=', @ANYRESDEC=r67, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r68, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r66, @ANYBLOB=',pcr=00000000000000000049,rootcontext=staff_u,dont_hash,\x00'])
stat(&(0x7f0000002c00)='./file0\x00', &(0x7f0000002c40)={0x0, 0x0, 0x0, 0x0, 0x0, <r70=>0x0})
r71 = gettid()
ptrace$setopts(0x4206, r71, 0x0, 0x0)
tkill(r71, 0x3b)
ptrace$setregs(0xd, r71, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r71, 0x0, 0x0)
r72 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r73 = fcntl$dupfd(r72, 0x406, r72)
r74 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r75=>0x0, <r76=>0x0})
getsockopt$sock_cred(r74, 0x1, 0x11, &(0x7f0000000500)={0x0, <r77=>0x0}, &(0x7f0000000540)=0xc)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r78=>0x0})
ioctl$LOOP_SET_CAPACITY(r73, 0x4c07)
write$P9_RRENAME(r73, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r73, @ANYBLOB=',rootmode=00000000000000000160000,user_id=', @ANYRESDEC=r78, @ANYBLOB=',group_id=', @ANYRESDEC=r76, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r77, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r75, @ANYBLOB=',pcr=00000000000000000049,rootcontext=staff_u,dont_hash,\x00'])
r79 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r79, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
getsockopt$sock_cred(r79, 0x1, 0x11, &(0x7f0000002cc0)={0x0, 0x0, <r80=>0x0}, &(0x7f0000002d00)=0xc)
r81 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r81, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r82 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r82, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r83 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000002d40)='/proc/thread-self/attr/exec\x00', 0x2, 0x0)
r84 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r84, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r85 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r85, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r86 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r86, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r87 = gettid()
ptrace$setopts(0x4206, r87, 0x0, 0x0)
tkill(r87, 0x3b)
ptrace$setregs(0xd, r87, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r87, 0x0, 0x0)
r88 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r89 = fcntl$dupfd(r88, 0x406, r88)
r90 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r91=>0x0, <r92=>0x0})
getsockopt$sock_cred(r90, 0x1, 0x11, &(0x7f0000000500)={0x0, <r93=>0x0}, &(0x7f0000000540)=0xc)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r94=>0x0})
ioctl$LOOP_SET_CAPACITY(r89, 0x4c07)
write$P9_RRENAME(r89, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r89, @ANYBLOB=',rootmode=00000000000000000160000,user_id=', @ANYRESDEC=r94, @ANYBLOB=',group_id=', @ANYRESDEC=r92, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r93, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r91, @ANYBLOB=',pcr=00000000000000000049,rootcontext=staff_u,dont_hash,\x00'])
r95 = getgid()
r96 = accept4(r8, &(0x7f0000002d80)=@ax25={{0x3, @netrom}, [@bcast, @netrom, @remote, @bcast, @remote, @remote, @null, @netrom]}, &(0x7f0000002e00)=0x80, 0xc00)
r97 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r97, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r98 = accept$inet(r8, &(0x7f0000002e40)={0x2, 0x0, @loopback}, &(0x7f0000002e80)=0x10)
r99 = gettid()
ptrace$setopts(0x4206, r99, 0x0, 0x0)
tkill(r99, 0x3b)
ptrace$setregs(0xd, r99, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r99, 0x0, 0x0)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000002ec0)={{{@in6=@loopback, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r100=>0x0}}, {{@in6=@mcast1}, 0x0, @in=@multicast1}}, &(0x7f0000002fc0)=0xe8)
r101 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r102 = fcntl$dupfd(r101, 0x406, r101)
r103 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r104=>0x0, <r105=>0x0})
getsockopt$sock_cred(r103, 0x1, 0x11, &(0x7f0000000500)={0x0, <r106=>0x0}, &(0x7f0000000540)=0xc)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r107=>0x0})
ioctl$LOOP_SET_CAPACITY(r102, 0x4c07)
write$P9_RRENAME(r102, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r102, @ANYBLOB=',rootmode=00000000000000000160000,user_id=', @ANYRESDEC=r107, @ANYBLOB=',group_id=', @ANYRESDEC=r105, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r106, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r104, @ANYBLOB=',pcr=00000000000000000049,rootcontext=staff_u,dont_hash,\x00'])
r108 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r109 = fcntl$dupfd(r108, 0x406, r108)
r110 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r111=>0x0, <r112=>0x0})
getsockopt$sock_cred(r110, 0x1, 0x11, &(0x7f0000000500)={0x0, <r113=>0x0}, &(0x7f0000000540)=0xc)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r114=>0x0})
ioctl$LOOP_SET_CAPACITY(r109, 0x4c07)
write$P9_RRENAME(r109, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r109, @ANYBLOB=',rootmode=00000000000000000160000,user_id=', @ANYRESDEC=r114, @ANYBLOB=',group_id=', @ANYRESDEC=r112, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r113, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r111, @ANYBLOB=',pcr=00000000000000000049,rootcontext=staff_u,dont_hash,\x00'])
getgroups(0x4, &(0x7f0000003000)=[r105, 0xee00, <r115=>0x0, r112])
r116 = gettid()
ptrace$setopts(0x4206, r116, 0x0, 0x0)
tkill(r116, 0x3b)
ptrace$setregs(0xd, r116, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r116, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000003080)={<r117=>r116, r4, 0x0, 0x1, &(0x7f0000003040)='\x00', 0xffffffffffffffff}, 0x30)
lstat(&(0x7f00000030c0)='./file0\x00', &(0x7f0000003100)={0x0, 0x0, 0x0, 0x0, <r118=>0x0})
r119 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r120 = fcntl$dupfd(r119, 0x406, r119)
r121 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r122=>0x0, <r123=>0x0})
getsockopt$sock_cred(r121, 0x1, 0x11, &(0x7f0000000500)={0x0, <r124=>0x0}, &(0x7f0000000540)=0xc)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r125=>0x0})
ioctl$LOOP_SET_CAPACITY(r120, 0x4c07)
write$P9_RRENAME(r120, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r120, @ANYBLOB=',rootmode=00000000000000000160000,user_id=', @ANYRESDEC=r125, @ANYBLOB=',group_id=', @ANYRESDEC=r123, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r124, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r122, @ANYBLOB=',pcr=00000000000000000049,rootcontext=staff_u,dont_hash,\x00'])
r126 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r126, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r127 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r127, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r128 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r128, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r129 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r129, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r130 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r130, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r131 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r131, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r132 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r132, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r133 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r133, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r134 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r134, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
fstat(r134, &(0x7f0000003180)={0x0, 0x0, 0x0, 0x0, <r135=>0x0})
r136 = socket$key(0xf, 0x3, 0x2)
r137 = gettid()
ptrace$setopts(0x4206, r137, 0x0, 0x0)
tkill(r137, 0x3b)
ptrace$setregs(0xd, r137, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r137, 0x0, 0x0)
stat(&(0x7f0000003840)='./file0\x00', &(0x7f0000003880)={0x0, 0x0, 0x0, 0x0, <r138=>0x0})
r139 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r140 = fcntl$dupfd(r139, 0x406, r139)
r141 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r142=>0x0, <r143=>0x0})
getsockopt$sock_cred(r141, 0x1, 0x11, &(0x7f0000000500)={0x0, <r144=>0x0}, &(0x7f0000000540)=0xc)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r145=>0x0})
ioctl$LOOP_SET_CAPACITY(r140, 0x4c07)
write$P9_RRENAME(r140, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r140, @ANYBLOB=',rootmode=00000000000000000160000,user_id=', @ANYRESDEC=r145, @ANYBLOB=',group_id=', @ANYRESDEC=r143, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r144, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r142, @ANYBLOB=',pcr=00000000000000000049,rootcontext=staff_u,dont_hash,\x00'])
r146 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r146, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r147 = socket(0x9, 0x1, 0x6)
r148 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r148, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r149 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000003900)=0xffffffffffffffff, 0x4)
r150 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r150, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r151 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r151, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r152 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r152, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r153 = socket$nl_route(0x10, 0x3, 0x0)
r154 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r154, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r155 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r155, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r156 = gettid()
ptrace$setopts(0x4206, r156, 0x0, 0x0)
tkill(r156, 0x3b)
ptrace$setregs(0xd, r156, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r156, 0x0, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(r8, 0x0, 0x10, &(0x7f0000003cc0)={{{@in=@multicast1, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r157=>0x0}}, {{@in6=@mcast2}, 0x0, @in6=@remote}}, &(0x7f0000003dc0)=0xe8)
getresgid(&(0x7f0000003e00)=<r158=>0x0, &(0x7f0000003e40), &(0x7f0000003e80))
r159 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r160 = fcntl$dupfd(r159, 0x406, r159)
r161 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r162=>0x0, <r163=>0x0})
getsockopt$sock_cred(r161, 0x1, 0x11, &(0x7f0000000500)={0x0, <r164=>0x0}, &(0x7f0000000540)=0xc)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r165=>0x0})
ioctl$LOOP_SET_CAPACITY(r160, 0x4c07)
write$P9_RRENAME(r160, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r160, @ANYBLOB=',rootmode=00000000000000000160000,user_id=', @ANYRESDEC=r165, @ANYBLOB=',group_id=', @ANYRESDEC=r163, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r164, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r162, @ANYBLOB=',pcr=00000000000000000049,rootcontext=staff_u,dont_hash,\x00'])
r166 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r166, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r167 = openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000003ec0)='/proc/self/attr/current\x00', 0x2, 0x0)
r168 = socket$inet6(0xa, 0x6, 0x0)
r169 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r169, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r170 = openat$null(0xffffffffffffff9c, &(0x7f0000003f00)='/dev/null\x00', 0x60800, 0x0)
r171 = epoll_create1(0x0)
r172 = epoll_create1(0x0)
r173 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r172, 0x1, r171, &(0x7f00000000c0)={0x20000001})
timerfd_settime(r173, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r171, 0x1, r173, &(0x7f0000000200))
epoll_pwait(r172, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
r174 = dup3(r173, r172, 0x0)
ioctl$BLKIOOPT(r174, 0x1279, &(0x7f0000000700))
ioctl$ION_IOC_ALLOC(r4, 0xc0184900, &(0x7f0000003f40)={0x8001, 0x2, 0x1, <r175=>r174})
r176 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000003f80)='/selinux/access\x00', 0x2, 0x0)
r177 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r177, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
ioctl$sock_SIOCGPGRP(r177, 0x8904, &(0x7f0000003fc0)=<r178=>0x0)
r179 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r180 = fcntl$dupfd(r179, 0x406, r179)
r181 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r182=>0x0, <r183=>0x0})
getsockopt$sock_cred(r181, 0x1, 0x11, &(0x7f0000000500)={0x0, <r184=>0x0}, &(0x7f0000000540)=0xc)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r185=>0x0})
ioctl$LOOP_SET_CAPACITY(r180, 0x4c07)
write$P9_RRENAME(r180, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r180, @ANYBLOB=',rootmode=00000000000000000160000,user_id=', @ANYRESDEC=r185, @ANYBLOB=',group_id=', @ANYRESDEC=r183, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r184, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r182, @ANYBLOB=',pcr=00000000000000000049,rootcontext=staff_u,dont_hash,\x00'])
r186 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r187 = fcntl$dupfd(r186, 0x406, r186)
r188 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r189=>0x0, <r190=>0x0})
getsockopt$sock_cred(r188, 0x1, 0x11, &(0x7f0000000500)={0x0, <r191=>0x0}, &(0x7f0000000540)=0xc)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r192=>0x0})
ioctl$LOOP_SET_CAPACITY(r187, 0x4c07)
write$P9_RRENAME(r187, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r187, @ANYBLOB=',rootmode=00000000000000000160000,user_id=', @ANYRESDEC=r192, @ANYBLOB=',group_id=', @ANYRESDEC=r190, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r191, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r189, @ANYBLOB=',pcr=00000000000000000049,rootcontext=staff_u,dont_hash,\x00'])
r193 = gettid()
ptrace$setopts(0x4206, r193, 0x0, 0x0)
tkill(r193, 0x3b)
ptrace$setregs(0xd, r193, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r193, 0x0, 0x0)
r194 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r195 = fcntl$dupfd(r194, 0x406, r194)
r196 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r197=>0x0, <r198=>0x0})
getsockopt$sock_cred(r196, 0x1, 0x11, &(0x7f0000000500)={0x0, <r199=>0x0}, &(0x7f0000000540)=0xc)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r200=>0x0})
ioctl$LOOP_SET_CAPACITY(r195, 0x4c07)
write$P9_RRENAME(r195, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r195, @ANYBLOB=',rootmode=00000000000000000160000,user_id=', @ANYRESDEC=r200, @ANYBLOB=',group_id=', @ANYRESDEC=r198, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r199, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r197, @ANYBLOB=',pcr=00000000000000000049,rootcontext=staff_u,dont_hash,\x00'])
r201 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r202 = fcntl$dupfd(r201, 0x406, r201)
r203 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r204=>0x0, <r205=>0x0})
getsockopt$sock_cred(r203, 0x1, 0x11, &(0x7f0000000500)={0x0, <r206=>0x0}, &(0x7f0000000540)=0xc)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r207=>0x0})
ioctl$LOOP_SET_CAPACITY(r202, 0x4c07)
write$P9_RRENAME(r202, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r202, @ANYBLOB=',rootmode=00000000000000000160000,user_id=', @ANYRESDEC=r207, @ANYBLOB=',group_id=', @ANYRESDEC=r205, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r206, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r204, @ANYBLOB=',pcr=00000000000000000049,rootcontext=staff_u,dont_hash,\x00'])
r208 = gettid()
ptrace$setopts(0x4206, r208, 0x0, 0x0)
tkill(r208, 0x3b)
ptrace$setregs(0xd, r208, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r208, 0x0, 0x0)
r209 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r210 = fcntl$dupfd(r209, 0x406, r209)
r211 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r212=>0x0, <r213=>0x0})
getsockopt$sock_cred(r211, 0x1, 0x11, &(0x7f0000000500)={0x0, <r214=>0x0}, &(0x7f0000000540)=0xc)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r215=>0x0})
ioctl$LOOP_SET_CAPACITY(r210, 0x4c07)
write$P9_RRENAME(r210, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r210, @ANYBLOB=',rootmode=00000000000000000160000,user_id=', @ANYRESDEC=r215, @ANYBLOB=',group_id=', @ANYRESDEC=r213, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r214, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r212, @ANYBLOB=',pcr=00000000000000000049,rootcontext=staff_u,dont_hash,\x00'])
r216 = gettid()
ptrace$setopts(0x4206, r216, 0x0, 0x0)
tkill(r216, 0x3b)
ptrace$setregs(0xd, r216, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r216, 0x0, 0x0)
getresuid(&(0x7f0000004580), &(0x7f00000045c0), &(0x7f0000004600)=<r217=>0x0)
r218 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r218, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r219 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r219, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r220 = openat$urandom(0xffffffffffffff9c, &(0x7f0000004640)='/dev/urandom\x00', 0x80000, 0x0)
r221 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000004980)='/dev/loop-control\x00', 0x400, 0x0)
r222 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r222, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r223 = openat$cgroup(0xffffffffffffffff, &(0x7f00000049c0)='syz0\x00', 0x200002, 0x0)
r224 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r224, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r225 = socket$nl_route(0x10, 0x3, 0x0)
r226 = openat$selinux_validatetrans(0xffffffffffffff9c, &(0x7f0000004a00)='/selinux/validatetrans\x00', 0x1, 0x0)
r227 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r227, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r228 = gettid()
ptrace$setopts(0x4206, r228, 0x0, 0x0)
tkill(r228, 0x3b)
ptrace$setregs(0xd, r228, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r228, 0x0, 0x0)
getresuid(&(0x7f0000004a40)=<r229=>0x0, &(0x7f0000004a80), &(0x7f0000004ac0))
r230 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r231 = fcntl$dupfd(r230, 0x406, r230)
r232 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r233=>0x0, <r234=>0x0})
getsockopt$sock_cred(r232, 0x1, 0x11, &(0x7f0000000500)={0x0, <r235=>0x0}, &(0x7f0000000540)=0xc)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r236=>0x0})
ioctl$LOOP_SET_CAPACITY(r231, 0x4c07)
write$P9_RRENAME(r231, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r231, @ANYBLOB=',rootmode=00000000000000000160000,user_id=', @ANYRESDEC=r236, @ANYBLOB=',group_id=', @ANYRESDEC=r234, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r235, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r233, @ANYBLOB=',pcr=00000000000000000049,rootcontext=staff_u,dont_hash,\x00'])
r237 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r238 = fcntl$dupfd(r237, 0x406, r237)
r239 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r240=>0x0, <r241=>0x0})
getsockopt$sock_cred(r239, 0x1, 0x11, &(0x7f0000000500)={0x0, <r242=>0x0}, &(0x7f0000000540)=0xc)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r243=>0x0})
ioctl$LOOP_SET_CAPACITY(r238, 0x4c07)
write$P9_RRENAME(r238, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r238, @ANYBLOB=',rootmode=00000000000000000160000,user_id=', @ANYRESDEC=r243, @ANYBLOB=',group_id=', @ANYRESDEC=r241, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r242, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r240, @ANYBLOB=',pcr=00000000000000000049,rootcontext=staff_u,dont_hash,\x00'])
r244 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r244, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r245 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r245, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r246 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r247 = fcntl$dupfd(r246, 0x406, r246)
r248 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r249=>0x0, <r250=>0x0})
getsockopt$sock_cred(r248, 0x1, 0x11, &(0x7f0000000500)={0x0, <r251=>0x0}, &(0x7f0000000540)=0xc)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r252=>0x0})
ioctl$LOOP_SET_CAPACITY(r247, 0x4c07)
write$P9_RRENAME(r247, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r247, @ANYBLOB=',rootmode=00000000000000000160000,user_id=', @ANYRESDEC=r252, @ANYBLOB=',group_id=', @ANYRESDEC=r250, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r251, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r249, @ANYBLOB=',pcr=00000000000000000049,rootcontext=staff_u,dont_hash,\x00'])
r253 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x2, 0x0, 0x0}, 0x2c)
r254 = fcntl$dupfd(r253, 0x406, r253)
r255 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
stat(0x0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r256=>0x0, <r257=>0x0})
getsockopt$sock_cred(r255, 0x1, 0x11, &(0x7f0000000500)={0x0, <r258=>0x0}, &(0x7f0000000540)=0xc)
stat(0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r259=>0x0})
ioctl$LOOP_SET_CAPACITY(r254, 0x4c07)
write$P9_RRENAME(r254, &(0x7f0000000400)={0x7, 0x15, 0x2}, 0x7)
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='fuseblk\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r254, @ANYBLOB=',rootmode=00000000000000000160000,user_id=', @ANYRESDEC=r259, @ANYBLOB=',group_id=', @ANYRESDEC=r257, @ANYBLOB="2c6d61ff03000000000000303034362c626c6b73697a653d3078303030303030303030303030303630010000006c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d3078303030303030303030303030303830302c626c6b73697a653d3078303030303030303030303030303430302c66736e616d653d5d70726f6324707070302c7d69643c", @ANYRESDEC=r258, @ANYBLOB=',smackfsdef=user\x00,smackfsfloor=vmnet0,fowner>', @ANYRESDEC=r256, @ANYBLOB=',pcr=00000000000000000049,rootcontext=staff_u,dont_hash,\x00'])
sendmmsg$unix(r9, &(0x7f0000004c00)=[{&(0x7f0000000000)=@abs={0x3, 0x0, 0x4e21}, 0x6e, &(0x7f0000000540)=[{&(0x7f0000000080)="c443458cc86f48252377e395183de494d6041c37", 0x14}, {&(0x7f0000000240)="4b32f8025e09d9a48da50d85a9ad2ed9386f1eab494a8f02df08a089da6d46c1c73fadb88ddf68cd81d7fa463852ab34f5b902fd134969c4d4ae4aa567eb53a514c1d6322b07c6b25aeec58f3be5e39fa8b679a83c45f3f38b743f04791ee017323b3690e90f3be300ff9eddfc7dfe77fcdedfe041f97af181498d7b7963809d3237b1f10fe18b5e29ec5fb498b89d0838ec6195d0ce6d882802de1f2e24ce6ccbd22bde79b9cdc5d76917cdcffc765329f7e111b705d86b86c7bb32200eab9bf574a0b483204023dacfb6499e84e4fc18d8efa5d6a448ec53917ecbd0674d58afdfc7863fb2a3a0f056af", 0xeb}, {&(0x7f0000000340)="94cf4ef215fc407c59c7df90dd113c583fff9717e473d84410d22283e8011b8a64c528261fc22701cd0616c651af943e3b2deace0cc5d852b00f9a19e78b366929c47bfdff1a8e295b4fe03476d205d232abe3920a60364ed3944bedda62cc9975fb9ea45c122c07e6", 0x69}, {&(0x7f0000000140)="58181fe8a7ce6f9f92", 0x9}, {&(0x7f00000003c0)="fdd99720da2a58487a7043b3cfa57711c70688d082d3eaccd1baada0985387908c9356735f6884c727ed989693f65ba346bfca18ec967d39fb1bc392570c368a0ec03ea9c94030e5533c3a2a205694768d49948df3b47031f7b7c444908795863a1845b38be3f860c8e857ae5e8fffbf4d0ba2fa0b84d7ef0d3a5d7ab3fad5f0", 0x80}, {&(0x7f00000001c0)="5e075742d2e31b0a9a59e48ade8989aaa9", 0x11}, {&(0x7f0000000440)="c336989a1d70c27c1aa255304201f0138468cde8a917e08db22dc65a3f12dd994731793c095fc9ca709c5299b468421f76482f9aa12cdd3e4908dc063576b220a003bba6012159b32ce86f14247a039b751a58ce5a759f787332686a4f0a120b8984c12d96a6ba1b05ac73e9f28e01c64ec1e03d8e4bdce16c83dde237a9b5979e0a42b0f16b5c85e0de49de8216bb259600c774af9dac9cf1556142a119c653d86d3cae6fc8befe2256a0ad8fa7287b60d8a3d13d3b94522a7d99357dae425e10fc857771ba0966", 0xc8}], 0x7, 0x0, 0x0, 0x3ccb7f6b1117ac9a}, {&(0x7f00000005c0)=@abs={0x1, 0x0, 0x4e20}, 0x6e, &(0x7f0000000a40)=[{&(0x7f0000000640)="79fefa1f08a06e718a1e77f801afa43d75f74627be0f83c94278a7c5f07e367b103eaeee3679d29e57a361f3c27796a33e175f8f7b2e27c75585281dec7522ffbf205e42895d", 0x46}, {&(0x7f0000000740)="d507951188b0617e434a522caf366e125defe4178038aa6dcef80e62276b8fe2eaf932b5cd7c1bb47051adbcfe62d60df3c8fff236b65cda74b26fb3ce4ee4894655eb5251269c6f4face84d59cebce90cc33a3aa12240017bacae4a53232f927c1ef6cac2e01ec162853fb00bfa86e02fbf7e54551c8d5741e3597e0fd3fa7085a04f1c03e55fc9d30be00a81f4c6e5663ba906a8c710232f484264d418144f0414ba10a8068bd9813f384616321a2ed5e25ecb0655bc032a56942ff8ad630da3cf2fc13bb3cc6e669691b2fffb", 0xce}, {&(0x7f0000000840)="e990e5972cdd3890bbd87ecb460ed703b7508e30af1bce4d79d80e8c0d492ca138eee777e8c89af6dca41f02c3ae026dcbdca8cf6e82c7a7770ca1195d5a4eda7802a19660a06fb8a0c5", 0x4a}, {&(0x7f00000008c0)="26ecd56f4eeb6fc30b8e89d9936746b24a186c94a3f85b9540524c0b6e1d7e7a7c7862230b01e2493ac4a85d5b87935b01124fa095fd2fea6dcee98cb64716243e583ba577a27dc1998930164ddb27926d376f82536c7ce381217c09876109bf266e5044e3f858f191a8b0103ecf1e88472dd8eff05a2e0e6ee48a00a287c59dfa72594f", 0x84}, {&(0x7f00000006c0)="6e15d2036cd78d40", 0x8}, {&(0x7f0000000980)="2ce74c64c540a5951c3131a4a39b12f977b36575862bebbdcb9e0632db959eb86fe67048878f8c3aaa15065971fd1d6858f879380d138db6dc61f813131e708c713934fed18fc01853c5ea9318f2dda3baea6c59d6a957718e8d80caf183d326bed09f0bac16e880c2c680ad0f8ae879c6d279b245d3d597b5e05fd489f0c79f949a5fcc22ead3493c770f0c3ae509ee795f571a8fffd458", 0x98}], 0x6, 0x0, 0x0, 0x804}, {&(0x7f0000000ac0)=@abs={0x1, 0x0, 0x4e23}, 0x6e, &(0x7f0000000f80)=[{&(0x7f0000000b40)="b8667d84379b471fbcf8db282e67823f787547b6745731a13821e99898f27329c585c3e0cc193650361aaeb4cb055a1fc30c1e03118d83c3424180", 0x3b}, {&(0x7f0000000b80)="90724efc5681860636938acf5a4870917fb2b72ab16f4801b623b10f45e301071b5be13c9e297c42b8f508bb9114832da1241d1605d6052358be02732ee75860458b20874e37e384a401fe21ff1e36bdfe1ec6cc2b286e75a12b49dd055c6941588c0b00c63220b28618b672af93ad82c823bc7978549177f5ee92dabf79844f1754797fa82142326256b811df230c65538d5e2b1b97c7ca56e429907c3eb921c215859c1a8311aa276846ce025799cb3457fb8960f3483dcd7e27dfefa7", 0xbe}, {&(0x7f0000000c40)="2f8cff177ce2034f1c85487d4d002151dd40dfeba4710c0a960b2cbbe6b6b74015a7bf2792cfe0ecd59a94b629ebe4fde14744003f592f3c42511963e8797463b6a756681f15612e18c0712ced99674a47ba652194dac2abad360891f4d1a1a7cd8edebd1ea7b7840a8f2ef2c6057d11a3bcebfcc498cc869ced60ac23bc333edff43c9e4d04de13491831819dcbe360e813e62548aa3cd3d239079015f13a2ad6ac0682b0c09b5ced8f0e1daaf285738931af9cd82c9766ec8e3d9d9b507821ce55980e160d015d65361a6a4cb32f641eae", 0xd2}, {&(0x7f0000000d40)="899a2adb8ec5246dd9e8c74ca172498c2439038be3fa203c570de6aca99d8ef727cb9593c21d785ac82858b521ec0d341a070e6d8ad4f5d7286c7652dc9b8afff5a9d6c8cfcb1c53e5b501b1b2c9cfb24405a76a622e168f30f32f5022e1a43181494044ef29938a819dc0847e8c8ad041faae4cc376fa6b439b5f496fc9eb92f62f45e1356e02949eb2a202ae38ea583022e268a51230c05c53e12042d5953176d959bc2b79c78ab978a7d6297fcbc9decf1cbdb69c157828175302ec1340b0db87a1558a98", 0xc6}, {&(0x7f0000000e40)="5c56afe56967ab4ee0d05ea1945001a671ece1005e76cbb177be0dfcd5f21fb10de154c6d0d9181be58d6fa71f5121c9f19d3fe45b6e143a65bf60d96501c2acf9ba85a5fc22614a2d9c29fd8ee45b2ad8078d19cd9ab701c5644d", 0x5b}, {&(0x7f0000000ec0)="897daf9af2ad6fd0afaaaee44b0572b125dc904c152e9a419fab10f5a0484a4e7a2640c0efd285bccc3158ff8edaafee28b8394360dcce61977d9bead1fbde6dd0b0f308b4ec3c65b5dba8b18712f2802d55b6f4bb0ddf", 0x57}, {&(0x7f0000000f40)="0f79d62bb21da41b16cbec498645", 0xe}], 0x7, &(0x7f0000001440)=[@rights={{0x18, 0x1, 0x1, [r12, r13]}}, @rights={{0x1c, 0x1, 0x1, [r6, r14, r4]}}, @rights={{0x30, 0x1, 0x1, [r15, r8, r6, r4, r16, r2, r17, r18]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, r19, r20, r21, r7]}}, @cred={{0x1c, 0x1, 0x2, {r23, r24, r29}}}, @cred={{0x1c, 0x1, 0x2, {r32, r34, 0xffffffffffffffff}}}, @cred={{0x1c, 0x1, 0x2, {r35, r42, r47}}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, r50, r51, r52]}}, @cred={{0x1c, 0x1, 0x2, {r0, 0xee01, r53}}}, @cred={{0x1c, 0x1, 0x2, {r0, r57, r61}}}], 0x150, 0x40}, {&(0x7f00000015c0)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000002b80)=[{&(0x7f0000001640)="e9517870fdcf9b5295e50654d74345f7832507f7404b6c750503ab2e48274a2941ac03cc339e06a7fba1be133a7d2fb9d0c674ca4f4da93109ad35c58cd1663a17106c4e3139e3a04974bf555af308f9a3185f4bf854fe1f6c063eca73e63027601de82072bca2c349f9e54a61bfbba2193a53ed06785a27090211c97b792ebf1995d810314ddb220c71890ecf5ef5d3b3db3118c02ac6c359697d7c", 0x9c}, {&(0x7f0000001700)="947a3e3d5fc0d2b7bff3d893b6542b9be9a4f39b7fd1df2b8de2f59df34f54c08d78e5a1fde92e1e41cc34aefb92cc351c7abb3da38029ab2faf355ffd7392c8f626dfa86c5a3a1386f794db080e52c462a7ad7db0034bae30b346c1729e38ce956c21436e43ec618b13f8aa12b141a3949872f97dff26fd5db239c8c55b9643373b4810f4b7370e0fbdf75e5a54b94d92a4f1d1ff38997917bc81d99e02d1213fa316d21ed5385931feb18349c982986a4d50437bda1419a4a7a310dc4f2483e68112de9168c2d7d69bacf561f6f4231894c8a00c2c597f45dee2a2b144037b7df46345d53d4e73747556d66bbc14280a7903301246865aac1a383a22aebc", 0xff}, {&(0x7f0000001800)="037fd024b040f2dd560f9fc54f17c067ca87f159fba8df8f42c0d1049c92ad3adeed4d731361b56b160d03e4d6fc66b1ffc61ac46465797662572bf1bc57b56cef8acc127b471f30059e5605ab3fa16dc824bd820eaab73daf8152884ee6b7b8e70a294e88bb20833ee248c9c881e6246eed401001", 0x75}, {&(0x7f0000001880)="83b466d66f4619de65e9fa675f3a4e183cc39c2a02da8bbfa56bdf9e094bb312b278e628bbc50ccbd7bb4daa22c28d88c9e44b6ceb735d5c7173bd629db82a93e2e65b42191f81bcc5c0414a7666ae89aef7e71f951b070c880a1edcd537ddda47da3d88401d65c49795d3aa33017ae79cf5dd2e74bc4b43692e9422e67f7c21aa1c623c224e3f1be551614b2926a321d98e9416b6b6d311d54e782523d0adf81b218385f57778dd4feafaaefbbef2d9758d2290bf3face78ecbf4c6ce3b6bb77cdf887d139516fb8910f767a08671eb00712689e68f0b909e084af7d83ea089ae81fd1a0440b9dfab28e58f3acd9e8fd165d57d24378baa5367dc097a159e162131329d8a55f9cbc66bd66f2e430231d17e46330b8bc1d41c086924128fe9837839362ef3f8006b6711c61ab2904347eeba8639ec1d6dba4887bf98585375d34a3c82833a81df7ea0e0b6aac329cb223ef4989de6aeb7f3b643c06748d318e85273527e63cd574f1d7dc256ebe4f4d438a22ff7d6d3c2569696cd6c244abefbc03bf8ae4fb46062158703cc7c177e2ea4f4e6e5d48d9b8f5e612b7664cece4632b5ddb9999d37e6ef66b73afcfa6b59ed7d1877a90e0b407e5b17542d419cd47b26d2250c3c340f2d6308433942b0c28de79c9da51e0f192c9c567dc14ca0aa26231fe3badf040e106e2dfb38ca1cf7994d474d31c5a883669c81e0381a5de150a2697210d1726998a1daef6a2f81b4242416089af006f991e0303ad4a8ba6588fc6f038ac0f8b15fe81ae46c32bfef21ce3ee26d9466c88f2594d4c56acef2c94043d41fa3d554c471d6475479d6b3b693054b0521a54e6ce1f0b8dfc04c4ed6a4ca07e3ff8c1cdcb1aa20a296ec55abee9d5558ef8cfdbafd1bcba19ef6a64c1fcaeabce29e9912e340ef2eb1d387e00ba8e321ac10d2d5d3eaa185a7ab6015ff360004564961509faca1dc13587c3d1ad573d4a1aac0f10e438c71d9d4b3342b0659940fd2a2d551064a55a82839ca585546e258809d3dc186eec3b6635adef024beece439f56a8de880a4646e7a38bb39d6998df1d95d889450cbe5c337191cd33cc4a9a3f76e604b7d9f2bf3d26e723329b1bcb900358c67a82bd6e6fd94ada22a9eb0ec90098947d1c14694bad6af865692955197b9a9e0f3230dbb6e701fe84323267311f175b4cfa163fa9f589ebe670cab4d29bba07b515df390f8e5e8308fa0feec6bba42501efbe2f11dcd1dd7d592a5d4a82546d5bdaf8b1a648ee21d914d585af30e8117ce5ce4e6e461d259b608299ce721d17c9942a4851dc4638fe265012bb0b28b7dadcb50c9ea54ad9d1daebc49ffa41007f575f5fbaaef909838402cf0c73db3652e7166ad0d556323dc2c56656939a2be2a9513a4e975c206a5fb43ba9525418e030641e4074ec5d5f84c8874985695044d4e73aba0301674d373d174e14015c2904b373fb1b531937d4bd0ea215385b579be3c006ef841984065e5cbe6643dd0a0ebdb9873e5304a4749adc9182c6007081d62f0baddf692403697a46106e6a518be3f0454bcb76d1a09cbaad9ae7255ede9ff454a42c211ce397f14e6ca9690e580dea8b41cfcf1cb80a7f77e4beb7d25c7b54779193d2062958b563391402b41ef6f7a3b33cdc58a25b421ea18a355dd382ad7b025a4a7795ade7e6059f819d11319573bb0c9ae94040a4f9791a3435c6e179fa08e1fb4811c3bd926b04e31a98b614aa7998de5f128cc29abc4597e07cd680df92d1f4ee0bfcbef784d7a92eddb689b84f41da628510b1690680fe314aab2a2f90785c5da4e95e9c4380337e160a6efe8ba058948741e9265ef83a234691fea73ddbb8a288c1d73bf7359d00b21e776cac74e887b98e58309a8ea2c93564e36776409ef372c82a334a615e0ac6d8cdd297517cc2cce277101e99a3771fe81771e708ff431c4acc3183afaeff518dcd1b3bd76ebc38af3804973323fbbbc66db3c61be26907b6c37010893bc3f6b5b701d28a093b3f8e72210dd71334e4eabddeb5b1b10e8b198c6125fcd72f74132ca2f4fe30cb424a7073a01d44977c4a3113d24e0594f93f17609dae2c13f3e5f356dbe66f44726f0e3fe6c860ce035a5c6d98ab61f334a82c0382cdc27daecb44d6ecc86d556095bb21149c914d59160855fe784000b297dbcc91ce6bdaf64739cf7a7a5a3739798958dd53ff8acd65c51df79533ec97564e5cf1855b1139a162d3fd70098b77ff287ac623183651ec5d0eb8ccef383bf537ba94b37ed33d53b56853c39023bbfa01bf9c9aa622f1f182d0d3fe9ea3ffd4208b117ac2a82a83e332c4f040d3f01aece169ef073ae32184bcaf556b651a956dae48743d32a9754dac06dac066f3e458464610f9bdaa15b164e13bbe0ca4a9c4828f7828af18e53ff99a3c83619b45b727484b5bb5bf6867d0cf160b14534388ed2d192bac9556c582e3915acd9f68a6fc1f5580789f586d94faadec98ad37d23743f97c7fb50b0e1f9a6504144e86b6dd9db82b96005c364721373002f3488bc0c09639a27eee99c35299618041579144e6c60432bc604142b165c26bfae70be45dc07e9840e2104ea6d5f4566969e10aa29975c7f7ca7105a5f25e057836f6ad427f51e5fceba4ac50832f6448ed5e4e4b92f4b98e578345e0b011450d1a96554fc018bc3d50e01e813c9325e5d8fa8f834b9e093a293b210e8da2c9a5d746e416f6efb9595a8e313187dd14f362c6082cfb4d62979cdcb3fca5ce432f2e1792b7942bb09667e858b65e0e7aef1bc9e32c22ef388730571702998fafac67774ad6e74abd438c73a3b83dd233c38b4820104104d763031a9b9ed60a528452e8c7755b19772e465a402ef3e92c171f58d00e672e615a62e9c3d14b738f2ddae7ecda74d79fa93cff2b3551f2824d73cc2bee052da5fca0026c01682e5abf58b82ef302e9f818bfc71d2910ba34cb0926f2bcce8e71e2ad4fb8fa08c938fe957d63d8650724833c916dce1357ceab33680b49d3bcaafc0531a3149083d20c24b9e00ca76deb00b8270db03ae74abe966363b94f5ae622026ed7b3b5292a7c3435fc14de6cd7baad0d389108192ab8ce421d172f3d41a5a66936fe10b0091a3b2d6acbabde8ac65cf520778cc98a3d30edb43d5dc71da22938cc4754f1fe5f1fa6db6dfecb19cc7a632c17437d8fca9948d129de222dded83912f91392ecc9312990a44d73be4cb0bf21666f3d0e46dca92ed87f08b38cefbb4b7bdcf08dd5eb91d848370647469a6c83f054ad1ed4e5023038362a9708011dce41307645c5d660e93509b1c30cb232e5fd5c25bdb36654d774738b79408644b1bb15b9576cad407aec393e438cf0bcea1dfe1d07bfa5730b1bf3fb1780b973b2950e165b1726f4289183863b8985c8943c8620c5399d6990a600da2a5b520ad8738296d231ca7ac13427d79bc8424115bda80b92945d3ed8859aa654923ba2a32aff1d9161af7b949c69153a2d4a42b9ba2d8508f66889690db0655ce24992e5d098d1d6a4c3962d844619f47e8247b9f8da8ae7d7599f2a26fbf80542f79b61b9ca1d1357017d6fd819977b885d096aaac628965f9f49569be1b01b4b2964abc734a26c3c5e7f50c3042faf2b753871998a57efa99fcece0b377f9d77ada16f1d8ff459764c2fd91772e37e138ba4c5fc137449d11df6712a49d114d6174dd1cc07beba109c2dda229deab9cfaac663b5a431c066c57d5ed21a9a98b666b48e25818d4ae297924d8ff383a4447fe4a914978063dee352d23dcf2972eb9bf1c9fc5ad0d02df1cc5c939008f2da126f23f92db761eb58bd378fb2a9ca3917fb4b1e76d10a2801c1073d9ccf2991239970c682cdc8c4c9aab5685904113f6eed675a3dff812da05886007bab661509475310c7e3906d08375f6cdf3c3bf6ed69fb7f2205071c1d45b40893d3b2b240203c79c2e4c5e1a92e849f156b3d11e184078b5acf32d17cfa04f26a7c86684049ec3880ceefad1a02bcbe9a11c1c854318fc69b78a6ff407b2cbcd6413c07dad9b8b29b0fbee2cf1d59b749a0c2465caeadd99ef03d8afaaeaaceadf82dc58548b43109060586b9cb06493b4177a97ae64240a62217ac08adc585e861e12312eab4e2d2a0522fe4c7ca83ba9a9bb5624e35e98aed563a3fcc97dbef8236351e71ff262218944672c940d02f0959791ed42a49a275240f2bc3a960ce0636bae5f219392b8e90bf9b1cdcfb38a44fe304d63e7eecdde4ffc8f24c38fe848da6f7f329ed7b03392e97310e96da95f6b81fe1bad5b7aa155ae7d96b87446af48e47f317a38ab4a9644ae5db4eaef865ee54f35b3b976446755d3dcaeda44f887764ab4e250053b5ab5ad5f7c557c75ec00b262a851a5763b343479702c88e8054101e3a6a51735ff09e6aa228b4db9423a34c8382cfae66c0602ef5634eb5291f5fc7496402354fccc4514a9c8ec943473a311fe8e3653254060a9e0a68ea6cece1ec8fcc9885dba77ac6a8fcf575d99ed4820834d73c169e5fbdef4d6728be176a283a495dd4be6430a0f6d1bcf4585d72e03df6e4dc2930744cfbdecad8c8f43f8289ce8b62ebf98c7aa5c3fb56bc9d6f7427aab676612841e8acd08eecf8cfc7bdfad60f40acc842ab200b6261601998c1ef74ce4b212aeaf3d49e9fdd60192743dad89d19857e181f692e310ea41c7983019e8484dcbb255223681dc8899987d5b9de095029102002a613f1c57ee764dbf57c24917165f3e0e66370cdec58176e46e268aac46bfa92b4663f04856dce1b9d5c7f588f7d46427335fc678dd453dfb6566795801ffef4be0ace8bd71aa3575294333506ccc6d953a509052183912669a0b7d3125c66b2c9282c3ab2c12e61b31b454f851c22a7837f4e218db4688d349344961ee5bba97528ee397f1ab607f1d9499b5fb912db7f94d9eac9ed96372146fcea62d2fb8a862710327233ea71d33ff0931ee49752008e25ec79cf8814570a4b089655f01c6c576b2a925b0e0da775b3558adc84ea870f9d98967e9b87f8118d529193e42bc3f397e9468efd419d7d5dc128b131c170272467b99a1e92cc3d2d153477d8025d6c1c5dab8e7fb644a6abfe4ff2026c4b94987f6c76ea8ec9607f5db008970277c10977860c49d233fe8c7df5ac455629f8d13382dd60e5bf180118bcda631191122e6245e2c7af1b4dbabe0add4db9e2624a57034bc5e17c62f7f8e06192ceaebb7c57d53cb9bbab83f81b8655a40dc581b6bc8ec2ef58cc048ea5301386c4d0385ad25520f0fc0ff441ab668f04a11cc3ee1758ced1ff6bf40e9958141a5d67fe6e1d22041ea62004ac3f4e78ed9994ff018d2f54207a4e7bb5cc4a89ab305ef5f40f7b4e4190593e3661a6e613df59d3802931fc734847054a71b9bb8d8bcc4403e5e6196ed98eecedb68305e0dffa8edc60ed8611771018e039bab52be7856b7de105290e363d72a39e4d866074d2ec49151d734c6a9c53e758b6929d3277ae060898f548ca0387bba078ab0c7b91179e7990ad4014bad11801ec1dbbae845af775400c60627443acedc3e22c9689aedaa7fbcdb8818d249de3de2aeff3ddd427b94e6817bb6da0f4795ee44289321f7958bfec9af09e142ecc8780f85863f4864c2a5cde7ca53b6d0e128655f9facc9fd8b6b900b7527789d1bb6573c2abdb4fc531fc1634939f3905562eed6e0270f38fa0b33a8846d7e7ce9bb53ba6b1b139b45e4dc5d38583bb3ae86d312eafad2771b3e3db86339dd45547529f8908481cff33f80475119", 0x1000}, {&(0x7f0000002880)="adc96fd20962eddd38c5080108bd750897e9077071ac15ea4d807f4a710bc0f1e52073c65bb47f7b09d3d6530788b49e43d92dcdc4e06eb702b70e3d04fa962354b7d24320536ac87348d30eb90da5d346cc6c06f28f0d4f88dfeed9208a230b32ddf2bc5b8c2b10f5e9f2caf9158d155abe489f2a5fc86366b840d283912edd5d0972b986653843028f6d12becfeb481f5e6ca4a3b96ff54f9bedeff2a822468ccd72", 0xa3}, {&(0x7f0000002940)="819198b328d94b65429e87597f71c293ee5cb8e582bf51d3594bf091f5634e632430107ed92978b882976f8ed9c197ed8c8cc5a7ed60c4ee37e243fb2f138787dc8774d9691e80428fb5e7f220166fa7f7ca", 0x52}, {&(0x7f00000029c0)="b7a75494ad45bf3ac5cf66f65ce15f760691029e8be452a0eeb8eb340d1e2327094ccbb25c97718256618a7e0b2c54246606cecf688c982562269bac345f22d86a376da223ff81cecb05c6748e7f363c7e92ab1632db2c7396845fb2cc5e61e1c2dd9475d63154cc15f4b89ee6b19f51ef682426cf5ef1564974399c7da1d94cc9f533f9667c610c7664bbb1a0972c620611f81c97073030ed9ae7eec8978f30a58e78d775f8e6177d1d8b527aca51e69b0073c7e32147b6b7d48ba781579fda6c13194280c050c2195f6c12ab3840fe54092f103bf9f0ced2a6caf80bb28c35b338bf4e70db9722fab82d788b5575b1cea2b0b6aff2c8826e5ceb498155", 0xfe}, {&(0x7f0000002ac0)="d45123b71a4692cddf6d33625a36c32630446f4a0482eaf879cbba161d44a8b0fa2258017aba33c7fef1e54040c7a89487c8b46daf52dd9e6afcd063e78a8c7ca2ba7d563c9f831f359eb7ea72188512487cc2174cf812534cd5bab30ec68856879c4ec4fb4bfe7df8723ceb916762e97f529d0dbf38c43ec109a2eb6630eac2fa28150befd1b7b2fef4b4a551782d5452a9d13c3fa92ed156d372b458a66a6601a81b714fd974504004af62116b9de9b3334c1d4264ed0a0c2bdbda5a", 0xbd}], 0x8, &(0x7f0000003200)=[@cred={{0x1c, 0x1, 0x2, {r62, r68, r70}}}, @cred={{0x1c, 0x1, 0x2, {r71, r75, r80}}}, @rights={{0x30, 0x1, 0x1, [r81, r4, 0xffffffffffffffff, r82, r83, r84, r85, r86]}}, @cred={{0x1c, 0x1, 0x2, {r87, r94, r95}}}, @rights={{0x20, 0x1, 0x1, [r96, r97, r98, r3]}}, @cred={{0x1c, 0x1, 0x2, {r99, r100, r115}}}, @cred={{0x1c, 0x1, 0x2, {r117, r118, r123}}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, r126, r127, r6, r4, r128, r129, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [r130, r131, r132, r133]}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, r135, 0xffffffffffffffff}}}], 0x160, 0x4000}, {&(0x7f0000003380)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f00000037c0)=[{&(0x7f0000003400)="3da688377c5847f62f362c0405ea37346bdd507aa01c05f4955c3a3682277771e4c3734fcac0becebb71069af8987a95749b8ea3cb3a6656814dd15a1ea33be129fb8fcce72a3ae80be4eaae2087115efc9abc63c5c2a51deaf96a69a1d9df270d5287813f5b49c1a5274c5aba44ac5e5f2e21941fbe3ec0bbac6e87d42f4a67c2a617c6acbcd3132a57030c903ae4ca7f2f2b077b114b48402bcbe4e374d7b0886110aaf9d12a794badcb0756e908e5cc078c56ed14b7652698743582ddc625634240ed471a96a6214db8cca5ee575ede9ef3842f16b60e98b7bda3d5593dd75b8a904fabced6baee6ffa200a22", 0xee}, {&(0x7f0000003500)="55172e1e913f80f7f40a9a9655da8844574f3a7269f83841a6c65712c306761a2ddc350e5deb92db6d9fd81b011e80b81681ba13dac342c223dd643bdae8d6556a004a78cea5a024a5ec5f246856377ed80077d8ea67486240748f7c6d868b28deb8be2493ab80cb0e459cf7bd59b047b397cceb016601577fb36ddde5068d4849ba4c397bc1e6fbc5378c49d89d7f16945b16fe92797ba0a060425241bc5d16511f813dd3276fdf37156e1a3b31ed39c20acd48b9e6c3eb3c", 0xb9}, {&(0x7f00000035c0)="9d5bfeacb15863d9bd23e984ac734003a1a470b1178ce2d55af853faff8376fbf7d090ed88b5e33b97b3560840d128ddc4d33b53aa57f9494629000e12be3b98e19c5e6a1d8bfb3d19f3de0a4d2114c0d76c3cc0a014fa78eef93bee66f3db4652d4015df2c32b42c653ad2d2041dcd23bbb31c4ca04dccfbcef2d22510147f81997e25ec87f7def8bfd34b350bb336cc2e78755f66015d5933069e24f95f475b6d2561d94bc9cb9391e516e5178a44b225cc432b01634166c8adbb6f7134a872ff2c58e982e37e8f0f5fb5e92b535945457eb50bb98840df84a7c57025f3024c46e111ba537265165e9fbc9", 0xec}, {&(0x7f00000036c0)="e58d22e559a61d06ab77bb3353c9e535f62b9a2e88f526cf90eed6d1bc55a5c585cbc46951333298be237ec811d0072e84afff039ed2acaba1131ab3ff698757a6465e9237044f61a00eabdeae0b4c6162c28f536a7fb2d30b948e692bdaf6a2b06f9224c07ac784cd68923f8bd55478fec8bd38444df6010e2f541fd4629b", 0x7f}, {&(0x7f0000003740)="7838439ee00b45d86d74fae5ec", 0xd}, {&(0x7f0000003780)="9a99cfb84e34f286ca88e5dff4d7a135f0f26def182b4cc545eba3ae70c55515f9a1dc6d247fa6151428", 0x2a}], 0x6, &(0x7f0000003940)=[@rights={{0x14, 0x1, 0x1, [r136]}}, @cred={{0x1c, 0x1, 0x2, {r137, r138, r143}}}, @rights={{0x20, 0x1, 0x1, [r146, r147, r148, r149]}}, @rights={{0x20, 0x1, 0x1, [r150, r151, r152, r2]}}], 0x78, 0x800}, {&(0x7f00000039c0)=@abs={0x1, 0x0, 0x4e20}, 0x6e, &(0x7f0000003c80)=[{&(0x7f0000003a40)="fc78", 0x2}, {&(0x7f0000003a80)="809afd6fc77c2b98e9d14d1935338e56754802ef387b2de4fa8eb05ae358ef4beeb0a4a09ba5d728214e5347dfd4b0b2f83b420d3d0589848bb2e0e91214cab4dcad955d873d219bb6f815be895c8b8700acececdad0327045e11ae07614c13e97cbd80e259d05dc584af195a25d6221a279cbb321872e065b7101afc6dfd458ad04b8ba8c91e2fc49a3e0735e052ddf53ab5b2466aee47ed2c2933204803ad0", 0xa0}, {&(0x7f0000003b40)="4aeb9689e2b7eae07834fc5ab0aee76c65aa72739bb40bb4ee90a7385bf72c02ec", 0x21}, {&(0x7f0000003b80)="a8df328b43c78b092a4f4376e989e0949bf4d01827d537192c3baa524eef090d6388b374fb528629cb21b30d0839a344a5d27eed095ab337cdeead343d84a8192ece806ea79b00eb68d35ddc365d327bf53aec1f6c0a4c0a3daf895dba2acbcde66f28b642e3f3fcebbb79fb5a2c64919de6c3932d4c39e8fa0a04bd32e0943cbbc24c8730451b9109562ce0ecbbd41e1b0364fdcd9601bad7075c24566315eb81a6e9fb25ebc1d8371e1cd005d39da611f24ddc76f7d226a78866cc0ed75d0f807b4bcf4dedb6ce3f26e6b1a5f6527b70e4cbb980608fd2a009b4ed2fbea91a4c0e2af5eeea24b4", 0xe8}], 0x4, &(0x7f0000004000)=[@rights={{0x24, 0x1, 0x1, [r153, r7, r154, r1, r155]}}, @cred={{0x1c, 0x1, 0x2, {r156, r157, r158}}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee01, r163}}}, @rights={{0x30, 0x1, 0x1, [r166, r167, r168, r169, r170, r175, r3, r176]}}, @cred={{0x1c, 0x1, 0x2, {r178, r182, r190}}}, @cred={{0x1c, 0x1, 0x2, {r193, r197, r205}}}], 0xd8, 0x1}, {&(0x7f0000004100)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000004500)=[{&(0x7f0000004180)="b19753671e95af75370e69e21f57a84adc1db9c52e3ef2dd04b5a3b35f818c23ed38492b954b92cd64a72739d9ab6678cb00a7fd3d8a15f711939438bb791d4f0036f7", 0x43}, {&(0x7f0000004200)="216e0c8ea8c6d01820264da4d31adc5bc6046370f82397dc7d26a7e5cd69f624d71bcf53fecda2a77e9044fe8c3a1427b1df660a148c5adfb2a8173df01a4480d707c6ffcb8a76790bb6d97e1981794f1746facccf2865dde7106bdba71ab9887ca529dcafdb2756b3b99d2b1ac7fb4f0477ccabec722a", 0x77}, {&(0x7f0000004280)="65ed1eb379014d223127feb2099e63b263699c3546729ca86c28f6ec2d2055eb9928f591aece21c21393f9597ec4b01deb892f9b07065ab81766f1a0b545e487c99557183d0b639acbcecf78ade8dca7a393de38c88f7cb1b7347e463ca9fdc6baba9666121bfec4d8e96094baf2bc021ea2731f1fd38c7ed901724e4cb82546ef45fd11d8b1648481df7f6fac4097c562b06200dec18fcebf6173455db9f6f6d4bd6e47937e2ffbf224b626563fe32ad66b7d38e9b5b6cd8347f3c37c62804c6ac1c52e3f5b6fe0", 0xc8}, {&(0x7f0000004380)="71059e38476dafe12ca6fb24440cc246490d3603ca14509654887b14259f3d4ada723a3813530741cd6a5b00c9f2dcdda5ce6cdd8fa18a221257f3228dc239e6671b1f0a6d72978fe6eb193ec9e25cb5ef0a478e7c2c7d498b2d7ed10c82a2b6bfa84800f85625ee1f2d16c112f557e39a0c08c0f53b2fb46fdd15e2c280151282d47585512c42d873", 0x89}, {&(0x7f0000004440)="11ebc908d67b261ee90367fb034233c9f7f51879818d0dd2e2182dbd88492852f09b0764be5121871c621959fba6f28b71130163952ab71a0438f6d95a7519e75c8010a1cce6c883485db51780968d36c6dd2943939d0603d3148d839d85865c33b096d815a8e263d1631f9612837c831b74ab80cc6ee2db4c4d11bf03b95553807331d044eb22ee387d65b172a3c76931d2b58917622d5d516ee86a72b04f8077969761e1b7ef60dff8217037f24177d01df0a9804c4cfd228d2e", 0xbb}], 0x5, &(0x7f0000004680)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r208, @ANYRES32, @ANYRES32=r213, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r216, @ANYRES32=r217, @ANYRES32=0xee01, @ANYBLOB="000000002c000000000000000100000001000000", @ANYRES32=r5, @ANYRES32=r218, @ANYRES32=r7, @ANYRES32=r219, @ANYRES32=r5, @ANYRES32=r220, @ANYRES32=r8, @ANYBLOB="00100000"], 0x70, 0x4000000}, {&(0x7f0000004700)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000004880)=[{&(0x7f0000004780)="c8757866162ef829f6383e401a63d2a44428059e694562bbd1cfca262beb684fa0aeb36fa086c5b2e3bcc8467083cc347f1f8afb4fef807e65fbad90d0a575efdf85a74b8f1d7a777afbbb8571c7a98b8f02", 0x52}, {&(0x7f0000004800)="d38326d070d0", 0x6}, {&(0x7f0000004840)="0d74224c6e127a97414d122c12e3689f1991f1aa623fb3891064f189a0848aca4b8722e12e03bc95f7", 0x29}], 0x3, &(0x7f0000004b00)=[@rights={{0x18, 0x1, 0x1, [r221, r222]}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, r223, r224, r225, r2, r226, r5, r227, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {r228, r229, r234}}}, @cred={{0x1c, 0x1, 0x2, {r0, r242}}}, @rights={{0x1c, 0x1, 0x1, [r5, r244, r245]}}, @rights={{0x18, 0x1, 0x1, [r7, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {r0, r249, r257}}}], 0xe8, 0x40000}], 0x8, 0xeaf438a30bde033a)
ioctl$BLKIOOPT(r8, 0x1279, &(0x7f0000000700))
ioctl$TIOCGPTPEER(r8, 0x5441, 0x8)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x10000000001c)

22:20:54 executing program 4:
r0 = socket(0x2, 0x3, 0x100000000000005)
close(r0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = socket$unix(0x1, 0x5, 0x0)
close(r2)
close(r1)
pipe(&(0x7f00000000c0))
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
close(r3)
close(r4)
socket$inet_udplite(0x2, 0x2, 0x88)
r5 = socket(0x800000000000011, 0x2, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
splice(r0, 0x0, r4, 0x0, 0xc0, 0x0)
close(r4)
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r6, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070")

22:20:54 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000"], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H']], 0x0, 0x0, 0x0})

[  620.215646] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=106 sclass=netlink_route_socket pig=14851 comm=syz-executor.5
[  620.215946] binder: 14849:14852 got transaction with out-of-order buffer fixup
[  620.215971] binder: 14849:14852 transaction failed 29201/-22, size 104-24 line 3467
[  620.216118] binder: undelivered TRANSACTION_ERROR: 29201
[  620.243613] binder: 14856:14859 got transaction with invalid parent offset or type
[  620.243646] binder: 14856:14859 transaction failed 29201/-22, size 104-24 line 3454
[  620.243906] binder: undelivered TRANSACTION_ERROR: 29201
[  620.534104] binder: undelivered TRANSACTION_ERROR: 29201
[  620.547737] binder_alloc: 14824: binder_alloc_buf, no vma
[  620.557049] binder: 14824:14866 transaction failed 29189/-3, size 104-24 line 3284
[  620.573861] binder: 14824:14866 ioctl c0306201 20000800 returned -14
22:20:55 executing program 3:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001000000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a747000000000000000000000000000000000000000000000000000000000000000000000000085616466000000000000000000000000020000000000000000000000000000008561646600"/104], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00']], 0x1ca, 0x0, 0x0})

22:20:55 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
mmap$binder(&(0x7f0000dff000/0x200000)=nil, 0x200000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="852a7470000000004d0900000000000000000000000000000000000000000000000000000000000085616466000000000000000000"], @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H']], 0x0, 0x0, 0x0})

22:20:55 executing program 5:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070")
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
connect$inet6(r1, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c)
write(r1, &(0x7f0000000100)="e1", 0x1)

22:20:55 executing program 2:
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000001})
epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0x0)
getresgid(&(0x7f0000000080)=<r4=>0x0, &(0x7f0000000180), &(0x7f00000001c0))
chown(&(0x7f0000000040)='./file0\x00', 0xffffffffffffffff, r4)
dup3(r3, r2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r5, &(0x7f0000d65000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x1, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x2}}, 0x14}}, 0x0)
r6 = dup3(0xffffffffffffffff, r5, 0x80000)
ioctl$sock_ifreq(r6, 0x8910, &(0x7f0000000000)={'veth0_to_team\x00', @ifru_mtu=0x3f})
tkill(r0, 0x10000000001c)

[  620.588734] binder: undelivered TRANSACTION_ERROR: 29189
[  620.625016] binder: 14868:14874 got transaction with out-of-order buffer fixup
[  620.635274] ------------[ cut here ]------------
[  620.635279] kernel BUG at drivers/android/binder_alloc.c:1108!
[  620.635285] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[  620.635290] Modules linked in:
[  620.635299] CPU: 0 PID: 14876 Comm: syz-executor.3 Not tainted 4.9.194+ #0
[  620.635306] task: 00000000480148c2 task.stack: 0000000073ed3758
[  620.635324] RIP: 0010:[<ffffffff8223a8fb>]  [<00000000cc5e3ce7>] binder_alloc_do_buffer_copy+0xcb/0x500
[  620.635328] RSP: 0018:ffff8801a012f4a8  EFLAGS: 00010216
[  620.635333] RAX: 0000000000040000 RBX: 0000000020dff000 RCX: ffffc90003b28000
[  620.635337] RDX: 000000000000035d RSI: ffffffff8223a8fb RDI: ffff8801ceba6658
[  620.635342] RBP: ffff8801a012f528 R08: ffff8801a012f5a8 R09: 0000000000000008
[  620.635347] R10: ffffed0034025f12 R11: ffff8801a012f897 R12: 0000000000000070
[  620.635352] R13: 0000000000000078 R14: 0000000000000008 R15: ffff8801a012f5a8
[  620.635360] FS:  00007f88db5d5700(0000) GS:ffff8801db600000(0000) knlGS:0000000000000000
[  620.635365] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  620.635369] CR2: 0000001b2f222000 CR3: 00000001cc5d6000 CR4: 00000000001606b0
[  620.635377] DR0: 0000000020000000 DR1: 0000000000000000 DR2: 0000000000000000
[  620.635381] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
[  620.635382] Stack:
[  620.635393]  ffffffff81249811 ffff8801a012f568 0000000000000246 0000000020000080
[  620.635403]  ffff8801d7451028 ffff8801ceba66d8 00ff8801a012f870 ffff8801ceba6680
[  620.635413]  ffffffff814fdcb6 ffff8801d8c87380 0000000000000078 ffff8801a012f5a8
[  620.635414] Call Trace:
[  620.635433]  [<000000003fe1a7ce>] ? debug_lockdep_rcu_enabled+0x71/0xa0
[  620.635443]  [<000000008f4fac5e>] ? memcpy+0x46/0x50
[  620.635452]  [<00000000f30d1baf>] binder_alloc_copy_from_buffer+0x37/0x42
[  620.635464]  [<000000003da74289>] binder_validate_ptr+0xc5/0x1b0
[  620.635473]  [<0000000073ff8916>] ? binder_get_object+0x1b0/0x1b0
[  620.635480]  [<00000000f30d1baf>] ? binder_alloc_copy_from_buffer+0x37/0x42
[  620.635489]  [<000000001d266e4f>] ? binder_get_object+0x12f/0x1b0
[  620.635496]  [<00000000bd5db044>] binder_transaction+0x20a4/0x5890
[  620.635504]  [<0000000073c2664c>] ? binder_inc_ref_for_node+0xba0/0xba0
[  620.635515]  [<00000000f9341604>] ? __save_stack_trace+0x7a/0xf0
[  620.635524]  [<0000000020316e06>] ? depot_save_stack+0x13c/0x4a0
[  620.635532]  [<000000003fe1a7ce>] ? debug_lockdep_rcu_enabled+0x71/0xa0
[  620.635541]  [<000000007d42969a>] ? __might_fault+0x114/0x1d0
[  620.635548]  [<00000000acf98782>] binder_thread_write+0x583/0x20e0
[  620.635557]  [<00000000660cfed3>] ? trace_hardirqs_on+0x10/0x10
[  620.635566]  [<00000000c676f7a2>] ? _raw_spin_unlock_irqrestore+0x6b/0x70
[  620.635574]  [<00000000a18986ea>] ? binder_transaction+0x5890/0x5890
[  620.635582]  [<000000007d42969a>] ? __might_fault+0x114/0x1d0
[  620.635590]  [<0000000054cd2481>] binder_ioctl+0xecd/0x1720
[  620.635598]  [<00000000f6eb4f41>] ? validate_mm+0x2fe/0x5a0
[  620.635605]  [<0000000014fc3778>] ? binder_poll+0x240/0x240
[  620.635612]  [<00000000b7531df7>] ? __lock_acquire+0x5e0/0x4390
[  620.635621]  [<000000000d6da34f>] ? __might_sleep+0x95/0x1a0
[  620.635628]  [<0000000014fc3778>] ? binder_poll+0x240/0x240
[  620.635638]  [<00000000a14ff232>] do_vfs_ioctl+0xb87/0x11d0
[  620.635648]  [<00000000994b25ef>] ? selinux_file_ioctl+0x103/0x550
[  620.635656]  [<000000002748e5ae>] ? ioctl_preallocate+0x210/0x210
[  620.635665]  [<00000000f1f1c277>] ? selinux_parse_skb.constprop.0+0x16b0/0x16b0
[  620.635673]  [<00000000a2418d21>] ? __fget+0x208/0x370
[  620.635681]  [<00000000e3b1b7b6>] ? __fget+0x22f/0x370
[  620.635688]  [<00000000adadc683>] ? __fget+0x47/0x370
[  620.635697]  [<0000000065876bb5>] ? security_file_ioctl+0x8f/0xc0
[  620.635706]  [<0000000065107bf9>] SyS_ioctl+0x8f/0xc0
[  620.635714]  [<00000000e4032543>] ? do_vfs_ioctl+0x11d0/0x11d0
[  620.635721]  [<00000000cbcb1545>] do_syscall_64+0x1ad/0x5c0
[  620.635730]  [<00000000db0bb026>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[  620.635852] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 0a 04 00 00 4d 8b 64 24 58 49 29 dc e8 0f 7e 0e ff 4d 39 e6 76 07 e8 05 7e 0e ff <0f> 0b e8 fe 7d 0e ff 4c 8b 6d d0 4d 29 f4 4d 39 e5 77 e8 e8 ed 
[  620.635860] RIP  [<00000000cc5e3ce7>] binder_alloc_do_buffer_copy+0xcb/0x500
[  620.635863]  RSP <ffff8801a012f4a8>
[  620.635869] ---[ end trace b8af3be95b4c4f8d ]---
[  620.635874] Kernel panic - not syncing: Fatal exception
[  620.636515] Kernel Offset: disabled
[  621.048701] Rebooting in 86400 seconds..