T_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x6000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:40:33 executing program 3:
syz_emit_ethernet(0x56, &(0x7f0000000080)={@remote, @empty=[0x0, 0x0, 0x14], [{[{0x9100, 0x14c1, 0x5, 0x1}], {0x8100, 0x7, 0x4, 0x4}}], {@ipv6={0x86dd, {0x0, 0x6, "6f87a9", 0x18, 0x3a, 0x0, @remote, @mcast2, {[], @icmpv6=@mld={0x83, 0x0, 0x0, 0x0, 0x0, @mcast2}}}}}}, 0x0)

09:40:33 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  521.130646] binder: 4981:4985 got new transaction with bad transaction stack, transaction 3305 has target 4981:0
[  521.141166] binder: 4981:4985 transaction failed 29201/-71, size 0-0 line 2879
09:40:33 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:33 executing program 4:
r0 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt(r0, 0x65, 0x10000000002, &(0x7f0000000000)="c8d63f23", 0x4)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vcan0\x00', <r1=>0x0})
r2 = add_key(&(0x7f0000000140)='id_resolver\x00', &(0x7f0000000180)={0x73, 0x79, 0x7a, 0x1}, 0x0, 0x0, 0xfffffffffffffffb)
r3 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f0000000280)={0x73, 0x79, 0x7a, 0x0}, &(0x7f00000002c0)="5653b6ae61fd5e75e052b236bbde2bc1bef7a6483bb25027417dfa3c1a7341d7ccde87d79feafa341fb5c5b9d1c289dd9b611f9c634098118d19eba0a446ecb44c19251ba9b54d1ec5c1bf083df26b04aa3fd64be069e68758922cc0dec92ebb050668a93bcff31c40f7607ed99f1917f4d6661b6638317b27ee15ca7ffdad1680b0594b18f98a8405f01a4124a2bff2425fa8e96807a255f5c2d40b613995e24ea669061cf505238464c76c699ba27e46990275ab8804efcc444c8d83ae0a54a3d975b3706be802d6274a1504ca9a", 0xcf, 0xfffffffffffffffd)
r4 = request_key(&(0x7f00000003c0)='logon\x00', &(0x7f0000000400)={0x73, 0x79, 0x7a, 0x2}, &(0x7f0000000440)='securitysecurity)bdev\\.)posix_acl_access.::selfselfvmnet1/self\x00', 0xffffffffffffffff)
keyctl$dh_compute(0x17, &(0x7f0000000480)={r2, r3, r4}, &(0x7f00000004c0)=""/224, 0xe0, &(0x7f0000000600)={&(0x7f00000005c0)={'sha1-ssse3\x00'}})
r5 = fcntl$dupfd(r0, 0x0, r0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000040)={<r6=>0xffffffffffffffff}, 0x106, 0x100b}}, 0x20)
write$RDMA_USER_CM_CMD_LISTEN(r5, &(0x7f0000000100)={0x7, 0x8, 0xfa00, {r6, 0x3}}, 0x10)
bind$can_raw(r0, &(0x7f00000001c0), 0x10)
bind$can_raw(r0, &(0x7f0000000240)={0x1d, r1}, 0x10)

[  521.202235] binder_alloc: binder_alloc_mmap_handler: 4981 20001000-20004000 already mapped failed -16
[  521.228156] binder: BINDER_SET_CONTEXT_MGR already set
[  521.249967] binder: 4981:4985 ioctl 40046207 0 returned -16
[  521.271960] binder_alloc: 4981: binder_alloc_buf, no vma
[  521.277531] binder: 4981:5003 transaction failed 29189/-3, size 24-8 line 2967
[  521.282645] binder: send failed reply for transaction 3305 to 4981:4985
09:40:34 executing program 6:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
openat$rtc(0xffffffffffffff9c, &(0x7f0000000200)='/dev/rtc0\x00', 0x10000003ffd, 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f00000004c0)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x2f5}], 0x30}, 0x0)
write$binfmt_script(r1, &(0x7f0000000300)=ANY=[], 0xffffffaa)
recvmsg(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000013c0)=""/4096, 0x1000}], 0x1, &(0x7f0000000100)=""/123, 0x7b}, 0x0)

09:40:34 executing program 7:
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000d28000))
r1 = epoll_create1(0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000e4cfe0)={{&(0x7f0000ffb000/0x4000)=nil, 0x4000}, 0x3})
r2 = getpid()
sched_setaffinity(r2, 0x8, &(0x7f0000000000)=0x5)
r3 = syz_open_dev$sndtimer(&(0x7f0000000080)='/dev/snd/timer\x00', 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r1, 0xc0145401, &(0x7f0000000140)={0x0, 0x20000000000004, 0x5, 0x0, 0xfffffffffffffffa})
readv(r3, &(0x7f000042bff8)=[{&(0x7f0000e3b000)=""/61, 0x3d}], 0x1)
ioctl$KVM_DEASSIGN_PCI_DEVICE(r3, 0x4040ae72, &(0x7f0000000040))
dup3(r1, r0, 0x0)

09:40:34 executing program 3:
r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x101000, 0x0)
ioctl$RTC_WIE_OFF(r0, 0x7010)
r1 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000000)="24000000110007031dfffd946fa28300070002d418000000001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)
syz_open_dev$amidi(&(0x7f0000000080)='/dev/amidi#\x00', 0x2, 0x2eb4fd3f68013398)

[  521.299559] binder: undelivered TRANSACTION_ERROR: 29201
[  521.305126] binder: undelivered TRANSACTION_ERROR: 29189
09:40:34 executing program 1:
r0 = socket$inet(0x2, 0x1, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0xfffffffffffffffc, 0x8972, 0xffffffffffffffff, 0x0)
bind$inet(r0, &(0x7f0000134000)={0x2, 0x4e23, @broadcast}, 0x10)
connect$inet(r0, &(0x7f00000e5000)={0x2, 0x4e23, @loopback}, 0x10)
connect$inet(r0, &(0x7f00009322c4)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x2)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @multicast2}, 0xffffffffffffff05)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)

09:40:34 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0xe000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:34 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x600, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:40:34 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:34 executing program 4:
r0 = socket$inet6(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f000000bfc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000002000)=[{&(0x7f0000000080)="5500000018007fafb7a41cb22da280000206000000a843096c37234a39000900310008004b00ca8a9848a3090000006b7b31afdc1338d54400009b84136ef75afb83de440700d42c44e82afc5349fddd4ab94e7162", 0x55}], 0x1, &(0x7f0000000100)}, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='cpu.stat\x00', 0x0, 0x0)
setsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, &(0x7f0000000140)=0x401, 0x4)

09:40:34 executing program 3:
r0 = socket$inet(0x10, 0x7ffff, 0x68)
sendmsg(r0, &(0x7f0000004fc8)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="2f0000001800030007fffd946fa283bc8020000000040005031d856808000900083c14cc16ccbb24e0710b42fa3ccc", 0x2f}], 0x1}, 0x0)

[  521.380367] Unknown ioctl 28688
[  521.390768] Unknown ioctl 28688
[  521.437367] binder: 5024:5029 got new transaction with bad transaction stack, transaction 3311 has target 5024:0
[  521.447839] binder: 5024:5029 transaction failed 29201/-71, size 0-0 line 2879
09:40:34 executing program 3:
r0 = syz_open_dev$sndseq(&(0x7f0000dcc000)='/dev/snd/seq\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r0, 0x40505331, &(0x7f0000000c00)={{0x0, 0x7}, {}, 0x400})

09:40:34 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x400000000000000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r2, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
ioctl$KVM_SET_NR_MMU_PAGES(r1, 0x4038ae7a, 0x80ffff)

09:40:34 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x11000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:34 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

[  521.538053] binder_alloc: binder_alloc_mmap_handler: 5024 20001000-20004000 already mapped failed -16
[  521.557771] binder: BINDER_SET_CONTEXT_MGR already set
[  521.563211] binder: 5024:5029 ioctl 40046207 0 returned -16
[  521.569204] binder_alloc: 5024: binder_alloc_buf, no vma
[  521.574846] binder: 5024:5043 transaction failed 29189/-3, size 24-8 line 2967
09:40:34 executing program 1:
r0 = socket$inet(0x2, 0x1, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0xfffffffffffffffc, 0x8972, 0xffffffffffffffff, 0x0)
bind$inet(r0, &(0x7f0000134000)={0x2, 0x4e23, @broadcast}, 0x10)
connect$inet(r0, &(0x7f00000e5000)={0x2, 0x4e23}, 0x10)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x220100, 0x0)
write$FUSE_DIRENT(r1, &(0x7f00000000c0)={0xd8, 0x0, 0x2, [{0x6, 0x0, 0x0, 0xffffffffffffff7f}, {0x6, 0x8001, 0x51, 0x3, 'cpuset.security]!nodevem0vboxnet0vboxnet1[posix_acl_access*\'!)-^:[,GPL)*mime_type'}, {0x0, 0x100000001, 0x7, 0x100000001, 'GPL!GPL'}, {0x1, 0x3, 0x7, 0x40, '}md5sum'}]}, 0xd8)
connect$inet(r0, &(0x7f00009322c4)={0x2, 0x4e23, @rand_addr=0x6}, 0x164)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)

09:40:34 executing program 3:
prctl$intptr(0x0, 0xfffffffffffffff4)
r0 = gettid()
r1 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x0, 0x400)
getsockopt$IP_VS_SO_GET_VERSION(r1, 0x0, 0x480, &(0x7f0000000040), &(0x7f0000000080)=0x40)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
io_setup(0x80, &(0x7f0000000140)=<r2=>0x0)
socket$inet6(0xa, 0x4, 0x6)
io_pgetevents(r2, 0x1, 0x1, &(0x7f00000000c0)=[{}], &(0x7f0000000100)={0x77359400}, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'poly1305-simd\x00'}, 0x218)
r4 = accept$alg(r3, 0x0, 0x0)
r5 = open(&(0x7f00004b8ff8)='./file0\x00', 0x28042, 0x0)
fallocate(r5, 0x0, 0x0, 0x73e0)
sendfile(r4, r5, &(0x7f00007ed000), 0xffa)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0xfffffffffffffffe, 0x100000000000031, 0xffffffffffffffff, 0x0)
tkill(r0, 0x16)
getsockopt$IPT_SO_GET_INFO(r1, 0x0, 0x40, &(0x7f0000000180)={'nat\x00'}, &(0x7f0000000200)=0x54)

[  521.583692] binder: send failed reply for transaction 3311 to 5024:5029
[  521.593760] binder: undelivered TRANSACTION_ERROR: 29201
[  521.599386] binder: undelivered TRANSACTION_ERROR: 29189
09:40:34 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

[  521.722316] binder: 5065:5066 got new transaction with bad transaction stack, transaction 3317 has target 5065:0
[  521.732811] binder: 5065:5066 transaction failed 29201/-71, size 0-0 line 2879
[  521.758580] binder_alloc: binder_alloc_mmap_handler: 5065 20001000-20004000 already mapped failed -16
[  521.768561] binder: BINDER_SET_CONTEXT_MGR already set
[  521.774123] binder: 5065:5066 ioctl 40046207 0 returned -16
[  521.774413] binder_alloc: 5065: binder_alloc_buf, no vma
[  521.785388] binder: 5065:5072 transaction failed 29189/-3, size 24-8 line 2967
[  521.794578] binder: send failed reply for transaction 3317 to 5065:5066
[  521.802852] binder: undelivered TRANSACTION_ERROR: 29201
[  521.808522] binder: undelivered TRANSACTION_ERROR: 29189
09:40:34 executing program 6:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r1 = accept$alg(r0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f00000004c0)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x2f5}], 0x30}, 0x0)
setrlimit(0xb, &(0x7f0000000000)={0x6105, 0xc5})
write$binfmt_script(r1, &(0x7f0000000300)=ANY=[], 0xffffffaa)
recvmsg(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000013c0)=""/4096, 0x1000}], 0x1, &(0x7f0000000100)=""/123, 0x7b}, 0x0)
execve(&(0x7f0000000340)='./file0\x00', &(0x7f0000000500)=[&(0x7f0000000380)='/dev/vsock\x00', &(0x7f00000003c0)='/dev/vsock\x00', &(0x7f0000000400)=')keyring\x00', &(0x7f0000000440)='\x00'], &(0x7f0000000740)=[&(0x7f0000000540)='gcm_base(ctr(aes-aesni),ghash-generic)\x00', &(0x7f0000000580)='ppp0\\trustedtrusted@,nodev-wlan1\\nodev\x00', &(0x7f00000005c0)='/dev/vsock\x00', &(0x7f0000000600)='/dev/vsock\x00', &(0x7f0000000640)='aead\x00', &(0x7f0000000680)='\x00', &(0x7f00000006c0)='aead\x00', &(0x7f0000000700)='/dev/vsock\x00'])
r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x0, 0x0)
setsockopt$inet_group_source_req(r2, 0x0, 0x2c, &(0x7f0000000200)={0x3f, {{0x2, 0x4e21, @loopback}}, {{0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x21}}}}, 0x108)

09:40:34 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:34 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:34 executing program 1:
r0 = socket$inet(0x2, 0x1, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0xfffffffffffffffc, 0x8972, 0xffffffffffffffff, 0x0)
bind$inet(r0, &(0x7f0000134000)={0x2, 0x4e23, @broadcast}, 0x10)
connect$inet(r0, &(0x7f00000e5000)={0x2, 0x4e23, @loopback}, 0x10)
connect$inet(r0, &(0x7f00009322c4)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x2)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000000)={&(0x7f0000b7d000/0x1000)=nil, 0x1000}, &(0x7f0000000040)=0x10)
r1 = syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x4, 0x1)
ioctl(r0, 0x8, &(0x7f0000000200)="44c31b03c899413fd9db89a0c7f491ea5f7e48a7e0e9ac996b5166113a5d159fa31334efb03e6d8632b78510323161c8df7193316799ee98b8c1dc8734168cf7ded956060126a3f3b477c5f07e81e6074f38ae47f7a8fa555f19a0601bfbb979b23b25c49b9a94ea3d5a5a16afd68f8e19248c076b31d5d53f763e19add00f4c18757aa78781981ae611d48b5643b8ae2913da25b54ea27f4b1eb0ac40e91eaf3688b713aa760071b76097a66865f758b67ce15d454c586cf938f4f7018428d9169e454ff5ced5e57f49a39b60c4658123ac0344bfe7f1ef1689988fbb5590523055c81c05d780ab1a8479c881801ddebe98046ede03965f0895f960")
ioctl$BLKZEROOUT(r1, 0x127f, &(0x7f0000000140)={0x7f, 0x6})
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
syz_open_dev$vcsa(&(0x7f00000000c0)='/dev/vcsa#\x00', 0x4, 0x200000)

09:40:34 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xb, 0x0)
ioctl$SNDRV_TIMER_IOCTL_PVERSION(r0, 0x80045400, &(0x7f0000000080))
read$eventfd(r0, &(0x7f0000000000), 0x8)
read(r0, &(0x7f0000000100)=""/158, 0x9e)
close(r0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070")

09:40:34 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:40:34 executing program 3:
socketpair$inet(0x2, 0x6, 0x5, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
r1 = getuid()
setsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f00000000c0)={{{@in=@multicast1, @in6=@dev={0xfe, 0x80, [], 0x18}, 0x4e22, 0x40000, 0x4e21, 0x5, 0xa, 0x20, 0x20, 0x6, 0x0, r1}, {0x8, 0x8, 0x10000000000, 0x4, 0x100000000, 0x100, 0x0, 0xffffffffffffffff}, {0x5, 0x2, 0x59, 0x2}, 0x9, 0x6e6bb8, 0x2, 0x0, 0x3, 0x3}, {{@in=@rand_addr=0x2, 0x4d2, 0xff}, 0xa, @in=@local, 0x3506, 0x0, 0x2, 0x7, 0x7, 0x3, 0xffffffffffffff93}}, 0xe8)
r2 = perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$midi(&(0x7f00000001c0)='/dev/midi#\x00', 0x7, 0x200000)
r4 = getgid()
write$FUSE_CREATE_OPEN(r3, &(0x7f0000000200)={0xa0, 0x0, 0x7, {{0x2, 0x2, 0x7fff, 0x80, 0x9, 0x3, {0x4, 0x400, 0x0, 0x5, 0x3, 0xfffffffffffffffc, 0x1, 0x401, 0xfffffffffffffc01, 0x5, 0x6, r1, r4, 0x0, 0x7}}, {0x0, 0x2}}}, 0xa0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x10003, 0x80011, r2, 0x0)
r5 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000002240)='/proc/sys/net/ipv4/vs/sync_version\x00', 0x2, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6)
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r5, 0x28, 0x1, &(0x7f0000000040)=0x2, 0x8)
mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000009, 0x20010, r0, 0x0)

09:40:34 executing program 7:
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100))
r1 = epoll_create1(0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000e4cfe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
r2 = getpid()
sched_setaffinity(r2, 0x8, &(0x7f0000000000)=0x5)
r3 = syz_open_dev$sndtimer(&(0x7f0000000080)='/dev/snd/timer\x00', 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r3, 0xc0145401, &(0x7f0000013000))
readv(r3, &(0x7f000042bff8)=[{&(0x7f0000e3b000)=""/61, 0x3d}], 0x1)
ioctl$KVM_DEASSIGN_PCI_DEVICE(r3, 0x4040ae72, &(0x7f0000000040))
dup3(r1, r0, 0x0)

09:40:34 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

[  522.262707] binder: 5086:5088 got new transaction with bad transaction stack, transaction 3323 has target 5086:0
[  522.273169] binder: 5086:5088 transaction failed 29201/-71, size 0-0 line 2879
09:40:35 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0xfd000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:35 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:35 executing program 3:
r0 = socket$inet6(0xa, 0x1001000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_BIND_IP(r1, &(0x7f00000001c0)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @loopback}, r2}}, 0x30)
write$RDMA_USER_CM_CMD_LISTEN(r1, &(0x7f0000000140)={0x7, 0x8, 0xfa00, {r2}}, 0x10)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_DESTROY_ID(r1, &(0x7f0000000180)={0x1, 0x10, 0xfa00, {&(0x7f0000000040), r2}}, 0x18)

[  522.318167] binder_alloc: binder_alloc_mmap_handler: 5086 20001000-20004000 already mapped failed -16
[  522.330849] binder: BINDER_SET_CONTEXT_MGR already set
[  522.336404] binder: 5086:5088 ioctl 40046207 0 returned -16
[  522.342915] binder_alloc: 5086: binder_alloc_buf, no vma
[  522.348576] binder: 5086:5115 transaction failed 29189/-3, size 24-8 line 2967
[  522.356877] binder: send failed reply for transaction 3323 to 5086:5088
09:40:35 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

[  522.383413] binder: undelivered TRANSACTION_ERROR: 29201
[  522.388994] binder: undelivered TRANSACTION_ERROR: 29189
09:40:35 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:35 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0xe00000000000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:35 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000100)=0x4000)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x100004, 0x0, 0x400000000, 0x1000, &(0x7f0000001000/0x1000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x0, 0x0, 0x401, 0x8, 0x0, 0x0, 0x6]})
ioctl$KVM_NMI(r2, 0xae9a)
r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vga_arbiter\x00', 0x10080, 0x0)
ioctl$TIOCSBRK(r3, 0x5427)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000140)=ANY=[@ANYRES16=r0], 0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_S390_VCPU_FAULT(r2, 0x4008ae52, &(0x7f00000000c0)=0xfffffffffffffffb)

[  522.439514] binder: 5132:5134 got new transaction with bad transaction stack, transaction 3329 has target 5132:0
[  522.450007] binder: 5132:5134 transaction failed 29201/-71, size 0-0 line 2879
[  522.467901] binder_alloc: binder_alloc_mmap_handler: 5132 20001000-20004000 already mapped failed -16
[  522.477585] binder: BINDER_SET_CONTEXT_MGR already set
[  522.483131] binder: 5132:5134 ioctl 40046207 0 returned -16
[  522.489147] binder_alloc: 5132: binder_alloc_buf, no vma
[  522.494716] binder: 5132:5139 transaction failed 29189/-3, size 24-8 line 2967
[  522.503568] binder: send failed reply for transaction 3329 to 5132:5134
[  522.512874] binder: undelivered TRANSACTION_ERROR: 29201
[  522.518425] binder: undelivered TRANSACTION_ERROR: 29189
09:40:35 executing program 6:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)
r1 = syz_open_dev$midi(&(0x7f00000004c0)='/dev/midi#\x00', 0xf7, 0x800)
epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
recvmsg(r0, &(0x7f0000000600)={&(0x7f0000000000)=@ipx, 0x80, &(0x7f0000000500)=[{&(0x7f0000000200)=""/5, 0x5}, {&(0x7f0000000240)=""/95, 0x5f}, {&(0x7f00000002c0)=""/226, 0xe2}, {&(0x7f00000003c0)=""/88, 0x58}, {&(0x7f0000000440)=""/13, 0xd}], 0x5, &(0x7f0000000580)=""/70, 0x46, 0x6}, 0x2)
r2 = accept$alg(r0, 0x0, 0x0)
sendmsg$alg(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f0000000640)=[@iv={0x60, 0x117, 0x2, 0x4c, "457b7c3a87d45cb7bf786212e1b166366cfc6ee13d7f2e5acbd924c83f2021aa563a2fbbc638c6d96677c05e7d1ea215a9e2564709730a61e279d7e1fb6590748ccd44a9d24cf67a9b2d2554"}, @assoc={0x18, 0x117, 0x4, 0x2f5}], 0x78}, 0x0)
write$binfmt_script(r2, &(0x7f0000000300)=ANY=[], 0xffffffaa)
recvmsg(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000013c0)=""/4096, 0x1000}], 0x1, &(0x7f0000000100)=""/123, 0x7b}, 0x0)
r3 = dup3(r0, r2, 0x80000)
ioctl$RTC_EPOCH_SET(r3, 0x4008700e, 0xa86)

09:40:35 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:35 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x6c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:40:35 executing program 3:
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000380)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000240)={<r1=>0xffffffffffffffff}, 0x111, 0x100f}}, 0x20)
write$RDMA_USER_CM_CMD_REJECT(r0, &(0x7f00000003c0)={0x9, 0x108, 0xfa00, {r1, 0x90, "2a97c0", "d323fc40b0b748d3397bcff1703e88434ffb4e0bd753908e9755c78a5ea4bf2e8a7775bdb15517e5078ef1691ced3d5b1764c8e578cb13842efa3c08b96303e2775ba95406b231b3cab440df3fbdacab576a924297b8e81bf7349754e08efe1b83e22e868db1e3add66fbefd9874f883051f0dbf6dfdce4452adf142197f574746ffe79b904941d93cc83227d030c2c93dc1c547a869047bbebdbdbb6b3e639eaaa9b4628ad90ec0b6ddd62da524fd35a9edb326d1e33b8f37bdaf49b5984bcbaa6a48b1e589d0f93119dbe767d1c5c333445710f9367926b3ce2560ef15bbd3f6ec1a346afc00125234862ad4db967adf2742aea1ebff9b4cfbb01f4e381967"}}, 0x110)
write$binfmt_script(r0, &(0x7f00000003c0)=ANY=[], 0xfffffffffffffd25)
accept4$packet(r0, &(0x7f0000000280)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000002c0)=0x14, 0x0)
ioctl$sock_inet6_SIOCDIFADDR(r0, 0x8936, &(0x7f0000000300)={@dev={0xfe, 0x80, [], 0x20}, 0x10, r2})
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000080)={{{@in6=@mcast1, @in=@remote}}, {{@in=@rand_addr}, 0x0, @in=@local}}, &(0x7f0000000340)=0xe8)
shmget$private(0x0, 0x4000, 0xf, &(0x7f0000ffc000/0x4000)=nil)
ioctl$int_in(r0, 0x800000c0045002, &(0x7f0000000200)=0x10003)

09:40:35 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:35 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x7, 0x101000)
ioctl$TIOCGPTPEER(r1, 0x5441, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)

09:40:35 executing program 1:
r0 = socket$inet(0x2, 0x1, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0xfffffffffffffffc, 0x8972, 0xffffffffffffffff, 0x0)
bind$inet(r0, &(0x7f0000134000)={0x2, 0x4e23, @broadcast}, 0x10)
connect$inet(r0, &(0x7f00000e5000)={0x2, 0x4e23, @loopback}, 0x10)
connect$inet(r0, &(0x7f00009322c4)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x2)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xf}}, 0x13)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)

09:40:35 executing program 7:
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000d28000))
r1 = epoll_create1(0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000e4cfe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
r2 = getpid()
sched_setaffinity(r2, 0x8, &(0x7f0000000000)=0x5)
r3 = syz_open_dev$sndtimer(&(0x7f0000000080)='/dev/snd/timer\x00', 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r3, 0xc0145401, &(0x7f0000013000))
ioctl$KVM_GET_TSC_KHZ(r0, 0xaea3)
readv(r3, &(0x7f000042bff8)=[{&(0x7f0000e3b000)=""/61, 0x3d}], 0x1)
ioctl$KVM_DEASSIGN_PCI_DEVICE(r3, 0x4040ae72, &(0x7f0000000040))
r4 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x101, 0x400000)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140)={<r5=>0xffffffffffffffff}, 0x106, 0x6}}, 0x20)
r6 = openat$zero(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/zero\x00', 0x1, 0x0)
write$RDMA_USER_CM_CMD_MIGRATE_ID(r4, &(0x7f0000000200)={0x12, 0x10, 0xfa00, {&(0x7f0000000100), r5, r6}}, 0x18)
dup3(r1, r0, 0x0)

09:40:35 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x28, 0x0, 0x6500})
fallocate(r0, 0x0, 0x1e, 0x1)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000500)=[@text64={0x40, &(0x7f0000000040)="e170b805000000b9b9f400000f01c166420faebb0b00000066b865000f00d86566430f38827a110f215c440f01f8c4a151dcc2f3acc4a2a1a71c15fbffffff", 0x3f}], 0x1, 0x0, &(0x7f0000000340)=[@cr4={0x1, 0x2304a8}], 0x1)
ioctl$KVM_TRANSLATE(r2, 0xc018ae85, &(0x7f00000001c0))

[  523.132952] binder: 5166:5169 got new transaction with bad transaction stack, transaction 3335 has target 5166:0
[  523.143436] binder: 5166:5169 transaction failed 29201/-71, size 0-0 line 2879
09:40:35 executing program 3:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(seed)\x00'}, 0x58)
accept$unix(0xffffffffffffffff, &(0x7f00000002c0), &(0x7f0000000340)=0x6e)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20)
set_robust_list(&(0x7f0000000240)={&(0x7f0000000100)={&(0x7f00000000c0)}, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)}}, 0x18)

09:40:35 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:35 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:35 executing program 6:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="ab553fec94248c32e27d040000b8ff4877394ebdc38a", 0xfffffffffffffe3b)
r1 = accept$alg(r0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f00000004c0)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x2f5}], 0x30}, 0x0)
write$binfmt_script(r1, &(0x7f0000000300)=ANY=[], 0xffffffaa)
recvmsg(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000013c0)=""/4096, 0x1000}], 0x1, &(0x7f0000000100)=""/123, 0x7b}, 0x0)

09:40:35 executing program 1:
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000080)=<r0=>0x0)
sched_rr_get_interval(r0, &(0x7f00000000c0))
r1 = socket$inet(0x2, 0x1, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0xfffffffffffffffc, 0x8972, 0xffffffffffffffff, 0x0)
bind$inet(r1, &(0x7f0000134000)={0x2, 0x4e23, @broadcast}, 0x10)
setsockopt$inet_mreqsrc(r1, 0x0, 0x26, &(0x7f0000000000)={@empty, @multicast2, @multicast2}, 0xc)
connect$inet(r1, &(0x7f00000e5000)={0x2, 0x4e23, @loopback}, 0x10)
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000380)='/dev/autofs\x00', 0x541, 0x0)
ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x62)
ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x986, 0xff, 0x0, 0xf, 0x16, 0x4, "d8e294cf779863a5fe0b3c8ea7cfa074328faf2133c7874585385f03e2c97957d9305c9e57f08c37c7341c84f816edd1bde5e65698c9dbaa6e66badcbc49e370", "f1d19ad8e7232a33f9d87425c1460de0ff0d2bb8a59dbc123cae12b8017c8a5d9470f757a0ab38cdc77b568f3d065dbb26f076ab8901cbd1ebf613432f8c9fed", "49c50ecd52c98f76678177697c51e0a038949a5bca937d1ec34a9f9ea4d7887c", [0x80, 0x80000000]})
connect$inet(r1, &(0x7f00009322c4)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x2)
connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e23, @loopback}, 0x10)
poll(&(0x7f00000001c0)=[{r1}], 0x1, 0x0)
getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f0000000100)={<r3=>0x0, @in={{0x2, 0x4e22, @loopback}}}, &(0x7f0000000300)=0x84)
setsockopt$inet_sctp_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000340)={r3, 0xffffffff}, 0x8)

[  523.216055] binder_alloc: binder_alloc_mmap_handler: 5166 20001000-20004000 already mapped failed -16
[  523.241118] binder: BINDER_SET_CONTEXT_MGR already set
[  523.270568] binder: 5166:5169 ioctl 40046207 0 returned -16
09:40:36 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x300]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:36 executing program 6:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r1 = accept$alg(r0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f00000004c0)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x2f5}], 0x30}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.current\x00', 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f00000002c0)={0x16f4, 0x9, 0x3, 0xffffffffffff6033, 0x9, 0x2, 0xfff, 0x80, <r3=>0x0}, &(0x7f0000000300)=0x20)
setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f0000000340)={0xe4a, 0x3ff, 0x8, 0x3, 0x1ff, 0x1, 0x8, 0x8, r3}, 0x20)
setsockopt$inet6_tcp_int(r2, 0x6, 0x1f, &(0x7f0000000380)=0x1, 0x4)
write$binfmt_script(r1, &(0x7f0000000300)=ANY=[], 0xffffffaa)
recvmsg(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000013c0)=""/4096, 0x1000}], 0x1, &(0x7f0000000100)=""/123, 0x7b}, 0x0)
socketpair(0xa, 0x1, 0xde9d, &(0x7f0000000000)={<r4=>0xffffffffffffffff})
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x4, 0x2, 0x8, 0x800, 0x1, 0x800, 0xfc0000, 0x2, 0x691a, 0x59, 0x3ff, 0x9, 0x8, 0x7f, 0x5, 0x6], 0x1000})

[  523.320589] binder_alloc: 5166: binder_alloc_buf, no vma
[  523.326216] binder: 5166:5207 transaction failed 29189/-3, size 24-8 line 2967
[  523.336635] binder: send failed reply for transaction 3335 to 5166:5169
[  523.355430] binder: undelivered TRANSACTION_ERROR: 29201
[  523.361059] binder: undelivered TRANSACTION_ERROR: 29189
09:40:36 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:36 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x4c00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:40:36 executing program 4:
syz_emit_ethernet(0x6e, &(0x7f0000101000)={@random="cd390b081bf2", @link_local, [], {@ipv6={0x86dd, {0x0, 0x6, "02290f", 0x38, 0x3a, 0x0, @ipv4={[], [], @rand_addr}, @mcast2, {[], @icmpv6=@pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "9433df", 0x0, 0x2f, 0x0, @mcast2, @dev, [], "802a08000000006b"}}}}}}}, 0x0)
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x0, 0x0)
setsockopt$RDS_CONG_MONITOR(r0, 0x114, 0x6, &(0x7f0000000040)=0x1, 0x4)

09:40:36 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x700]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  523.465299] binder: 5226:5228 got new transaction with bad transaction stack, transaction 3341 has target 5226:0
[  523.475793] binder: 5226:5228 transaction failed 29201/-71, size 0-0 line 2879
09:40:36 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fanotify_mark(r1, 0x1, 0x2, 0xffffffffffffffff, &(0x7f0000000000)='./file0\x00')

09:40:36 executing program 3:
r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ion\x00', 0x0, 0x0)
ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x5, 0x1, 0x0, <r1=>0xffffffffffffffff})
ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000040)=0x1)
r2 = dup2(r1, r1)
ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086200, &(0x7f00000001c0)=0x1)
ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000080)=<r3=>0x0)
fcntl$setown(r2, 0x8, r3)
ioctl$RTC_PIE_OFF(r2, 0x7006)

[  523.527096] binder_alloc: binder_alloc_mmap_handler: 5226 20001000-20004000 already mapped failed -16
[  523.551384] binder: BINDER_SET_CONTEXT_MGR already set
[  523.556896] binder: 5226:5228 ioctl 40046207 0 returned -16
09:40:36 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0xfd]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  523.575143] binder_alloc: 5226: binder_alloc_buf, no vma
[  523.580763] binder: 5226:5249 transaction failed 29189/-3, size 24-8 line 2967
[  523.590295] binder: send failed reply for transaction 3341 to 5226:5228
[  523.600924] binder: undelivered TRANSACTION_ERROR: 29201
[  523.606441] binder: undelivered TRANSACTION_ERROR: 29189
[  523.627126] ion_buffer_destroy: buffer still mapped in the kernel
09:40:36 executing program 7:
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000d28000))
r1 = epoll_create1(0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000e4cfe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
r2 = getpid()
sched_setaffinity(r2, 0x8, &(0x7f0000000000)=0x5)
gettid()
r3 = syz_open_dev$sndtimer(&(0x7f0000000080)='/dev/snd/timer\x00', 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r3, 0xc0145401, &(0x7f0000013000))
r4 = accept4(0xffffffffffffff9c, &(0x7f0000001500)=@nl=@proc, &(0x7f0000001580)=0x80, 0x80000)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r4, 0x10e, 0x5, &(0x7f00000015c0)=0x5, 0x4)
readv(r3, &(0x7f000042bff8)=[{&(0x7f0000e3b000)=""/61, 0x3d}], 0x1)
ioctl$KVM_DEASSIGN_PCI_DEVICE(r3, 0x4040ae72, &(0x7f0000000040))
mkdir(&(0x7f00000000c0)='./file0\x00', 0x0)
fcntl$F_GET_FILE_RW_HINT(r3, 0x40d, &(0x7f0000000100))
dup3(r1, r0, 0x0)

09:40:36 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:36 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0xeffdffff]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:36 executing program 4:
openat$uinput(0xffffffffffffff9c, &(0x7f0000000100)='/dev/uinput\x00', 0x0, 0x0)
r0 = memfd_create(&(0x7f0000049000)='\x00', 0x0)
r1 = syz_open_dev$sndseq(&(0x7f0000050000)='/dev/snd/seq\x00', 0x0, 0x2)
r2 = dup2(r1, r0)
ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r1, 0xc0505350, &(0x7f0000000140)={{0xa24, 0x401}, {0x9, 0x4}, 0xad85, 0x0, 0x5})
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000000)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r2, 0x40bc5311, &(0x7f000004d000)={0x80, 0x1, 'clie\x00\x00\x00\t\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 0xffffffff80000004, "010f010000000100", "88e7ed00000080000000001ef67b3df539b6889c17b52389861ec9db7fd918e0"})
clock_gettime(0x0, &(0x7f00000001c0)={<r3=>0x0, <r4=>0x0})
futimesat(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000200)={{}, {r3, r4/1000+10000}})
write$sndseq(r0, &(0x7f0000042f70), 0x0)

09:40:36 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x7a00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:40:36 executing program 3:
socket$inet_icmp_raw(0x2, 0x3, 0x1)
perf_event_open(&(0x7f0000000200)={0x2, 0xffffffffffffffe7, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}, 0x0, 0x0, 0x9, 0x800000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uinput\x00', 0x40000, 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f0000000480)={0x5}, 0x1)
r1 = syz_open_dev$usbmon(&(0x7f00000000c0)='/dev/usbmon#\x00', 0x80000000, 0x311002)
setsockopt$RDS_GET_MR(r1, 0x114, 0x2, &(0x7f0000000180)={{&(0x7f00000002c0)=""/134, 0x86}, &(0x7f0000000100), 0xa}, 0x20)
r2 = socket$inet6(0xa, 0x2, 0x0)
r3 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r3, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x200000c, 0x32, 0xffffffffffffffff, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r3, 0x84, 0x7, &(0x7f0000000000)={0xc7}, 0x4)
ioctl$KVM_GET_REGS(r0, 0x8090ae81, &(0x7f00000003c0))
setsockopt$IP_VS_SO_SET_ZERO(r4, 0x0, 0x48f, &(0x7f0000000040)={0x0, @dev, 0x0, 0x0, 'nq\x00'}, 0x2c)
connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)

[  523.974625] binder: 5262:5263 got new transaction with bad transaction stack, transaction 3347 has target 5262:0
[  523.985087] binder: 5262:5263 transaction failed 29201/-71, size 0-0 line 2879
[  524.044667] binder_alloc: binder_alloc_mmap_handler: 5262 20001000-20004000 already mapped failed -16
[  524.054339] binder: BINDER_SET_CONTEXT_MGR already set
[  524.060133] binder: 5262:5263 ioctl 40046207 0 returned -16
[  524.067217] binder_alloc: 5262: binder_alloc_buf, no vma
[  524.072760] binder: 5262:5278 transaction failed 29189/-3, size 24-8 line 2967
[  524.081604] binder: send failed reply for transaction 3347 to 5262:5263
[  524.088849] binder: undelivered TRANSACTION_ERROR: 29201
09:40:36 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:36 executing program 4:
syz_emit_ethernet(0x0, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)={0xfffffffffffffffd, 0x0, [0x9d, 0x715, 0x775]})
syz_extract_tcp_res(&(0x7f0000000000), 0x9, 0x3f)

[  524.094384] binder: undelivered TRANSACTION_ERROR: 29189
09:40:36 executing program 6:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r1 = accept$alg(r0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f00000004c0)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x2f5}], 0x30}, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha256\x00'}, 0x58)
write$binfmt_script(r1, &(0x7f0000000300)=ANY=[], 0xffffffaa)
recvmsg(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000013c0)=""/4096, 0x1000}], 0x1, &(0x7f0000000100)=""/123, 0x7b}, 0x0)

09:40:36 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x34000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:36 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000180)="025c3f0a00145f8f764070")
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000080)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b005e381e5b3b60ced5c54dbb7", 0x10)
r2 = accept$alg(r1, 0x0, 0x0)
sendmmsg$alg(r2, &(0x7f0000003f00)=[{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000140)="e2a627a7ca7fad", 0x7}], 0x1, &(0x7f0000000700)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0)
r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/snapshot\x00', 0x2000, 0x0)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r3, 0xc0145401, &(0x7f00000018c0)={0x3, 0x2, 0x8, 0x0, 0x4})
r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x0, 0x0)
sendmmsg$inet_sctp(r4, &(0x7f0000001840)=[{&(0x7f0000000040)=@in6={0xa, 0x4e22, 0x4, @empty, 0xc4c}, 0x1c, &(0x7f0000000100)=[{&(0x7f00000001c0)="12a7bdaa2171669ed8b8ff601febe373d9b397ce6ba5aba082f8b829c4750c58cc20dbe379191ac30af688ed903f3d94de5e9b617b657cbedfeae8f3ff4cfa03b383dbf840bfce34abe9", 0x4a}], 0x1, &(0x7f0000000240)=[@dstaddrv4={0x18, 0x84, 0x7, @multicast1}, @dstaddrv4={0x18}], 0x30}, {&(0x7f0000000280)=@in6={0xa, 0x4e24, 0x0, @mcast2, 0xccf5}, 0x1c, &(0x7f0000001740)=[{&(0x7f00000002c0)="39076d0ad6bf094d9d75786d55c04af813066e6d5ecfe7c03f87f4ea90d719c0a6aa81ad99d5db7f8882a6724ef5170e53c80a896d8af3bea4d1dab3bb33830816e78bc814c3f2637446bbacd321ac6a244f00f67bafd091d1016ce61c764afb65c432745c2ba2605ae6ef1691c343ce16e039eae72db5dde499eac3996febc2513eb766e279402c988b76774333b3c8ff41727ad5111ec2ed", 0x99}, {&(0x7f0000000380)="2a505b9e1e0121404de2a7561b5352ff89e39baf23a02322682f19374f16e834dd42fabea62533b487aca93c4c5e1b1af0be66b7f30bba3e4eb11d4e5c68d91455e4f3129f2e", 0x46}, {&(0x7f0000000740)="57b68eba9ef576598a714580ebe9375d1a569125c45ee76e4d687b3f07157c5694ea9f30a85658a76acb47e5fed1891cd03adf37853c6390fdae08448a16e97f83e3a4b9327a4d1035c5a2a6e37ac81746cca6e3a4dae9fbdb661ba6ed55c18c919291540333f4f53d3d1bf1ba84b17fc28f116518d10a49eb6834deeb4e330910aeb077e2c80a3c2d1ad58e0213f670caf5c44f5d215469d1a9701bcfd0e6ebc1fb2e76dc6391a2eb93d7d1936eda95ceadee83f4a5aea6af08b6246b74152f2330e200f1a945add9c77550a353de08736c3de32f4bfce6f3895e049e1a708bf8d6c6fee89d493862efc883c937bbe66bfd9b80027c2df44927c7a83baa1a51ebceca60dc41095060334d175cb1d548897828f45977ae75b9a95d28f3c59cce2b86fb3dc546569f9711de8798d435583a0e04b9f4b24de094fa0a847adc30247d4b9f5cf564274b83fdfb02483e99c477c3a372eedd63d3561a65902d2146e68f045d2ab47e550f9676d04339ed33f19fb30d89410fe9f4d1e99ab42bc2f2bb5581985e038d49779eacb32df1f2bda068e09671b76abcf5cc05349634ac95a40a9fd044d8dfc8c6b7c6c07e6e97da6f584befed1bad3e445e1e16dfe87afaa3a9919f52f73b615a79d0b52149ba740caad30173d1f3162bc94f1170b5688653659f0f9e3d163a1378b7cd2d1b7e545a73268ba3e381880cd2d2db8ad408ef22c8e53dc8198ef2a5377ddb8fa87d1d9527fcec8c4d1f8734a0bcd16c197df2222a31cf4347ac763759555880c817e805fe45bd4a53ad7b34e191d085adcb88bd04e34a51170fcc3e9ffbb2fd8f351a7ed69a9afbc5cf787d30770f9a31d21df17b067d42686437ed449b9a5179657e613c212921889beca27711b5d859b644c8dc3ee4b5e09ab653bf18cf9886b4dec2f535b91d9b661e4726a7f03e44db7240840d9ac8eb057af1bb6fac1811fdc4dc70b083751ec2dba32dd36cadd330246c02eaa0f3200fa37b817a10d16499f9bc32bbf7b82302844cc3aeaea1707cc385ba5b4be33cdc2f44469fde1384abd8504829ef6cbf917f0bbce8d29cfd016a1556a19d6807752473a0a9a36ef9af9dbdd0b768326ec834a1aeeea24604beac41c50afdde3693cc61fb160c75bff786668f6814fe8f44936ac0b759f79b39a2e0dbc544a6e89ce5dd24aa1499bc68b1f4baa0644dcd4503166566a4eda8aa86064ca0fb773cce1fd9b07d8e6c4c061aa66aa3fbd7b917daf097a1c48e161634a9e7375eee68df3b83b356994dac8f0e7ed6e0f8d8672d7b4a4eca9d4a74b6d95c0d9591af82c2b2a14421a9397cde9fe903278088a54ed8d10c20ffd93957e353e0cdda37f373d17119fd17a69b0621c3200f73e1020a0375651b2f3b9456554f3ecb1afa456d7923f977dca0932d1c2b6550cc024ef8d1fb497b3513c0194fe2f0196dc74b885837d27d674134d871c361468eb81645b98392b7898ce9f352474f700a606dd023ae726310eb0078ca5714c67eced14cbf96b10c87c1dd464beb059e075215c9580b218de57475ef9416076768272770a9b7afff34e9a1ab8b7ad9f8697edcc0eb3b9341f64c6bc53fad03392d4896c402c09582e9a8e93e2945d739e742832f4e3346f0228da5fe1b32efa582b19ce3141d1583db4619354c1361213110e8346b1a4600c82d7f8f34aff7a891567efa3fe21954bbda0b99d01af08169e9ecdc3c1d6ca771793fb7b91f7509ef63d3df154982cfd6705ddfcffd0205c5547cb85ec38e35b4b5ef72194b84f8e9b56163b49fcae9b5207b066da139ff19b708c8ea8c6af593461084f5c092738e8c89262b850a3f2b3b71584474ad0139afc7b9c13afda288ee26e3b0850246282e62f21ce75c20048067c4fe85b25faabaab009105358f200b6db6979315f40ac7e494d515f4f42ae376e005eab7a4cf709c4ce44961536d2d983f695b31422bd746116299293587fa0a180605b8001763db6226fdd6a1f7a9a070a4b8aeec38768716990feb9fe7bdc648dff7f7334b6b4e82c138c7291d97aecb2a07b3c56eff55eb4ad181eaee70d70696814ff21fce249dd4f05fa8c007e126403abeeb582200c6cdd4be3135878f7361a057d3f857420f63c99f1c1d83006b5ea5defbde2d81f703ad8e2b7f296bc9ce27e115a76c771305f9c1732331ff1af070c8b987bf06e099f7ad6acfcc9ef3d8d68d6caa81ff5a98448321e5c642931c658421e33bbacb2e27562cdd1c447b32ef511d416d9bdc15155e39c098ad84f063d67e62f8b37cfcda816aa2e025bd9887ac83bc564f3ccba7925c355ebbe7a36630465de5b656cf7600ebe05621eb86b8cb3ca398a769bfd4fd39218873d5701bcb36cfe9b09af9d70a5e63d5f0eb5ca957b53e4d3fdf21ba9dd0145dad5a5ee65e605b73dbf73a7037fc13bf433a4504001d444bbf4126de1278365a3616b499bb7c3ab593275e69724950aa450b6b1874a52edb524ffa13c5e1bedb85aaa65046d985943a562c784d7a6236b94d7fbfc6100bc662ed1249ae5758ffb8a078c5cf726b2567b7f51e4d7c4e2ecbcf35e0f232a2749c43fd069e1ee40e8457134ddf7dd07e6014a41b135a9242a611911f6a497560f4188fbc5d0ae1cd8f5ec7b6e73bd2a2d14f7be0ff13593c9f1b252962ef366ac19d0967d014b1b3641a7d2bfa3a0f467c7ac2d6e7bd97a7b7005c506869f6259f7890cc1889d90639d17189fff46a058bc4501cf502b9894c715a227b75f07aea41a02e672a69d08b877f719e617c22e215f415afc8b38b3db345168b2dd1f7bfc0409cc4a529abffac9577462bf58a5c21db50149a7241733d1b6c9ad2e01618b925350b69f3f01be9c41a04ac1cb5f1eb5fe5b3ac9e842365a29e839144d316fb8ef4a26b121102e3553285350f61b1adbf93349cc82f064f21c8b8ee4190c33ba755c70e832f550b0af4cb4a55a23b6917bc37d4a67382e5f86a20d7d4128dc3de433730dd93ae04b66f1a4876f758f7c51ee8dd334d965e85a8cb8ea74ab5d6483c54234559568f8beee2eaae3c4b5b95b6d1a0e14fa63cf00b98a5bc0ea115bf46f7cc84da3ad365e0724ba5b0f1cea0e7f9f5a61e826bc0c2a6406105e1a1daae55b59b670d3cd531a1dd6ea3f7e61c22990a0b8e8e240e2cf45bb7cb5fadbc8771e5266f73e01a765de813874e8f364187a4fb4a96866561b3e9c49df31cf6d8893522e617e358e7a26abc90b111912f936f3fe3dc77931bcf43fa5c9513a6fdb5c80a4cdf824b00fede0520ca516cc6f0b52a564b47e75550ca80cea2d88bd20c6bf7fe46bae9dc44f2a3d4b821a5199e17b9c93ac1237e9afa26a7f1357ddc9ef6af2c1e28363e43a56c0f69b93b2bbe996796e02dc47d7f260ed8e56a41737640dceced0e24541a37b30e01abf596b9a25210288c6f7e20855f4a7f486133d4b5af65a7ba8ad08868231d234530d2a08a0f2aeccbf3cf29e8ab99c9818bfdf1dbc2367d4921a7fd78e232555d81dac1aff23a8233653820d7482f41014ded364bbd6fa90b50096703a134452283a444098cde6fcf3182e0530eb200df5c4ecb61ab351c080f64551eef4f614439ebdb43be6f587206d45d92e5a6d25240f95afc3fcb6a5be8327c4b65dc718a2955c5695448ff2598d72dd0d6c4e00bed316b1a602a03e0bf2e814554dcf07d28a06c7fac6b3b622684af2508bc8edd57b0839208d4b3fedb282bb6b01893501a31893c7ad391c0c6bad08879830bf8aede96d0aa697a35604ab28f87bf85a4fe75103e70e23b0fd6dc435cc77749a800bca53dd2a71c33813bc876279ab4960599077b29314b9f24aba85c7bb1e0018867037e1dbe2fa23b0d17a0e003908ea073da2528589402f2ed35a5c398099e9ad5fd060848c90e224822cf13938ad6b71f8d179b64ac9a17e8af2312424905687b71c8e4c7b2d4afa4ce8504ff80a0c6554472802da1dccab6a4b723d1f03cf28ea177abccab2da3a7b2cb36dc8cee74da04658acef07987dc8e3417c58a2e129b3aecd8c728199bf5bf41572554174d75d66765f7b06842721846e248f8e656b2d68f65c44e944ac9ee6cb6bacd200dea20c375e54c471aaa6b2612462c394ed0fa94895a55dcc0c599d5a943d478be9f93c127f5b1618bb014325d2a9811760ae0083cb69d25ec1bcfe6308099efc29fd45e060d6840b11b35ef1d19cf3273a38fb7a7485981de6851146ce46b1c2c46006a14fdecf420ba332579c56ed20216b4b7111667b9570d24e9b3c444ff3553784f1731d5398c43cd811a93dcec098cd43d7c421f376aa051d340368879d7090580f3d093a5a4d98d7a1fcd800c9db73007a8fd77c384c82f87e9792f7217b43e93b12d001165c47efafb77dedadcaa25c2d534da4083efe02f695de70ed256a5c7ca48975a9c7c49cef35704b06618d6819c8100c0cc97910796448c31d132f695febd365568a75bd312880c0e1a68e65f8ee040347a97f6d10383d0558f13394edc897feeb3ee95709a8a4ec1a92ab9f4eb2ad670900df6690e4ea8c0b2e3898d737819c3a99c41d8a3be5df0a04631dd33ba0c4468ddd1e507b16aea63fde00a8a3808203baef0ca9777dc19fac317abd48e334c3fd249bbe5ff6a6d471354249a4d263e969a69ec61fd6d45bbda904af73364567555b9f51ccf2ae2861107fe6ec8e143e213fdcc84213710e1db87233f2373ceb2bc796d7eaf5c207f77dd59603dff69b0b96ef220f317c94715bb47dc7b3c225a8894928e864e95f96ac2c02782cef1293212f372b2625089431f898e7c1d46ff6b024ecd74f8ca05aa8a56af3e5eca76704eb4d987807fc072a9a162aaebdafc1b7392b09f7780e81ecd712e7f5ac81108cb0d968db1e3f0c9ff121505a31be4732fed95eea19b367f911fec9c9219e3a854d8b20735fe738872ef51c20d638c9708f79270df6bdac009a7c27f0126efd403e32b33eab8ba5d916a64e015c9e5d584990d6cef9bb88e843ea185f0bffd5404a7e57d11e177281b91db3773135a6581996cfaec30e49039975760731672aa45d70feb019d8615c8ae46c849bfab332769b1ef3d6457e1469c202b179389e6e2f333ec825f37342fef70c7f65676d5a321b664f24c1dbf65d379b1b4c9652809ae256b725822cea73f0246b939917b055229fb2c3a598fc413592221c1208ce5211b4e80958236b233532601e293a5f8382d08f99834ff055bcf62bc509e7b156e098e79532b0ee0a3a608bfddb7f237346b7e9c83399691ca5aac5f3f972d422344999f07b40d012ea0ec5c5eb074b0ea1c3e390631691e71ad8817760be86b1b809e7ff9d3c120988802b47bbde5a50667fc8979ccf4ac6df3e4cec9b87a451e235c2e98c57282706877f580cdf3bd13f68d3ec3c401b58f0af4fb1cb09c3d2458caeb8d76166d6c5163a4dcf343904c8879d6659b672052e74fe9856e9cfebfe08e0938286f8c1a2b54785765d3a1c7f29e59c9728b58c93d96068df0dfc1041f24a9ae26ae0a5c06de08291e1f1d267d4f4df8692acc1607e4899c4c8e488974610c0d15e1b20336ccf1d47d99fa64d1786f000d5f8f12705390b29c0197182c45d241adef47e1d60b8416d8320ea4f5572473beedcf072674f9e90fcae5aae7cdce26c7591f204677f35eaa997b0f973d63a4b23f63b06cffb7d2cfff288a729dbefa79db0a801b986214917e7a1bbbf71f6817a1334e17e2cbc58389f33c9418df7a43cb07c27296ffb23ce867da0dc5f8641857916e0cfa90d82921", 0x1000}, {&(0x7f0000000400)="1b2b8cb14c37f00751175888b4b893d0953835c54d80be2fec538993b0f727bc80723291c22cd18433fc19ce5af3360c2bd029c1c7acad2da01c1475ab6a7b8745037fd1f28e1c3400b0a961f271792eff0c548e3e604561bc7af47ad463f62c117fedd40e32d913de51a435d074f8f9", 0x70}, {&(0x7f0000000480)="c563ef5c7ed32f4e607bbb5f8d2d5153d7a6343c4effda67a906873f234e7d1f91f00112c2c0938bd4ea3fe2e0330f67af4741652dd24ee0ae8b65151d0ea5140728b58b6c7842683913eb90bb975e18d2e5da6572b7d76ee14a77c73856926b35f2f97f36dae2d7e8008fa7ed84aa344b4a76f844d956d7c083b7bbbd5eba309c1910d596616ed2d697e07e0bac73accdad721a86315b6859414dda0ce8ae5432bd1b6aa89d90698e63701fd4146f1431", 0xb1}, {&(0x7f0000000540)="6d184632a0ce477956fe8eb909ecfe866f9ac46801c5d1499f125a695969ef34491d16a5959de169697d721484c744d2a81d2628fbcc59fd3096d2f8ea99cba4accc97c46056e8be65b07ea6e8e4883b2e85c062c7d613d1ce33d88782eaeed27c76a928a7a5c54f5d2780cbab1d4a328d068b96e1f49ae64944427226cdb89e0b6fc99f9cb5f3", 0x87}, {&(0x7f0000000600)="085e835d6019710e7b34b6d77cfa1aad9e916fb1221d09688fa345343db6ade5f48c0fce19e0456a77e20a67207d4c0fdf649b65ade3e240610de567eec1339d4be2dccfa8093845006b4e50c0cf4d9d66a52c885764732ff5dcd862", 0x5c}], 0x7, &(0x7f00000017c0)=[@dstaddrv4={0x18, 0x84, 0x7, @multicast1}, @prinfo={0x18, 0x84, 0x5, {0x20, 0xffffffff}}, @dstaddrv6={0x20, 0x84, 0x8, @remote}], 0x50, 0xcec2b5641a6c8a81}], 0x2, 0x8000)
recvmmsg(r2, &(0x7f00000071c0)=[{{0x0, 0x0, &(0x7f0000006140)=[{&(0x7f0000006080)=""/160, 0xa0}], 0x1, &(0x7f00000061c0)=""/4096, 0x1000}}], 0x1, 0x0, &(0x7f0000007380)={0x0, 0x1c9c380})

09:40:36 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x1200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:40:36 executing program 1:
r0 = socket$inet(0x2, 0x1, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0xfffffffffffffffc, 0x8972, 0xffffffffffffffff, 0x0)
bind$inet(r0, &(0x7f0000134000)={0x2, 0x4e23, @broadcast}, 0x10)
connect$inet(r0, &(0x7f00000e5000)={0x2, 0x4e23, @loopback}, 0x10)
connect$inet(r0, &(0x7f00009322c4)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x2)
signalfd(r0, &(0x7f0000000040)={0x9}, 0x8)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x20c000, 0x0)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000100)={r1, &(0x7f0000000040), &(0x7f00000000c0)=""/30}, 0x18)
ioctl$SCSI_IOCTL_START_UNIT(r1, 0x5)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
r2 = request_key(&(0x7f0000000140)='user\x00', &(0x7f0000000180)={0x73, 0x79, 0x7a, 0x1}, &(0x7f0000000200)='\x00', 0xfffffffffffffff8)
r3 = add_key$keyring(&(0x7f0000001600)='keyring\x00', &(0x7f0000001640)={0x73, 0x79, 0x7a, 0x0}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$instantiate_iov(0x14, r2, &(0x7f0000001580)=[{&(0x7f0000000240)="f74b1683119451e5f698cf6b1d1888abae785ab757007ee2183d4425773306c835e3d9d0a9ecdcf08f94a23a51ef546d2d8255538afcd5f6f42d9c2c96507737f032d15fd4b84e82d25e9e89a859e2a7bc49946f54d18bbabd0d62dc4ab15bdc5b4e0d7ca86de8853c7d4b3a9fd41400892b", 0x72}, {&(0x7f00000002c0)="5b8e43eb3f10bfa5f49b5e4f57a6d1b8e1268a47535137d105db03e2a6dc6ac6f748c18d7e19481d64d74a598c8a6e8af745c7a544ae6e483d2f331c90d8cb130c602d18684852571d9e9b9c288b916d45ff0a0741c0140b91be70f697608d62b2ba07ae52c51b2986d764e326bcab5783a8e7aead206595c4b073d4260c02fe16cec522ba9a39401bb8a800a14943593aaf94f83bc887cce9cd1f874adadfe5faaaf7", 0xa3}, {&(0x7f0000000380)="01d45d13ecb8fdde3d287bea1e87c368519c470841ad5ea1664078279a7813b8c3b0263367dd262b1268abec54d880655be778e8df34e827bef6c3306e9036a6fd9197621d7fa3eec929947c7f89315879209e8a5d6a5d59e6aba2ed9fc58831754a12b5f6635206e7e77694d239ccec0be2ab9b07de8ddcf79398174d70505521a400607b4284591059bba798805528d9e3dc9a839a94f92a2f451274eb4b8fd8f5f00a53ab4cdd8ff04ddb397ccb8249cf9afc6ca60e23aaf1aaa2e3ba59d6252a132cb252a702b7dd395125a496f8bd474e09861b95dbba4cfa26633ad0c364935def", 0xe4}, {&(0x7f0000000480)="c6ca9be2ba0928c7d8f4", 0xa}, {&(0x7f00000004c0)="142c4d6297121b3162f0fbacb102b72311841cece3526ab31bafc7a3733c43280ba5336e9497d569713209246863053ad2da79254b418203ceed54ca7b8998a59dba789640719080d09aa004c5ff5f18e50d53522b333d420857825486ce7569afafeac92d1c48818094fb62a26e9c9f98d29125a04133b6558fca90541dd4af9b01096390d45c3b72726ac92ef9893878fb133ecec0ae56675066d043aff3aa4d5a4222ffceee7fad8d32523d638ab62e8ef65ff5e207a7d7b3fafa27c8da1395c41f5335782c334cdc1e25bcdb42eec3355bbcfdb4f463d2d02d2a0eab0ef62fee3094f9846d7ed58212b222af40daac2553dfa71f4945443fed087e7e31add08d23869b9e95aeef1b36403021472383b2c8e98a23a4897762fb03ed7117c3b4d0f4138444dfcc66d6b675f538576caee309179450422cec1a1ab7d189c89aff834d4d4b584481199cb2778515c3d9c1556379388ab5e9ba802f993f8e872c02b32dda9d0612233db24e783888a2d37c9b68e7a76b45c36b9f1bbfcbf40be3a7d97fefc70682abddef08de4818cefbe203df308fa23d0828c64bea2e8ae10221572ffb668db67287d6e09c7640408b0c6adae610c9f782fc2d1764aab78428408bf854b9db8ea9947778832b9c12ecc88b27715a1d5fa2c71e16eb11c7beed8acb14e999f5488d7a1f417e802f500e57aa30b4ed09dd29256d0368dafc931d752fbfe8d9d14f8f58b82a3897567322b723386f642a8ee389289702c279f0e120f059d60c35144e2c5b1c54d9139c2aef66229c163b22191e8b7b4d6db280a57634fe9ff24f9d3d525054ea7b361d268a698e1418e73bff8a42648b6c517bd7060eb7fa8c54bc18d9b62ce19cf6b198b01fa0112c07b92ed20455c2b47bb0ae79af09fc7f7cd4b7f675c38422d12edebd21fecb304a0a509932b98367e0be6bb55b9a20a11f220da3c9ca11ea8ea3c70f74aa5b2fa3d0bec9092a676aeca9f03bf7330703584a7817f790bad246561cfbd1b09995ec92e3395f07cda0004caeeed2efb845b658d21532e844e59b0036e89d0ae3a9484bafdde1f0842d74da9d699acc3082dc898bb658c041cc65b2c1ab6b8fb5cae078264252b35200716a08e7d6776ee7905edabfa84e54de0468b4177bad578a0198e71f5a852b00e809cb181ffa1c2183b9f89c313e9dfdae8d2ccbc914a6bf3c94e17c4058d268ace3edb3adf029b2ae952a1bc08294acb375ff8acef7421d30dd347ad4b91a53b3b96569a53324550cd42005897a4bfa0ce85f9183c79e4cc2a9c1d1102c940eeb6b2e620b6e4a2375cb23ed4ba93f992aba7fc019d4d2aa5709dd8dd2620a9f72baa57b3d4f476141c60d71188162f00dc0268ba3deda73481cb61833b75cafde2afef67ac078a0189870d2413d4fe66ffb2eb2cd027f5b83bf8098611d17cfc79d218e1899707060bad285be7d66c56e00e7074381ddf97a5f86b9cdbc6bf8508ef34ca4bf489159890d9dbad6deee135e32940f48d18b473325f9d5945f1b9cf1f2802c64464cd38e130660d8065b50f7617649d4e825ffacdf659f99199990cb025c8ab2ed770ecbec9aa778ef29dbcf9a11ec1d545441911f53b3c3450d9d9595efe3a40478327f0a8f9729932defdea9cb8b4149607726f2ab80d7e8fe7ab15e949022baeee9fffb1126faa7ca2b12f697f02087315e75556651d716901402c08e78136127676fe394bab3fe01510b6bc41c4e7c4e1b709911c7da36dda1bb39d595a05e5748ff122bdcb8d92ddebce820f445f1c3aa6831a28cc5a530a4dab18a4ceea49f7e90624a637207a5728fad963873c814401e84dbb026e8536e5e3bdf3b4b843544f3777e49888fb14f6c89c4fd3d5535233cc36ca48777de3ac24c0484c78e88e31a4858e11a79fb1cd2da908a0f0e8f97826bf4f7e4067a35ed60fc427a57c4af8a623726e0657e4b51776eeb407dcdf0340d3f4df9796193e4b671895a05e4b21c51c8a107a14a7551ad119d3a2f0510199e6415c2297b37baf7c9c5a763cc1a6fc223e91dd4968ba77c28a836e1f783cb7b3b6af96354ae19c5a48719d335c7889016e8e683c906138c8f85ba3192049be9b84ed406b2bbb67410f740a488233b75228c12d542c6004dbc9d34ec200009d1235770c6c5990c1ef48e3f68678ece557d4ccb5ecfea249bca5f1f99fba85c1e34ac6d127960180aeae67fd50ada4e909c5d1216f51395eadfbe16becd51fa0baa35a5376ddc4e62048575dd6dce930e04aaf46de6da69741a060322114764b2aa75f8e941983e61f229fa806e496a082a715da9757a1df5a47d2073d223354430f491d9b50c3e9e1b2e34d2d657fed2c8162be88dbfc679c6b95ae54c18d816275c00233d3b68d1d976e48602932420ff3d1b1d79729830419eadcd6278f9d561bd02b765628e0307da96aeefc2706523b459233e23482bb1c1db6d14c7e7db43d92df3215f9c0370338a3363110e2b81e1e101f6906482005241a11bae16e6f6fa741050f42495dedf5822d61ffc1bf71dff3bf2d78fa30e141671c7dce434a754625c73d1abb213ddc046006a8bf0d8e8ab6f6384ccdd263962cef07a7360587793f0b8b14d6a7f7f1c6d06cc6426e8620fd2152ac46e574a773887d6ff369bca4f2412c08bf4c008aaa3a1a2a9ae161c7d9e5cd045d49a66f20fc18dce46b8505ab018d3b6fc30ef0255b7c69bb38db88343292296039b588369f5121a6b774f8e0a234f0ccafe8e48e3c9666130f841d6fb3f1016f85ce985731e85ff1817e343965367d39473bbf5727deddb31fb41238103b7dafcee4857639f24d0b0b21c2ebbb723dabab40cc6c01f3119af7c4a7b7769730cada0aa638f447cb07340430b5d39b1882e47a8b60dbb8b713ad014cf0a9cf8714d3d14c04fa6a19b3885f08053e90b9d332b28e74b384f6cfb1d8dd82c62865e3a38ce0f524b9c54433eadef5d2a19f9dcd467ddebf22cf096ec6a4dd6b6b9ff0a08b36c3c6d109d877e5829d46c2149b8fd97b2dec7562c7d8266281e0e365c5553e0a1a64bfdc0de5b842ff6ff74da2fba193bfce90f1d6ba3cb674fc4adbe95ba46aecfa7b2d245e933f0f11f77849a891136f13889211f156bbd74e58cc427d102b1592a2d190ba5f12b17947d720822576af3bd888e298a758db811715d7712932fc896b3310c258d1bd98d4255f52a231a2ebb9ef798c6de04bc7b7d9da1740ff113d8f747400c7d6db8b3d144e62485316623689dafb05c6085d0d1e1c9ccf5751885b560d2f7d2cb346d2afb7828d3c3b0121606beeddf14bf7732364ff50795fb13202bb0d54a80fa8bfe8ace6ec20172645ac8d52520afe5ee8e9bf92f1608f9990812e690607b9ecadb4edde960d6425c6a2b95a57d941babfbc558cc13087abaac8ad3d2e5c29cf0bae96f331426a211d7ed99c606f3927bcb5101691de82c765d7076e237bb1f0111183d15d7b4b59b0bd8baa8f806051be4e6dce40049bec838c0bce96490cf357081842f7ca552fbd4dc3028228f87e8d9520c6f14662c818bce4779e426a68cc76e8d6714e9e78e3166bfc5a9d044fb2446f04eae8d1040d5096fe854e8270b87489b2fbcf2ba7a39283f82e379adc9cacaa1d0a9f84fec2281b493f4f3b4eca3665584c268f30661e65c141a53cfeb4726eac17f3762d5e2c6b8db1b9acbe352edea5bbbc7b52d2ccfa7fa50c2ea6d98ac2b79d15245ef14cd0919307de89677bde3a1e523c4840b42e2fa5f6b17963b288bf2aaaf7ce4f7a2b18625d17e27492ff080b45f41c927a8a760ab1125234ff4223e4266723e661b2c46b6641dac74a826684708da5866f45ce0300d72d8001b21f1811322c539935612d2cd7227649de37397df1114f4b5432312839e0691c5d465d123f14fbcb337b457198ffcc2090d25aa104f3b9ff67212e034ea544a5d29d416e39099607750f2b59af0bc80bfcf0184a0c59962f51fdba6c9ceb4d0af1a9ee0151de89444cd30adfb0d2b3bd2ecf83a9db5d87a4b0b2920ad0425491b78e9b48afea6386d0cea2ff4e111413d510ddbadf200cd7b8d96dfd8154980f361fa4ccea0ad746cdc25680976bcb27fd1b0aa3875ae8cc37d657ab54eba784089d916fea979e5dd3ab5c694d84291b4505fb65ac292ebb68f909ae549b15e9824f716b07261f4d77df2e1a59d24ad1e62e540b5cacc073b404cf59b53ac486dd83c7140a2e26a4d85bd5cced74e26de0582c7c46f8cf1ce38d4a7ed786eedbc6af77c119abe9fc88828e6ae7459ef01f8e88c7334c83d557a3ea8e9955a4dc4722a0dd687adac15d9a9ceff35fc6d88720089cb7f9c721a1f48f8bbb6d4a25ca4d04b4368fd591fdf836b75fe3e3554de96433211f2c4c46df0c035e3e67d4741015e661e41a7c1c5f050c73acc93d7838dd29b182f0df732b5ba74ef0657328bff9aebeec80a3c64e27f07e49d911c231dec0749d9d5b4eebf9e16d34086534f7ba9fa24972f415772592ea2f220cec54b4109050a6042f25509958020697c75d0961830a459a391ab2b65c89b9e49f3e0bfcbdd9e319cd2ceb5cc1236d1d997343785a4df99105571cade32ca692c0fbe5f36c5ad254d47e52874641377b2d0af3144a8672ea3545ea52615c19ddd3d1e56bedbc1664728333a0bd2c44d11403b4ffeb29ae3699c30a3c6960a03732dba33e82eeea208f509b640d836188e79f313ab91b92fc82df1156ae21a7185d03baf5d575db39c42f207097b90040abab0b93482cda5fc79c4094f31a6f08b6dec12aea2bd3719d3a6253a1b842abcac9970633478a65deae74faa306fc52734109f608551be29170aab4dbcb44cabbb033309f0dd1ea2e49cbaab410e13734b8a185fd39fe33b6b781f5e53ec0d99b779d640b03d786c2c2249eba6c15dba8a517e8919fd20e63a718341ae498fff4340af5f78510a0ec13bd72b88c4b5a28a426dac3331a31675cf261998ab0bf30525bc09afaa8b5f030d7901b6f6c8c812860af3d6931dbd33ef43eed7735ac2d553cec820d099e3390ad8d8307fe2b0f680f01acab9d624b692ccf672de78dbb09efad5ca993b27c552d88e8eff141d1041b883378287689dd4df8ed8cfd7db7d4d4d491bf6253bc528a17c636b92fcf34624eefdbf231f3a21ae9eaa7f6a63b67bc2995c4fd310c3a2a65a37890d9cbc3564f0ffa792c6a6e2a2057fd2cc69f77f54075ddf709dad8280aa8cf2092b42fe3645fcb4a18b92a5d19e92bf565575aaf137a07a60a92cbb3f592ae6c490268a15ee70bd35aa21e69638f2fef4e9b9243c6d52243a85c8ba7867de4066b31d2f48f8394d06f9cd5f51aa6c0e18051d333c91446373fa89cffdc90bb879d13f472fc2130fed7db50da3fa211f733e98a99f3a983037ae685f540c8a76bc4da2941eab66526d6bb2efd6eb0e015979e52e0594f963c92b958170fec1dc0a879910d4c082f0e7820deec63da206b1e5cd428560ea6526dcc642fbf55076ad15fad30b290b813d4d6e00347340b07dd2374244d788e128bf4fdde744a8aef3971de963f187fe57c91a7ae27e9150178690d0e1f6a92f70bfb8bc4d8520f1589da5a7ddab64107cb28fb48cfb3b90fcc3dcfc33b812a1b11b4f9cf50344824ac341875894f5d894344f51f65bde55a3702a97ed4a66171a1f927191c6a8b72528fa5985c2be104d518f7408351b2beb21b6513938d557f0eb95880b93b97f82649036931031289ede72a82d50b51852304b1587e0ff8b7c199ffff949bc7fdafd8f", 0x1000}, {&(0x7f00000014c0)="b938b917721feca003561a76008d52f497fd71602ea7891b5eb0c4a4e3bc52da39c69c7a3ffabc9a08aacdd010ac5619846b", 0x32}, {&(0x7f0000001500)="eb9086ef7d336bcec46cd7365cf408235acc0a31d368aa388268c89b2cfaa465775847d864f322617452285d0e915f05df511cd45a222089a33617be2e8ac2261d1bf208717da66e28c8485318783198", 0x50}], 0x7, r3)

09:40:36 executing program 4:
r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000080)='/dev/urandom\x00', 0x200000, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
write$evdev(r0, &(0x7f0000000200), 0x20020)

09:40:36 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:36 executing program 4:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-net\x00', 0x2, 0x0)
ioctl$int_in(r0, 0xaf01, &(0x7f00001e3000))
r1 = eventfd(0x1)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000000)=r1)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000340))

[  524.241575] binder: 5297:5299 got new transaction with bad transaction stack, transaction 3353 has target 5297:0
[  524.252133] binder: 5297:5299 transaction failed 29201/-71, size 0-0 line 2879
[  524.314853] binder_alloc: binder_alloc_mmap_handler: 5297 20001000-20004000 already mapped failed -16
[  524.336539] binder: BINDER_SET_CONTEXT_MGR already set
[  524.342672] binder_alloc: 5297: binder_alloc_buf, no vma
[  524.343080] binder: 5297:5299 ioctl 40046207 0 returned -16
[  524.348252] binder: 5297:5319 transaction failed 29189/-3, size 24-8 line 2967
[  524.362301] binder: send failed reply for transaction 3353 to 5297:5299
[  524.380817] binder: undelivered TRANSACTION_ERROR: 29201
[  524.386472] binder: undelivered TRANSACTION_ERROR: 29189
09:40:37 executing program 7:
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000d28000))
r1 = epoll_create1(0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000e4cfe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
r2 = getpid()
sched_setaffinity(r2, 0x8, &(0x7f0000000000)=0x5)
finit_module(r1, &(0x7f0000000140)='posix_acl_access$cgroup\x00', 0x1)
r3 = syz_open_dev$sndtimer(&(0x7f0000000080)='/dev/snd/timer\x00', 0x0, 0x0)
readv(r3, &(0x7f000042bff8)=[{&(0x7f0000e3b000)=""/61, 0x3d}], 0x1)
r4 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/vs/schedule_icmp\x00', 0x2, 0x0)
ioctl$KVM_DEASSIGN_PCI_DEVICE(r4, 0x4040ae72, &(0x7f0000000040)={0x0, 0x2000000})
r5 = dup3(r1, r0, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f00000000c0)=[@in={0x2, 0x4e21, @multicast1}], 0x10)

09:40:37 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:37 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:37 executing program 3:
r0 = socket$inet(0x2, 0x6, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0, 0x13, r0, 0x0)
getsockopt$inet_mreqsrc(r0, 0x10d, 0xc, &(0x7f0000000080)={@dev, @local, @broadcast}, &(0x7f0000005800)=0xc)
r1 = fcntl$dupfd(0xffffffffffffff9c, 0x406, 0xffffffffffffff9c)
ioctl$sock_SIOCGIFCONF(r1, 0x8910, &(0x7f0000000300)=@req={0x28, &(0x7f00000002c0)={'tunl0\x00', @ifru_map={0x7, 0x7, 0x100, 0x0, 0x4, 0x9}}})
write$FUSE_NOTIFY_INVAL_ENTRY(r1, &(0x7f00000005c0)={0x22, 0x3, 0x0, {0x1, 0x1, 0x0, '@'}}, 0x22)
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = shmget$private(0x0, 0x1000, 0x54000000, &(0x7f0000ffe000/0x1000)=nil)
shmat(r2, &(0x7f0000ffc000/0x2000)=nil, 0x2000)
r3 = shmget$private(0x0, 0x4000, 0x1fff5, &(0x7f0000ffc000/0x4000)=nil)
r4 = add_key(&(0x7f0000000080)='ceph\x00', &(0x7f00000000c0)={0x73, 0x79, 0x7a, 0x3}, &(0x7f0000000200)="ea4ef407e0e52131f1d879a7b50cb3b8bc7b96300608da5fa8b144b19b80aa17c63c1d512fcae46d844b7c0fd84fc1063c4042e70c6077444fc7b50c18e46c2b4494178957ff891add70326e4b4b215a855b0d4c6f12a6184335151179883cbff1a5aff9163a1246dfe7744d1d9469524ab46ea8bd6f5d5d842d55aef6a501f598ba522da314d15b4a8c16e96f65174e4bfcdb25e46aac0bba34b00df0e0a8384511751c11ecf3edbcbcbc2ce55e8da261125cb3ef79ccf7e9", 0xb9, 0xfffffffffffffffa)
r5 = add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f0000000140)={0x73, 0x79, 0x7a, 0x1}, 0x0, 0x0, 0xfffffffffffffffb)
keyctl$instantiate(0xc, r4, &(0x7f0000000700)="0cc6cf70e5c457d9f342ee941207e9811e0d8dcb4dc343b2940560eea0e031ff9481c55eedccec0f309ccdf713936a78bba00f1e88edd05e517e25603fd8cce4f49fe7a5703f3b35375464aa0e5ab9956d5dde74da3aded600164fd11bba814de0d0186243b911a178fbb89650ac631e86baad3df8f14b8f4fb7f675ea02089a4018a2326f2fe8925ab9e57b318c9b7cd5ef077e2f02c1f86d9cd00b84225c6ede1ba2eb2e9b2d24e78ef0326466976bfe563ebadef1fc31a7da231fff333e4f55f102b2d08451e5f4b9656fa0914ead5b8aac7254b9aaa588f7eb9ace26c7f7f6d383fc1cbddc51ba757f83ee6c83c8230206", 0xffffffffffffff1c, r5)
shmat(r3, &(0x7f0000000000/0x2000)=nil, 0x4000)
r6 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/rfkill\x00', 0x101040, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000400)={<r7=>0x0, 0x0, 0x30}, &(0x7f0000000440)=0xc)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r6, 0x84, 0x70, &(0x7f0000000480)={r7, @in={{0x2, 0x4e20, @broadcast}}, [0x3, 0x7, 0x401, 0x0, 0x4, 0x7, 0x8, 0x6, 0x7, 0x8, 0x15c6, 0x1, 0x1, 0x5, 0x2]}, &(0x7f0000000580)=0x100)
pipe(&(0x7f0000000040))

09:40:37 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x74000000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:40:37 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000100)={0x0, <r1=>0x0})
setpriority(0x0, r1, 0x0)

09:40:37 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:37 executing program 3:
r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x81)
r1 = memfd_create(&(0x7f0000000080)="6e6f01fcffff692a2936f0d00c94808bcfbce5de2d57e70200818c6ab7847c51a44bb3aaaefbb8ae99506ae53aa88a80fec3073ecbcc3e72", 0x0)
sendto$inet6(r1, &(0x7f00000001c0)="75a087b9833b7b6efbd9cb56d1775091a4de3eee9d3a677fed2c862898066c3482d9782ec41ce3fd24058049515a940a223a82828233fefb775f5584a8c6773686b42562b39550c03b09d8afc7cd86239bbd8dde19f3a53d355f265315007ce73d5d830305ccf037046eb5a830b635c77511ffd7ca30da1c32abf779dd3172a73d81", 0x82, 0x1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7bf0}, 0x1c)
ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, "3a11f35a6c4f34bc137dde51705b861d6806a70395ac093029cdcca3e60d2221aef9002bf609e5171c51b99b8f9cddb3f944ffe05cb6f99305386927920521cc", "b0186a17c60fa90d0021bf769055d18eb1cf6c661b7751fe45bed940a716bb1f29898bbffc552126a9f10185512c1c71f8e1a87447c90186509e4ad8990758bd", "7858d8754e89dd8174b3e0bc8896287f09c54614a37d43c91494b222cc3d1990"})

[  524.868732] binder: 5338:5341 got new transaction with bad transaction stack, transaction 3359 has target 5338:0
[  524.879223] binder: 5338:5341 transaction failed 29201/-71, size 0-0 line 2879
[  524.933317] binder_alloc: binder_alloc_mmap_handler: 5338 20001000-20004000 already mapped failed -16
[  524.949247] binder: BINDER_SET_CONTEXT_MGR already set
[  524.958875] binder_alloc: 5338: binder_alloc_buf, no vma
[  524.964453] binder: 5338:5349 transaction failed 29189/-3, size 24-8 line 2967
[  524.974507] binder: 5338:5341 ioctl 40046207 0 returned -16
[  524.980946] binder: send failed reply for transaction 3359 to 5338:5341
[  524.988984] binder: undelivered TRANSACTION_ERROR: 29201
[  524.994506] binder: undelivered TRANSACTION_ERROR: 29189
09:40:37 executing program 6:
r0 = socket$alg(0x26, 0x5, 0x0)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0)
mount(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='afs\x00', 0x0, &(0x7f0000000380))
r2 = socket$inet6(0xa, 0x1000000000002, 0x0)
r3 = gettid()
ioctl$EVIOCSABS20(r1, 0x401845e0, &(0x7f0000000240)={0xffff, 0x0, 0x7, 0x1, 0x7, 0x2})
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x9}, 0x1c)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_GET_EVENT(r4, &(0x7f0000000400)={0xc, 0x8, 0xfa00, {&(0x7f0000000280)}}, 0x10)
write$P9_RLOCK(0xffffffffffffffff, &(0x7f0000000480)={0x8, 0x35, 0x0, 0x2}, 0x8)
write$RDMA_USER_CM_CMD_GET_EVENT(r4, &(0x7f00000001c0)={0xc, 0x8, 0xfa0e, {&(0x7f0000000040)}}, 0x10)
dup3(r2, r4, 0x0)
tkill(r3, 0x1002000000014)
pivot_root(&(0x7f0000000300)='./file0\x00', &(0x7f0000000280)='./file0\x00')
bind$alg(r0, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r5 = accept$alg(r0, 0x0, 0x0)
sendmsg$alg(r5, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f00000004c0)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x2f5}], 0x30}, 0x0)
write$binfmt_script(r5, &(0x7f0000000300)=ANY=[], 0xffffffaa)
accept4(r0, &(0x7f0000000500)=@in={0x2, 0x0, @rand_addr}, &(0x7f0000000440)=0x80, 0x800)
recvmsg(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000013c0)=""/4096, 0x1000}], 0x1, &(0x7f0000000100)=""/123, 0x7b}, 0x0)

09:40:37 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x1c00]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:37 executing program 4:
r0 = syz_open_dev$sndtimer(&(0x7f0000000000)='/dev/snd/timer\x00', 0x0, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000040)={{0x3}})
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40505412, &(0x7f0000000080))
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/pfkey\x00', 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f0000000100)=0x1f, 0x4)
ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0)

09:40:37 executing program 5:
socket$inet6(0xa, 0x1000000000002, 0x0)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:37 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x101, 0x40)
setsockopt$inet_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000180)={@in={{0x2, 0x4e23, @remote}}, 0x5, 0x1, 0x2, "7d98122f09f4a8366c75ba7cbb7416a50cff1bd31d18f33e541cd7fdddb5ffe2ca9dcd1d50caf1b1b47ba6fffa572b14c34ee34330aed027a57f534ebc121fb76cd635c12136843dca7d419d17895ba0"}, 0xd8)
ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000000100)=""/40)
connect$vsock_dgram(r1, &(0x7f0000000140)={0x28, 0x0, 0xffffffff, @hyper}, 0x10)
sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000540)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@rand_addr}, {@in6=@ipv4={[0xfffffff0], [], @broadcast}, 0x0, 0x32}, @in6=@ipv4, {}, {}, {}, 0x0, 0x0, 0x2, 0x4}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0)

09:40:37 executing program 1:
r0 = socket$inet(0x2, 0x1, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0xfffffffffffffffc, 0x8972, 0xffffffffffffffff, 0x0)
bind$inet(r0, &(0x7f0000134000)={0x2, 0x4000000000004e23, @loopback}, 0xfffffffffffffff6)
connect$inet(r0, &(0x7f00000e5000)={0x2, 0x4e23, @loopback}, 0x10)
connect$inet(r0, &(0x7f00009322c4)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x2)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)

09:40:37 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:40:37 executing program 4:
r0 = socket$inet6(0xa, 0x2100000000000002, 0x0)
getsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@dev}, &(0x7f0000000240)=0x14)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r1, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x995ba2d8201dca0b}, 0xc)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @ipv4={[], [], @loopback}}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@mcast2, 0x0, 0x32}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x90}}, 0xe8)
sendmsg(r0, &(0x7f0000001700)={0x0, 0x0, &(0x7f0000001680)}, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x5, 0x1a082)
ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r2, 0xc1205531, &(0x7f0000000100)={0x1, 0x6, 0x1000, 0x0, [], [], [], 0x3, 0x1ff, 0x100000000, 0x9, "31220f966a3dd58e8499744e36039934"})

[  525.135346] binder: 5369:5375 got new transaction with bad transaction stack, transaction 3365 has target 5369:0
[  525.145839] binder: 5369:5375 transaction failed 29201/-71, size 0-0 line 2879
[  525.195343] binder_alloc: binder_alloc_mmap_handler: 5369 20001000-20004000 already mapped failed -16
[  525.221630] binder: BINDER_SET_CONTEXT_MGR already set
[  525.235640] binder_alloc: 5369: binder_alloc_buf, no vma
[  525.241234] binder: 5369:5396 transaction failed 29189/-3, size 24-8 line 2967
[  525.246520] binder: 5369:5375 ioctl 40046207 0 returned -16
[  525.261657] binder: send failed reply for transaction 3365 to 5369:5375
[  525.273954] binder: undelivered TRANSACTION_ERROR: 29201
[  525.279529] binder: undelivered TRANSACTION_ERROR: 29189
09:40:38 executing program 7:
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000d28000))
r1 = epoll_create1(0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000e4cfe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
r2 = getpid()
sched_setaffinity(r2, 0x8, &(0x7f0000000000)=0x5)
r3 = syz_open_dev$sndtimer(&(0x7f0000000080)='/dev/snd/timer\x00', 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r3, 0xc0145401, &(0x7f0000013000))
readv(r3, &(0x7f000042bff8)=[{&(0x7f0000e3b000)=""/61, 0x2}], 0x1)
ioctl$KVM_DEASSIGN_PCI_DEVICE(r3, 0x4040ae72, &(0x7f0000000040))
dup3(r1, r0, 0x0)

09:40:38 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:38 executing program 5:
socket$inet6(0xa, 0x1000000000002, 0x0)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:38 executing program 1:
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0xfffffffffffffffc, 0x8972, 0xffffffffffffffff, 0x0)
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x50040, 0x0)
ioctl$KVM_GET_PIT(r0, 0xc048ae65, &(0x7f0000000100))
getsockname$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @rand_addr}, &(0x7f0000000040)=0x10)
bind$inet(0xffffffffffffffff, &(0x7f0000134000)={0x2, 0x4e23, @broadcast}, 0x10)
connect$inet(0xffffffffffffffff, &(0x7f00000e5000)={0x2, 0x4e23, @loopback}, 0x10)
connect$inet(0xffffffffffffffff, &(0x7f00009322c4)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x2)
connect$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10)
poll(&(0x7f00000001c0)=[{}], 0x1, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000240)=[@in={0x2, 0x4e20, @rand_addr=0x68a}], 0x10)
getsockname$inet6(r0, &(0x7f0000000180), &(0x7f0000000200)=0x1c)

09:40:38 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ftruncate(r0, 0x3)
r2 = eventfd(0x0)
r3 = epoll_create1(0x0)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f00000000c0)={r2})
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000000)={0x30000014})
write$eventfd(r2, &(0x7f0000000040), 0x8)

09:40:38 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'lo\x00'})
sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000040), 0xc, &(0x7f0000000540)={&(0x7f0000000240)=ANY=[@ANYBLOB="2800000013002100000000000000000000000000", @ANYRES16=0x0, @ANYBLOB="000000000000000008001a0004000200"], 0x3}, 0x1, 0x0, 0x0, 0x20000800}, 0x0)

09:40:38 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0xbc6, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:40:38 executing program 3:
r0 = socket$inet6(0xa, 0x107fffffffffe, 0x40000000002)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
faccessat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x150, 0x0)
r1 = perf_event_open(&(0x7f000001d000)={0x200000002, 0x70, 0x5, 0x108000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c)
setsockopt$inet_tcp_int(r2, 0x6, 0x32, &(0x7f0000000140)=0x86, 0xffffffffffffffa1)
setsockopt$IP_VS_SO_SET_TIMEOUT(r2, 0x0, 0x48a, &(0x7f0000000500)={0x10001, 0x3fe, 0xe66b}, 0xfffffe9e)
setsockopt$inet_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x4e22, @loopback}}, 0x0, 0x2, 0x3, "a77760f5a7645bc43c241d69912dda0c63c2a66726f8cfafd6c8fe2c98de7ba44947a79015f0fe57917cb62a93987a938fdedfce7bbba4fec2d8a09c41fb233245f2604b9e07b8ab79ec15ef2818a179"}, 0xd8)
bind$inet(r2, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(0xffffffffffffffff, &(0x7f0000001680), 0x0, 0x0, 0x0, 0x0)
fcntl$setsig(0xffffffffffffffff, 0xa, 0x0)
setsockopt$IP_VS_SO_SET_STARTDAEMON(0xffffffffffffffff, 0x0, 0x48b, &(0x7f0000000000)={0x0, 'ip6gretap0\x00'}, 0x264)
sendto$inet(r2, &(0x7f0000a88f88), 0x0, 0x200007fd, &(0x7f00000000c0)={0x2, 0x4e23, @loopback}, 0x10)
ioctl$BLKRESETZONE(r2, 0x40101283, &(0x7f0000000580)={0xfffffffffffffff8, 0x400})
write$binfmt_elf64(r1, &(0x7f0000001d80)=ANY=[@ANYBLOB="7f454c460804010905000000000000000200030002000000b2030000000000004000000000000000fd0200000000000000000000900238000200e70e3d67060000000000feffffff02000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070878f3bf16929e2478c1ef1c2e4c9365f3defe764f527dc9f83ce48d985c2c529d842e7ca302d2d45c3d708f8eea8dc96ce5ddb9bf971082bfe20fade4f248834f0e8225e05e2f81432294afceaa3fb12a5b0746ed78f5e437d5d97c9904285e7e4b9dfd5d41e36532f5e15992a5ffa0b751b1e9b1e1c9d4ba88bfb33fdb9d8937229fcf8001fe2e2f0180746df313f88cf3c670b9380ec1b081631cfd6487f1e9d65d9511539f3e8cf66"], 0x423)
r3 = getegid()
setgroups(0x0, &(0x7f00000000c0))
getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000400)=""/89, &(0x7f0000000180)=0xffffffffffffff2e)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000100), 0x921b527a62bfd8af)
socket$inet(0x2, 0x0, 0x0)
ioctl$KDGETMODE(0xffffffffffffffff, 0x4b3b, &(0x7f0000000480))
setgroups(0x6, &(0x7f0000000540)=[r3, r3, r3, r3, r3, r3])
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000003a40)='/dev/full\x00', 0x0, 0x0)
sysfs$1(0x1, &(0x7f0000000600)='erspan0\x00')
sendmsg$nl_generic(r2, &(0x7f0000001900)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x2030}, 0xc, &(0x7f00000003c0)={&(0x7f0000000640)={0x101c, 0x2d, 0x0, 0x70bd2b, 0x25dfdbfb, {0x17}, [@nested={0x1008, 0x7d, [@typed={0x1004, 0x91, @binary="5f9fb276ab87c835fb1825eed300fe75b2c904450344d7ffaae4958c7141a53167f557ed77704c49bbe84dd2aa562ef09106ab8bdd062d1bd1ad4e0a54f24b29292a1c5ebb08e780021617f6c7cf7222744f1dbca4c54fb9fc1ce01e5c8cf17d1039c986ab164db69ed69cbbc62660dc8e75105b58fd442583cbdaf3ef6dfa26cdde644741e4f3c4beacd1a866ce99d660bc6dc40d29fbc86153dd5161be3072ae7c2ed366eb36a049f5be33f522272cf117e0b857b2dc660d45a6c72cf17f1952fa9e57aacf5ecdc8f668b54178662a058ea72aea0aef39fd6997c6567a2bf525986c7f9720793828cf572bfd29703152b469064ab7567bf62f9828d5c45009a989912d099789e9af70e837c15649a7ffe7fd783f18a49973b7f8bc3893e73be4d0547eb32367a6eff1623484d6c404c8e502e4564127ee0d25984e9a559103b5b0fa309c5f126858cee1f91f69cfc7ae71edc4421606380327e4a1ba5a4eb22b739e11d80cb4ad2acbd8ed388490fa476414587ca1eb6779f2922b1fa8e0f6139e006c8a85aa287bdb791950622298f3ecf7a2ce88fc7cce413c87b729040381b2a457c48651df53f8dcf2f74a078bd4c7617fbad7c8cc765fd0e6df1003db9972b231f4bcbae16592e2491ea0284847303ba70cddb9beca46708e56283fd8553d09a525f383f14f1eb2e44f05204daa406241c94ba53ab88e889829b84a1a13275096f46574f2e347fed0af1f1a29a469b1ed626b0c9fc1a2c19aa7a75cf23ca16af38d1bd7ceba9a9c326bbcd80fb801ed7c76300ef24448c4a35e4a8ef544f37b8eb5f2be5710701832e954c28e53ea5789e50c60aaf7e422a456cd0f2e6761e7994b0a4b01512815b7a2b9cf017b30b9a255b00b5e91bf584a2fdeb6f8f09f518cc9c8eaa74fc6c53d824e9971fcbf29dd73b7a07bd6cae6ce0b9c8c4bc30f4ab3abb609ff93e5370457294c78539e6f491d133f4dfc3417387ee8c717c49d4d0d96088e67a3131a970c40ec9150a9ce0b2f39e23dac4085d2b619c7f526ab777c8b00a2776b9befd65df0ffa095c30217ce20bce4442d6f13a28077cfc9d914c92d00ecef3076c27dba50e43c32f4dfa748d0cc8238890e2bc12e396c2342c15bbcc139d5962a5702120ed16180e4cb55fe7d55d4375261f2ac96b1fda82580859cef6937c19b74c1cdce7ce1a9adfac6450c6eb486a999eef63a5d6b17e51860206ff5101ae01be4faa0740f1564d927b1f0a4bfb84ae54e4b8af4b4d2d0ae6cc5bd56fa4ff4f3dc21f3e27edef283a8cdf0b7f7cce7145f9214524e22f7efc63d851ff94ab8c40537db633abdb0d38cc9b2ef0c267786f25ea5dc78ecf1b04755d1c06919d52250bd0fe30f7cd9f6caae816f0759363f3a3fed36ff3051165890d9625e19265ad634d8b1bae11d4e4605877c70b8a822a60061f48053391bc69d20000fdd211f665da90b4b972a59cea0f5cc624f015ca18ebe2c7daee426d46402b232151bd22dcbe976809d5feacd397680031c06b8ae2b52e7279f8a89f148816fa4f2e936b1f8cde35c3d0a6649d1422921c64a349e7a18e99008fa43ee2cbafe51fc8579480e106302d5c8d27bcc2c0eb7b2dc7ac28b5792b1b08058664288be5e59557c510a2399adb5c04d249dd4af9a4314985226b0e926725a80399b8c48c867e519feb354a3a5397a80d4d29e2f17dd6d5c1ad34709cb9ba54a1f9715b341353b2f28ac2da758a8a59306f8613052297120512e7307d3afce65c0929928bfcd1e73c189d85f33bf5a2e891031553928fff46672c02475ca2bd0fafd0e861055efac7ad04cda471ec28338d9dd6dfd43f4599d4f25c1d0e9e537efd72f5c70756a9869e27a507c277cef550e46405e739bed894693df9d2c15dc75cddbedec9f0bdd169e2af27ceaa1a158120566b3d162fdd831709dad3652d3934abd315a9888c8efee5e541b84e8a18cbff83c36db0bb03b76477d874596248f3c0502a4e20ade8dd15db912957cd556e4975df6b1ba4829e7bc2141d33545ea14070b7136b8d66521a39192d46c20c6450940cf7100d4103811c0ba8b51dba043c8ae4af7f95157ba47561f2f74ccfb103bd46c8b1b897bb2a0e27928561259c34e5c7f471d4d414510f1e6c5327733b14a90f5a6e27e05d6db27812aae206c0f2f2a9ff1ec052c41d6fbe1269eb899aced1bad87dbe20a1facc4c638ce0ad80a9a4786d2654517ac32353da9dfafe6714636b6a6b4a4d756197a80cd3dd5802e70a45a85ce712262f84ec0ba7a5ce1fd4a4ba694c2b2dd7792aa45b606683f78121443d4f0c95a823cbb34d78f207489161f805bf52a56ad1adc0300aabd068f712b5151ae387c25edc81ae62f645d05bd091fab9bb80adfb884589d1e6d1ed8533c50e0e76b40f7cb185f4c397f162c3e29d2bc6a56507d0a339a8c185b4c80445b3d54eb49e2219b1396835ecda7cd5280612772bbdcae4cf907a087db0e84ce9a2ec1086c949f4c4e9739767baf2d73e99f94df6f74f22e376440466c12bff913f8dac0e0325a798160fcab83f30a3f46080c4d07d8734ba2968670bd4faf602e51e9b7048e38c7046c6bccd402393aed70f7f2b7738ab405e40c0ea0427f9a0504d419762eb0b54c39dafcc7e5b183a9cd5a7a34e4e3866d19ec8b7559f0845aa196403c822a51d9c908393e421ce60f58382e8e1880430ca5190f7ff7a4e68795eaf35e0cd1fd97037ff0ffcb4dcfd09eec3f377e0f048af430c3a43239f3a9a82a88b15634d1356ffa3f777f233e060db2ddc09db094784eb120cdcad45d98c15a855a45afd225b7822ea51b45bc7b36480426bf2a9e23582ca8ed0aadd0f6636b06ff8d39675f8e8376debfa6e2c54ce909315450c08e21cd7f6090b739e51f586a45901784c10cd0610cb21c00c885f9aed119431a340db2d74bc7bcb98a3e015ea4c220ca6bd10b526ccd8b83ccba6c7332b72f1a402dc37e25985195ba348d4534fd847c9acb178341518c108face7531e4c0ad73777e8fb68d615dc229bba5fa676bbde6894b7a42521470c31e27d784a5c2eef171297121148dc636ce2bd7d453b4bb581b585c8f6f03eda9c2d4a8fcbb5254c7d654155702d3bf22a566c5e619a765ec5456f8ca5a27c859a3d6adc6629e8df17eb75627eef923882dbfe7c3842d96cc850ded29557e1f4ddf3b684db075f8bd525614034348d700ecde480804cadf3b909879006f3c7b6efa1fe2310de46bec0fcadf194b612e232a533544a281f691fdb5b4d958ccee00ba18aafbac29b4a1e4d252cae8df7773d1c704291f2b457b0b86b7f7f19193c1ab1b0bd3b520e19d10b59e661f19c26b18ec3d907d2047db27aa33f2d520c3a354e13fdb9272cbce0da128396004aa0096a6dc88578c68c3734226cee73165be42fe8c1381ac15d75ee0574f3d482765e1a9a82068323325c83df6c144b83c9d364d475f1d0ef51998dc4250b768b44df7147c0bd7c6b72855862083a22b1e5bf84d0a1424520e477b2d0e5e69526d726307ea65e907ac2a81f25b3a49bd6a290ba0a8d95b886e611e2605dca393d6889c8e71590ad05f68f5515610b82045e0ffb0c1cff905137e8eacd2cc23fe7715f192ab07a45b07b2dba3b2471b8f519f0e582f4f2fbbc98b7d1fb291769ea67a16526e4f46994c002a17cca47f34a72ad85219702bc91d7b0dd6058892ce9109f85b7b04a75ba6ea7558137a508d361729b98f42d5792929f80f903cfe48cf15a8eb9588dd0abedc8b13b1e36b200132502193ee1c993fa99ea0b6e33aa2ca09ae58d8d8459e42d2e804171427f574e30ca8dcc39359d635f2001040466e13dfd61a90972764c891db111057697871bf0c7c4650dc853a3e96e53cbdf4ffed4807ae47717fe2488792e56f5062da258baa3a9c9028d7f92d53f3137fc81fe43844e3850c8e06e079b97ab574e0814d995d357b2cbb6f9835cd0aa868f47742eb47c596eb676ee167c577672ce3fc481aec9f690d96224c767a21dba1404f177f5ef61ba36cb6785e996a39080f85dc85a58ea02ec53f56ae663e1b0fed56458409206a1e3afaf4be1376e674c50e2d8b29ea9c88e91337a6b544616edb8eb0507a5efe21d4dc1b26dfbcd8e909ec49793e53d731b281ac93aeedee9ac2d293e309545ab31962044b304698b874ce746514ba3c8e09372b5388866a263dfa509dcf4a3959f3eb350dd035f2f5710a0178b115e62309e322d642f35a706c13890865e8f49ded4548bd70cda423ef5abe204693c1c91d95b99777ea34ac989a300735425b04c25bfdc16b4ac46827f4bd2a759c32a20b73208955fbcb6cdd94cf34bdd94152f36287fdbbed9e5a8402c34b2851d9cb4d65a66c94d3c5c08f517eab22d7055205425cce78c56c155eaa68132007df673bdb179674af36dcabe61e790426e7ab0f24a84bffbc5ed33033373544cae063234e79736ae6431a633c242f2dc4e230d3e0d6035a779b7cfe2d2dcea8999e1dddae578836924e5f87a0566fdbaca31ddb0e91c6bb6b826ddf6a0d7c4512d4867c36ed021145df2b7705d87cc09fbed3e9a011a0ababf0cab364117a474e9d0ed31d052d0d6062f14e302fba5446aec33db8bfbdfa04e6b5907d45d939f9d701372ceed75e37a0dec6a9646c891f6c07675068a19b8f0e6c921d7d4cb01215fe6ea891ffc17b9b1ac64bd4833516236a16d414fb9a665334e54f43dba0f43a2dd83d911ed2f89b835a615adae97fc359bd85fd3951f42438aaa4dd18e5cf673e2a0e6fa0c19c45343542d2bd06a5045d7e1c54d1012a14175de98f7bbe7f43930a975a75569825434a731e7f0adbb647c214b64efac2133716ab4700be86c27853106750352618dbcc05ac7cb4c44d0ad4560cf0f26faa5de564260bfe7bdb685d31acf804d67b7fb414ee069cbf311f8170f4f088f7ba9439a480f2575d1897f71156c6f51d1adc4963c48bd9457061daee43e4d9e6597ced97b95e0e2b886154da5c6e9bd8afa99824505f3d84bcf0733b682f2df6e025ad4b1e8916c5ad653e92b3f127f5b53c56f2bb4c86e96c09d993b67225c4711c24d7b485a92b492d5d49ba57eee4d6cf586e57b9c4a592176310fb11ec771c7aee0891916eab38e0ef671d652396a0ccc2dabc026b40c4399a27dfcaeb86047d38e26d584939571fd09e95aadcdc96f1bc2d2e3d44ffc2470592851652e4e2a9560dbe46d0d4a703bd78714b12c0929288855679e7c3e8d7cabfeed025a13b77862428cc84842b88e5fbfc8190293c4633f3dd2a22d626da9cf57d9cb463a9bba2eb5a22d18d12546dfaf45fe6dc121dc05dc3aeb7498dec88cd24a14e909a190977227d1577635e1032767a872845e11d3407850ab149637fe6a107da2e367f039590a562020b3927504d8964fd22672b75b7df18c5a9871540436fad28c068a0687d029b13f83f26eec0b3e298c5bf5c449218dc57ee86e61cf7a45cc59a673cae3781a39bb6c93451f849499d55e32442652ab0daa2a0415818b8f4220342da40176c24714f22e22c2791468690dab90d75a27e7ca37df3e58a201130117c410008df317f1daa74a6b1680eee783d0aa0e897b6942e5489bab1d34f46f93d3765ae3c395ef212e62a50a07c6ad560ba58e12f7198e199a53acd0dbbb4409a3fc37f8ba976793171e76ad434d9a6e42eb16a650e97c4e4691449ef220a0328c9176e823589c1e10cf01d59c7676c561ea5f3e731628247b41d3368ea21863b45433ff5f0d62996952ceeb5de5"}]}]}, 0x101c}, 0x1, 0x0, 0x0, 0x4000004}, 0x4011)
recvmsg(r2, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x1000}], 0x1, &(0x7f0000000200)=""/20, 0x14}, 0x100)
ioctl$PPPIOCSFLAGS(r4, 0x40047459, &(0x7f00000004c0)=0x100080)

[  525.688446] binder: 5408:5412 got new transaction with bad transaction stack, transaction 3371 has target 5408:0
[  525.698925] binder: 5408:5412 transaction failed 29201/-71, size 0-0 line 2879
[  525.779669] binder_alloc: binder_alloc_mmap_handler: 5408 20001000-20004000 already mapped failed -16
[  525.805108] binder: BINDER_SET_CONTEXT_MGR already set
[  525.810754] binder: 5408:5412 ioctl 40046207 0 returned -16
[  525.826126] binder_alloc: 5408: binder_alloc_buf, no vma
[  525.831703] binder: 5408:5437 transaction failed 29189/-3, size 24-8 line 2967
[  525.835516] binder: send failed reply for transaction 3371 to 5408:5412
[  525.846368] binder: undelivered TRANSACTION_ERROR: 29201
[  525.851999] binder: undelivered TRANSACTION_ERROR: 29189
09:40:38 executing program 6:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000340)="ab553fec94248c32e27d04000000288ac1f555464820e3910ef2ab88d028ac5d886b8f633a92e522bea6222dd63c771b1c10c94148a5de24f9c9a040f39494826054dd43a1beca6dd72add2e18f827278fb1b8e10ecf3643375bc0d39016160cb86965bc558a0f4264ad066c2f7d7ff50031ddf6a8a4ceab5461d4f124c19b68a3ed11c2747616fe0a1cd03840b3654b532094be3414fbec236ace0200e339bff087c754b4083246ea03f06068f071d8c066a6b918bf2394d10737f67e106ac8199e75ddca063db78d13c883daebd8c995552c00000001ebdf3f49a97f2e356b02e08f1fea40ff0846acc57467e69d809aa166a2e1bb9a41904eb2700d80b31ca98edd573b8cf9a5410785172ecf354f22a6d847f2960cfb74c1927ce80f48d5cdaaeac5954351bdb46fff6fdde972d999b01509190000000000000000", 0x7d6)
r1 = accept$alg(r0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f00000004c0)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x2f5}], 0x30}, 0x0)
r2 = dup3(r0, r0, 0x80000)
ioctl$RTC_AIE_OFF(r2, 0x7002)
write$binfmt_script(r1, &(0x7f0000000300)=ANY=[], 0xffffffaa)
recvmsg(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000013c0)=""/4096, 0x1000}], 0x1, &(0x7f0000000100)=""/123, 0x7b}, 0x0)

09:40:38 executing program 4:
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f00000003c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000140)={<r1=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(r0, &(0x7f0000000400)={0x5, 0x10, 0xfa00, {&(0x7f00000001c0), r1, 0x2}}, 0x18)
creat(&(0x7f0000000040)='./control/file1\x00', 0x0)
creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
unlink(&(0x7f00000000c0)='./control/file0\x00')
unlink(&(0x7f0000000100)='./control/file1\x00')
rmdir(&(0x7f0000000180)='./control\x00')
close(0xffffffffffffffff)

09:40:38 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:38 executing program 7:
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000d28000))
r1 = epoll_create1(0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000e4cfe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
r2 = getpid()
sched_setaffinity(r2, 0x8, &(0x7f0000000000)=0x5)
r3 = syz_open_dev$sndtimer(&(0x7f0000000080)='/dev/snd/timer\x00', 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r3, 0xc0145401, &(0x7f0000013000))
readv(r3, &(0x7f000042bff8)=[{&(0x7f0000e3b000)=""/61, 0x3d}], 0x1)
ioctl$KVM_DEASSIGN_PCI_DEVICE(r3, 0x4040ae72, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x9})
r4 = syz_open_dev$dmmidi(&(0x7f00000000c0)='/dev/dmmidi#\x00', 0x10000, 0x40)
ioctl$KVM_GET_NR_MMU_PAGES(r4, 0xae45, 0x1)
dup3(r1, r1, 0x0)

09:40:38 executing program 1:
r0 = socket$inet(0x2, 0x1, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0xfffffffffffffffc, 0x8972, 0xffffffffffffffff, 0x0)
bind$inet(r0, &(0x7f0000134000)={0x2, 0x4e23, @broadcast}, 0x10)
connect$inet(r0, &(0x7f00000e5000)={0x2, 0x4e23, @loopback}, 0x10)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x80, 0x0)
ioctl$KVM_GET_MSRS(r1, 0xc008ae88, &(0x7f0000000240)=ANY=[@ANYBLOB="04000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000c00000000000000000057dc182c94588b05f83381119da6a9000000000000000000cf8d2cb78cb92017bb4925f8db178774027e671017662e33e6654c9c46a258bc57715b8a9b60c11b95372da823b30bd8411e7245330be12fab772f8b3b6a4ea93e7e9e0e5e4f8f8c9b9c020dc6a8f61cfc7ae0d7ba410ea371a0e4a0c5324ed7731280f510ca2442e44d764703eaa2f5a8b33b9103d2b9743d7efc7282308785311d61b8957c4fba9702f112c6c485fac5f31de13daf600b592524e8332a54a5a9d79e92331f856b6b219dd2167e6617620d1fc6201b910de0addbead311a8aa6a0eb755c80e92fbe0a26dd863eda78f43952bc3ce5436cd6fab2fde84e56a0d1f85d6eeffb69a8cee07ef2c5af8ab0915473b1809ac3c483bbe1353ea25debc712a"])
connect$inet(r0, &(0x7f00009322c4)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x2)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10)
ioctl$FIBMAP(r0, 0x1, &(0x7f0000000040)=0x5)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)

09:40:38 executing program 5:
socket$inet6(0xa, 0x1000000000002, 0x0)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:38 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x6c, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:40:38 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0xf401000000000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:38 executing program 4:
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount(&(0x7f00000000c0)='./file0//ile0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='cgroup2\x00', 0x0, 0x0)
r0 = open(&(0x7f0000000380)='./file0//ile0\x00', 0x0, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000340)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r1, &(0x7f0000000100), 0x12)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
r3 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r3, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070")
bind$inet(r2, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r2, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10)
recvmmsg(r2, &(0x7f0000005f80)=[{{&(0x7f0000001740)=@l2, 0x80, &(0x7f0000002b00)=[{&(0x7f00000017c0)=""/4096, 0x200027c0}], 0x1, &(0x7f0000002b80)=""/146, 0x92}}, {{&(0x7f0000002c40)=@pppol2tpin6={0x18, 0x1, {0x0, <r4=>0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @ipv4={[], [], @rand_addr}}}}, 0x80, &(0x7f0000004140)=[{&(0x7f0000002cc0)=""/4096, 0x1000}], 0x1}}], 0x2, 0x0, 0x0)
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000000)={0x0, <r5=>0x0}, &(0x7f0000000040)=0xc)
write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000180)={0x2b, 0x4, 0x0, {0x6, 0x100, 0x3, 0x0, [0x0, 0x0, 0x0]}}, 0x2b)
setfsuid(r5)

09:40:38 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  526.044642] binder: 5451:5458 got new transaction with bad transaction stack, transaction 3377 has target 5451:0
[  526.055192] binder: 5451:5458 transaction failed 29201/-71, size 0-0 line 2879
09:40:38 executing program 5:
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:38 executing program 6:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r1 = accept$alg(r0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f00000004c0)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x2f5}], 0x30}, 0x0)
write$binfmt_script(r1, &(0x7f0000000300)=ANY=[], 0xffffffaa)
chroot(&(0x7f0000000000)='./file0\x00')
recvmsg(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000013c0)=""/4096, 0x1000}], 0x1, &(0x7f0000000100)=""/123, 0x7b}, 0x0)

[  526.114180] binder_alloc: binder_alloc_mmap_handler: 5451 20001000-20004000 already mapped failed -16
[  526.125692] binder: BINDER_SET_CONTEXT_MGR already set
[  526.131218] binder: 5451:5458 ioctl 40046207 0 returned -16
[  526.137480] binder_alloc: 5451: binder_alloc_buf, no vma
[  526.143077] binder: 5451:5471 transaction failed 29189/-3, size 24-8 line 2967
[  526.152855] binder: send failed reply for transaction 3377 to 5451:5458
09:40:38 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:38 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0xc70b000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

[  526.165195] binder: undelivered TRANSACTION_ERROR: 29201
[  526.170719] binder: undelivered TRANSACTION_ERROR: 29189
09:40:38 executing program 4:
r0 = getpgid(0xffffffffffffffff)
r1 = syz_open_procfs(r0, &(0x7f0000000100)='net/ip6_tables_names\x00')
pwrite64(r1, &(0x7f0000000140), 0x0, 0x3)

[  526.267523] binder: 5492:5494 got new transaction with bad transaction stack, transaction 3383 has target 5492:0
[  526.278120] binder: 5492:5494 transaction failed 29201/-71, size 0-0 line 2879
[  526.299448] binder_alloc: binder_alloc_mmap_handler: 5492 20001000-20004000 already mapped failed -16
[  526.316313] binder: BINDER_SET_CONTEXT_MGR already set
[  526.322376] binder: 5492:5494 ioctl 40046207 0 returned -16
[  526.324132] binder_alloc: 5492: binder_alloc_buf, no vma
[  526.333792] binder: 5492:5495 transaction failed 29189/-3, size 24-8 line 2967
[  526.344462] binder: send failed reply for transaction 3383 to 5492:5494
[  526.353721] binder: undelivered TRANSACTION_ERROR: 29201
[  526.359306] binder: undelivered TRANSACTION_ERROR: 29189
09:40:39 executing program 3:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f000065ffa8)={0x26, 'hash\x00', 0x0, 0x0, 'poly1305-simd\x00'}, 0x58)
r1 = accept4(r0, 0x0, &(0x7f0000000000), 0x0)
sendmsg$FOU_CMD_DEL(r1, &(0x7f0000000180)={&(0x7f0000000040), 0xc, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="00000089000000"], 0x14}}, 0x0)
recvmmsg(r1, &(0x7f0000005ec0)=[{{&(0x7f0000005600)=@ethernet={0x0, @link_local}, 0x80, &(0x7f00000059c0)}}, {{&(0x7f0000005a40)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x80, &(0x7f0000005e00), 0x0, &(0x7f0000005e80)=""/10, 0xa}}], 0x2, 0x0, 0x0)
bind$alg(r1, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(xeta)\x00'}, 0x58)
r2 = add_key$keyring(&(0x7f0000000340)='keyring\x00', &(0x7f0000000380)={0x73, 0x79, 0x7a, 0x0}, 0x0, 0x0, 0xfffffffffffffff9)
request_key(&(0x7f00000000c0)='ceph\x00', &(0x7f00000002c0)={0x73, 0x79, 0x7a, 0x1}, &(0x7f0000000300)='procwlan1{selftrustedem1\x00', r2)
r3 = syz_open_dev$dmmidi(&(0x7f0000000080)='/dev/dmmidi#\x00', 0x5, 0x200000)
ioctl$KVM_GET_EMULATED_CPUID(r3, 0xc008ae09, &(0x7f00000001c0)=""/87)

09:40:39 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x1c00000000000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:39 executing program 5:
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:39 executing program 4:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_EVENTS(r0, 0x84, 0x10, &(0x7f0000000000), &(0x7f0000000040)=0xb)
kexec_load(0x2, 0x5, &(0x7f0000000400)=[{&(0x7f0000000080)="2c7b6ff9d601e7ef366065607fc58060f6ade269bc94ecf03b57e6c89fa3fe57882efb940cd1984a9b7257f731a7e022e6c28d2030c213c143b841ace9338210a423d5fcfa8aec6b2af6cf7c0f8d73fe3862e33a66cc9cc89d04c88759797de64fc67661bc44ca5329d0835c1e3b4dda646a64e79b7889af9084d956cc2cb0dde1423bb93fdee6aba42a7bb1e570745b5b58ae33452d3f827f531b3cefda984c1aeafe7aa2eb85cb19d76b7ed7f1b3f7a9a0a551f4be499f8c0eabe1c85c3a173e6a4f", 0xc3, 0x7, 0xfffffffffffffff9}, {&(0x7f0000000180)="46bbb65cf70147a007ab9c", 0xb, 0x1000, 0x1ff}, {&(0x7f00000001c0)="3b661236282573e4a9", 0x9, 0xfffffffffffffffd, 0x6}, {&(0x7f0000000200)="9dc4a29d4fedfba3bb11fd2fc80f46ace8811d210957bc85dd2fe6a7a2e73f1b833d73a7f2b2c8b4fc5b1da0bcc1391d7f180fc7c9687234d4a28bb200858ced6ad52be92167ffe736ac53b5ab989adaad9f539ee72fa7e191a7ca57accba25818a683e94b42d8ac81210407db2c96e5a106ba11308ddc4480d3ef908189846892e464108e14ed3b096ee79cb66798a90a79dbc21a1ab6d1bf52b32d1daf3d5eaec44a9192907c648c1f2c7f6dc52c2673bb9f09c9bbdf9b41a2c583587738e6a69ab3ade90e31da843d2593a247055f94449aadc21fd7bd403ea9038d8a58dc57109f44051a9100e0da06a858b7c596", 0xf0, 0x6, 0x20}, {&(0x7f0000000300)="8f2b2866996a27c8912902ccded53708c60455f3df408bfdd1be9f3f2af6e3415ec2410e137b7f6ae1b808977fb543539c3d19c1bd205532251e4ec77a98a1ae8cc963a52eab07f457f196bc9df58dce3b766f91db5847ae53a123682f8cf6fd6cb61a0476bf4816ca639fa0b8928fb98e0d3102d8dd27e4e0f8254268150df54332135f84450512995e887151516b392cf3e07b9a3ac487f651a10d6ccc81a8e06fa945923efbec663df0b3cb4a3e1f58137eba6e3b3749caf573b7ca58bcf51c718eb480ec3985598f324157856c19ad29fa95", 0xd4, 0xa573a74}], 0xb0000)

09:40:39 executing program 1:
r0 = socket$inet(0x2, 0x1, 0x2)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0xfffffffffffffffc, 0x8972, 0xffffffffffffffff, 0x0)
bind$inet(r0, &(0x7f0000134000)={0x2, 0x4e23, @broadcast}, 0x10)
connect$inet(r0, &(0x7f00000e5000)={0x2, 0x4e23, @loopback}, 0x10)
accept4$inet(r0, &(0x7f0000000000)={0x2, 0x0, @remote}, &(0x7f0000000040)=0x10, 0x0)
connect$inet(r0, &(0x7f00009322c4)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x2)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)

09:40:39 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0xfffffdfd, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:40:39 executing program 7:
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000d28000))
r1 = epoll_create1(0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000e4cfe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
r2 = getpid()
sched_setaffinity(r2, 0x8, &(0x7f0000000000)=0x5)
r3 = syz_open_dev$sndtimer(&(0x7f0000000080)='/dev/snd/timer\x00', 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r3, 0xc0145401, &(0x7f0000013000))
readv(r3, &(0x7f000042bff8)=[{&(0x7f0000e3b000)=""/61, 0x3d}], 0x1)
ioctl$KVM_DEASSIGN_PCI_DEVICE(r3, 0x4040ae72, &(0x7f0000000040))
r4 = dup3(r1, r0, 0x0)
write$P9_RXATTRCREATE(r4, &(0x7f00000000c0)={0x7, 0x21, 0x1}, 0x7)

09:40:39 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x400300]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:39 executing program 5:
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:39 executing program 3:
r0 = socket$inet6(0xa, 0x3, 0x4000000000000087)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
io_setup(0x101, &(0x7f00000000c0))

09:40:39 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000000)="025cc80700145f8f764070")
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000440)={0x26, 'hash\x00', 0x0, 0x0, 'tgr128\x00'}, 0x58)
r2 = open(&(0x7f0000000040)='./file0\x00', 0x8240, 0x31)
r3 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x6, 0x80000)
ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f00000000c0)={0x100000000, 0x4, 0x1, r3})
r4 = accept$alg(r1, 0x0, 0x0)
sendmmsg(r4, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can, 0x80, &(0x7f00000000c0)}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000000040), 0x0, &(0x7f0000007b00)}}], 0x2, 0x0)

[  526.865815] binder: 5524:5527 got new transaction with bad transaction stack, transaction 3389 has target 5524:0
[  526.876292] binder: 5524:5527 transaction failed 29201/-71, size 0-0 line 2879
09:40:39 executing program 1:
r0 = socket$inet(0x2, 0x1, 0x0)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x2000, 0x0)
ioctl$TUNSETVNETHDRSZ(r1, 0x400454d8, &(0x7f0000000040)=0x25ff)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0xfffffffffffffffc, 0x8972, 0xffffffffffffffff, 0x0)
bind$inet(r0, &(0x7f0000134000)={0x2, 0x4e23, @broadcast}, 0x10)
getsockopt$IPT_SO_GET_ENTRIES(r1, 0x0, 0x41, &(0x7f0000000240)=ANY=[@ANYBLOB="6e617400000000000000000000000000000000000000000b0000000000000000da000000698162f546d485758f442216a1df5830021a7397930158f3ed8f5c68d2187f462c9e7f6505d7197e1aa9d0806bd958acf6da2bf1e3ec243bca84a0fe62b56f4c2dc7751090cfc6fdbab57e9c4f3f5fbc6ee0507227b214f24015851ddf978acf315b25ee1a079e111b9f1bfa2bf6779d16c8bff1cb9e3a906299959c62eb7857fd85a39455c48a80b24e893072432698de72cbf495025dff717c9ffa9668597f67dd38dffddce73bdc65df94a71906b3bbae9480b5678d0e4a28d55a4deead72603cdcc5edfa0bc5060324a3bbc783cc6fccd9672ba354555b78b1d609faac74cb47517d9cf9249bdb73550a3b0cfc0ac0ad6104247038c9fe2eb2fb803cac1a3eb09dfd0346a07db2f6bf5e"], &(0x7f0000000200)=0xfe)
connect$inet(r0, &(0x7f00000e5000)={0x2, 0x4e23, @loopback}, 0x10)
connect$inet(r0, &(0x7f00009322c4)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x2)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)

[  526.917193] binder_alloc: binder_alloc_mmap_handler: 5524 20001000-20004000 already mapped failed -16
[  526.962293] binder: BINDER_SET_CONTEXT_MGR already set
[  526.986070] binder: 5524:5527 ioctl 40046207 0 returned -16
[  526.992823] binder: send failed reply for transaction 3389 to 5524:5527
09:40:39 executing program 6:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="ab553fec94248c00000080000000008a", 0x117)
r1 = accept$alg(r0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f00000004c0)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x2f5}], 0x30}, 0x0)
write$binfmt_script(r0, &(0x7f0000000000)=ANY=[], 0x0)
recvmsg(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000013c0)=""/4096, 0x1000}], 0x1, &(0x7f0000000100)=""/123, 0x7b}, 0x0)
ppoll(&(0x7f0000000040)=[{r1, 0x40}, {r0, 0x8042}], 0x2, &(0x7f0000000080)={0x77359400}, &(0x7f0000000200)={0x1}, 0x8)

09:40:39 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x100008912, &(0x7f00000003c0)="025cc80700145f8f1601a4687da1bcfff520ababc44730617ac580905972f83d97456e6d2fe2a98486738086ae99d573b5d2221bdeca3995dd6a21cc56cfb60ea74f12a153c08dc43dc7f642d2a3a2402b161bfde1da9d4958df4cb84f8bdbec8cf24a67c2b999284164e1d76a2527391f3376190e2ff86b5f0db6b47d2b5cd37da959113a635f189ac011526c7333070569b1e1fcaf4533e3f3e24bca3405f866fc0aeed9569f123a5641eec01b3acedf40f1185bee690d58302978b0538ed7c5cddc4bd60f4735595ce8f7944cf8755853381dfb1335cd864bdf48db15b7dbdfe5c7c0feaf9e65bfca54e10b77fe6d2344dd00020758c5e9b4504b03e6f14939ef9b4b62d0a8f9e0d66e9a32d3950b4232b0d19d84bdca98e9e527a9e75754daec14468c03992a44135ac7b01ed01f652fb6b22d0d124aab360f56851a26256aa59bfc761422f3ff33066753e3f7b121ecf7a8cdc1")
r1 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10)
r2 = socket(0xa, 0x1, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000000300)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88)
setsockopt$inet_mtu(r1, 0x0, 0x15, &(0x7f0000000000), 0x4)

09:40:39 executing program 5:
r0 = socket$inet6(0xa, 0x0, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:39 executing program 4:
unshare(0x8020000)
r0 = msgget$private(0x0, 0x0)
msgsnd(r0, &(0x7f0000000080)=ANY=[@ANYRESDEC=0x0], 0x1, 0x0)
msgsnd(0x0, &(0x7f0000000100)={0x3}, 0x8, 0x0)
r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/ipc\x00')
r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x40280, 0x0)
ioctl$TUNSETVNETLE(r2, 0x400454dc, &(0x7f00000000c0)=0x1)
setns(r1, 0x0)
getsockopt$XDP_STATISTICS(r2, 0x11b, 0x7, &(0x7f0000000140), &(0x7f0000000180)=0x18)

09:40:39 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x1c000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:39 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0xc60b0000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

[  527.044237] binder: undelivered TRANSACTION_ERROR: 29201
[  527.049783] binder: undelivered TRANSACTION_ERROR: 29189
[  527.140504] binder: 5569:5572 got new transaction with bad transaction stack, transaction 3394 has target 5569:0
[  527.151084] binder: 5569:5572 transaction failed 29201/-71, size 0-0 line 2879
09:40:39 executing program 3:
unshare(0x400)
r0 = getpgid(0xffffffffffffffff)
r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$SG_GET_LOW_DMA(r1, 0x227a, &(0x7f0000000500))
r2 = syz_genetlink_get_family_id$team(&(0x7f0000000040)='team\x00')
r3 = dup3(r1, r1, 0x80000)
getsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f00000000c0)={{{@in=@local, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}}, {{@in=@dev}, 0x0, @in=@remote}}, &(0x7f00000001c0)=0xe8)
getsockname$packet(0xffffffffffffff9c, &(0x7f0000000200)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000240)=0x14)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f0000000280)={{{@in6=@local, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}}, {{@in=@multicast1}, 0x0, @in=@remote}}, &(0x7f0000000380)=0xe8)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f00000003c0)={{{@in=@rand_addr, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0}}, {{@in6=@mcast1}, 0x0, @in=@multicast2}}, &(0x7f00000004c0)=0xe8)
recvmsg(0xffffffffffffffff, &(0x7f0000000840)={&(0x7f0000000580)=@hci={0x1f, <r8=>0x0}, 0x80, &(0x7f0000000780)=[{&(0x7f0000000600)=""/70, 0x46}, {&(0x7f0000000680)=""/248, 0xf8}], 0x2, &(0x7f00000007c0)=""/94, 0x5e, 0x400}, 0x1)
setsockopt$IP6T_SO_SET_ADD_COUNTERS(r3, 0x29, 0x41, &(0x7f0000000900)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000880)={<r9=>0x0, @multicast2, @dev}, &(0x7f00000008c0)=0xc)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000540), 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffff9c, 0x8933, &(0x7f0000000fc0)={'team0\x00', <r10=>0x0})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000001000)={'ip_vti0\x00', <r11=>0x0})
ioctl$BLKRRPART(r1, 0x125f, 0x0)
getsockopt$inet_pktinfo(0xffffffffffffff9c, 0x0, 0x8, &(0x7f0000001040)={<r12=>0x0, @rand_addr, @loopback}, &(0x7f0000001080)=0xc)
getsockopt$inet_pktinfo(0xffffffffffffff9c, 0x0, 0x8, &(0x7f00000010c0)={<r13=>0x0, @multicast2, @rand_addr}, &(0x7f0000001100)=0xc)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffff9c, 0x8933, &(0x7f0000001180)={'team0\x00', <r14=>0x0})
sendmsg$TEAM_CMD_OPTIONS_GET(r1, &(0x7f00000015c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000001580)={&(0x7f00000011c0)=ANY=[@ANYBLOB="88030000", @ANYRES16=r2, @ANYBLOB="000429bd7000fcdbdf250200000008000100", @ANYRES32=r4, @ANYBLOB="400002003c00010024000100757365725f6c696e6b757000000000000000000000000000000000000000000008000300060000000400040008000600", @ANYRES32=r5, @ANYBLOB="08000100", @ANYRES32=r6, @ANYBLOB="b001020040000100240001006c625f686173685f737461747300000000000000000000000000000000000000080003000b000000080004002dc1000008000700000000003c000100240001006c625f74785f6d6574686f64000000000000000000000000000000000000000008000300050000000c000400686173680000000040000100240001006c625f706f72745f737461747300000000000000000000000000000000000000080003000b000000080004006ba9000008000600", @ANYRES32=r7, @ANYBLOB="3c000100240001006270665f686173685f66756e6300000000000000000000000000000000000000080003000b0000000c000400000007890000000074000100240001006270665f686173685f66756e6300000000000000000000000000000000000000080003000b000000440004003f00b60002000000010000c60100008006000808080000001b050001a90e000001040002ffffffffae9dc103d40c000002000701b1e20000d90800000100000040000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000080003000300000008000400", @ANYRES32=r8, @ANYBLOB="080007000000000008000100", @ANYRES32=r9, @ANYBLOB="44000200400001002400010071756575655f69640000000000000000000000000000000000000000000000000800030003000000080004002000000008000600", @ANYRES32=r10, @ANYBLOB="00ffffff", @ANYRES32=r11, @ANYBLOB="7c00020038000100240001006d636173745f72656a6f696e5f696e74657276616c00000000000000000000000800030003000000080004000100000040000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000080003000300000008000400", @ANYRES32=r12, @ANYBLOB="080007000000000008000100", @ANYRES32=r13, @ANYBLOB="500002004c000100240001006c625f74785f6d6574686f64000000000000000000000000000000000000000008000300050000001c000400686173685f746f5f706f72745f6d617070696e670000000008000100", @ANYRES32=r14, @ANYBLOB="4400020040000100240001006d6f6465000000000000000000000000000000000000000000000000000000000800030005000000100004006c6f616462616c616e636500"], 0x388}, 0x1, 0x0, 0x0, 0x10}, 0x4000)
r15 = syz_open_procfs(r0, &(0x7f0000000080)='HJ s;')
fchdir(r15)

09:40:39 executing program 6:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r1 = accept$alg(r0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f00000004c0)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x2f5}], 0x30}, 0x0)
write$binfmt_script(r1, &(0x7f0000000300)=ANY=[], 0xffffffaa)
recvmsg(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000013c0)=""/4096, 0x1000}], 0x1, &(0x7f0000000100)=""/123, 0x7b}, 0x0)

09:40:39 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x1f4]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:39 executing program 4:
r0 = syz_open_dev$sndctrl(&(0x7f0000000080)='/dev/snd/controlC#\x00', 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r0, 0xc10c5541, &(0x7f0000000100)={0x0, 0x10000000})
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc0045540, &(0x7f0000000000)=0x4)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x400001, 0x0)
setsockopt$RDS_GET_MR_FOR_DEST(r1, 0x114, 0x7, &(0x7f0000000340)={@llc={0x1a, 0xffff, 0x0, 0x2, 0x1, 0x1, @dev={[], 0x20}}, {&(0x7f0000000240)=""/232, 0xe8}, &(0x7f00000000c0), 0x20}, 0xa0)

[  527.256650] binder_alloc: binder_alloc_mmap_handler: 5569 20001000-20004000 already mapped failed -16
[  527.278170] binder: BINDER_SET_CONTEXT_MGR already set
[  527.283689] binder_alloc: 5569: binder_alloc_buf, no vma
[  527.289115] binder: 5569:5572 ioctl 40046207 0 returned -16
[  527.289236] binder: 5569:5589 transaction failed 29189/-3, size 24-8 line 2967
[  527.304388] binder: send failed reply for transaction 3394 to 5569:5572
[  527.311646] binder: undelivered TRANSACTION_ERROR: 29201
[  527.317213] binder: undelivered TRANSACTION_ERROR: 29189
09:40:40 executing program 7:
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000d28000))
r1 = epoll_create1(0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000e4cfe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
r2 = getpid()
sched_setaffinity(r2, 0x8, &(0x7f0000000000)=0x5)
r3 = syz_open_dev$sndtimer(&(0x7f0000000080)='/dev/snd/timer\x00', 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r3, 0xc0145401, &(0x7f0000013000))
readv(r3, &(0x7f000042bff8)=[{&(0x7f0000e3b000)=""/61, 0x3d}], 0x1)
ioctl$KVM_DEASSIGN_PCI_DEVICE(r3, 0x4040ae72, &(0x7f0000000040))
r4 = dup3(r1, r0, 0x0)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_SERVICE(r4, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, r5, 0x400, 0x70bd2d, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000040}, 0x40)

09:40:40 executing program 5:
r0 = socket$inet6(0xa, 0x0, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:40 executing program 4:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'morus1280\x00'}, 0x58)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000300)="025cc80700145f8f764070")
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a911993f0265df5cf1cdd8b55", 0xfffffffffffffee8)
r2 = accept$alg(r0, 0x0, 0x0)
socket$alg(0x26, 0x5, 0x0)
sendmsg$alg(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000012c0), 0x33a, &(0x7f0000001300)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0)
perf_event_open(&(0x7f00000007c0)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0x0, 0xffffffffffffffff, 0x1)
openat$vnet(0xffffffffffffff9c, &(0x7f00002ac000)='/dev/vhost-net\x00', 0x2, 0x0)
getpid()
ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000040))
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f00000002c0)={0x0, &(0x7f0000000340)=[{0x1, 0x2000000000000001, 0xe864, 0xa}, {0xfffffffffffff800, 0x0, 0xdd, 0x6}, {0x5, 0x2, 0x100000001, 0xfffffffffffeffff}]}, 0x10)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f0000000bc0)={{{@in=@dev, @in6=@dev}}, {{@in6=@dev}, 0x0, @in6}}, &(0x7f0000000440)=0x8a)
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f00000005c0)={<r5=>0x0}, &(0x7f0000000600)=0xc)
ptrace$poke(0x4, r5, &(0x7f0000000780), 0xc9)
rseq(&(0x7f0000000000), 0x20, 0x0, 0x0)
rseq(&(0x7f0000000000), 0x20, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r4, 0x8914, &(0x7f0000000080)={"6272696467653000800000000040f400"})
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='net/mcfilter\x00')
alarm(0x7fffffff)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000200)={<r7=>0x0, 0x1, 0x81}, &(0x7f0000000240)=0x8)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r6, 0x84, 0x7b, &(0x7f0000000280)={r7, 0x7}, &(0x7f0000000840)=0x8)
ioctl$sock_inet_SIOCSIFFLAGS(r4, 0x89a1, &(0x7f0000000100)={'bridge0\x00', 0xfffffffffffffffd})
ioctl$VHOST_SET_LOG_BASE(r6, 0x4008af04, &(0x7f00000003c0)=&(0x7f0000000380))
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x0, 0x0)

09:40:40 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:40 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r1, &(0x7f0000d65000)={&(0x7f0000de2ff4), 0xc, &(0x7f0000000100)={&(0x7f0000001a80)=ANY=[@ANYBLOB="240000000201ffff00000004fe0000000000000008001400000000000800080004000000e4abbc55b5a8dc98140137149d0f0d920825f6e2661ef913c2db00f1f4d9bb01d53c00000000010000007ef634125405190ea8802112ea89e2c3836c9a23b11133c5f04ce6598346b547bb0fea0d573227d2db03e268e52eef6f550e6ee28054f887560e1b2025d5f1efab631021a28cde1a3fed9b3932ba69b852d4ae6a79f1cbfe7e9f4654798785e682d5180c96a8c8ae7173f58c7a36613684df60faad90f114869d3af024b8d530d5df93c6bf6606c99753b5f91f9fb183cf07096180b6ccdc165f272d43e68b4fdfe9bf6c17cb3e84b9d9c0dbc494b436f3e4f5"], 0x10c}}, 0x0)
ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000080)=<r2=>0x0)
fcntl$setown(r0, 0x8, r2)
r3 = socket$inet6(0xa, 0x400000000001, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x80000000a, &(0x7f0000000100)=0x3, 0x4)
r4 = dup(r3)
flistxattr(r4, &(0x7f0000000080)=""/13, 0xd)
bind$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
sendto$inet6(r3, &(0x7f0000e77fff), 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x100000000000000, @loopback, 0x85}, 0x1c)
preadv(r4, &(0x7f0000001840)=[{&(0x7f0000000380)=""/253, 0xfd}, {&(0x7f0000000480)=""/43, 0x2b}, {&(0x7f00000004c0)=""/205, 0xcd}, {&(0x7f00000005c0)=""/33, 0x21}, {&(0x7f0000000600)=""/42, 0x2a}, {&(0x7f0000000640)=""/4096, 0x1000}, {&(0x7f0000001640)=""/251, 0xfb}, {&(0x7f0000001740)=""/64, 0x40}, {&(0x7f0000001780)=""/170, 0xaa}], 0x9, 0x0)
rt_sigpending(&(0x7f0000000140), 0x8)
ioctl$EVIOCGMASK(r4, 0x80104592, &(0x7f00000001c0)={0x0, 0x29, &(0x7f00000000c0)="7bba6818609e3d86b63695dae31d8c237a83896e41c3cc4e27483214813741189b4dba36796ba31e41"})
truncate(&(0x7f0000000200)='./bus\x00', 0x4)
setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4)
getsockopt(r4, 0x7fff, 0x588, &(0x7f0000000240)=""/231, &(0x7f0000000340)=0xe7)
r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ioctl$GIO_UNISCRNMAP(r4, 0x4b69, &(0x7f0000000000)=""/60)
listen(r4, 0x4)
read$eventfd(r4, &(0x7f0000001900), 0x8)
ftruncate(r5, 0x7fff)
write$cgroup_pid(r5, &(0x7f0000001940)=r2, 0x12)
sendfile(r4, r5, &(0x7f0000d83ff8), 0x8000fffffffe)

09:40:40 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x300000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:40:40 executing program 1:
r0 = socket$inet(0x2, 0x1, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0xfffffffffffffffc, 0x8972, 0xffffffffffffffff, 0x0)
bind$inet(r0, &(0x7f0000134000)={0x2, 0x4e23, @broadcast}, 0x10)
connect$inet(r0, &(0x7f00000e5000)={0x2, 0x4e23, @loopback}, 0x10)
connect$inet(r0, &(0x7f00009322c4)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x2)
r1 = socket(0x0, 0x5, 0x1bd1)
r2 = syz_genetlink_get_family_id$team(&(0x7f0000000040)='team\x00')
getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000200)={{{@in, @in=@rand_addr, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in=@dev}}}, &(0x7f0000000180)=0xe8)
getsockname$packet(0xffffffffffffffff, &(0x7f00000006c0)={0x11, 0x0, <r4=>0x0}, &(0x7f0000000700)=0x14)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000740)={'team0\x00', <r5=>0x0})
getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000800)={{{@in=@remote, @in=@rand_addr, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}}, {{@in=@local}, 0x0, @in=@multicast2}}, &(0x7f0000000900)=0xe8)
getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000940)={{{@in=@multicast2, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0}}, {{@in=@local}, 0x0, @in6=@dev}}, &(0x7f0000000a40)=0xe8)
getsockname$packet(0xffffffffffffff9c, &(0x7f0000004280)={0x11, 0x0, <r8=>0x0}, &(0x7f00000042c0)=0x14)
ioctl$sock_inet_tcp_SIOCATMARK(r1, 0x8905, &(0x7f00000000c0))
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000004300)={{{@in=@local, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r9=>0x0}}, {{@in=@loopback}, 0x0, @in6=@ipv4={[], [], @dev}}}, &(0x7f0000004400)=0xe8)
accept$packet(0xffffffffffffff9c, &(0x7f0000004440)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000004480)=0x14)
sendmsg$TEAM_CMD_OPTIONS_SET(r1, &(0x7f0000004800)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000047c0)={&(0x7f00000044c0)={0x2f8, r2, 0x102, 0x70bd2c, 0x25dfdbfb, {}, [{{0x8, 0x1, r3}, {0x128, 0x2, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8}, {0x8, 0x4, r4}}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0xc, 0x4, 'hash\x00'}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8}, {0x8, 0x4, 0x2}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8}, {0x8, 0x4, 0x7}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8}, {0x8, 0x4, r5}}}]}}, {{0x8, 0x1, r6}, {0x1ac, 0x2, [{0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8}, {0x8, 0x4, 0x80000000}}}, {0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x8}, {0x8, 0x4, 0x3}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8}, {0x8, 0x4, 0x5}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r7}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r8}}}, {0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x8}, {0x8}}, {0x8, 0x6, r9}}}, {0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x8}, {0x8, 0x4, 0x6}}, {0x8, 0x6, r10}}}]}}]}, 0x2f8}, 0x1, 0x0, 0x0, 0x80}, 0x80)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)

09:40:40 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x900000000000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  527.846077] bridge0: port 2(bridge_slave_1) entered disabled state
[  527.852707] bridge0: port 1(bridge_slave_0) entered disabled state
09:40:40 executing program 5:
r0 = socket$inet6(0xa, 0x0, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

[  527.887481] binder: 5627:5641 got new transaction with bad transaction stack, transaction 3400 has target 5627:0
[  527.898015] binder: 5627:5641 transaction failed 29201/-71, size 0-0 line 2879
09:40:40 executing program 5:
socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:40 executing program 6:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sm3-generic\x00'}, 0xd)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r1 = accept$alg(r0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f00000004c0)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x2f5}], 0x30}, 0x0)
write$binfmt_script(r1, &(0x7f0000000300)=ANY=[], 0xffffffaa)
ioctl$sock_SIOCBRADDBR(r1, 0x89a0, &(0x7f0000000000)='bond0\x00')
recvmsg(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000013c0)=""/4096, 0x1000}], 0x1, &(0x7f0000000100)=""/123, 0x7b}, 0x0)

09:40:40 executing program 6:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r1 = accept$alg(r0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f00000004c0)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x2f5}], 0xfffffffffffffdd0}, 0x0)
write$binfmt_script(r1, &(0x7f0000000300)=ANY=[], 0xffffffaa)
recvmsg(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000013c0)=""/4096, 0x1000}], 0x1, &(0x7f0000000100)=""/123, 0x7b}, 0x0)

09:40:40 executing program 5:
socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:41 executing program 5:
socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

[  528.406367] device bridge_slave_1 left promiscuous mode
[  528.412124] bridge0: port 2(bridge_slave_1) entered disabled state
[  528.421218] binder_alloc: binder_alloc_mmap_handler: 5627 20001000-20004000 already mapped failed -16
[  528.430908] binder: BINDER_SET_CONTEXT_MGR already set
[  528.436322] binder: 5627:5641 ioctl 40046207 0 returned -16
[  528.442180] binder_alloc: 5627: binder_alloc_buf, no vma
[  528.447733] binder: 5627:5672 transaction failed 29189/-3, size 24-8 line 2967
09:40:41 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x0, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:41 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  528.455698] binder: send failed reply for transaction 3400 to 5627:5641
[  528.455970] device bridge_slave_0 left promiscuous mode
[  528.468162] bridge0: port 1(bridge_slave_0) entered disabled state
[  528.474160] binder: undelivered TRANSACTION_ERROR: 29201
[  528.480107] binder: undelivered TRANSACTION_ERROR: 29189
09:40:41 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0xf401]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:41 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x7000000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:40:41 executing program 7:
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000d28000))
r1 = epoll_create1(0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000e4cfe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
r2 = getpid()
sched_setaffinity(r2, 0xfffffffffffffe66, &(0x7f0000000000)=0x5)
r3 = syz_open_dev$sndtimer(&(0x7f0000000080)='/dev/snd/timer\x00', 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r3, 0xc0145401, &(0x7f0000013000))
readv(r3, &(0x7f000042bff8)=[{&(0x7f0000e3b000)=""/61, 0x3d}], 0x1)
ioctl$KVM_DEASSIGN_PCI_DEVICE(r3, 0x4040ae72, &(0x7f0000000040))
dup3(r1, r0, 0x0)
ftruncate(r1, 0x0)

09:40:41 executing program 4:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='comm\x00')
exit(0x0)
r1 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r0, &(0x7f00000000c0), 0x1)
finit_module(r1, &(0x7f00000001c0)='comm\x00', 0x2)
getresuid(&(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000100))

09:40:41 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x4e2, 0x64a300)
ioctl$KVM_SET_GUEST_DEBUG(r1, 0x4048ae9b, &(0x7f0000000080)={0xd0002, 0x0, [0xd62, 0x6d13717f, 0xfffffffffffffbff, 0x64, 0xf1, 0x0, 0x7549, 0x80000001]})
r2 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r2, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070")
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10)
sendto$inet(r0, &(0x7f0000de1fff), 0xfffffffffffffd43, 0x20008005, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback}, 0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0xc, &(0x7f0000000400)=0xffffffffffffff00, 0x4)

09:40:41 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x0, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:41 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x3, 0x610000)
ioctl$TIOCGETD(r0, 0x5424, &(0x7f0000000140))
r1 = socket$inet(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000134000)={0x2, 0x4e23, @broadcast}, 0x10)
connect$inet(r1, &(0x7f00000e5000)={0x2, 0x4e23, @loopback}, 0x10)
getsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, &(0x7f00000000c0)=0x200, &(0x7f0000000100)=0x2)
connect$inet(r1, &(0x7f00009322c4)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x2)
ioctl$SG_GET_VERSION_NUM(r0, 0x2282, &(0x7f0000000040))
connect$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10)
ioctl$sock_inet6_udp_SIOCINQ(r0, 0x541b, &(0x7f0000000180))
poll(&(0x7f00000001c0)=[{r1}], 0x1, 0x0)

[  528.685875] binder: 5692:5693 got new transaction with bad transaction stack, transaction 3406 has target 5692:0
[  528.696414] binder: 5692:5693 transaction failed 29201/-71, size 0-0 line 2879
09:40:41 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x1c]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:41 executing program 1:
openat$ipvs(0xffffffffffffff9c, &(0x7f00000035c0)='/proc/sys/net/ipv4/vs/nat_icmp_send\x00', 0x2, 0x0)
r0 = socket$inet(0x2, 0x1, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0xfffffffffffffffc, 0x8972, 0xffffffffffffffff, 0x0)
bind$inet(r0, &(0x7f0000134000)={0x2, 0x4e23, @broadcast}, 0x10)
connect$inet(r0, &(0x7f00000e5000)={0x2, 0x4e23, @loopback}, 0x10)
eventfd(0x6c952a7)
connect$inet(r0, &(0x7f00009322c4)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0xfffffff0)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
clock_gettime(0x0, &(0x7f0000004080)={<r1=>0x0, <r2=>0x0})
recvmmsg(r0, &(0x7f0000003f80)=[{{&(0x7f0000000000)=@un=@abs, 0x80, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/40, 0x28}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000000100)=""/70, 0x46}, {&(0x7f0000001200)=""/106, 0x6a}], 0x4, &(0x7f0000001280)=""/4096, 0x1000, 0x5}, 0x400}, {{&(0x7f0000002280)=@nfc_llcp, 0x80, &(0x7f0000003440)=[{&(0x7f0000002300)=""/158, 0x9e}, {&(0x7f00000023c0)=""/4096, 0x1000}, {&(0x7f00000033c0)=""/105, 0x69}], 0x3, 0x0, 0x0, 0x1000}, 0x7fd}, {{&(0x7f0000003480)=@l2, 0x80, &(0x7f00000038c0)=[{&(0x7f0000003500)=""/180, 0xb4}, {&(0x7f00000035c0)}, {&(0x7f0000003600)=""/176, 0xb0}, {&(0x7f00000036c0)=""/40, 0x28}, {&(0x7f0000003700)=""/242, 0xf2}, {&(0x7f0000003800)=""/183, 0xb7}], 0x6, &(0x7f0000003940)=""/65, 0x41, 0x101}, 0x7}, {{0x0, 0x0, &(0x7f0000003e80)=[{&(0x7f00000039c0)=""/118, 0x76}, {&(0x7f0000003a40)=""/218, 0xda}, {&(0x7f0000003b40)=""/67, 0x43}, {&(0x7f0000003bc0)=""/153, 0x99}, {&(0x7f0000003c80)=""/1, 0x1}, {&(0x7f0000003cc0)=""/133, 0x85}, {&(0x7f0000003d80)=""/255, 0xff}], 0x7, &(0x7f0000003f00)=""/81, 0x51, 0x913}, 0x522}], 0x4, 0x40000020, &(0x7f00000040c0)={r1, r2+30000000})

[  528.758720] binder_alloc: binder_alloc_mmap_handler: 5692 20001000-20004000 already mapped failed -16
[  528.770614] binder: BINDER_SET_CONTEXT_MGR already set
[  528.787829] binder: 5692:5693 ioctl 40046207 0 returned -16
[  528.794198] binder_alloc: 5692: binder_alloc_buf, no vma
[  528.796790] binder: send failed reply for transaction 3406 to 5692:5693
09:40:41 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x0, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:41 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0xc80b, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

[  528.799739] binder: 5692:5709 transaction failed 29189/-3, size 24-8 line 2967
[  528.815436] binder: undelivered TRANSACTION_ERROR: 29201
[  528.821079] binder: undelivered TRANSACTION_ERROR: 29189
[  528.854436] binder: 5719:5722 got new transaction with bad transaction stack, transaction 3412 has target 5719:0
[  528.864981] binder: 5719:5722 transaction failed 29201/-71, size 0-0 line 2879
[  528.874393] binder_alloc: binder_alloc_mmap_handler: 5719 20001000-20004000 already mapped failed -16
[  528.890355] binder: BINDER_SET_CONTEXT_MGR already set
[  528.895890] binder: 5719:5722 ioctl 40046207 0 returned -16
[  528.902996] binder_alloc: 5719: binder_alloc_buf, no vma
[  528.908584] binder: 5719:5724 transaction failed 29189/-3, size 24-8 line 2967
[  528.916860] binder: send failed reply for transaction 3412 to 5719:5722
[  528.923890] binder: undelivered TRANSACTION_ERROR: 29201
[  528.929436] binder: undelivered TRANSACTION_ERROR: 29189
09:40:41 executing program 6:
r0 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x200, 0x12d002)
getsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040), &(0x7f0000000240)=0xffffffffffffffe9)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r2 = accept$alg(r1, 0x0, 0x0)
sendmsg$alg(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f00000004c0)=[@assoc={0x18, 0x117, 0x4, 0xffffffff}, @assoc={0x18, 0x117, 0x4, 0x2f5}], 0x30}, 0x0)
write$binfmt_script(r2, &(0x7f0000000000)=ANY=[], 0x0)
recvmsg(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000013c0)=""/4096, 0x1000}], 0x1, &(0x7f0000000100)=""/123, 0x7b}, 0x0)

09:40:41 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffff000000000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:41 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x7400, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:40:41 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280))
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:41 executing program 6:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r1 = accept$alg(r0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f00000004c0)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x2f5}], 0x30}, 0xfffffffffffffffe)
write$binfmt_script(r1, &(0x7f0000000300)=ANY=[], 0xffffffaa)
recvmsg(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000013c0)=""/4096, 0x1000}], 0x1, &(0x7f0000000100)=""/123, 0x7b}, 0x0)

[  529.064764] binder: 5733:5739 got new transaction with bad transaction stack, transaction 3418 has target 5733:0
[  529.075284] binder: 5733:5739 transaction failed 29201/-71, size 0-0 line 2879
[  529.084801] binder_alloc: binder_alloc_mmap_handler: 5733 20001000-20004000 already mapped failed -16
[  529.096337] binder: BINDER_SET_CONTEXT_MGR already set
[  529.101945] binder: 5733:5739 ioctl 40046207 0 returned -16
[  529.108364] binder_alloc: 5733: binder_alloc_buf, no vma
09:40:41 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x1100000000000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:41 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280))
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

[  529.113970] binder: 5733:5743 transaction failed 29189/-3, size 24-8 line 2967
[  529.122739] binder: send failed reply for transaction 3418 to 5733:5739
[  529.132212] binder: undelivered TRANSACTION_ERROR: 29201
[  529.137790] binder: undelivered TRANSACTION_ERROR: 29189
09:40:42 executing program 7:
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x104)
setsockopt$inet_tcp_TLS_TX(r1, 0x6, 0x1, &(0x7f0000000100), 0x4)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000d28000))
r2 = epoll_create1(0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000e4cfe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
r3 = getpid()
sched_setaffinity(r3, 0xfece, &(0x7f0000000000)=0x5)
r4 = syz_open_dev$sndtimer(&(0x7f0000000080)='/dev/snd/timer\x00', 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r4, 0xc0145401, &(0x7f0000013000))
readv(r4, &(0x7f000042bff8)=[{&(0x7f0000e3b000)=""/61, 0x3d}], 0x1)
ioctl$KVM_DEASSIGN_PCI_DEVICE(r4, 0x4040ae72, &(0x7f0000000040))
dup3(r2, r0, 0x0)

09:40:42 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x7a00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:40:42 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0xfd00000000000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:42 executing program 3:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f00004e1000/0x4000)=nil, 0x4000, 0x3)
ioctl$void(r0, 0x5450)

09:40:42 executing program 4:
r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x9, 0x200000)
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7ffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r0, 0xc1205531, &(0x7f0000000080)={0xfffffffffffffffe, 0x6, 0x1, 0xffffffff, [], [], [], 0xfffffffffffffffb, 0x6, 0x81, 0x1ff, "e83ff5600470ce77421ea3f56d24773e"})
ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r0, 0xc1105511, &(0x7f0000000280)={{0x3, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz0\x00'})

09:40:42 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280))
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

[  529.562865] binder: 5764:5766 got new transaction with bad transaction stack, transaction 3424 has target 5764:0
[  529.573339] binder: 5764:5766 transaction failed 29201/-71, size 0-0 line 2879
[  529.592498] binder_alloc: binder_alloc_mmap_handler: 5764 20001000-20004000 already mapped failed -16
[  529.602504] binder: BINDER_SET_CONTEXT_MGR already set
09:40:42 executing program 3:
r0 = socket$inet6(0xa, 0x3, 0x3)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
getpeername(r0, &(0x7f0000000000)=@pppol2tpin6={0x18, 0x1, {0x0, <r1=>0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast1}}}, &(0x7f0000000140)=0x80)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00')
sendmsg$IPVS_CMD_GET_SERVICE(r1, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8020000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x50, r2, 0x20, 0x70bd2a, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x1}, @IPVS_CMD_ATTR_DAEMON={0x20, 0x3, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'bond_slave_0\x00'}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e20}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x8000}, @IPVS_CMD_ATTR_SERVICE={0xc, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x32}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x40010}, 0x4)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000b6dfc8)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)={0x2, 0x400000000000003, 0x0, 0x3, 0x13, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @rand_addr}}}, @sadb_address={0x5, 0x9, 0xffffff80, 0x0, 0x0, @in6}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x2, 0xfffffffd}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast2}}]}, 0x98}}, 0x0)

09:40:42 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0xf4010000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:42 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc8070014")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:42 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mq_unlink(&(0x7f00000003c0)='\x00')
r1 = syz_open_dev$midi(&(0x7f0000000400)='/dev/midi#\x00', 0x0, 0x1)
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffff9c, 0x84, 0x1b, &(0x7f0000000440)={<r2=>0x0, 0x24, "a5c88d1df70897d13f4b62e44f04a999b3a6a7a3c4c00899f22e57e82e8c2487e72d9de0"}, &(0x7f0000000480)=0x2c)
setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r1, 0x84, 0x19, &(0x7f00000004c0)={r2, 0x6}, 0x8)
sendmsg$nl_generic(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x34000}, 0x8d, &(0x7f0000000140)={&(0x7f0000000200)={0x8, 0x2e, 0x701, 0x0, 0x0, {0x3}}, 0x34}}, 0x0)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='\x00'}, 0x10)
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100)='IPVS\x00')
sendmsg$IPVS_CMD_FLUSH(r3, &(0x7f0000000380)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x802000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)={0x114, r4, 0x201, 0x70bd25, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DAEMON={0x14, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @broadcast}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x432}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0xfffffffffffffffe}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x3f}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x18}}]}, @IPVS_CMD_ATTR_DEST={0x44, 0x2, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x1}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x6}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e20}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x10000}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x9}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x2}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x5b4}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x6e4c722d}, @IPVS_DAEMON_ATTR_STATE={0x8}]}, @IPVS_CMD_ATTR_DAEMON={0x58, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @remote}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @rand_addr=0x9}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x4}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e23}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x8800}, 0x881)

[  529.618165] binder: 5764:5766 ioctl 40046207 0 returned -16
[  529.626266] binder_alloc: 5764: binder_alloc_buf, no vma
[  529.631883] binder: 5764:5778 transaction failed 29189/-3, size 24-8 line 2967
[  529.643148] binder: send failed reply for transaction 3424 to 5764:5766
[  529.656563] binder: undelivered TRANSACTION_ERROR: 29201
[  529.662105] binder: undelivered TRANSACTION_ERROR: 29189
09:40:42 executing program 1:
r0 = socket$inet(0x2, 0x1, 0x0)
ioctl$sock_SIOCSIFBR(r0, 0x8941, &(0x7f0000000700)=@add_del={0x2, &(0x7f0000000180)='veth1\x00', 0x100})
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0xfffffffffffffffc, 0x8972, 0xffffffffffffffff, 0x0)
bind$inet(r0, &(0x7f0000134000)={0x2, 0x4e23, @broadcast}, 0x10)
connect$inet(r0, &(0x7f00000e5000)={0x2, 0x4e23, @loopback}, 0x10)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='vmnet1\x00'}, 0x10)
getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f00000000c0)={<r2=>0x0, 0x1000}, &(0x7f0000000100)=0x8)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, &(0x7f0000000200)={{0x4, 0x7, 0x5, 0x8, 'syz0\x00', 0xffff}, 0x1, [0x8000, 0x3, 0x0, 0x1, 0x7ff, 0x7, 0x3eb, 0xffff, 0x5, 0xffffffffffffffdc, 0x401, 0x800, 0x80000000, 0x0, 0x8, 0x80, 0xff, 0x7ed, 0x20, 0x1, 0x2, 0x100000001, 0x8, 0x0, 0x273, 0x7, 0x1, 0x5, 0x7, 0x60c, 0x1, 0x4f, 0x7fffffff, 0x499, 0x68, 0x2, 0x9, 0x10000, 0x6, 0x8, 0x20, 0x81, 0xf713, 0x8, 0x1, 0x9, 0x6, 0xff, 0x0, 0x1478, 0x9, 0x7, 0x9, 0x8, 0x100000001, 0x3, 0xde, 0x7, 0x1, 0x28, 0x7, 0x101, 0x9, 0x4, 0x1fffe00000000000, 0x0, 0x9, 0x400, 0x6, 0x2, 0x9, 0x0, 0x8, 0x1, 0xfffffffffffffff9, 0x8, 0x7ff, 0x6, 0xeb5, 0x6, 0x5, 0x7ff, 0x10000, 0x8001, 0x7, 0x8000800000000, 0x0, 0x5fe, 0x8, 0x7, 0x6, 0x2, 0x400, 0x7, 0x3, 0x10001, 0x0, 0x4, 0x0, 0x4, 0x8, 0x6, 0x4, 0x10000, 0x7, 0x8000000, 0x9, 0x6a, 0x80000000, 0x13, 0x2, 0x0, 0x7, 0x5ad, 0x8, 0x2, 0x6, 0x7fff, 0x9, 0x8, 0xb, 0xd2b, 0x80000000, 0x7ff, 0x20, 0x10001, 0x0, 0x2], {0x0, 0x989680}})
setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000140)={r2, 0x1000}, 0x8)
connect$inet(r0, &(0x7f00009322c4)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x2)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)

09:40:42 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0xfdfdffff00000000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:40:42 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  529.802582] binder: 5802:5804 got new transaction with bad transaction stack, transaction 3430 has target 5802:0
[  529.813085] binder: 5802:5804 transaction failed 29201/-71, size 0-0 line 2879
[  529.849685] binder_alloc: binder_alloc_mmap_handler: 5802 20001000-20004000 already mapped failed -16
[  529.860719] binder: BINDER_SET_CONTEXT_MGR already set
[  529.866269] binder_alloc: 5802: binder_alloc_buf, no vma
[  529.866765] binder: 5802:5804 ioctl 40046207 0 returned -16
[  529.871919] binder: 5802:5814 transaction failed 29189/-3, size 24-8 line 2967
[  529.885364] binder: 5802:5804 BC_INCREFS_DONE u0000000000000000 no match
[  529.885611] binder: send failed reply for transaction 3430 to 5802:5804
09:40:42 executing program 6:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000280)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
semget(0x0, 0x7, 0x82)
r1 = accept$alg(r0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f00000004c0)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x2f5}], 0x30}, 0x0)
write$binfmt_script(r1, &(0x7f0000000300)=ANY=[], 0xffffffaa)
r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x8000, 0x0)
connect$vsock_stream(r2, &(0x7f0000000040)={0x28, 0x0, 0xffffffff, @hyper}, 0x10)
recvmsg(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000013c0)=""/4096, 0x1000}], 0x1, &(0x7f0000000100)=""/123, 0x7b}, 0x0)

09:40:42 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffff0000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:42 executing program 4:
r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
lsetxattr(&(0x7f0000000040)='./file0\x00', &(0x7f00000017c0)=@known='security.evm\x00', &(0x7f0000001800)='\x00', 0x1, 0x0)
bind$vsock_dgram(r0, &(0x7f0000000140)={0x28, 0x0, 0x202791, @my=0x1}, 0x10)
getxattr(&(0x7f0000001b40)='./file0\x00', &(0x7f0000001b80)=@known='security.evm\x00', &(0x7f0000001bc0)=""/176, 0xb0)
mount(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='ocfs2\x00', 0x4088, 0x0)
open(&(0x7f0000000180)='./file0\x00', 0x52041, 0x24)
stat(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0))

[  529.892956] binder: 5802:5804 transaction failed 29189/-22, size 0-0 line 2852
[  529.906539] binder: undelivered TRANSACTION_ERROR: 29201
[  529.912168] binder: undelivered TRANSACTION_ERROR: 29189
[  529.917914] binder: undelivered TRANSACTION_ERROR: 29189
09:40:43 executing program 7:
r0 = socket$inet6(0xa, 0x80806, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000000)={0x14, 0x0, 0x0, 0x0, 0x0, {0x4}}, 0x14}}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f000014f000)={&(0x7f00003c7ff4), 0xc, &(0x7f00000bfff0)={&(0x7f0000006440)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}}, 0xb8}}, 0x0)
setsockopt$inet6_mtu(r1, 0x29, 0x32, &(0x7f00000001c0), 0x4)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0)
r3 = userfaultfd(0x0)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000d28000))
r4 = epoll_create1(0x0)
syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000e4cfe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
r5 = getpid()
r6 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/vs/schedule_icmp\x00', 0x2, 0x0)
openat(r6, &(0x7f0000000100)='./file0\x00', 0x20200, 0x5)
sched_setaffinity(r5, 0x8, &(0x7f0000000000)=0x5)
r7 = syz_open_dev$sndtimer(&(0x7f0000000180)='/dev/snd/timer\x00', 0x0, 0x1007c)
readv(r7, &(0x7f000042bff8)=[{&(0x7f0000e3b000)=""/61, 0x3d}], 0x1)
ioctl$KVM_DEASSIGN_PCI_DEVICE(r7, 0x4040ae72, &(0x7f0000000040))
dup3(r4, r3, 0x0)

09:40:43 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc8070014")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:43 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x4c00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:40:43 executing program 3:
r0 = socket(0x40000000015, 0x5, 0x0)
bind$inet(r0, &(0x7f0000fc4000)={0x2, 0x0, @loopback}, 0x10)
sendmmsg(r0, &(0x7f0000000180), 0x0, 0x0)
r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x9, 0x200200)
mq_timedreceive(r1, &(0x7f0000000040)=""/29, 0x1d, 0x4, 0x0)

09:40:43 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x1100]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:43 executing program 4:
r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/pfkey\x00', 0x10000, 0x0)
name_to_handle_at(r0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000240)=ANY=[@ANYBLOB="b9000000080000002afb4698bd38fc4fb6a577df3fe54c3834c4a29858505d8b31e147656df11e1ea0d6dec6b79b5f3995f92db548c4ea5f533fc523517328f70fa56818eba42bed1c0a24c46a2b50b1f26644b4ccd968e394571478c8f9134f056b63e8465b3c03af9eaded8003501e4c71ba445f4c205a964da03ec67493d8afadcfb27e1191e7dd0ee5d83b30bad63b7956d6eb65e6be5d6fe41baae5b80cc5772877e516fca3eb455a600078494801f0ffff0327bb675a6f8451871a5d4d1700f6bfb19ff1978ed66a8521a432832c57f717f7641d4d6d6a39e808f1a7b631fb8016c7bf66f338dc80f39cd12f31e834"], &(0x7f0000000200), 0x1400)
ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000100))
r1 = syz_open_dev$evdev(&(0x7f0000000080)='/dev/input/event#\x00', 0x2, 0x28001)
write$evdev(r1, &(0x7f0000000040)=[{{0x77359400}, 0x1, 0x4c, 0x2}, {{0x77359400}}], 0x30)
r2 = dup3(r1, r1, 0x80000)
ioctl$KVM_DEASSIGN_PCI_DEVICE(r2, 0x4040ae72, &(0x7f0000000000)={0x7, 0x9, 0x2, 0x7, 0xfffffffffffffe01})

09:40:43 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc8070014")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

[  530.461519] binder: 5845:5846 got new transaction with bad transaction stack, transaction 3437 has target 5845:0
[  530.471970] binder: 5845:5846 transaction failed 29201/-71, size 0-0 line 2879
[  530.484831] binder_alloc: binder_alloc_mmap_handler: 5845 20001000-20004000 already mapped failed -16
[  530.494694] binder: BINDER_SET_CONTEXT_MGR already set
[  530.501127] binder: 5845:5846 ioctl 40046207 0 returned -16
09:40:43 executing program 3:
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x200003, 0x0)
ioctl$KVM_INTERRUPT(r0, 0x4004ae86, &(0x7f0000000040)=0x95)
getsockopt$inet_sctp6_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000080)=@assoc_value={<r1=>0x0, 0x10001}, &(0x7f00000000c0)=0x8)
setsockopt$inet_sctp_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000100)={r1, 0xffffffff, 0x1000, "f9ecb68bf8532c6470dcdd8a625e0ad982231b9ee9fc8cd937f54befa3f267589841834ea4a5ebfa1616ba5086daf35613dd72d701081b3d8a690a49705781bae9c1a3a62bdc4ea1d00b371470c72b7ee6ec46e91bffe2274ac0f772dcce569c47273369e3a8f345ddcc6b5d12749109136a7462b6a65aa95b71583f4a05b7c06f019c747500bb3b99ebd6700431b0ec0fe1e2122baa7c5b8e7e023eaf0fea70e4746976dea5f2a9e63b8186c67c1df7c77d05f8559017c19e4388e0fe58bbfd4cd9fe072810c345ba0f03e2606608a484d28a810f1571b984ce7674dd6562ed85f619765eb887f9658cc840c396751afa7ed6894fd0f2692ab1f1166089fb0ae185555d62cae7bd68fa858e0639340b977741d1964c26a87bcdcc63953ae36684e145599a0634f710c9c64d5eabbca9a9f82febd4a030cbbdd92bd05314cdc4b13a55f00115f74e7789d27e538668ec6440e38048165cd71b7ff2e229327ea77fb9b45d1b395f9bda6a8a3f68331130df69398d485866d1e78ac1614a958854e8cff81e90ddbe9375b4b813cfb1c564adb6708e93338c8a6d65e6158b4b829cf13c35b9e3b2debedf199524537182023f321d8a515dd4f620550f22300c6fbd7d606716559a31ae8f334b760f9e18a673ac74306fd2bfbd0d1b62631bd4c27cb83f37055ce6ffc463d458f5246bfb8796ada39f1720dff9bdb92a0acc70952d02553b24ac7d922cbf079aa79fa77b39d72f485f1ef77a02a0d6ed04783920995f9b24943d8a781cc54c677770ff25ed56cfe63066fe2f16f9dc3e4e23147ba2325f85997ae50d63d3a0fecc06a195752d554fc0b9798abaaae475806871f261d91bcbdcd4747bcdb4f9095441340c01ca9b579d59a713969126592d32d08ba97162b8de3233537de7a2da483c3dec9b315ba7fa26ab1a49fd80fe296a506cae26505c9c6ae1d55c95a47a57ddb6c96988382550b9c5da287fd78c71f2aa0dc929729c003345a2b1c38cb22197c2168228f2c21dbcaf438c1fe872967bc65f88a81021e9312b0e59a8e38c6795ccc1d15d9a5163afd8428d42651207040edcdffcff24824509cac5353f40f186ea685cab074d90b5c43f306f47e899005ba5c812d6377170e13c3411a4b94e6a81dea46ce91c33a9af44fceb3bc144dcd3edabe46f4544e8eef795a2c21c01e4992e762009e9d56a6c4e3715c5b65f5502ab76fa82b3b28ba036f3b530737bb99c7d8ad81aec6128fa1df69a805c9e8e259a90e310f4f2a48e9f23605874b8d8ef7a34a1a14e8c7f63ff105613722e5c09029ed6864ca80f1efa91d2cfff51b0d23dd1ee09d1a4b2c7b9f1db8887a3895b5e49223d9540891861b5930917f4a403daec336300e4599a16893b84edfdb71f16fe51211053fb7a43b941d8fb4247402b0c3e189fb41dbdb57bbe8ff917b21768b20d925434168d9722a7d78a667986111c12198a76df1900ea1b456171fdf5a8e6bd131da32be672cf64babdf738180219748606a7442f9f49507308d5222cfd97e3a4ee791aa973a7d14430e5b0d75a8458880f5d64c8e7b54fcccce97279c731cb5c2e9553fc980d3faf6c5606d13b83a643e2d1a906a2d7caa234ecb5d935dc26fcae2aeca117e24301f7cd9eb412f15fc9405af0d3a499ff9ea697cc5492ad94273ac9728cc6d2b055e079cff27e2ff3264705229ad9a475484f67c3a23416edbae5a5192e946deae5ddc8d8955d28e57adaeee89daef3dbec3749c530ad4b4fec423218ad17fe2c16cd293aa4bb475af91b36ff15c4403a3f016592b4ef515d9bb40996f3194b2039e6d6ce7c80f0ea33e30dfaf0b517f933497c10864f3b8eaf1abdbb81cac376ce67f8331378d1d88031da536e7391b7d75038bd97a1aa29967038d25289482ddddb9da1e3fe5b3135089d515c36b50de44c34f48db756837d0a54672e8d1cf48fbd52d3dbd6733819ede35a922c085527496cb2ab994d5addb452b3e53ab47b83f09f6d947ea2c6423058d9309d031e0446d3a08c5ff760a50d2948e769465b1ca08a31fbcab3b67dfca535c1c4dc9867b4357b7b6879b2a7d8d2a6598d8ed5e9c40903402d0d30da1c0ea036242eed47846ced73264039d96c7f7d88c00e4b50a410393f644fec9e79c19617bd6e119f4429333c4292cea7a22b55f9a796103991b138d086de5a2f4067d04fe4f5d4a7dc70322cc6a32e80736c255ca549201028ee80ea73839f8e947358d20b064863cb1e184a12caf2e9d32c559628b569b2199879e8a4e0c2c84a8df688cd48d827f58db409960cee86691e2be97ede8d974ac5bb06a9ca700ef3e96d6719a9615500bb487cc1938656bc18cacc6191c3121e8185b4c40ed46185f882532f8b28835813cb6b2b6146b5bc4a014dd86f474eeaf7abfb10b87f700272f12f9db81327051204f82c960fe41350a1cecf038c05bebb07b7fe0fbc957881d84931573109d579e3391d530adf0408afb7196730e51422200064850a79345c522121c0acf2e77164cbecf9762767eb4e5dea6ec3f118131bb16c36b815acc4c52e9e1dde60a054546ce6739840d55a9565bccedbb16fb5068f55ab1d086f5c0ad44f8035585aed1e2e36c370e1c1ac206fd0371c158d06c3d4916dc30e20d24219d762f46b18ac4d6839017c77d2e08010d3ee81befdc30a35fa813fd193640ee1007711d6145b4c0b4138798accaf6b382b8f77c84e34cfc14d9914b7310f873e5e1868134bdc18275feea44499574b0b9b5d680321faf7cac75d974f530ea73802e5539483de856351943589c56aa17f4b9148d17ad9eddb6c64affcc86de2ced6242bd5717066a00458ed71e82c6713fdaddb21a9430d61dbe3963a38de394dba376c77b9b5af7ff7c52b17a37c44bc687cdd4c7d196c2f7fa37773cc9dad123982d67827948f842b1fdd90e7531e53bd7306a269a3958179174db44f7591ba93aa165f1d5c282cd08e848a87ece4cae39bd0da68942c837d2361e9a257c4dedee2d6613ec04305665f14653a75cbe9b0e89b861c507cd3469431bcdfa32f6506a7955e2f30f0d0d82801b33eb9c0b32a218839c59446bf8ee0c60dfe2481773e73f343e7677ee28b3f83e7e486a6aff3c8cb82acc5c5bc0722b7eed18fdf195474845d91d5038dd6b6e3006d7ef72517907d9e5a3ee52f2dc1a2297332d1ba28ade7498cc355af6ff2bb6c15923a445f99374a56f7252baed8b9726a6a7f979f2531333574ae39c322995285392b12bc0286566e64b0bf3876352d8a94ace1747ba3e35f811298c58f878bc36d6b7c16c58794332e4b8d93e7b55612c09c4faaee7ddc1c4dddb3d583f651bdfe2daa22c4902a823d5c8cb1da08b8e7da0e058b908eb84bcd60197cf44bc9d5f0b4ae4da1d4ef745a72b03c1e75c12a00a469068e483cdb71bd6346dfd506177408ec33e159041335bf467bf631700f488e10345f79e327e3c27c83fec188ba1f9352ae5b898049aa3b104f4f4ea3b926a07e11e733e32ffa2dfebe839989cf52a0b307d53282219b0afe0f168777647b5ff89d296792f9a6492667a64c6ed8de6bfc49a075357d5c84a24983aaec7c9cd0985dc8ad82266f1e841a531d53cab5761bf40728522d2c3f76965a71ec602d722ef810970a35f4c702536efffa972b14f873bd4c1ebc4d5d7efd758b4ff9a63c42a1419af9059acf4fe680589d827ad399fc850f261f2aaeb9976bbe2f30f74ce8e28e3b49e032bd5351dcf2ac352c97768168dd0bd2b7fcdfbcf46717668203ee31241afb8304de9dd019af5c15485361dd0d31b2e070f2377a9493247ca82f9c974a4176613b6190d50080b95df31371ab053ae277536740a0e5e864e07efe723585bcc7418db0a17064b58818840f5066ad6d5034accd7493ef40782cffb7a65b9c3362b2126be22710c9c631252f891926622c263f66d8072eb44a925a56aa703ce45c9cfc3e10e2cc6a8e72224cc361284a5a48eb2c26a6d141eee3a9ceca8f7965b92731ba152c7a5bdf6a585389be75aef1481a23f5c4f697732d69e53da55a06d9e112fccc70b8e1a0e233ea9bdcd88bf1f12ac57e28a0f3c208021172bf2db9459bce6371db30be44685b0909ea68e5aaae91f2f5ca870a7d40e20d0cf2254c3c8de450c16e447f2b85d1ff19b3b9b84d2ace917185856fc21cb198fd4f5be94dffbd24c8bb71e55123a95352602775c4b4bec8136bdeb967946bf99f0239be86afd76ce434ebaebe55952d4c1409753121b43decc0e526df88bcee16deaee948c1f20f145468f657ed34ebeb87b4a147977258e7d85881d80fbf3564e993098a10e9bcead7c9b76e6a26ad0405f9bd2e06d70c8e5f316f23b512a05eab940c7a5476eaeaaa405a1141835dd5a0c2fc87553230c92bb4f1c05bca50f0b22607a89892418b9c1064705199662fde1a8f843666b546501ba45d3db2cc47638a5bb26110afe0d145f4bd787e1e067ae87fe771da44f9cc4d1c1e71db8a011982721a9f75934563c981a2a855da81c93e43088aea624d37fa9478d1c214a05b4eb2bee7fa1e78f2de23f13cf04b94835f820977ae76bb337aa01648709135e09c7055f672121aef5e8aee942be27a08df45903eabb729d89c03144058835e702e05f83500510d0570413b28dc1dcc230f60c9b9b42a8aa8e88d72ff1dd08235c92b0282f8032de75912dfcc2331e169247581dd77295ccfbf2d97ed6898e28ac2c1febbb6797cf315ba87a8c462060b19e5412622ea7edaeab98610f829b872d324ae99c01557daf57a22e58a54691715532ee7ff6a48b9505bf6cba743d76bc2772c8074769812baaa178089762d70aee4a39e8d3655b11334d7674649ae80e0a2a7192cf07174272c8776c4644977c874bb34c26a573bfb3daf0c8e927fdbcf18251b87b7d305189b76acbb5df079e740a3e8ad784719e6a12bf44e630ac23da41ed7db2051ebf1be097252797c9ec5461ee6e868dca1fadbcbd0a237d4a0541cd2758e6d256d58c789e540723717297b30c7c772d69374335eecc0d96d280c5d6086de7ce6fc8e39b11c526f31aaaa8edfc04b0b6e0ba1c1a74ac5c2331b28aa24584a5b5e487d7d832c1ab4acecfff3e3b2f8a33a6219f4424496db41b5f562a73436363ee7d041a6bbfce4b16d131abc21f1a8eeb05cce8ae21aee3dfd219f6318a4e9411271bfc51d78ac49d029f07d048d03d6c981de5f2a20e722c27c2938198978e0960b24755ac41ce9707c67f7d949f51c2565e78851c7b5176f7e700c4d764d0668a06b8f4873bd709a6b534e8bd0cd07efaa75d8297803c17ad499a1b3988d498d0da319a91255ddf2412415f91cd5ec9f081030e4fc5393fe11e0e5947a2ecca6239d8320ab230113e45da6bdd7dba42002d0994bf9e1ce85cae7632ae64065b5b666704f38545dccaa15d50efd99b0609da48221ad8850cd1a008452d365fbcc969055d22c40ca1260b8e8d00f7434fa4b91bedcb07824daf2f829e30406a8aba3551d1e6263fe5116be1c5b5ec1df27754341c48c7f1a7a99159db4241f8f47c23b9aad13fb586172a27ddb4201b8013f08ac2eb55b370b9228ac347e0af6eb830986248d27f33ba7be4f5b040753ca4f92356e847d8ebc952b00b7eea1d012a088cc12a630cc2dc2ad580cb8be0757c49637378b4a29321198d4c30168e0c299c1f562a0a573705e78382feaee3f5cc1e40b5ff2c0d5be94e83d41e98d4914cc8f87f44945ca5c73cc15a8ffd16ac7e3d2a911b22bfed12b09782e74abe1bdbb"}, 0x1008)
pkey_alloc(0x0, 0x1)
write$P9_RWALK(r0, &(0x7f0000001140)={0x8b, 0x6f, 0x2, {0xa, [{0x22, 0x4, 0x2}, {0x4, 0x3}, {0x44, 0x1, 0x4}, {0x0, 0x3, 0x8}, {0x2, 0x1}, {0x80, 0x3}, {0x80, 0x2, 0x8}, {0x4, 0x1}, {0x7b70cbf2578745fc, 0x3, 0x2}, {0x12, 0x1, 0x7}]}}, 0x8b)
ftruncate(r0, 0xffffffffffffffff)
getsockopt$IPT_SO_GET_ENTRIES(r0, 0x0, 0x41, &(0x7f0000001200)={'mangle\x00', 0xd0, "7cdb3151258cc2873706b3affb54e14ea961b449cc801a8bf6063a0a33721a1ccf23c66a247a9449fc7c9a8b3294a3f5586a642f4e6721689fecba67ef6f8b6d14903558bf86c109861bee8db24f8b13272f2938f6facd609c865629932b820c1a0b13c47bd6f00652e255e45d5b2071e01d6c5935ba4da531ba9050844e517a32569c35218485429488a55a12e2480d1d838b43c58dcba94dbc5fc1c15e3cb2a03a5a7639f4680b3c6b9b95c63d9fe63f073c3a2f2958dfab80641065fde5b081fd20f2a7baaa5047716a64674ebada"}, &(0x7f0000001300)=0xf4)
ioctl$KDGETKEYCODE(r0, 0x4b4c, &(0x7f0000001340)={0x10000, 0x400})
ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000001380)=<r2=>0x0)
fcntl$getownex(r0, 0x10, &(0x7f00000013c0)={0x0, <r3=>0x0})
kcmp$KCMP_EPOLL_TFD(r2, r3, 0x7, r0, &(0x7f0000001400)={r0, r0, 0x6})
ioctl$TIOCGWINSZ(r0, 0x5413, &(0x7f0000001440))
ioctl$TIOCGWINSZ(r0, 0x5413, &(0x7f0000001480))
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000014c0)=@srh={0x8f8dbd8c4a1ae2c9, 0x4, 0x4, 0x2, 0x200, 0x0, 0xfa95, [@mcast2, @loopback]}, 0x28)
ioctl$GIO_UNISCRNMAP(r0, 0x4b69, &(0x7f0000001500)=""/134)
r4 = dup(r0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f00000015c0)={0x80000000, 0x4, 0x9c9, {0x0, 0x989680}, 0x9, 0x400})
write$binfmt_elf32(r4, &(0x7f0000001640)={{0x7f, 0x45, 0x4c, 0x46, 0x1, 0x2, 0xd4b3, 0x100000000, 0x6, 0x2, 0x3f, 0xffffffff7fffffff, 0x312, 0x38, 0x17c, 0x5, 0x6, 0x20, 0x1, 0x66, 0x8, 0x9}, [{0x60000000, 0xf634e9a, 0x1, 0x1, 0x9, 0x2, 0x7ff, 0x8}, {0x6, 0x6, 0x8, 0x80, 0xfffffffffffff800, 0x100000000, 0x0, 0x8}], "39ab6f19ca18a38d7a33f97ea2af686cad655b9dbc2181cc1b777589561a8d7c824a79679f5b046de43ee02d383f400602bc745b3a473ed6da29c9b48bca4b595f3b7456038400b24a7e2b0fff89ed360d3c591c209699d36d1281ac165a0c58fd8401b9623d00e14cbfd2a500cf0933c06a2099e96e6cdc8ef2f556bc4c2193f3a2b093c018bbcf80a7dd148c3cdf14617c909b4b0d980baf7d4632a52e7153c745d55f996dbc89960256ba8aaf1d0b3a288b4eab944b694c96229163220d331c422a54ef30490b3b5ff2aed3d40071241df846c837ab8363ffe28cbb9f7b83206f1346a1984ea444dcaab7739dc9a3088e810a7b35201c38", [[], [], [], [], [], [], [], []]}, 0x971)
sendfile(r4, r4, &(0x7f0000001fc0), 0x0)
ioctl$KVM_GET_PIT(r4, 0xc048ae65, &(0x7f0000002000))
r5 = getuid()
lstat(&(0x7f0000002300)='./file0\x00', &(0x7f0000002340)={0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0})
getresuid(&(0x7f00000023c0), &(0x7f0000002400), &(0x7f0000002440)=<r7=>0x0)
lstat(&(0x7f0000002480)='./file0\x00', &(0x7f00000024c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0})
getsockopt$inet_IP_IPSEC_POLICY(r4, 0x0, 0x10, &(0x7f0000002540)={{{@in6, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r9=>0x0}}, {{@in6=@ipv4={[], [], @dev}}, 0x0, @in=@broadcast}}, &(0x7f0000002640)=0xe8)
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000002680)={0x0, 0x0, <r10=>0x0}, &(0x7f00000026c0)=0xc)
stat(&(0x7f0000002700)='./file0\x00', &(0x7f0000002740)={0x0, 0x0, 0x0, 0x0, <r11=>0x0})
lstat(&(0x7f00000027c0)='./file0\x00', &(0x7f0000002800)={0x0, 0x0, 0x0, 0x0, 0x0, <r12=>0x0})
sendmsg$netlink(r4, &(0x7f0000002900)={&(0x7f0000002080)=@kern={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000022c0)=[{&(0x7f00000020c0)={0x1e0, 0x42, 0x311, 0x70bd25, 0x25dfdbff, "", [@generic="b89a9ab4ad07cb9db6f376870864c584337ea8f3e097316db4eb56bdc105aed586fbf7f8efdd", @typed={0x88, 0x1c, @binary="12a72ff5c54b250b3eef263a7b0be2bee3ad5b6caf8bff3bc518586195d1a0fd829b3e18409f58e979836fda658b2f0613c964fe1ff028a760306b530a58dd6df0911a9b68d67033c7019f67df572429413989a3c2623600601b65b80b440bc59aa5424d90ff356a2204e30252fcdcaa187ab047d96c9ca247e8f4626a97f99ceb70252a"}, @generic="7bfadc7c3eead3233776ba0b8c87bbd510a74ed3729e719a61bbf042e64067b4e00d884f9fe7899b048783b7d76e67134200afc2dd8b79fb3f511abec78ea091d415634e66f797a3a0710cccd3abc95a0e78316754485201613f83b23e42273bc41c58a2def4b6c92022f0a02abffb0fa6f60a05e33a434f283c2557fb66d31b02ad443bdc4a6d9283e04cef6ecca074efbfcaba7193da465614e7315c1ffa0a2a4bc5a14598a20ef91aa231d7ecaeb1d99590dd7c32630f31c0", @generic="e06baffb4c61007587cbc2fe06da008778f7c9658a844ec1fbd3f9d4bc01514573430a1415ec5845cc6cc19b60e5b2da593f7c7c9cc73254551a42b10ab2e86dd06f6ef25dd197126da5c084ea970571933dfcdc0c5eff8a7207164d8b65ea5498c31ac7bf"]}, 0x1e0}], 0x1, &(0x7f0000002880)=[@cred={0x20, 0x1, 0x2, r2, r5, r6}, @cred={0x20, 0x1, 0x2, r2, r7, r8}, @cred={0x20, 0x1, 0x2, r3, r9, r10}, @cred={0x20, 0x1, 0x2, r3, r11, r12}], 0x80, 0x40000}, 0x15)

09:40:43 executing program 4:
r0 = socket(0x5, 0x1, 0x0)
getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000000)={<r1=>0x0, 0x2400000000000000, 0x8, 0x6, 0x0, 0xffffffff}, &(0x7f00000000c0)=0x14)
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000100)={r1, 0x81}, 0x8)
getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000180)={{{@in6=@dev, @in=@rand_addr, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in=@broadcast}, 0x0, @in=@remote}}, &(0x7f0000000280)=0xe8)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'veth0_to_bond\x00', r2})
r3 = socket(0x401f, 0x800, 0xb9b)
getsockopt(r3, 0x200000000000010f, 0x81, &(0x7f0000000040)=""/4, &(0x7f0000000080)=0x4)
setsockopt$inet_dccp_int(r3, 0x21, 0x1, &(0x7f0000000140)=0x8001, 0x4)

09:40:43 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x3e8]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  530.506935] binder_alloc: 5845: binder_alloc_buf, no vma
[  530.512463] binder: 5845:5856 transaction failed 29189/-3, size 24-8 line 2967
[  530.521134] binder: send failed reply for transaction 3437 to 5845:5846
[  530.533774] binder: undelivered TRANSACTION_ERROR: 29201
[  530.539375] binder: undelivered TRANSACTION_ERROR: 29189
09:40:43 executing program 7:
openat$cgroup_int(0xffffffffffffff9c, &(0x7f00000000c0)='memory.max\x00', 0x2, 0x0)
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x10000, 0x0)
ioctl$VHOST_SET_VRING_NUM(r0, 0x4008af10, &(0x7f0000000180)={0x3, 0x3})
socket$can_raw(0x1d, 0x3, 0x1)
socketpair$inet_udp(0x2, 0x2, 0x0, &(0x7f0000000140))
accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x80000)
r1 = socket$unix(0x1, 0x3, 0x0)
mmap(&(0x7f000001e000/0x4000)=nil, 0x4000, 0x3000000, 0x20110, r1, 0x1)
r2 = userfaultfd(0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000d28000))
r3 = epoll_create1(0x0)
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000e4cfe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
r4 = getpid()
sched_setaffinity(r4, 0x8, &(0x7f0000000000)=0x5)
openat$dsp(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dsp\x00', 0x0, 0x0)
r5 = syz_open_dev$sndtimer(&(0x7f0000000080)='/dev/snd/timer\x00', 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r5, 0xc0145401, &(0x7f0000013000))
readv(r5, &(0x7f000042bff8)=[{&(0x7f0000e3b000)=""/61, 0x3d}], 0x1)
ioctl$KVM_DEASSIGN_PCI_DEVICE(r5, 0x4040ae72, &(0x7f0000000040))
dup3(r3, r2, 0x0)

09:40:43 executing program 1:
r0 = socket$inet(0x2, 0x0, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0xfffffffffffffffc, 0x8972, 0xffffffffffffffff, 0x0)
bind$inet(r0, &(0x7f0000134000)={0x2, 0x4e23, @broadcast}, 0x10)
connect$inet(r0, &(0x7f00000e5000)={0x2, 0x4e27, @loopback}, 0x10)
connect$inet(r0, &(0x7f00009322c4)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x2)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @loopback}, 0x10)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20}, 0x10)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)

09:40:43 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0xc60b000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

[  530.698061] binder: 5885:5887 got new transaction with bad transaction stack, transaction 3443 has target 5885:0
[  530.708535] binder: 5885:5887 transaction failed 29201/-71, size 0-0 line 2879
[  530.750852] binder_alloc: binder_alloc_mmap_handler: 5885 20001000-20004000 already mapped failed -16
[  530.761794] binder: BINDER_SET_CONTEXT_MGR already set
[  530.767260] binder: 5885:5887 ioctl 40046207 0 returned -16
[  530.773210] binder_alloc: 5885: binder_alloc_buf, no vma
[  530.778797] binder: 5885:5895 transaction failed 29189/-3, size 24-8 line 2967
[  530.786886] binder: send failed reply for transaction 3443 to 5885:5887
09:40:43 executing program 6:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r1 = accept$alg(r0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f00000004c0)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x2f5}], 0x30}, 0x0)
write$binfmt_script(r1, &(0x7f0000000300)=ANY=[], 0xffffffaa)
fchmod(r0, 0x1)
recvmsg(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000013c0)=""/4096, 0x1000}], 0x1, &(0x7f0000000100)=""/123, 0x7b}, 0x0)

09:40:43 executing program 3:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x45d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000240)={0x1, 0x0, [{}]})
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x4100c0, 0x0)
ioctl$TCGETA(r2, 0x5405, &(0x7f00000000c0))
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x0, 0x3, 0x1f000, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$TCGETA(r2, 0x5405, &(0x7f0000000140))
syz_open_dev$audion(&(0x7f0000000200)='/dev/audio#\x00', 0x1ff, 0x80)

09:40:43 executing program 4:
perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_DISABLE(r0, 0x2401, 0x0)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x2c32fd309f12de05, 0x0)
ioctl$RNDCLEARPOOL(r1, 0x5206, &(0x7f0000000080)=0x6)
r2 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl$PERF_EVENT_IOC_REFRESH(0xffffffffffffffff, 0x2402, 0x0)
ioctl$VHOST_RESET_OWNER(r1, 0xaf02, 0x0)
ioctl(r2, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070")
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x0)

09:40:43 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x2000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:43 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f76")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:43 executing program 1:
r0 = socket$inet(0x2, 0x1, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0xfffffffffffffffc, 0x8972, 0xffffffffffffffff, 0x0)
bind$inet(r0, &(0x7f0000134000)={0x2, 0x4e23, @broadcast}, 0x10)
connect$inet(r0, &(0x7f00000e5000)={0x2, 0x4e23, @loopback}, 0x10)
connect$inet(r0, &(0x7f00009322c4)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x2)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x2000, 0x0)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)

09:40:43 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x90140300, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

[  530.796319] binder: undelivered TRANSACTION_ERROR: 29201
[  530.801852] binder: undelivered TRANSACTION_ERROR: 29189
09:40:43 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdef]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  530.897644] binder: 5913:5916 got new transaction with bad transaction stack, transaction 3449 has target 5913:0
[  530.908119] binder: 5913:5916 transaction failed 29201/-71, size 0-0 line 2879
09:40:43 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0xfb, &(0x7f0000000040)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x400021, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x80002, 0x0)
ioctl$KVM_SET_MP_STATE(r3, 0x4004ae99, &(0x7f00000000c0)=0x7)
ioctl$SG_SET_COMMAND_Q(r3, 0x2271, &(0x7f0000000080))
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r4, 0xc008ae88, &(0x7f0000000140)={0x10, 0x0, [0x400000b0, 0x3]})

09:40:43 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f76")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

[  530.957887] binder_alloc: binder_alloc_mmap_handler: 5913 20001000-20004000 already mapped failed -16
[  530.980763] binder: BINDER_SET_CONTEXT_MGR already set
[  530.986315] binder: 5913:5916 ioctl 40046207 0 returned -16
[  530.992782] binder_alloc: 5913: binder_alloc_buf, no vma
[  530.998442] binder: 5913:5928 transaction failed 29189/-3, size 24-8 line 2967
09:40:43 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_MAX_THREADS(r1, 0x40046205, 0x72fffe)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x50, 0x0, &(0x7f0000000100)=[@register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000), &(0x7f0000000040)}}}], 0x1, 0x0, &(0x7f0000000180)="0e"})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0b630000aeb24040"], 0x0, 0x0, &(0x7f00000002c0)})
getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000000)={<r2=>0x0, 0x66a5}, &(0x7f00000000c0)=0x8)
r3 = dup2(r0, r0)
ioctl$RTC_UIE_ON(r3, 0x7003)
setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x19, &(0x7f00000001c0)={r2, 0x5}, 0x8)
setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r0, 0x84, 0x5, &(0x7f00000002c0)={r2, @in={{0x2, 0x4e22, @local}}}, 0x84)

09:40:43 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  531.007356] binder: send failed reply for transaction 3449 to 5913:5916
[  531.021565] binder: undelivered TRANSACTION_ERROR: 29201
[  531.027130] binder: undelivered TRANSACTION_ERROR: 29189
09:40:43 executing program 4:
r0 = perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7ffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="7f454c4600000000000000000000000003003e000000000000000000000000004000000000000000000000000000000000380006000000001400000300000000000000000000000000000000000000000000000000000000000060cbbf816cdacf3209d8eeaffd00f80000000000000000000000000000000000000000000000e865ce175af1c16e25a3cefe8480343c49f9396664e6ae5099617de7900e7bcdf72167021bba7eccda1c73f4d40000000000000000000000"], 0xb8)
preadv(r0, &(0x7f0000000700)=[{&(0x7f0000000340)=""/226, 0xe2}, {&(0x7f0000000080)=""/81, 0x51}, {&(0x7f0000000100)=""/46, 0x2e}, {&(0x7f0000000440)=""/232, 0xe8}, {&(0x7f0000000540)=""/192, 0xc0}, {&(0x7f0000000180)=""/93, 0x5d}, {&(0x7f0000000600)=""/250, 0xfa}], 0x7, 0x0)
ioctl$BLKROSET(0xffffffffffffffff, 0x125d, &(0x7f0000000040)=0x1)
execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', &(0x7f0000000280), &(0x7f0000000500), 0x1000)

[  531.052348] binder: 5934:5937 ERROR: BC_REGISTER_LOOPER called without request
[  531.059825] binder: 5934:5937 got reply transaction with no transaction stack
[  531.067149] binder: 5934:5937 transaction failed 29201/-71, size 0-0 line 2759
[  531.077432] binder: 5934:5937 unknown command 1077981870
[  531.087595] binder: 5934:5937 ioctl c0306201 20000040 returned -22
[  531.108941] binder: 5934:5944 ERROR: BC_REGISTER_LOOPER called without request
[  531.116373] binder: 5934:5944 got reply transaction with no transaction stack
[  531.123705] binder: 5934:5944 transaction failed 29201/-71, size 0-0 line 2759
[  531.135851] binder: 5934:5937 ERROR: BC_REGISTER_LOOPER called without request
[  531.143287] binder: 5934:5937 unknown command 1077981870
[  531.168183] binder: 5934:5937 ioctl c0306201 20000040 returned -22
09:40:44 executing program 7:
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000d28000))
syz_open_dev$adsp(&(0x7f0000000180)='/dev/adsp#\x00', 0x8, 0x40000)
pipe2(&(0x7f00000000c0)={<r1=>0xffffffffffffffff}, 0x4000)
r2 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x20000, 0x0)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000140)={r2, 0x80, 0x9, r0})
r3 = epoll_create1(0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000e4cfe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
r4 = getpid()
sched_setaffinity(r4, 0x8, &(0x7f0000000000)=0x5)
r5 = syz_open_dev$sndtimer(&(0x7f0000000080)='/dev/snd/timer\x00', 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r5, 0xc0145401, &(0x7f0000013000))
readv(r5, &(0x7f0000000200)=[{&(0x7f00000001c0)=""/29, 0x1d}], 0x1)
ioctl$KVM_DEASSIGN_PCI_DEVICE(r5, 0x4040ae72, &(0x7f0000000040))
dup3(r3, r0, 0x0)
socket$inet6(0xa, 0x80003, 0x4)

09:40:44 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:40:44 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  531.475449] binder: 5955:5959 got new transaction with bad transaction stack, transaction 3457 has target 5955:0
[  531.485882] binder: 5955:5959 transaction failed 29201/-71, size 0-0 line 2879
[  531.494570] binder_alloc: binder_alloc_mmap_handler: 5955 20001000-20004000 already mapped failed -16
[  531.504422] binder: BINDER_SET_CONTEXT_MGR already set
[  531.509745] binder: 5955:5959 ioctl 40046207 0 returned -16
[  531.509777] binder_alloc: 5955: binder_alloc_buf, no vma
[  531.521083] binder: 5955:5963 transaction failed 29189/-3, size 24-8 line 2967
[  531.528773] binder: 5955:5959 BC_INCREFS_DONE u0000000000000000 no match
[  531.529186] binder: send failed reply for transaction 3457 to 5955:5959
[  531.536467] binder: 5955:5959 transaction failed 29189/-22, size 0-0 line 2852
[  531.542498] binder: undelivered TRANSACTION_ERROR: 29201
[  531.555335] binder: undelivered TRANSACTION_ERROR: 29189
[  531.561212] binder: undelivered TRANSACTION_ERROR: 29189
09:40:44 executing program 6:
r0 = socket$alg(0x26, 0x5, 0x0)
r1 = syz_open_dev$audion(&(0x7f0000000300)='/dev/audio#\x00', 0x769, 0x200200)
ioctl$sock_bt_hidp_HIDPCONNDEL(r1, 0x400448c9, &(0x7f0000000240)={{0x3, 0x3, 0x0, 0x6a9, 0x7fff, 0x1}, 0x5b95})
bind$alg(r0, &(0x7f0000000840)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)
recvmsg(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000340)=""/242, 0xf2}, {&(0x7f0000000280)=""/96, 0x60}, {&(0x7f0000000500)=""/248, 0xf8}, {&(0x7f0000000200)}], 0x4, &(0x7f0000000600)=""/99, 0x63, 0x5}, 0x40000121)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000000100)={<r2=>0x0, 0x5, 0xcb7}, &(0x7f0000000140)=0x8)
setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f0000000740)={r2, @in={{0x2, 0x4e21, @multicast2}}}, 0x84)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r3 = accept$alg(r0, 0x0, 0x0)
sendmsg$alg(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f00000004c0)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x2f5}], 0x30}, 0x0)
ioctl$PIO_UNIMAP(r1, 0x4b67, &(0x7f0000000800)={0x3, &(0x7f0000000200)=[{0x800, 0x7}, {0x3f7f3f82, 0xfffffffffffffeff}, {0x7b46, 0x7fffffff}]})
write$binfmt_script(r3, &(0x7f0000000300)=ANY=[], 0xffffffaa)
ioctl$KVM_GET_ONE_REG(r1, 0x4010aeab, &(0x7f0000000180)={0x6403be1f, 0x6})
recvmsg(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000013c0)=""/4096, 0xd26}], 0x1, &(0x7f00000006c0)=""/123, 0x7b}, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)

09:40:44 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x2008912, &(0x7f00000005c0)="3c9c0000000043ba3c7f00")
r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0)
read(r1, &(0x7f0000000200)=""/28, 0x1c)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000400)={0xbf})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0xc02c5341, &(0x7f0000000140))
r2 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040))
timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x9}}, &(0x7f0000040000))
tkill(r2, 0x1000000000013)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000600)=ANY=[@ANYBLOB="73656375726974790000000000000000000000000000000000000000000000000e00000004000000380400001801000018010000180100001801000000000000680300006803000068030000680300006803000004000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="00004bf4904a16bb7815c2e6cd23a825090000000000008d00000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], @ANYBLOB="ff010000000000000000000000000001ff020000000000000000000000000001ffffffff000000ffffffffffff000000ffffffffffffff00000000ffffffffff6272696467653000000000000000000000000000000000000000000000000000000000000000000000ff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080164000000000000000000000000000000f0001801000000000000000000000000000000000000000000000000280069707636686561646572000000000000000000000000000000000000000000da0000000000002800000000000000000000000000000000000000000000000000000000000000fbffffff00000000ff020000000000000000000000000001fe8000000000000000000000000000aa0000000000000000ffffff00ffffffffffffffff00000000ffffff00ff0000ff76657468315f746f5f626f6e6400000076657468300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff000000000000000000000000000000003f007c0708000000000000000000000000000000100138010000000000000000000000000000000000000000000000004800647374000000000000000000000000000000000000000000000000000000ffffff7f0100ffff6900fdffffff010001000900cee2ffff07000700080081000900000001000a0028004e46515545554500000000000000000000000000000000000000000000000001000000000000fe8000000000000000000000000000aaff010000000000000000000000000001ff000000ffffff0000000000000000ffffffffffffffffff00000000ffffff0073797a6b616c6c65723000000000000074756e6c300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff000000000000000000000000000000005e0000000d000000000000000000000000000000f00018010000000000000000000000000000000000000000000000002800616464727479706500000000000000000000000000000000000000000001410540000f0000002800000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a800d0000000000000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff00000000"], 0x498)

09:40:44 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_MAX_THREADS(r1, 0x40046205, 0x72fffe)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x50, 0x0, &(0x7f0000000100)=[@register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000), &(0x7f0000000040)}}}], 0x1, 0x0, &(0x7f0000000180)="0e"})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0b630000aeb24040"], 0x0, 0x0, &(0x7f00000002c0)})
getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000000)={<r2=>0x0, 0x66a5}, &(0x7f00000000c0)=0x8)
r3 = dup2(r0, r0)
ioctl$RTC_UIE_ON(r3, 0x7003)
setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x19, &(0x7f00000001c0)={r2, 0x5}, 0x8)
setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r0, 0x84, 0x5, &(0x7f00000002c0)={r2, @in={{0x2, 0x4e22, @local}}}, 0x84)

09:40:44 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f76")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:44 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x4c, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:40:44 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0xfd00]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:44 executing program 1:
r0 = socket$inet(0x2, 0x1, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0xfffffffffffffffc, 0x8972, 0xffffffffffffffff, 0x0)
bind$inet(r0, &(0x7f0000134000)={0x2, 0x4e23, @broadcast}, 0x10)
connect$inet(r0, &(0x7f00000e5000)={0x2, 0x4e23, @loopback}, 0x10)
connect$inet(r0, &(0x7f00009322c4)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x2)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
r1 = getpgrp(0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000000)={0x0, <r2=>0x0})
setpgid(r1, r2)

09:40:44 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40030000000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  531.735365] binder: 5973:5982 got new transaction with bad transaction stack, transaction 3464 has target 5973:0
[  531.745881] binder: 5973:5982 transaction failed 29201/-71, size 0-0 line 2879
[  531.755072] binder: 5981:5984 ERROR: BC_REGISTER_LOOPER called without request
[  531.762562] binder: 5981:5984 got reply transaction with no transaction stack
[  531.769887] binder: 5981:5984 transaction failed 29201/-71, size 0-0 line 2759
09:40:44 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f7640")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:44 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_MAX_THREADS(r1, 0x40046205, 0x72fffe)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x50, 0x0, &(0x7f0000000100)=[@register_looper, @reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000), &(0x7f0000000040)}}}], 0x1, 0x0, &(0x7f0000000180)="0e"})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0b630000aeb24040"], 0x0, 0x0, &(0x7f00000002c0)})
getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000000)={<r2=>0x0, 0x66a5}, &(0x7f00000000c0)=0x8)
r3 = dup2(r0, r0)
ioctl$RTC_UIE_ON(r3, 0x7003)
setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x19, &(0x7f00000001c0)={r2, 0x5}, 0x8)
setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r0, 0x84, 0x5, &(0x7f00000002c0)={r2, @in={{0x2, 0x4e22, @local}}}, 0x84)

[  531.783106] binder: 5981:5984 unknown command 1077981870
[  531.790731] binder: 5981:5984 ioctl c0306201 20000040 returned -22
[  531.797552] binder_alloc: binder_alloc_mmap_handler: 5973 20001000-20004000 already mapped failed -16
[  531.808629] binder: BINDER_SET_CONTEXT_MGR already set
[  531.819878] binder: 5973:5982 ioctl 40046207 0 returned -16
[  531.828194] binder_alloc: 5973: binder_alloc_buf, no vma
[  531.833810] binder: 5973:5990 transaction failed 29189/-3, size 24-8 line 2967
[  531.842239] binder: send failed reply for transaction 3464 to 5973:5982
[  531.843733] binder: 5996:5997 ERROR: BC_REGISTER_LOOPER called without request
[  531.856465] binder: 5996:5997 got reply transaction with no transaction stack
[  531.856734] binder: undelivered TRANSACTION_ERROR: 29201
[  531.863769] binder: 5996:5997 transaction failed 29201/-71, size 0-0 line 2759
[  531.874875] binder: 5996:5998 ERROR: BC_REGISTER_LOOPER called without request
09:40:44 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:44 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x60, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:40:44 executing program 3:
openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x40, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000002c0)='numa_maps\x00')
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000080)='/dev/rfkill\x00', 0x4800, 0x0)
socket$unix(0x1, 0x7, 0x0)
ustat(0x101, &(0x7f00000000c0))
readv(r0, &(0x7f0000001680)=[{&(0x7f0000001500)=""/135, 0x87}], 0x1)

[  531.876830] binder: undelivered TRANSACTION_ERROR: 29189
[  531.889871] binder: 5996:5998 unknown command 1077981870
[  531.899531] binder: 5996:5998 ioctl c0306201 20000040 returned -22
[  531.983812] binder: 6005:6006 got new transaction with bad transaction stack, transaction 3472 has target 6005:0
[  531.994248] binder: 6005:6006 transaction failed 29201/-71, size 0-0 line 2879
[  532.005430] binder_alloc: binder_alloc_mmap_handler: 6005 20001000-20004000 already mapped failed -16
[  532.014964] binder: BINDER_SET_CONTEXT_MGR already set
[  532.020778] binder: 6005:6006 ioctl 40046207 0 returned -16
[  532.023615] binder_alloc: 6005: binder_alloc_buf, no vma
[  532.032205] binder: 6005:6012 transaction failed 29189/-3, size 24-8 line 2967
[  532.042258] binder: send failed reply for transaction 3472 to 6005:6006
[  532.050294] binder: undelivered TRANSACTION_ERROR: 29201
[  532.055881] binder: undelivered TRANSACTION_ERROR: 29189
09:40:44 executing program 7:
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000d28000))
r1 = epoll_create1(0x0)
r2 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x9, 0x408401)
ioctl$BLKTRACETEARDOWN(r2, 0x1276, 0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000e4cfe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
r3 = getpid()
sched_setaffinity(r3, 0x8, &(0x7f0000000000)=0x5)
r4 = syz_open_dev$sndtimer(&(0x7f0000000080)='/dev/snd/timer\x00', 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r4, 0xc0145401, &(0x7f0000013000))
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000140)={0xd002, 0x1f000})
readv(r4, &(0x7f000042bff8)=[{&(0x7f0000e3b000)=""/61, 0x3d}], 0x1)
ioctl$KVM_DEASSIGN_PCI_DEVICE(r4, 0x4040ae72, &(0x7f0000000040))
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r2, 0x84, 0x13, &(0x7f0000000100)=0x6, 0x4)
dup3(r1, r0, 0x0)

09:40:44 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x900]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:44 executing program 3:
mkdir(&(0x7f0000000240)='./file0\x00', 0x0)
r0 = creat(&(0x7f0000000040)='./file0/file0\x00', 0x0)
execveat(r0, &(0x7f00000000c0)='./file0/file0\x00', &(0x7f0000000280), &(0x7f00000003c0), 0x100)
setsockopt$inet6_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000000), 0x4)

09:40:45 executing program 6:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='schedstat\x00')
accept$alg(r0, 0x0, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r2 = accept$alg(r1, 0x0, 0x0)
sendmsg$alg(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f00000004c0)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x2f5}], 0x30}, 0x0)
write$binfmt_script(r2, &(0x7f0000000300)=ANY=[], 0xffffffaa)
ioctl$KDGKBENT(r0, 0x4b46, &(0x7f0000000040)={0x0, 0x7, 0x20})
recvmsg(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000013c0)=""/4096, 0x1000}], 0x1, &(0x7f0000000100)=""/123, 0x28}, 0x0)

09:40:45 executing program 4:
setsockopt$IP_VS_SO_SET_STARTDAEMON(0xffffffffffffffff, 0x0, 0x48b, &(0x7f0000000000)={0x1, "7457526c3000010000000100"}, 0x3)
r0 = syz_open_dev$vcsn(&(0x7f00000002c0)='/dev/vcs#\x00', 0x4, 0x400)
ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000000c0)=<r1=>0x0)
setpriority(0x1, r1, 0x6)
r2 = fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff)
ioctl$KVM_S390_UCAS_MAP(r2, 0x4018ae50, &(0x7f0000000280)={0x5a24, 0x0, 0xe3})
r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer2\x00', 0x140, 0x0)
write$P9_RREAD(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="05010000750100fa000000191b697a8c72c8f17600ec3a82dd31c4fb0cc8ca4172def2fd3a69fc5c7daa9428810b2b41db0d53db68beb21ee65170d7eedfb495352456966ad61e1f0b8deffef5e506d2d6bd8cda33ee5cfc070064f8ab210cd538f4ea86ed4a088bad0d6774074f899896a0959ae4661e334008c88baeea203c68f5e62d5c1cb23f65974750668ddd49064f3450ce944a2bda9971bc4869138e593051c010b2582585267bb7bab00f08effdd70536c7efa30b30c5ae01ef063591042e246f85ff40c5c0278bf4e832361de15098becf48764ee1bcb785ab5695301da83fccf4b293a83bca4b302608883b6a9ad827a9b35063e9ea91b60ce2c3238343445a69fcf4594ca4419483bc3458c80066f9a6d8f0f2da9de59a4168be1b5b600e291e7688c880719b62b7f8aa7d7ef6636a9c233cc0e38aaa0dc1a647b4c0bab37d"], 0x105)
add_key(&(0x7f0000000080)='ceph\x00', &(0x7f0000000040), &(0x7f0000000000), 0x1fe, 0xffffffffffffffff)
ioctl$KDENABIO(r3, 0x4b36)

09:40:45 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x6800, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:40:45 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f7640")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:45 executing program 3:
mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240)='/dev/net/tun\x00', 0x8200, 0x0)
r1 = socket$inet(0x2, 0x5, 0xfff)
ioctl$FICLONERANGE(r0, 0x4020940d, &(0x7f0000000280)={r1, 0x0, 0x1, 0x7, 0x9})
mount(&(0x7f0000000000)='./file0\x00', &(0x7f0000000880)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x3, &(0x7f0000000980))
r2 = syz_open_dev$adsp(&(0x7f0000000040)='/dev/adsp#\x00', 0x4, 0x0)
ioctl$BLKSECDISCARD(r2, 0x127d, &(0x7f0000000080)=0x7)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000200)={0xaa, 0x8})
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x806, 0x10)
fremovexattr(r3, &(0x7f0000000140)=@random={'security.', "265d2e2376626f786e6574307b405c5c2ca500"})

09:40:45 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:45 executing program 1:
r0 = socket$inet(0x2, 0x1, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0xfffffffffffffffc, 0x8972, 0xffffffffffffffff, 0x0)
bind$inet(r0, &(0x7f0000134000)={0x2, 0x4e23, @broadcast}, 0x10)
connect$inet(r0, &(0x7f00009322c4)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x2)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @remote}, 0x10)
poll(&(0x7f0000000140), 0x38, 0x0)
setsockopt$ARPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x61, &(0x7f0000000000)={'filter\x00', 0x4}, 0x68)

09:40:45 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  532.614728] binder: 6039:6040 got new transaction with bad transaction stack, transaction 3478 has target 6039:0
[  532.625226] binder: 6039:6040 transaction failed 29201/-71, size 0-0 line 2879
09:40:45 executing program 1:
r0 = socket$inet(0x2, 0x1, 0x0)
mmap(&(0x7f0000cad000/0x3000)=nil, 0x3000, 0xfffffffffffffffc, 0x8972, r0, 0x0)
bind$inet(r0, &(0x7f0000134000)={0x2, 0x4e23, @broadcast}, 0x10)
ioctl$KVM_S390_VCPU_FAULT(r0, 0x4008ae52, &(0x7f0000000040)=0x1)
connect$inet(r0, &(0x7f00000e5000)={0x2, 0x4e23, @loopback}, 0x10)
mmap(&(0x7f000094f000/0x3000)=nil, 0x3000, 0x4, 0x1010, r0, 0x0)
connect$inet(r0, &(0x7f00009322c4)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x2)
r1 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0xd98a, 0x400001)
ioctl$sock_bt_hidp_HIDPGETCONNINFO(r1, 0x800448d3, &(0x7f00000000c0)={{0x4, 0x0, 0x2, 0x465, 0x1, 0x800}, 0x81, 0x2, 0x2743e38e, 0x1, 0x3, "daa43425585d35b1e1c99ac679de434c7f28e1bf904077a1075453cdd29d267538ca8ec5562eb4f6f5230dbf30280eac794996f4d7cdc37d02967334b8fbdbc3a60c6cfefd22e2991f5f44593413bf556ea064ff6bec6bdf2b10a904f6f5e2a730112a0a25a4e17709fbdda0146a03ae6c617bc960fe1af25e980e16c81b851e"})
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)

09:40:45 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f7640")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:45 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x100008912, &(0x7f0000000100)="025cc80700145f8f764070")
r1 = gettid()
socketpair$unix(0x1, 0x5, 0x0, &(0x7f000000d000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$int_in(r2, 0x5452, &(0x7f0000008ff8)=0x3f)
recvfrom$unix(r3, &(0x7f0000bf5000), 0x0, 0x0, &(0x7f0000d93ff6)=@file={0x0, './file0\x00'}, 0x6e)
r4 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x0, 0x2401)
getsockopt$inet_IP_IPSEC_POLICY(r4, 0x0, 0x10, &(0x7f0000000140)={{{@in=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}}, {{@in6}, 0x0, @in6}}, &(0x7f00000000c0)=0xe8)
setsockopt$inet_IP_IPSEC_POLICY(r4, 0x0, 0x10, &(0x7f0000000240)={{{@in6=@local, @in=@dev={0xac, 0x14, 0x14, 0x12}, 0x4e21, 0x0, 0x4e23, 0x0, 0x0, 0x80, 0xa0, 0x4, 0x0, r5}, {0x3, 0x8, 0x7fffffff, 0x1, 0x97, 0x401, 0x1024, 0x80000000}, {0x5, 0x6, 0x1ff, 0xffffffffffffffff}, 0x77f, 0x6e6bbf, 0x0, 0x0, 0x2}, {{@in6=@local, 0x4d4, 0x2b}, 0x2, @in6, 0x3500, 0x0, 0x0, 0x9, 0x0, 0x4, 0x400}}, 0xe8)
r6 = syz_open_procfs(r1, &(0x7f0000000040)='auxv\x00')
r7 = getpid()
fcntl$setown(r2, 0x8, r7)
fcntl$setsig(r2, 0xa, 0x12)
dup2(r2, r3)
tkill(r1, 0x16)
exit(0x0)
close(r6)

[  532.677559] binder_alloc: binder_alloc_mmap_handler: 6039 20001000-20004000 already mapped failed -16
[  532.689234] binder: BINDER_SET_CONTEXT_MGR already set
[  532.695139] binder: 6039:6040 ioctl 40046207 0 returned -16
[  532.701273] binder_alloc: 6039: binder_alloc_buf, no vma
[  532.706898] binder: 6039:6057 transaction failed 29189/-3, size 24-8 line 2967
[  532.716568] binder: send failed reply for transaction 3478 to 6039:6040
09:40:45 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:45 executing program 4:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r0, 0x107, 0x7, &(0x7f0000000080)=0x80000001, 0x4)
setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c)
syz_emit_ethernet(0x8d, &(0x7f0000000100)={@dev={[], 0x1b}, @remote, [{[{0x9100, 0x7, 0x4, 0x4}], {0x8100, 0x81, 0x8001}}], {@x25={0x805, {0x0, 0x9, 0x1, "5aaa6de6ccb8f4c90bdbfeac78832f8ae82c1c27db0aef763eb5908af9049821ffdd2204e62825a5ababe7e39b226fc1ef0ca41922da9392ca619f5d509d1a111947f5e9717ecbd428d54ca12cb20fed409c44aa8bc5dbd5c1f920357316147a5ff8ec7794ce2fd0cbd286e258d799f149876650"}}}}, &(0x7f00000001c0)={0x0, 0x3, [0x453, 0x3f5, 0x9f6, 0xe30]})
syz_emit_ethernet(0x10373, &(0x7f00000000c0)={@broadcast, @remote, [{[{}]}], {@can={0xc, {{}, 0x0, 0x0, 0x0, 0x0, "199ac0f1ca9a7443"}}}}, &(0x7f0000000000))

[  532.731230] binder: undelivered TRANSACTION_ERROR: 29201
[  532.736792] binder: undelivered TRANSACTION_ERROR: 29189
09:40:45 executing program 7:
r0 = socket$bt_rfcomm(0x1f, 0x1, 0x3)
ioctl$sock_SIOCSIFBR(r0, 0x8941, &(0x7f0000000440)=@add_del={0x2, &(0x7f0000000400)='teql0\x00'})
r1 = memfd_create(&(0x7f0000000140)="2d42d54e49c56aba707070f00884a26d003a2900bb8dacac76617d6b6e6823cb290fc8c03a9c631064eea98b4363ad899c6bdec5e936dd55a93dcd4a78aa8f7eb93061a9b2044b98933f8851f7d61da1ce8b19eaefe3abb6a52434d6fe370fe7d924ce20ab4eaec9bdd36740e127730e90f2cd72b828", 0x0)
pwrite64(r1, &(0x7f0000000280)="df121e5e7398e5232a200c20e4e7fe1a9201f2e34d81acd7cae0be4af8e0cf5f79dea6f4e35cfb0241ad30b3ca891bc6fd45060a3b2328ea566f03d6bf28eff4fd5202a4689f20ad155b1cd28cbeb956ae6341fdd186556f75188ac09cc92bea6750a6180fe1174d54a71d20650c3f09ed35d3f26f18abdcdb16eba56f5dc723", 0x80, 0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4, 0x11, r1, 0x0)
symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000080)='./file0\x00')
creat(&(0x7f0000000000)='./file0\x00', 0x0)
getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f0000000300)={<r2=>0x0, @in6={{0xa, 0x4e21, 0x6, @local}}}, &(0x7f0000000100)=0x84)
getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000240)={r2, 0x7}, &(0x7f00000003c0)=0x8)
mount(&(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='./file0\x00', &(0x7f00000001c0)='sockfs\x00', 0x101000, &(0x7f0000000240))
open(&(0x7f0000000480)='./file0\x00', 0x0, 0x10)
umount2(&(0x7f00000000c0)='./file0\x00', 0x0)

09:40:45 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x4c000000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:40:45 executing program 1:
r0 = socket$inet(0x2, 0x1, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0xfffffffffffffffc, 0x8972, 0xffffffffffffffff, 0x0)
bind$inet(r0, &(0x7f0000134000)={0x2, 0x4e23, @broadcast}, 0x10)
connect$inet(r0, &(0x7f00000e5000)={0x2, 0x4e23, @loopback}, 0x10)
getsockopt$inet_mreqn(r0, 0x0, 0x24, &(0x7f0000000040)={@broadcast, @local, <r1=>0x0}, &(0x7f00000000c0)=0xc)
setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000100)={@loopback, @dev={0xac, 0x14, 0x14, 0x1e}, r1}, 0xc)
connect$inet(r0, &(0x7f00009322c4)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x2)
setsockopt$inet_sctp_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f0000000000)={0x1, [0x3]}, 0x6)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)

[  533.151350] binder: 6085:6087 got new transaction with bad transaction stack, transaction 3484 has target 6085:0
[  533.161856] binder: 6085:6087 transaction failed 29201/-71, size 0-0 line 2879
[  533.176265] binder_alloc: binder_alloc_mmap_handler: 6085 20001000-20004000 already mapped failed -16
[  533.185900] binder: BINDER_SET_CONTEXT_MGR already set
[  533.191303] binder: 6085:6087 ioctl 40046207 0 returned -16
[  533.191495] binder_alloc: 6085: binder_alloc_buf, no vma
[  533.202697] binder: 6085:6092 transaction failed 29189/-3, size 24-8 line 2967
[  533.210574] binder: 6085:6087 BC_INCREFS_DONE u0000000000000000 no match
[  533.210914] binder: send failed reply for transaction 3484 to 6085:6087
[  533.217710] binder: 6085:6087 transaction failed 29189/-22, size 0-0 line 2852
[  533.231795] binder: undelivered TRANSACTION_ERROR: 29189
[  533.237799] binder: undelivered TRANSACTION_ERROR: 29201
[  533.243454] binder: undelivered TRANSACTION_ERROR: 29189
09:40:46 executing program 6:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r1 = accept$alg(r0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f00000004c0)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x2f5}], 0x30}, 0x0)
write$binfmt_script(r1, &(0x7f0000000300)=ANY=[], 0xffffffaa)
recvmsg(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000013c0)=""/4096, 0x1000}], 0x1, &(0x7f0000000100)=""/123, 0x7b}, 0x0)
r2 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x5, 0x40000)
ioctl$UFFDIO_ZEROPAGE(r2, 0xc020aa04, &(0x7f0000000040)={{&(0x7f0000ffe000/0x1000)=nil, 0x1000}, 0x1})
setsockopt$bt_BT_RCVMTU(r2, 0x112, 0xd, &(0x7f0000000200)=0x3, 0x2)

09:40:46 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40030000000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:46 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x0, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:46 executing program 4:
fallocate(0xffffffffffffffff, 0x20, 0x0, 0x6)
ioctl$SG_SET_KEEP_ORPHAN(0xffffffffffffffff, 0x2287, &(0x7f00000001c0)=0xf15)
ioctl$PIO_UNISCRNMAP(0xffffffffffffffff, 0x4b6a, &(0x7f0000000140)="1f15b2bbd5750f1eb026e9ca")
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x2, &(0x7f0000000000)=@raw=[@ldst={0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x5}], &(0x7f00000000c0)='GPL\x00', 0x1ff, 0xfb, &(0x7f00001a7f05)=""/251}, 0x48)

09:40:46 executing program 7:
syz_open_procfs$namespace(0x0, &(0x7f0000000240)='ns/mnt\x00')
getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0xc)
getpid()
getpid()
ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f00000000c0))
getpgid(0x0)
getpgrp(0xffffffffffffffff)
ioctl$sock_FIOGETOWN(0xffffffffffffff9c, 0x8903, &(0x7f0000000180)=<r0=>0x0)
syz_open_procfs$namespace(r0, &(0x7f0000000140)='ns/pid_for_children\x00')
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000100)={'sit0\x00', 0x8000})

09:40:46 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:40:46 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000040)={0x4, <r2=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000100)={0x0, 0x2000000001, 0x1, &(0x7f0000000080)})
ioctl$TUNSETOFFLOAD(r2, 0x400454d0, 0x1)

[  533.447185] binder: 6101:6113 got new transaction with bad transaction stack, transaction 3491 has target 6101:0
[  533.457682] binder: 6101:6113 transaction failed 29201/-71, size 0-0 line 2879
09:40:46 executing program 4:
pipe2(&(0x7f0000005b80)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80800)
setsockopt$IP_VS_SO_SET_DELDEST(r0, 0x0, 0x488, &(0x7f0000005bc0)={{0x7f, @local, 0x4e20, 0x0, 'wrr\x00', 0x30, 0x46, 0x7f}, {@dev={0xac, 0x14, 0x14, 0xc}, 0x4e22, 0x0, 0x5, 0xd63, 0x100000000}}, 0x44)
r2 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r2, 0x8912, &(0x7f0000000180)="025c3f0a00145f8f764070")
r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00')
ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x1)
getsockopt$inet_sctp_SCTP_STATUS(r1, 0x84, 0xe, &(0x7f0000000340)={0x0, 0x1000, 0x6, 0x5405f7c2, 0x66, 0x100, 0x80000000, 0x4, {<r4=>0x0, @in6={{0xa, 0x4e22, 0x7f, @local, 0x400}}, 0x88, 0x3, 0x146, 0x75e, 0x2000000000000000}}, &(0x7f0000000400)=0xb0)
getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000440)=ANY=[@ANYRES32=r4, @ANYBLOB="0400050000104d0000007f000000"], &(0x7f0000000480)=0x12)
sendmsg$IPVS_CMD_GET_CONFIG(r0, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000080)={0xb8, r3, 0x20, 0x70bd29, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_DAEMON={0x28, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @ipv4={[], [], @rand_addr=0x400}}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x3}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x3}, @IPVS_CMD_ATTR_SERVICE={0x18, 0x1, [@IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@dev={0xac, 0x14, 0x14, 0xf}}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8}, @IPVS_CMD_ATTR_DAEMON={0x34, 0x3, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x6}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0xfffffffffffffff9}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @multicast2}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x9}]}, @IPVS_CMD_ATTR_SERVICE={0x4}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x2b}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}]}]}, 0xb8}, 0x1, 0x0, 0x0, 0xdc204e01c3984f85}, 0x4000010)
sysfs$1(0x1, &(0x7f00000004c0)=',md5sumeth1posix_acl_accesseth0!\x00')
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_adjtime(0x0, &(0x7f00000001c0)={0x8})

09:40:46 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  533.708819] binder_alloc: binder_alloc_mmap_handler: 6101 20001000-20004000 already mapped failed -16
[  533.725424] binder: BINDER_SET_CONTEXT_MGR already set
[  533.731235] binder: 6101:6109 ioctl 40046207 0 returned -16
[  533.737805] binder_alloc: 6101: binder_alloc_buf, no vma
[  533.743357] binder: 6101:6113 transaction failed 29189/-3, size 24-8 line 2967
[  533.751805] binder: send failed reply for transaction 3491 to 6101:6113
09:40:46 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x8150300, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

[  533.776169] binder: undelivered TRANSACTION_ERROR: 29201
[  533.781762] binder: undelivered TRANSACTION_ERROR: 29189
[  533.834299] binder: 6131:6133 got new transaction with bad transaction stack, transaction 3497 has target 6131:0
[  533.844759] binder: 6131:6133 transaction failed 29201/-71, size 0-0 line 2879
[  533.885635] binder_alloc: binder_alloc_mmap_handler: 6131 20001000-20004000 already mapped failed -16
[  533.897675] binder: BINDER_SET_CONTEXT_MGR already set
[  533.903494] binder: 6131:6133 ioctl 40046207 0 returned -16
[  533.911130] binder_alloc: 6131: binder_alloc_buf, no vma
[  533.916719] binder: 6131:6139 transaction failed 29189/-3, size 24-8 line 2967
[  533.924956] binder: send failed reply for transaction 3497 to 6131:6133
[  533.934759] binder: undelivered TRANSACTION_ERROR: 29201
[  533.940401] binder: undelivered TRANSACTION_ERROR: 29189
09:40:48 executing program 7:
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000040)=<r0=>0x0)
r1 = syz_open_procfs(r0, &(0x7f0000000100)="70726fb53252792800bce1c0d94812671fe098e9ea009ea9")
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
writev(r1, &(0x7f0000000080)=[{&(0x7f00000004c0)="f9", 0x1}], 0x1)

09:40:48 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x0, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:48 executing program 4:
r0 = add_key$keyring(&(0x7f0000000640)='keyring\x00', &(0x7f0000000680), 0x0, 0x0, 0xfffffffffffffffe)
r1 = add_key$keyring(&(0x7f0000000080)='keyring\x00', &(0x7f00000006c0), 0x0, 0x0, r0)
keyctl$revoke(0x3, r1)
keyctl$join(0x1, &(0x7f0000000000))

09:40:48 executing program 1:
r0 = socket$inet(0x2, 0x1, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0xfffffffffffffffc, 0x8972, 0xffffffffffffffff, 0x0)
bind$inet(r0, &(0x7f0000134000)={0x2, 0x4e23, @broadcast}, 0x10)
connect$inet(r0, &(0x7f00000e5000)={0x2, 0x4e23, @loopback}, 0x10)
connect$inet(r0, &(0x7f00009322c4)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x2)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10)
poll(&(0x7f00000001c0)=[{r0, 0xfffffffffffffffe}], 0x1, 0x0)

09:40:48 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:48 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:40:48 executing program 6:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r1 = accept$alg(r0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f00000004c0)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x2f5}], 0x30}, 0x0)
write$binfmt_script(r1, &(0x7f0000000300)=ANY=[], 0xffffffaa)
bind$alg(r0, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha256\x00'}, 0x58)
recvmsg(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000013c0)=""/4096, 0x1000}], 0x1, &(0x7f0000000100)=""/123, 0x7b}, 0x0)

09:40:48 executing program 3:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f000065ffa8)={0x26, 'hash\x00', 0x0, 0x0, 'poly1305-simd\x00'}, 0x58)
r1 = accept4(r0, 0x0, &(0x7f0000000000), 0x0)
sendmsg$FOU_CMD_DEL(r1, &(0x7f0000000180)={&(0x7f0000000040), 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0)
r2 = syz_genetlink_get_family_id$team(&(0x7f00000000c0)='team\x00')
getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f00000001c0)={<r3=>0x0, @remote}, &(0x7f0000000200)=0xc)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000240)={'vcan0\x00', <r4=>0x0})
getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000400)={{{@in=@multicast1, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}}, {{@in6=@dev}, 0x0, @in6=@ipv4={[], [], @multicast2}}}, &(0x7f0000000500)=0xe8)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000540)={'vcan0\x00', <r6=>0x0})
bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x85, 0x1a}, 0x1d2)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{}, [@alu={0x7, 0x1f, 0x1, 0x1, 0x1}]}, &(0x7f0000000000)="73010080001e000000", 0x1, 0xfb, &(0x7f00001a7f05)=""/251}, 0x48)
getsockname$packet(r1, &(0x7f0000000580)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000005c0)=0x14)
getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f00000006c0)={<r8=>0x0, @rand_addr, @multicast1}, &(0x7f0000000700)=0xc)
getsockopt$inet_mreqn(r1, 0x0, 0x24, &(0x7f0000000740)={@dev, @loopback, <r9=>0x0}, &(0x7f0000000780)=0xc)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000009c0)={'vcan0\x00', <r10=>0x0})
accept4$packet(r1, &(0x7f0000000a00)={0x11, 0x0, <r11=>0x0}, &(0x7f0000000a40)=0x14, 0x0)
getsockname$packet(r1, &(0x7f0000000a80)={0x11, 0x0, <r12=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000ac0)=0x14)
ioctl$sock_ifreq(r1, 0x89d6, &(0x7f0000000bc0)={'ipddp0\x00', @ifru_addrs=@hci={0x1f, <r13=>0x0}})
getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000c00)={{{@in, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r14=>0x0}}, {{@in=@loopback}, 0x0, @in6}}, &(0x7f0000000d00)=0xe8)
getsockname$packet(r0, &(0x7f0000000d40)={0x11, 0x0, <r15=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000d80)=0x14)
getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000dc0)={{{@in6=@mcast1, @in=@rand_addr, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r16=>0x0}}, {{@in=@multicast2}, 0x0, @in=@local}}, &(0x7f0000000ec0)=0xe8)
getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f00000020c0)={<r17=>0x0, @rand_addr, @loopback}, &(0x7f0000002100)=0xc)
sendmsg$TEAM_CMD_PORT_LIST_GET(r1, &(0x7f0000002680)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000002640)={&(0x7f0000002140)={0x4f4, r2, 0x404, 0x70bd2c, 0x25dfdbff, {}, [{{0x8, 0x1, r3}, {0x168, 0x2, [{0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8}, {0x8, 0x4, 0x5edf2fcd}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8}, {0x8, 0x4, r4}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x8}, {0x8, 0x4, 0x7}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8}, {0x8, 0x4, r5}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r6}}}, {0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x8}, {0x8, 0x4, 0x3}}, {0x8, 0x6, r7}}}]}}, {{0x8, 0x1, r8}, {0x12c, 0x2, [{0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x8}, {0x8, 0x4, 0x1ff}}, {0x8, 0x6, r9}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x8}, {0x8, 0x4, 0xe4f2ff3}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8}, {0x8, 0x4, 0x9243}}}, {0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x8}, {0x8, 0x4, 0x7f}}, {0x8, 0x6, r10}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8}, {0x8, 0x4, 0x4}}}]}}, {{0x8, 0x1, r11}, {0x174, 0x2, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8}, {0x8, 0x4, r12}}, {0x8}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8}, {0x8, 0x4, 0x3}}}, {0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x8}, {0x8}}, {0x8, 0x6, r13}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x8}, {0x8, 0x4, 0x3c8}}}, {0x44, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8}, {0x14, 0x4, 'activebackup\x00'}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r14}}}]}}, {{0x8, 0x1, r15}, {0xb8, 0x2, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8}, {0x8, 0x4, r16}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x8}, {0x8, 0x4, 0x6}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r17}}}]}}]}, 0x4f4}, 0x1, 0x0, 0x0, 0x4000}, 0x20000000)
recvmmsg(r1, &(0x7f0000005ec0)=[{{&(0x7f0000005600)=@ethernet={0x0, @link_local}, 0x80, &(0x7f00000059c0)}}, {{&(0x7f0000005a40)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x80, &(0x7f0000005e00), 0x0, &(0x7f0000005e80)=""/10, 0xa}}], 0x2, 0x0, 0x0)

09:40:48 executing program 4:
futex(&(0x7f0000000000), 0xd, 0x0, &(0x7f0000000040)={0x77359400}, &(0x7f0000000080), 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x553240, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x80000, 0x0)

09:40:48 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x0, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:48 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd00]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  535.815098] binder: 6154:6161 got new transaction with bad transaction stack, transaction 3503 has target 6154:0
[  535.825550] binder: 6154:6161 transaction failed 29201/-71, size 0-0 line 2879
09:40:48 executing program 3:
r0 = memfd_create(&(0x7f0000000140)='#em1#+\x00', 0x0)
write(r0, &(0x7f0000000040)="06", 0x1)
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x80000000004, 0x11, r0, 0x0)
r1 = socket$kcm(0x2, 0x6, 0x0)
getsockopt$bt_hci(r1, 0x10d, 0x1, &(0x7f0000000080)=""/86, &(0x7f0000000000)=0x56)
sysfs$1(0x1, &(0x7f0000000100)=']:\x00')
ioctl$SCSI_IOCTL_SYNC(r0, 0x4)

09:40:48 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl$int_in(r0, 0x5421, &(0x7f00000000c0)=0x81)
ioctl(r0, 0x8912, &(0x7f0000000080)="025cc80700145f8f764070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r3, 0xc008ae88, &(0x7f0000000140)={0x10, 0x0, [], [0x2c]})
semget(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_ASSIGN_DEV_IRQ(r2, 0x4040ae70, &(0x7f0000000000)={0x10001, 0x3, 0x1, 0x400})

[  535.894998] binder_alloc: binder_alloc_mmap_handler: 6154 20001000-20004000 already mapped failed -16
[  535.920118] binder: BINDER_SET_CONTEXT_MGR already set
[  535.928120] binder: 6154:6161 ioctl 40046207 0 returned -16
[  535.932337] binder_alloc: 6154: binder_alloc_buf, no vma
09:40:48 executing program 4:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-cast5-avx\x00'}, 0x7e)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00003c1000)="0a0775b0d5", 0x5)
r1 = accept$alg(r0, 0x0, 0x0)
stat(&(0x7f0000000500)='./file0\x00', &(0x7f0000000540))
sendmmsg(r1, &(0x7f00000055c0)=[{{&(0x7f0000003100)=@ll, 0x80, &(0x7f0000003180)=[{&(0x7f0000003340)="c8e37b9998fc6f126a75ae03d5efaaabc0d9aefc34471fd7dfb1cc001cfe9795f81861ab4f0ff2c7707dc8253478718b1f572c0dddf80bcd0d2f483a6d70a11b223a88456629ae899dc8521a2818e9de8ba9e5826c023e1bf34781f62033150a31d00163ebeb36105611f90e16a1200ab8b7417a69ebf66c60fdce01f81b6e0d", 0x80}], 0x1}}], 0x1, 0x0)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000300)=<r2=>0x0)
fcntl$setownex(r1, 0xf, &(0x7f0000000340)={0x0, r2})
accept4(r1, &(0x7f0000000440)=@in={0x2, 0x0, @multicast1}, &(0x7f00000004c0)=0x80, 0x80000)
recvmsg(r1, &(0x7f0000003580)={&(0x7f00000003c0)=@pppol2tpv3in6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @mcast1}}}, 0x80, &(0x7f00000034c0)=[{&(0x7f0000003440)=""/112, 0x200034b0}], 0x1, &(0x7f0000003500)=""/106, 0x6a}, 0x0)
recvmsg(r1, &(0x7f00000002c0)={&(0x7f0000000000)=@pppoe, 0x80, &(0x7f0000000080)=[{&(0x7f0000000140)=""/180, 0xb4}, {&(0x7f0000000200)=""/184, 0xb8}], 0x2}, 0x1)
pipe(&(0x7f00000005c0)={<r3=>0xffffffffffffffff})
ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000600)={&(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x3000, 0x1})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000380)='/dev/ppp\x00', 0x620000, 0x0)

09:40:48 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  535.939542] binder: 6154:6177 transaction failed 29189/-3, size 24-8 line 2967
[  535.950952] do_dccp_getsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app
[  535.955501] binder: send failed reply for transaction 3503 to 6154:6161
[  535.974761] binder: undelivered TRANSACTION_ERROR: 29201
[  535.980327] binder: undelivered TRANSACTION_ERROR: 29189
09:40:48 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070")
r1 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
write$P9_RCLUNK(r1, &(0x7f0000000040)={0x7, 0x79, 0x2}, 0x7)
r2 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x15a)
socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_buf(r3, 0x6, 0x1a, &(0x7f0000001200)=""/145, &(0x7f0000000100)=0x91)

09:40:48 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070")
r1 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0xe1a, @dev, 0x4}, 0x1c)
r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/schedule_icmp\x00', 0x2, 0x0)
ioctl$KDENABIO(r2, 0x4b36)
ioctl$TIOCOUTQ(r2, 0x5411, &(0x7f0000000080))
sendto$inet6(r1, &(0x7f0000000300), 0xfefe, 0x0, &(0x7f0000000240)={0xa, 0x4e23, 0x0, @remote}, 0x1c)

09:40:48 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:40:48 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x0, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:48 executing program 3:
mq_open(&(0x7f0000000200)='\x00\x00\x00', 0x8c0, 0x1000000000, &(0x7f00000001c0)={0x0, 0x6, 0x1, 0x0, 0x4, 0x201})
ioctl(0xffffffffffffffff, 0x8912, &(0x7f00000000c0)="025cc80700145f8f764070")
mq_unlink(&(0x7f0000000140)='.:\x00')
socketpair(0x11, 0xa, 0x8, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$P9_RCLUNK(r0, &(0x7f0000000100)={0x7, 0x79, 0x1}, 0xfffffffffffffe20)

[  536.148380] binder: 6206:6208 got new transaction with bad transaction stack, transaction 3509 has target 6206:0
[  536.158975] binder: 6206:6208 transaction failed 29201/-71, size 0-0 line 2879
[  536.231361] binder_alloc: binder_alloc_mmap_handler: 6206 20001000-20004000 already mapped failed -16
[  536.253198] binder: BINDER_SET_CONTEXT_MGR already set
[  536.260533] binder: 6206:6208 ioctl 40046207 0 returned -16
[  536.281379] binder_alloc: 6206: binder_alloc_buf, no vma
[  536.286954] binder: 6206:6225 transaction failed 29189/-3, size 24-8 line 2967
[  536.298647] binder: send failed reply for transaction 3509 to 6206:6208
[  536.329365] binder: undelivered TRANSACTION_ERROR: 29201
[  536.334883] binder: undelivered TRANSACTION_ERROR: 29189
09:40:49 executing program 1:
r0 = socket$inet(0x2, 0x1, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0xfffffffffffffffc, 0x8972, 0xffffffffffffffff, 0x0)
setsockopt$IPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x41, &(0x7f0000000000)={'filter\x00', 0x4, [{}, {}, {}, {}]}, 0x68)
bind$inet(r0, &(0x7f0000134000)={0x2, 0x4e23, @broadcast}, 0x10)
connect$inet(r0, &(0x7f00000e5000)={0x2, 0x4e23, @loopback}, 0x10)
connect$inet(r0, &(0x7f00009322c4)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x2)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)

09:40:49 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3e8]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:49 executing program 7:
getsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f00000000c0), 0xbb05cd43b1d2da8)
openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x10400, 0x0)
r0 = msgget(0x0, 0x410)
msgsnd(r0, &(0x7f00000004c0)={0x3, "367ecaf9427a7b75a7c10f5010562852d3fb85f352f57c571c1b28ac90c2f0e9d47938f471e7b20469b6f8acbd6bf8635e60def7debfd66ecef8dc37c047f22abafb5b49ab3b2bb6390651509c9263f64dd6bf2ad013187f0026f97bec5e829b97dd3114f3abd8246c90f28a176a0cf4870017a25d81d965213034aab2b79782d062eb5ab80095c51a632ccf60a262c931dbabcf958514fb04856e4194cbe487645b835d300a7f0f22338239d938d27289326dc4b6706f439e75325c1147f2bd059f554187ab5dcdd1146a96ec351d7f6e37a5b8ec1669b6bfa9b8d40117a92a352df5721f6e4bc9359e9f89f95b5e970debe0e8295d3bbe1e728a88883a81e9dd8240a869dda79fc727ed6880b398e1afeec1c32d94c31273f95d0ecf0b6478be97467db2188c6b00dfcc4bbb3ca499fbd2fdf99c99d8cd046bf89329f0154703a1f0bb12c0386a8c16e3b6750abf062ec9102ff2557cfda3a68d4501bacfb9f1f011cb5346e602444929dea69db095d2b120c7b4db4bebf3cf5ff37bd0343f8e54af736fc067b31ab4f14d4cd71a1d5050b1bf970338f8d7e577c8cad017f9d1474a5c0d461d3d4a36b8ebdb123631d49c5ebcac519459d21e127f389fd39f103d96ea5f949debf13054cfbc8bd67e9db4399c397e3a740a2668e32a9bd450341e59990ddd53be7d7ed3835bfc330b55fb600c76c6f15587d0d1336868b0afdd62474a6ef6b5af940454fb604a2aec4db44974383016f71b154ea95ea96a7a189a58e601b2873e1a4e727f1fce9980e7a0713ddc1b421c49aed442b8978d303d9f5b8e7461a69152f0c17a20394850628e0cf8330f9a4f4afc0506df9728f685f8c253a96dcb24bfb2f79d9b2a0da3b477e364c1cf9d031e6df5b9a19686840e0aa692af67e0b4a1ec7b1d5f7333939f6d4b8d32462f35acf6ecb2943e02d519ab9a5dfbc2b971ff2935145a2dc664cf90721a7025c51e6443b1a5495eaecd0e06b15268857500eac4a829ea44935a9f28e0f46c38f9bf1b25db0687540da7e1880ef19cce4455d736f5c8858d65062be0eeef1f21d95743ebbf684e3f849867d9599116f5d614890909ab6c3bdb3ae24b27fdbade3a5425c660664253082f8ca2f5d01f96fee70b86ab3adf7c28d9b1bd5344fc6a6947e7d3227496c9f9cfaddc1291ab28e578bbe938ce9d172f9b1b1d8885ecb020c504dc7849b4a22326d2a23775d6daaf6176376486ba7779d8e546bcf0e86d7f3e1d1cc0c7a900a2cb3bfbf4967c4d3b9ee3eab8b1f6463082560c04422b8735e51f9980a50e74bb363590285e4e6bb0bb4c8fad61bc5445309e2ada8cb377c05d178c6e37ce2ae6b855e15cc56157280a678d225742faf3817f2fce662eb37069cf4ab823fa1e8322af4e9b4fb5d3ec13730d7228dea2715df89247a6f5d5c71c3a4ffebf989c86364d753dfb363d5f248dfcd79a7b84715935c69505e2ab4fa8329b88414a3fdaeb787935869158c92c857a961cf119d1a5e3c63f2e4f5a0a080d7469d6d6b4cc5df80b5760224f28e6c6ba567d70cad54fcb0ee889579d7d6c488d1da0364ec60dfe6368f77ca160b4c958d7d994de8f70da1c1770a5ecd1ca77c5e1c32f24f191723d2dbda370ab9a8d909be0964381896cac39d1b2bf6a854cb72c714984766d21b29a79a3d11987d5e113a0df56c41dc541895b6de9bafab852968cf9e54aca29617d84fa7e9b7f0f0f2a0a61dbce9b2f38461d94ff5b46775d47c3eec97f018c25c17dcd0f6811564b6717972db2238ffadcce95e409990a60bf0767e0778a0993f04369af46c6456f6359ed5f0156c7c090ad21fc5bc4683fa121f82952805fe619fd8b58ac3a6ddbc57285dd9a7914586da1bf8b17e55160801d70ffc1b22df2b8dcfc93b0e23f033cef633cbaf83de6fb7682fba76cd28523a4bdf5633c28249fff7e2eb1067551388adc1188a959256122d5b7f6857a2abe1a2d9c0e1b13d0ed3706a4d3dd502200c03f57fea34fc68229270cb7936eb00432a98f132f667f3de4f99737256e8485c988791f918ba9388629c3971d644e2ac843027d97c0fcb65f361d4a31321cd8500372be2f11e55266f17abdb89bd0d6d30b03a7099724cfc26bd09d3e30300f3d0a1e4bd60e9167ed0403f488abd6f0758c5364e7b3b7582b3a45a05629b7c27c5bac1116b5e31fa3ba290c5e53b4a63183d41756382385f2054907c3528a97e31becabd1af2d4c47b1fbc27c8425febf9109ff49c8afa82275ab9f8bf3c4895ec0e25db9457599adb1c4afea313ec3d58cea72086d7be132b3e21f3568aa209e282e4e9803be2a82abced6e3a1fe9382c9b6fd01228eabf37a9ee37bff1046b034fe42f1e252fe3c9111ade151baf9d6740cb5f6aea627a57950f37d4dc52e75fc7fdede3d4f08948277047fb28c25bc174e871ef5f3a0b528897860763b28bfa7d27358b3d76d5c4b08e7c1f613e00775f504306d3ea3f5d69d154a4937b06c168c8d14b5d0f68181d555eaf55da158c1808c6c88a80a0bbf1d8aca69bf77cfcc517029283d13c614f44058a8bf44bb62a6773b7833681a2255a91b6d7dbe080d526f468f7e411af260907f219a4e85ac9aed38f771aa1a57190d18c7eb3d96ed432c8f43a47e3d077e45a9ebb2ccf03f386d664d35b8025cf78bf55a9497b0348d403ac8fe28032e0fa7877409cb19c87baeae7f1cbcb6db570844be677119606330115a8f306b7e928435dc802eb7aff5b16fe49a2efbcf42f3ece58ea95d122f04f2dcaa1ca9a020bcc603716aeb6b60bb0703dd4e87c3337d7ad1ea1602cea0f7e0435616756c1e0ff28a3556555cb5ee8628a00e73001fe538e4f6d41f5f739853f7f068ca028d3083fa4d6a5afc2abcf394f3b5ef19b9fac46f7b2629d2e1121815c12f34cf563bee199487bad249e83126de9c49e35f267275810f482d20d68820ca995a94e00e45eb4451c90cb55b066a5e40acea909ec1af30d758a4f870fbc95e5faf1d4ba1b9efb761cae9512adf469cd0b883a7d46e61ad2f289d504e22496dd9732c6856dea901c61b844be3785e4df12e4c35d2f9120bede705744c5edbcc646db19dd38d6abd26022260adf8c103b2a5161d1d77fa65dfee990caff6e57d47e0c07f2c252aa86335478537726dbddcd08cc0562570230f931ab9f9bec52e60f9569a171f78646ce0b9cba21a6eef4991144f9a0f03d1e58b549ea7d0d927dda085ad0137f2ddcd482c146947f91e95e11bf60b7e4828c367d9da08fa429d8837671e38ac5095373e7859ff070bb67658be47b7b12a41532f8d45a29c08933be851ca211d855589853d325144c7c3bf6ff7a92b587d9cb0685699c911d760e0c2823f7a941e518999d93064f9a4d46a1ecda8160a7866872d1b5a7a531c5962e4adc3007d2ea56991ce148bc655b287fcc9d584c35c6709d46df49272f69f68e38eddb4f39361919a82f2ac43d086e6bb87bfb69a78a75413464eeff09d4040b9235cc6092ac6551e260672fc2c9e80a4d74b7486b9c25997c387c0007096c00adf3348ca2f3b3cd70ec86778db81e43b515fded686e97dcc44e9ddfda99e5ac7239985769032889580050e8b6b0822ace2789ae6c69c3adf78300745f116c83602d8bc0eefb2142ec795e10cd791254b6be5980997679705de703a435d212ce377cd3a42e68197b0e47bcbca3d17073b08370305135a75e8f8d68548342f8ec2fd282c25a6e7f6ac92128d5e048c50f97c7c04ea0f447a5b7beb487abbd4083a7508972f9f00205977048ba032b9a24543d33675ff3eed97b2a59dac90ee0c1bdcd81b7008ae311589c9fbfcd1374c52732c9e64246bba3592f2ee75a22f3504062879a552da713d64712e358d6df9c460f8ca28b659eef26f7428bc690612ac0d2d2a1d8780dddde3a6ff1e4e62c40d40b12d5bd61c22414b5a2743443fef96d924ec4893adec9f2cf1e29f005c4471e540107fdb6f2021a130fbf409b3e8e22c0f9dc48f29d28265b0a27503cde654f658fd2c31fe452ee8c053a73a388b7be58204106e034850d1818aa933a7b3403311dd3e13cc0ceb4e8b4ca5f21ab88ce90a6ef6e3e1a3a1fd611d7f66c911a9b808a6754e694ed0879b0cd0fb8cc4b817b429557f4683f3b57bf25430322dc6812cbac171f22fae9e19a094346da1f41065f0bccb88c32bc903e96470505e03c40730980cb81688af53dad25db1face92eec1bcb5ad059366f7ec934a0d4e02ac1d33f20bd9078d98dfc44a8eef52a6886176f8cd20ebbd07fa3b7e6ef102db8292f1878591544bd17519f6beb64553ebf5a5c1bc68b7a434f89ef7c92bfa76568fbf65f0e8c033ee1ce27fe0411567cdac493a46308d4628142d28928957bf2ea1965787e8c1950925b0130cc4d8c6883f232d686ed654f74f392f291e73dcdac4588bfaebd08d3aaf7e34488d6ed6dab8876d709c618df05d17b7ad15c79a0583f034931ec11bd204a70f962e001481741796286397166569a7e46220d72f9db0bec1bc174c6163efbf50765c15a494bc6ea04308a314296ae4deac3ba9aa2b146a04164171bb014f4c1e94fe125b2bf12dd67f0365a99b3cb1df5eaeab764b96d8d0013009817eae71a7685247c30b434cd2f32c337f912480f6043135967abed77536bbb79e63a4a7cc6c7a0cdeb49d02f935b7a6de14cc72ea2d0a08b9808a59ca2d769d4997236e4127ff2f019fcf34113f612625a41c5170edd905766098d400943423fcbb50d1972ea43665ed58bf1ed764c5a53c0944fe75d0d21878b69afa4a8ab022ae1e937d6e19b44c01c60cec38e68bfd7e1c4e7e908cff5317ea3863dc90be03bdec51206a95f8f3aaa348805e65a026cb747aaadc7d83f66c7fa049946e917fd7b911e11ced9bbdb1a2c02cc405681ee3ee99f2f7299d48b671fa816d4ff3f29f750fd6f864c792b49a0a4ee5b9e36e1c1fceb2e8a6a8ca64d2677c40ced3ed44a80cad6c2266c32a74eb58178423bffc7003a1da9519c9efc505bec522dad19932b9b464a52546fb6b7aa2fdfae781a14d09171ccb7ed1e6e4350fb24c405531ef9fd09b27d99ba741460f78330a034084b6b84f7502dc1ed3c140eb47efbe046967e05f3f808ed7d691a22180f22af7f7cf40883080b9f7dfdf44af2caf971a550002b5bb24bd0e1d775662012fe41b4d165da9688f0adbc02cfdd4f9197919619c2ebfa6f4cdff61257e946ad7e618eb14e4aac255269440facf6820fbaa4c7b88866fb5430b3690ac08b76bc288cf10e83a0090ca76810a2dba189592a2cd6123e180650077013edf6a1ecedce44fb62dbcebbfffcc16a5cf9d6da6d4b573c42e64e1e8ba2a3e7b688fdfd8e43857ec8d6ecd44520473e935a87064e686afbbc079feef3aae855d6648c66836043c7d1065ef0d50515a667091e46eb5e8d0ed6b9e162e26aac313bbb51218f5db92e3cefd7e469e24318011483f81b488b2b22c1e0b96380d206ba6b46d1ec680e384606b1295d5fa4dae4bc85dd91e56cf9ec33bbb950f3456f9d815fc560ac4648d3f2d0cbd74a44767e8a5cd004bc707898f3e5dd86a2fda10d26b5ffb1fbe966bd18908c51c5466d462b9b3b7679237e9824388e027427e545ed2342ec537b3907afd5742cdbbc1d08af793678e71a7638d5653b4dccb3d8ef766a1a49311bf1cdfb46d7fb917613aa1bbfbdcd29ad0a0d69752e3b3a96f5f252e030ecd9f2aed6f0be264df26aadfc4fdfe7058bcf168cea95c690104a63416faadd882c97548aeb8"}, 0x1008, 0x800)
close(0xffffffffffffffff)
r1 = syz_open_dev$dspn(&(0x7f0000000200)='/dev/dsp#\x00', 0xb352, 0x200)
setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000280)=@nat={'nat\x00', 0x19, 0x1, 0x258, [0x20001500, 0x0, 0x0, 0x200016f8, 0x20001728], 0x0, &(0x7f0000000240), &(0x7f0000001800)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff010000001100000010000000886476657468305f746f5f626f6e6400000073797a6b616c6c6572310000000000006c6f000000000000000000000000000073797a5f74756e000000000000000000000000000000ff0000ffffff000000000000ff0000ffff000000e000000050010000c8010000726174656573740000000000000000000000000000000000000000000000000048000000000000006c6f000000000000000000000000000076657468305f746f5f7465616d00000001000300ff0300000008000026d5000001000000000000002e0d000000000000c2080000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb000000000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000fcffffff000000006e666c6f670000000000000000000000000000000000000000000000000000005000000000000000020000009c940100000000007db20200488db4e9f06dba2e52f6eed3e685396ef0d50e4c2dddc20128d161893636d65935b8782d2aae0f76cc0f2de42a09d5411ba357183e208201dc22f30a0000000000000000000000000000000000000000000000000000000000000000000000000000000001400000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000fc0000fcffffff000000005a3e7d1d3ddcee347c1164ae167620b4cd76ea5fe6de8254b1d6fa332e4ae5d002ee6db65595a3ec4985b4dbb655245b06227b2739e5d0915d4736cee8045d2b2413939c837fc424841da7d7da504f7170dddb178a4fead92c59f57c54ef85b63d185626f079820a81fd43fd8673ba0e5604d95a55698866e0f39e946ae3bd35e2867d36147d409bae090c094c33b79a"]}, 0x360)
ioctl$VT_RELDISP(r1, 0x5605)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000040)={<r2=>0xffffffffffffff9c})
ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000080))
socket$inet_udplite(0x2, 0x2, 0x88)
socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000100))
r3 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$sock_SIOCGSKNS(r3, 0x894c, &(0x7f0000000140)=0x6)
ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0xb704, &(0x7f0000000440))

09:40:49 executing program 6:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
sendmsg$alg(0xffffffffffffffff, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f00000004c0)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x2f5}], 0x30}, 0x0)
r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x20000, 0x0)
ioctl$SIOCGIFMTU(r1, 0x8921, &(0x7f0000000040))
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000300)=ANY=[], 0xffffffaa)
recvmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000013c0)=""/4096, 0x1000}], 0x1, &(0x7f0000000100)=""/123, 0x7b}, 0x0)

09:40:49 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:49 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070")
r1 = socket$alg(0x26, 0x5, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_mems\x00', 0x0, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f00000000c0)=0x3000)
bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-ssse3\x00'}, 0x58)
r3 = accept$alg(r1, 0x0, 0x0)
write$binfmt_script(r3, &(0x7f0000001640)={'#! ', './file0'}, 0xb)

09:40:49 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x0, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:49 executing program 3:
mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0)
mount(&(0x7f0000000000)='./file0\x00', &(0x7f0000000880)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x3, &(0x7f0000000980))
lremovexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@random={'os2.', 'bdevkeyringlo./\x00'})
unlink(&(0x7f0000000540)='./file0/file0\x00')

09:40:49 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:40:49 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070")
r1 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="ed97bc1c0000001a0002000000000000000020000000000000000000000000"], 0x1c}}, 0x0)
sendmmsg$alg(r1, &(0x7f0000000140)=[{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0x492492492492805, 0x0)

[  536.680448] binder: 6242:6247 got new transaction with bad transaction stack, transaction 3515 has target 6242:0
[  536.690929] binder: 6242:6247 transaction failed 29201/-71, size 0-0 line 2879
09:40:49 executing program 3:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = socket$inet6(0xa, 0x1000000000002, 0x0)
setsockopt$EBT_SO_SET_COUNTERS(r0, 0x0, 0x81, &(0x7f00000001c0)={'filter\x00', 0x0, 0x0, 0x0, [], 0x2, &(0x7f0000000100)=[{}, {}], 0x0, [{}, {}]}, 0x98)
ioctl(r2, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070")
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={'vlan0\x00', 0xd803})
ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000040)={"766c616e300000f6ffffffffffffff00", {0x2, 0x0, @local}})
connect$inet(r0, &(0x7f0000000180)={0x2, 0x0, @multicast1}, 0x10)
dup3(r1, r3, 0x0)
setsockopt$inet6_IPV6_ADDRFORM(r2, 0x29, 0x1, &(0x7f00000000c0), 0x4)

09:40:49 executing program 6:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000700)="ab553fec94248d32e27e2267ea6e08000000294d61f78af1000000802b0000000000e896e8cd0021ae1ebed3deb0a55b3bf189b6535d901f3a9bf7327cc9d7631ee394af637d90ece6a37a0c1c3d033522a1510007000000000000000000000000000000", 0xfffffffffffffeaf)
r1 = accept$alg(r0, 0x0, 0x0)
ioctl$int_out(r1, 0x5460, &(0x7f0000000300))
sendmsg$alg(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f00000004c0)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x2f5}], 0x30}, 0x0)
write$binfmt_script(r1, &(0x7f0000000300)=ANY=[], 0xffffffaa)
syz_emit_ethernet(0xa0, &(0x7f0000000340)={@random="5517f5b12a3f", @empty, [{[{0x9100, 0x3, 0xd8, 0x1}], {0x8100, 0xf88, 0x2175ce49, 0x4}}], {@llc_tr={0x11, {@snap={0x1, 0x0, '{U', "01f87f", 0x0, "b3e0ef7dc98cad346d8a7d404de6886b97452f9c30bf988db039398c9da6d323d2a6ef73e8342e8f79c3dc10c2dbed6e0720d6614110b13d19993651936f1c0c4d016f677b3ba05db80148bfd2e66ede0aef157d236c5ddbee8fd8541f5490729a6b9bde9990143e499ab9d4ad4bddb8a646151fe692dec00892c7775d6817b1f3"}}}}}, &(0x7f0000000080)={0x1, 0x4, [0x37d, 0x99c, 0x515, 0x8b7]})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='pids.events\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r2, 0x40605346, &(0x7f0000000500)={0x5, 0x3, {0x1, 0x0, 0x6, 0x3, 0x8000}})
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="4c583addef9e0b69630e1079cedc5b88e7426ae2991c5392e3c8fa9398474713385fbd0ada57bc59d0557489de61b5ccda3080ca7423ac085b65eb8f96b4cb95d92f6b61c1ccebe05a821ad50e58df70ab0968b75bb81874ae06cdd6254f8f670b98fc13e4197c7aa44a6b4e2e855c28a9f60c44cab1b8bad1fe8447be6403e25ef60da8820949cfd94a098310b636787d43f68d619610b61e8ecc17bdf85996adc47bfb57229ef29a48c3a9086f911b0c813270d80f545edb7caa341563ecd5e4e478869dda408957e613761bcc4d8761da31e252fb03e477", 0xd9)
recvmsg(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000013c0)=""/4096, 0x1000}], 0x1, &(0x7f0000000100)=""/123, 0x7b}, 0x0)
r3 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x240, 0x0)
setsockopt$inet_buf(r3, 0x0, 0x2d, &(0x7f0000000040)="51818b514e91a11ab502878e2af03f66cf5b17ee848ee0e4ef9ca4", 0x1b)

09:40:49 executing program 4:
r0 = getpid()
sched_setaffinity(r0, 0x40, &(0x7f0000000080)=0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
utime(&(0x7f00000000c0)='./file0/file0\x00', &(0x7f0000000240)={0x3, 0x20})
stat(&(0x7f00000018c0)='./file0/file0\x00', &(0x7f0000001900))
read$FUSE(r1, &(0x7f00000070c0), 0x8c0)
read$FUSE(r1, &(0x7f0000000640), 0x1000)
mount$fuse(0x0, &(0x7f0000000000)='./file0/file1\x00', &(0x7f0000000180)='fuse\x00', 0x0, &(0x7f00000005c0)=ANY=[])
write$FUSE_INIT(r1, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0xfffffcb9)
write$FUSE_DIRENT(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="90000000000000000200000000000000010000000045000000000000000000000b000000000066ce656d316e6f646576656d3100000000000000000000000000000000000000000001000000000000002c00000000000000000000000000000000000000000000001c000000000000002b73797374656dcc6370757365746367726f7570246367726f75701500000000"], 0x90)

09:40:49 executing program 7:
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x3, &(0x7f0000000100)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0xd0ffffff}}, &(0x7f0000003ff6)='syzkaller\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x48)
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_sock_size\x00', 0x2, 0x0)
ioctl$BLKFRASET(r0, 0x1264, &(0x7f0000000040)=0x80)

09:40:49 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  536.751469] binder_alloc: binder_alloc_mmap_handler: 6242 20001000-20004000 already mapped failed -16
[  536.779618] binder: BINDER_SET_CONTEXT_MGR already set
[  536.787334] binder: 6242:6247 ioctl 40046207 0 returned -16
09:40:49 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x0, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

[  536.807151] kernel msg: ebtables bug: please report to author: Wrong nr of counters
[  536.822996] binder_alloc: 6242: binder_alloc_buf, no vma
[  536.828591] binder: 6242:6274 transaction failed 29189/-3, size 24-8 line 2967
[  536.844321] binder: send failed reply for transaction 3515 to 6242:6247
[  536.855985] binder: undelivered TRANSACTION_ERROR: 29201
[  536.861606] binder: undelivered TRANSACTION_ERROR: 29189
[  536.918010] kernel msg: ebtables bug: please report to author: Wrong nr of counters
09:40:50 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff0000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:50 executing program 7:
r0 = syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x1, 0x0)
ioctl$int_in(r0, 0x800000c0045005, &(0x7f0000000000)=0x1000)
clock_gettime(0x0, &(0x7f0000000100)={0x0, <r1=>0x0})
write$FUSE_BMAP(r0, &(0x7f0000000040)={0x18, 0x0, 0x5, {0x49d2a5d6}}, 0x18)
futimesat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)={{0x0, r1/1000+10000}, {0x77359400}})
readv(r0, &(0x7f0000000140)=[{&(0x7f0000001300)=""/4096, 0x1000}], 0x292)

09:40:50 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x6c00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:40:50 executing program 1:
r0 = socket$inet(0x2, 0x1, 0x0)
mmap(&(0x7f0000b7c000/0x2000)=nil, 0x2000, 0xfffffffffffffffc, 0x8972, 0xffffffffffffffff, 0x0)
bind$inet(r0, &(0x7f0000134000)={0x2, 0x4e23, @broadcast}, 0x10)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x4623, @local}, 0x2b26ceb)
connect$inet(r0, &(0x7f00009322c4)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x2)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @remote}, 0x10)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)

09:40:50 executing program 6:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r1 = accept$alg(r0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f00000004c0)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x2f5}], 0x30}, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(cast6)\x00'}, 0x58)
write$binfmt_script(r1, &(0x7f0000000300)=ANY=[], 0xffffffaa)
r2 = semget$private(0x0, 0x1, 0x20)
semctl$IPC_RMID(r2, 0x0, 0x0)
recvmsg(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000013c0)=""/4096, 0x1000}], 0x1, &(0x7f0000000100)=""/123, 0x7b}, 0x0)

09:40:50 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000080)='/dev/rfkill\x00', 0x20041, 0x0)
recvmsg$kcm(r3, &(0x7f0000001340)={&(0x7f00000000c0)=@ethernet={0x0, @remote}, 0x80, &(0x7f0000000280)=[{&(0x7f0000000140)=""/195, 0xc3}, {&(0x7f0000000340)=""/4096, 0x1000}, {&(0x7f0000000240)=""/30, 0x1e}], 0x3, &(0x7f00000002c0)=""/47, 0x2f, 0x80000000}, 0x40010000)
ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000000)={0x3})
ioctl$KVM_SMI(r2, 0xaeb7)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

09:40:50 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x0, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

[  537.478097] binder: 6308:6311 got new transaction with bad transaction stack, transaction 3521 has target 6308:0
[  537.488622] binder: 6308:6311 transaction failed 29201/-71, size 0-0 line 2879
09:40:50 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:50 executing program 3:
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x2, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x7, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r0, 0x80045700, &(0x7f00000000c0))
get_mempolicy(&(0x7f0000000040), &(0x7f0000000080), 0x0, &(0x7f0000636000/0x4000)=nil, 0x0)
getdents(r1, &(0x7f0000000640)=""/148, 0x94)

09:40:50 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x0, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:50 executing program 1:
r0 = socket$inet(0x2, 0x1, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0xfffffffffffffffc, 0x8972, 0xffffffffffffffff, 0x0)
bind$inet(r0, &(0x7f0000134000)={0x2, 0x4e23, @broadcast}, 0x10)
connect$inet(r0, &(0x7f00000e5000)={0x2, 0x4e23, @loopback}, 0x10)
connect$inet(r0, &(0x7f00009322c4)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x2)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10)
setsockopt$inet_mreqsrc(r0, 0x0, 0x2f, &(0x7f0000000000)={@multicast2, @rand_addr=0xffffffff, @loopback}, 0xc)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)

[  537.555150] binder_alloc: binder_alloc_mmap_handler: 6308 20001000-20004000 already mapped failed -16
[  537.565672] binder: BINDER_SET_CONTEXT_MGR already set
[  537.579493] binder: 6308:6311 ioctl 40046207 0 returned -16
[  537.585397] binder_alloc: 6308: binder_alloc_buf, no vma
[  537.590954] binder: 6308:6325 transaction failed 29189/-3, size 24-8 line 2967
09:40:50 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c00]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  537.599849] binder: send failed reply for transaction 3521 to 6308:6311
[  537.609578] binder: undelivered TRANSACTION_ERROR: 29201
[  537.615102] binder: undelivered TRANSACTION_ERROR: 29189
09:40:50 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0xffffff7f, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:40:50 executing program 7:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000300)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)
r1 = accept4$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @multicast2}, &(0x7f0000000040)=0x10, 0x80000)
getsockopt$IPT_SO_GET_REVISION_MATCH(r1, 0x0, 0x42, &(0x7f0000000080)={'HL\x00'}, &(0x7f00000000c0)=0x1e)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000), 0x0)

09:40:50 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f4]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:50 executing program 4:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f00000002c0)=ANY=[@ANYRES32=<r0=>0x0, @ANYBLOB="1700000040f1d10c0000000000000000e88726ac4e9468b70000000000000000"], &(0x7f00000000c0)=0x1f)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ip6_tables_matches\x00')
getsockopt$inet_mreqsrc(r1, 0x0, 0x28, &(0x7f0000000300)={@local, @empty, @loopback}, &(0x7f0000000340)=0xc)
r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000440)='/dev/null\x00', 0x8400, 0x0)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x6, &(0x7f0000000200)={<r3=>r0, @in6={{0xa, 0x4e23, 0x9, @local}}}, &(0x7f0000000100)=0x84)
r4 = syz_open_procfs(0x0, &(0x7f0000000080)='oom_score_adj\x00')
pread64(r4, &(0x7f0000000080), 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000140)={r3, 0x2}, &(0x7f0000000380)=0x8)

[  537.790135] binder: 6353:6357 got new transaction with bad transaction stack, transaction 3527 has target 6353:0
[  537.800619] binder: 6353:6357 transaction failed 29201/-71, size 0-0 line 2879
09:40:50 executing program 7:
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x200200, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x623)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000f68000)={@loopback, 0x800, 0x0, 0xff, 0x1}, 0x20)
getsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000140)={<r2=>0x0, 0x10001}, &(0x7f0000000400)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000440)={r2, 0xa2d, 0x30}, 0xc)
getsockopt$IP6T_SO_GET_ENTRIES(r1, 0x29, 0x41, &(0x7f0000000200)={'mangle\x00', 0xf1, "74cf7b4a648baf81443319af7a7fdae8710629d80de962bd35fe887f3997dd6f4f65e527328d787e4c6022c8a0523d62e0474257871bcfdc6685c3a84ed1c1790ada2c104402561aa122e9f1cc320e9814c3428038b3b54d9c2ecf5d18e3d0222c0b26e489e3fa8bafdd916e80599ab29466760da98ad601c36eb19cca99f229d3e0c5859988b01457068177408050a779b0ee1af828a531f4443e4489999d0b0292f67a4de1ac8b34b40310f1e157814529e091eafd9bd4bf68df5f81811a6101dc42f0b054e79af7ea718df6ff2e673702d380e3b2410ce6211a0012e06960c65a0a1a1eba65237b4b439fc438238cce"}, &(0x7f0000000100)=0x115)
r3 = socket$inet6(0xa, 0x802, 0x0)
ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r0, 0x40a85321, &(0x7f0000000340)={{0xa5, 0x6}, 'port0\x00', 0xa4, 0x20028, 0x5, 0x7, 0x1ff, 0xffc00, 0x3, 0x0, 0x0, 0x2})
setsockopt$IP_VS_SO_SET_STOPDAEMON(r3, 0x0, 0x48c, &(0x7f0000000080)={0x2, 'yam0\x00', 0x3}, 0x18)
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000040)={@loopback, 0x800, 0x0, 0xff}, 0x20)

09:40:50 executing program 4:
mkdir(&(0x7f00000001c0)='./file0\x00', 0x0)
mount(&(0x7f00000000c0)='./file0//ile0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='cgroup2\x00', 0x0, 0x0)
r0 = open(&(0x7f0000000240)='./file0//ile0\x00', 0x0, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0)
ioctl$RTC_RD_TIME(r0, 0x80247009, &(0x7f0000000040))
write$cgroup_pid(r1, &(0x7f0000000100), 0x12)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nullb0\x00', 0x4002, 0x0)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000d, 0x12, r2, 0x0)
write(r2, &(0x7f0000000200)="5d8201bf0ee4c8a8d7e02b22d72c4d15dc09ab0ba7eedcf294b800cb586911a1f32cc8595522f6e7fb9f183076f4e5ba19ba9cf646fb734eddaf1be957e059047ebac58235edba25d04eababbaf6dc241885ff7da610438062361590f13282e6fab725efab98795dac12de279e4dc530f8f177e7d7df2d82508786fd08cc5e4dad8728cc332926fc742ac06ff83a414551b25d9a4f30de0edf32e0a80850d428e1f097c9a84a4d1a7391b6450523281656d52d8c79321b180e4ce7358856ab1c6215569f3bf2f20975818b14de9ec4f3cca966b5bf65cce2a9bb349f8d21a37b08444dfa64c6f3bbc273168cf2177ea0b9aa9bede6c8374295877211b5df958c8e77563ff3c8af1457a99e2f322b2ff226b1c606495b46b716480494c11e0f6a9ef7cb36d147326433de8218e7433c881314fd6eb1c387af068bf6b6c12dbf58acc1ff9323e592cb74f55099f3409794f98e7d34609f63682ee5a3363e723c4dd2c868f4a62af5e9f41f68a5d86a4d04d607751b1073cd9a7680bcb8abc49e73039120a7b7de8cab8b694e8812a1fd6a0a33e459bb9f52fb67e1619edb7be6e2c0dff298bd1adc8191519690dbdbfabf279b6cebcd01413cff16e82ee0f96d2f058424ee7c573e47ed73536277d515fe0cd1183ab42b5a3d64e55b7a9cfdd0fca2635da09b6f3c091e73ec375dcde3683f99c45d3f5495c70eaa1ed89c8f2842", 0x200)

09:40:50 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x0, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:50 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  537.839259] binder_alloc: binder_alloc_mmap_handler: 6353 20001000-20004000 already mapped failed -16
[  537.865117] binder: BINDER_SET_CONTEXT_MGR already set
[  537.870620] binder: 6353:6357 ioctl 40046207 0 returned -16
[  537.895476] binder_alloc: 6353: binder_alloc_buf, no vma
[  537.901235] binder: 6353:6371 transaction failed 29189/-3, size 24-8 line 2967
[  537.915669] binder: send failed reply for transaction 3527 to 6353:6357
[  537.927294] binder: undelivered TRANSACTION_ERROR: 29201
[  537.932845] binder: undelivered TRANSACTION_ERROR: 29189
09:40:50 executing program 6:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x306)
r1 = accept$alg(r0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f00000004c0)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x2f5}], 0x30}, 0x0)
write$binfmt_script(r1, &(0x7f0000000300)=ANY=[], 0xffffffaa)
recvmsg(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000013c0)=""/4096, 0x1000}], 0x1, &(0x7f0000000100)=""/123, 0x7b}, 0x0)

09:40:50 executing program 4:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = socket$inet6(0xa, 0x1001000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f00000000c0)="025cc80700145f8f764070")
r2 = memfd_create(&(0x7f00000002c0)="bcf6", 0x0)
write(r2, &(0x7f0000000300)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
mount(&(0x7f0000000000)='./file0/file0/file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='anon_inodefs\x00', 0x0, &(0x7f0000000dc0))
open(&(0x7f0000000040)='./file0\x00', 0x8040, 0x0)

09:40:50 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x600, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:40:50 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd00000000000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:50 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x0, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:50 executing program 3:
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x2, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x7, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r0, 0x80045700, &(0x7f00000000c0))
get_mempolicy(&(0x7f0000000040), &(0x7f0000000080), 0x0, &(0x7f0000636000/0x4000)=nil, 0x0)
getdents(r1, &(0x7f0000000640)=""/148, 0x94)

[  538.306279] binder: 6395:6403 got new transaction with bad transaction stack, transaction 3533 has target 6395:0
[  538.317213] binder: 6395:6403 transaction failed 29201/-71, size 0-0 line 2879
[  538.385222] binder_alloc: binder_alloc_mmap_handler: 6395 20001000-20004000 already mapped failed -16
[  538.406769] binder: BINDER_SET_CONTEXT_MGR already set
[  538.412242] binder_alloc: 6395: binder_alloc_buf, no vma
[  538.413266] binder: 6395:6403 ioctl 40046207 0 returned -16
[  538.417781] binder: 6395:6411 transaction failed 29189/-3, size 24-8 line 2967
[  538.431347] binder: 6395:6403 BC_INCREFS_DONE u0000000000000000 no match
[  538.431761] binder: send failed reply for transaction 3533 to 6395:6403
[  538.438362] binder: 6395:6403 transaction failed 29189/-22, size 0-0 line 2852
[  538.462648] binder: undelivered TRANSACTION_ERROR: 29189
09:40:51 executing program 1:
r0 = socket$inet(0x2, 0x1, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0xfffffffffffffffc, 0x8972, 0xffffffffffffffff, 0x0)
bind$inet(r0, &(0x7f0000134000)={0x2, 0x4e23, @broadcast}, 0x10)
connect$inet(r0, &(0x7f00000e5000)={0x2, 0x4e23, @loopback}, 0x10)
connect$inet(r0, &(0x7f00009322c4)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x2)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
r2 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r2, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f00000003c0)=@ipv4_delroute={0x1c, 0x19, 0x1, 0x0, 0x0, {0x2, 0x80}}, 0x1c}}, 0x0)
sendmmsg$alg(r1, &(0x7f0000000140)=[{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0x492492492492805, 0x0)
r3 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x4000, 0x0)
ioctl$BLKALIGNOFF(r3, 0x127a, &(0x7f0000000200))
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000000)={'raw\x00'}, &(0x7f00000000c0)=0x54)

09:40:51 executing program 7:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000fb9fc8)={&(0x7f0000000000), 0xc, &(0x7f0000fe8000)={&(0x7f0000c06d10)=@updsa={0x120, 0x1a, 0xa09, 0x0, 0x0, {{@in=@dev, @in=@local={0xac, 0x14, 0xffffffffffffffff}}, {@in6=@ipv4={[], [], @local={0xac, 0x14, 0xffffffffffffffff}}, 0x0, 0x3c}, @in, {}, {}, {}, 0x0, 0x0, 0x2}, [@replay_esn_val={0x1c}, @coaddr={0x14, 0xe, @in=@loopback}]}, 0x120}}, 0x0)
ioctl(r0, 0x10000, &(0x7f0000000040))

09:40:51 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x0, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:51 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:51 executing program 4:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000006ffc)=0x6, 0x4)
sendto$inet6(r0, &(0x7f0000000140)="3f010000f70800000000000094bc4a91985e7b8e8fbe0d8e", 0x18, 0x0, &(0x7f0000005fe4)={0xa, 0x8100, 0x4, @dev}, 0x1c)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x60201, 0x0)
setsockopt$inet_dccp_int(r1, 0x21, 0x1b, &(0x7f0000000040)=0xf13, 0x4)

09:40:51 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:40:51 executing program 6:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070")
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r5 = socket$l2tp(0x18, 0x1, 0x1)
r6 = dup2(r5, r3)
syz_kvm_setup_cpu$x86(r3, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000100)="65dd3f2e050e00ffaac75866b9800000c00f326635000400000f300f01c86526af0f0117ddc7440f20c066350b000000440f22c0f20f1b51db", 0x39}], 0x1, 0x0, &(0x7f0000000580), 0xfffffea)
r7 = accept$alg(r4, 0x0, 0x0)
sendmsg$alg(r7, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f00000004c0)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x2f5}], 0x30}, 0x0)
write$binfmt_script(r7, &(0x7f0000000300)=ANY=[], 0xffffffaa)
recvmsg(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480), 0x0, &(0x7f0000000100)=""/123, 0x7b}, 0x0)
r8 = semget(0x3, 0x4, 0x5a)
semctl$GETVAL(r8, 0x3, 0xc, &(0x7f0000000000)=""/68)
getsockopt$ARPT_SO_GET_ENTRIES(r6, 0x0, 0x61, &(0x7f0000000500)={'filter\x00', 0xfd, "d8b842fb41353632b146454ac22a7ff6b5c9f5926c18ffb95ae5beb89ee6f7d6122200d253fc61afdb856cb9061c27bf9eb4c86fc657dd25373f0e817b43d61c3372fe42466ff47957bc2430ecaa7947382f926f137c2a433e2631c12de985d05e3d0eda5acd9bb5c90599757031aaa937e7036587db98e7de3dea58c1812cb7ea13b85f705e415b31a6a9f174cd37f2ccb1ea9dff26c628e40750c348bc2fd865f44c7e60cde0515a5b48e51f04a4fc9745f397bbd8c043ad18a553066dcfd79bc022ef959bd00ebb9d197a3669d4a8d9a5029ceef0e0e46dec54921489354844fdb322c760b9bd6b6089319a267feb43dbf2ba77efd3e04184346eef"}, &(0x7f0000000200)=0x121)

[  538.500897] binder: undelivered TRANSACTION_ERROR: 29201
[  538.506444] binder: undelivered TRANSACTION_ERROR: 29189
[  538.547972] binder: 6418:6420 got new transaction with bad transaction stack, transaction 3540 has target 6418:0
[  538.558414] binder: 6418:6420 transaction failed 29201/-71, size 0-0 line 2879
09:40:51 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$sock_SIOCETHTOOL(r0, 0x89b0, &(0x7f00000000c0)={'veth1_to_bond\x00', &(0x7f0000000000)=ANY=[@ANYBLOB='%\x00\x00\x00\a\x00\x00\x00']})
mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x100010, r0, 0x0)

09:40:51 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:51 executing program 7:
r0 = socket$inet6(0xa, 0x3, 0xffffffffffffffff)
ioctl(r0, 0x8912, &(0x7f0000000180)="025c3f0a00145f8f764070")
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f0000000200)={<r2=>0x0, @in6={{0xa, 0x4e20, 0x650, @mcast2}}, [0x8, 0x7, 0x5, 0x4, 0x2, 0xfffffffffffffffc, 0x5, 0x401, 0x1, 0x401, 0x7, 0xffffffff, 0x0, 0x8, 0x9]}, &(0x7f0000000080)=0x100)
getsockopt$inet_sctp_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f00000000c0)=@assoc_value={r2, 0x95}, &(0x7f0000000100)=0x8)
r3 = socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000540)="4cc07668b582c3a1c18ef7d8", 0xc)
bind$alg(r3, &(0x7f0000000340)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(twofish)\x00'}, 0x0)
socket$inet6(0xa, 0xa, 0x3)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00003c1000)="0a0775b0d5e383e5b3b60ced5c54dbb7", 0x10)
r4 = accept$alg(r3, 0x0, 0x0)
sendmmsg(r4, &(0x7f00000031c0)=[{{&(0x7f0000000140)=@can, 0x80, &(0x7f0000000780)=[{&(0x7f00000006c0)="1436430d48d97d3a32f6d8a3b38a641d2645315dde43a6bd599b18781b751695b1a8e759c119cf225c14fa707eba93bedb51b627eabdca612b078440427bed079dcfcc5fb24e11f19e50a4f3e3e2db8a3e9a1cebc4811c20f1e9425968cfa6a30aa224e202ee3bbea69d6a2611bad64f", 0x70}], 0x1, &(0x7f0000000040)=ANY=[]}}], 0x1, 0x48015)
sendmsg$alg(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040), 0x0, &(0x7f0000000000)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0)
getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r1, 0x84, 0x70, &(0x7f0000000440)={r2, @in6={{0xa, 0x4e23, 0x1, @dev={0xfe, 0x80, [], 0x19}, 0x3}}, [0x2, 0x40, 0xfff, 0x1000, 0x9, 0xfffffffffffffe00, 0x80, 0x5, 0x8001, 0x2, 0x0, 0x3f, 0xffffffff, 0x5ba, 0x3]}, &(0x7f0000000300)=0x100)
recvmsg(r4, &(0x7f0000003580)={&(0x7f00000003c0)=@pppol2tpv3in6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @mcast1}}}, 0x80, &(0x7f00000034c0)=[{&(0x7f0000003440)=""/112, 0x200034b0}], 0x1, &(0x7f0000003500)=""/106, 0x6a}, 0x0)

09:40:51 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x0, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:51 executing program 6:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r1 = accept$alg(r0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f00000004c0)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x2f5}], 0x30}, 0x0)
flock(r1, 0xe)
write$binfmt_script(r1, &(0x7f0000000300)=ANY=[], 0xffffffaa)
recvmsg(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000013c0)=""/4096, 0x1000}], 0x1, &(0x7f0000000100)=""/123, 0x7b}, 0x0)

[  538.665458] binder_alloc: binder_alloc_mmap_handler: 6418 20001000-20004000 already mapped failed -16
[  538.691372] binder: BINDER_SET_CONTEXT_MGR already set
[  538.697144] binder: 6418:6420 ioctl 40046207 0 returned -16
[  538.716227] binder_alloc: 6418: binder_alloc_buf, no vma
[  538.721859] binder: 6418:6448 transaction failed 29189/-3, size 24-8 line 2967
[  538.737669] binder: send failed reply for transaction 3540 to 6418:6420
[  538.750144] binder: undelivered TRANSACTION_ERROR: 29201
[  538.755670] binder: undelivered TRANSACTION_ERROR: 29189
09:40:51 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0x5, 0x5, 0x802, 0x3}, 0x2c)
prctl$setname(0xf, &(0x7f0000000040)='\x00')
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000040), &(0x7f0000001440)}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x4, &(0x7f0000000000)={r0, &(0x7f0000000180), &(0x7f00000002c0)=""/4096}, 0x18)

09:40:51 executing program 3:
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x2, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x7, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r0, 0x80045700, &(0x7f00000000c0))
get_mempolicy(&(0x7f0000000040), &(0x7f0000000080), 0x0, &(0x7f0000636000/0x4000)=nil, 0x0)
getdents(r1, &(0x7f0000000640)=""/148, 0x94)

09:40:51 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:51 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0xbc8, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

[  538.889642] binder: 6474:6480 got new transaction with bad transaction stack, transaction 3546 has target 6474:0
[  538.900144] binder: 6474:6480 transaction failed 29201/-71, size 0-0 line 2879
[  538.942710] binder_alloc: binder_alloc_mmap_handler: 6474 20001000-20004000 already mapped failed -16
[  538.968125] binder: BINDER_SET_CONTEXT_MGR already set
[  538.973684] binder: 6474:6480 ioctl 40046207 0 returned -16
[  538.987385] binder_alloc: 6474: binder_alloc_buf, no vma
[  538.992997] binder: 6474:6487 transaction failed 29189/-3, size 24-8 line 2967
[  539.001336] binder: 6474:6480 BC_INCREFS_DONE u0000000000000000 no match
[  539.001801] binder: send failed reply for transaction 3546 to 6474:6480
[  539.012226] binder: 6474:6480 transaction failed 29189/-22, size 0-0 line 2852
[  539.022513] binder: undelivered TRANSACTION_ERROR: 29201
[  539.028054] binder: undelivered TRANSACTION_ERROR: 29189
[  539.034629] binder: undelivered TRANSACTION_ERROR: 29189
09:40:52 executing program 1:
r0 = socket$inet(0x2, 0x1, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0xfffffffffffffffc, 0x8972, 0xffffffffffffffff, 0x0)
bind$inet(r0, &(0x7f0000134000)={0x2, 0x4e23, @broadcast}, 0x10)
getsockopt$EBT_SO_GET_INFO(r0, 0x0, 0x80, &(0x7f0000000000)={'filter\x00'}, &(0x7f00000000c0)=0x78)
connect$inet(r0, &(0x7f00000e5000)={0x2, 0x4e23, @loopback}, 0x10)
connect$inet(r0, &(0x7f00009322c4)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x2)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10)
poll(&(0x7f00000001c0)=[{r0, 0x3}], 0x1, 0x0)

09:40:52 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x0, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:52 executing program 7:
r0 = add_key(&(0x7f00000004c0)='big_key\x00', &(0x7f0000000500), &(0x7f0000000540)="799b12dc192c3effee30b44008ef6f52ec015af8de3c802480310a18532f6aa364b7d22da8b41fa1b714aabf6bf16d789e891a3e87b382a386c5b25e9a1585924346c86f2dfd0e36c777ff958108f79a5bef6aca9e33ead40705b5029069a7da1e4cb6a9144714e7ae7b1ef4f67176b6b18d85c4c4ad439ab09765da91758e491034c2430105985fb7e269bf361603756f3c54597eba92a1acd674c2c1ef41be17863d8d098c2bd95320cdc911d7d3c259d6ad05123e493b06e0e35fa8a6f23f4762b92449ec3bba8117b5adfabe6afb2be5a74b797e6b68e88fa9b5f6c0344909e9df87195b073e3fb62fb780758619bbd01d34404ead93e8fc79c458dda31384109db475baa6abccca071ba5f39f1ed73b6e226335a3559c3708b680aadf77a99984bc949d0ab6183b29735d32451fafe41904fafdf39acb0add92a0c08ea3e51717d9963f7bd858d1480e3b2e403e46451596931c70020e594555f2775d4ec9419557a840d20501d27d45e3ef5be818bff0867b2d64bd798926cd7964cd7e843a239cc94a322dbaaf80f3327fd359d19da3296287a3588410e77798753b9e0d7a8084bf307738a462f325bb3ee46b3acf873a64de1b1e3ca7842673f64f049bff268b87a0aebdfaf9c1ccd1096ea02f0eaf1e81a842afd66b89a1e99ec6bbf025142b30e2226006b444892be70c3f79968077cf2cb553aa347b267808b2db677e19294de048aaf8892622f5c8901f905f12eca744405836898145f5da98e2c567955d4f89d33b9db719672f55f584d0cdaea5d8d48089e3be6e2fecfd4348895e1b35e61fd4af5301c0c9b4461ad208cb942ed5ab57d7896907e3637f81bad958212fc2d21c5e32c29a4d4562ca4a5023397394286552370cebd1744d92bfa0eaed983b9acf1bd1234992bfe6dc6c079f78aa4f4beeb8f36c0e1b08b71116a09a0cd02671be6acf83a66880900f978e77451fb8a9047f3d5a64838e631902b8f1789b8279c5ca9a5b9b7a97e9ad019220c4ea38ca3a5e5460d453425f527fd5f151b0241a07fa923f2bbfb8ed1336f8457e93e6c383ce377a7705796da523c6b7248a04fb05097478fd8cfd4bca0bb114842b67971c4e8bdbe9cec9e808d7814a835bd9e2fec26feb367c0360d5c4c86db30fdcbaf2bcca476d0f27649efe6eb054c701df12bf3f1376eea57317ff19a7925b8493b3bcabcdc619a6575a9ee2a6800ae97b5723a29084add7029e58f6477a85646627b8953b791af724d974e3d4e0cd119fde7e8e607f4903ba6d42a4baefe7962e349a25afb6e9524d89c1831f780feaca24478a3c7b494949f5575cb530a0ed9673cdc414d999e0deded9d823cfed5f8bae0552bb9f4773ea4c31c1a877f3c9e6363f53c02815df6568313bb6bd8d356af8f40ed45306d216b9231d791bb438c7728b0b79b7c334f38c20b078ca3ec35dfc28302ba033435dd8dff24df288681f1942b0f99e71834c50660bd7a00bcc165417484da8bad7378838e6316905041c92d52df98d201ac91bc6e9dd98e3f1fe1bf8710fd099f733a31894ef2724f4b733bdf3ba39eff6574e7e7d32d1e03ccc3eab46d2efbce23777ebfef593284e29d38dad24d67a876fe563c08ca5ca0f38a1c470afa2a870eda9aa41927ab8a29128c23dfc906c464702f7a0bfefd6076ade879be6786a306d20928c174d4dba41a2adb0911fdec9cb03ceb07de5f37209f5a58f5e621efbaa282efc", 0x4d1, 0xfffffffffffffffd)
keyctl$read(0x3, r0, &(0x7f0000000000)=""/4, 0xc4a2736a00fb731f)
r1 = syz_open_dev$dmmidi(&(0x7f00000000c0)='/dev/dmmidi#\x00', 0x2, 0x60000)
ioctl$TCSETSW(r1, 0x5403, &(0x7f0000000100)={0x3ff, 0x3, 0x6, 0xffffffffffff7fff, 0x2, 0x0, 0x20, 0x10, 0x2, 0x3, 0x8, 0xfa7})
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r1, 0x84, 0x15, &(0x7f0000000140)={0x7fffffff}, 0x1)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x82000, 0x0)
ioctl$KVM_SIGNAL_MSI(r2, 0x4020aea5, &(0x7f0000000080)={0x11002, 0x0, 0x6, 0x1aaa, 0xeed2})

09:40:52 executing program 4:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f000000b000)={&(0x7f000000f000), 0xc, &(0x7f00005a6ff0)={&(0x7f0000002240)=ANY=[@ANYBLOB="cc0000001b0009010000000000000000ffffffff0000000000000000000000007f0000010000000000000000000000000000000a000000000000000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00\b\x00\b\x00\b\x00\x00\x00\x00\x00'], 0xcc}}, 0x0)

09:40:52 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:52 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0xffffff7f00000000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:40:52 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x2, 0x40040)
r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0xa0a81, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000000080)={<r2=>0x0, 0xa4, "aa084c3148cd0dfed60619d52241413cac7a75618a37e5683a397e43a7d2fac04dcc7551b18b593d8560b319edda6072bc5accfec0865a8c3e268b6e767daab7c08c3b6d54952a12815343502e7de4adbb090ac8f6d31066b7120942ba2412ec55055210d19a17ec1427c10fedc43a5d39cb292421d0cbd5a6b2bc0318a277a79936c35b5952f32fa7aedef6ff875bb99fd337e10d1eeabbc9d32b1af71bce14c8164296"}, &(0x7f0000000140)=0xac)
getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280)={r2, 0xffffffffffffffff}, &(0x7f0000000240)=0x8d5d)
writev(r1, &(0x7f0000000200)=[{&(0x7f00000001c0)="88", 0x1}], 0x1)

09:40:52 executing program 3:
syz_open_dev$sg(&(0x7f0000000080)='/dev/sg#\x00', 0x0, 0x2000004002)
perf_event_open(&(0x7f00000000c0)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_open_dev$loop(&(0x7f00000007c0)='/dev/loop#\x00', 0x0, 0x82)

09:40:52 executing program 4:
socketpair$inet6_sctp(0xa, 0x3, 0x84, &(0x7f0000000300)={<r0=>0xffffffffffffffff})
r1 = getpid()
r2 = geteuid()
getresgid(&(0x7f0000000040), &(0x7f0000000100), &(0x7f0000000140)=<r3=>0x0)
setsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000180)={r1, r2, r3}, 0xc)
r4 = syz_open_dev$admmidi(&(0x7f00000001c0)='/dev/admmidi#\x00', 0x4, 0xc00)
ioctl$KDGKBDIACR(r4, 0x4b4a, &(0x7f0000000200))
r5 = socket$inet6(0xa, 0x6, 0xfffffffffffffffd)
perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x8000, 0x7f, 0x2, 0x6, 0x0, 0x40, 0x2, 0xc, 0x5, 0x4, 0x100000001, 0x1, 0x80000000, 0x5, 0x10000, 0x3, 0x7fff, 0xffff, 0x81, 0xfffffffffffffc01, 0x0, 0x7fff, 0xaa, 0xffffffffffffffff, 0x5, 0x73, 0x5c4a6b94, 0x100, 0x80, 0x8000, 0xe8f44fc, 0x200, 0x100000000, 0x4, 0x7ff, 0xffffffffffff31fd, 0x0, 0xfffffffffffff44f, 0x1, @perf_bp={&(0x7f0000000200), 0x2}, 0x100, 0x8, 0x9c, 0x7, 0x6, 0x100000000, 0x8}, r1, 0xf, r4, 0x1)
ioctl(r5, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070")
sched_setattr(r1, &(0x7f0000000000)={0x30, 0x3, 0x1, 0x7e2203d9, 0x6, 0x5e1, 0xffffffff7fffffff, 0x2}, 0x0)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha1-avx2)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000340)="0a0775b0d5e383e5b3b60ced5c54dbb729d77ebe73356dc32621a9c6b4e30cb093fd2e5cafcda83020f8a79a7a4227c29ae4302d70771cb1f96036a50085b876617afe2f0f21a4a6ed6d80395139ed1dd3e1d10e2184c67f00ff0227467e067421bfc1057f7267bc8a6cff9ccaf85419fbd4ede2b85a5416ddf6746173d879c6119c6d0d26d224adb767ed20659f76ef97de0d4adf2adb705a2845934cafedbc58b0834b042cb384900e109dffd736bbe312b43581fb5cd38851a5039f47d6911cb1452ee8bf30d89a8078306f0e18d5785e88517d16d86f73e83f4005de5898ffa15e3a616396326819366c04b7131379cfb9642c593bfbb471e1dfecbb7fe7", 0x100)

[  539.408231] binder: 6496:6501 got new transaction with bad transaction stack, transaction 3553 has target 6496:0
[  539.418713] binder: 6496:6501 transaction failed 29201/-71, size 0-0 line 2879
09:40:52 executing program 7:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
listen(r0, 0x1000)
setsockopt(r0, 0x0, 0x9, &(0x7f0000000000)="52ac50152bb69ce71c72076af44c5ee542e2b2cddee373044f9850c5705bfb481d0b56f310b614ab5d724d86584fd7ac144551d1e11b19c975722148073ab8bf9bdd7704a01227d8138912f076d5474ec42f322714eeba1e47dbec56c9f53076139ad0d67d9fc8dec69811eedeeb242b6472f074eab67cf6462a5f1808c95caee88c62b7", 0x84)

09:40:52 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  539.517179] binder_alloc: binder_alloc_mmap_handler: 6496 20001000-20004000 already mapped failed -16
[  539.541604] binder: BINDER_SET_CONTEXT_MGR already set
[  539.547880] binder: 6496:6501 ioctl 40046207 0 returned -16
[  539.577409] binder_alloc: 6496: binder_alloc_buf, no vma
[  539.583005] binder: 6496:6533 transaction failed 29189/-3, size 24-8 line 2967
[  539.594400] binder: send failed reply for transaction 3553 to 6496:6501
09:40:52 executing program 6:
r0 = socket$alg(0x26, 0x5, 0x0)
socketpair$inet_sctp(0x2, 0x1, 0x84, &(0x7f0000000040))
bind$alg(r0, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000000)=0x9, 0x4)
r1 = accept$alg(r0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f00000004c0)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x2f5}], 0x30}, 0x0)
write$binfmt_script(r1, &(0x7f0000000300)=ANY=[], 0xffffffaa)
recvmsg(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000013c0)=""/4096, 0x1000}], 0x1, &(0x7f0000000100)=""/123, 0x7b}, 0x0)

09:40:52 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x0, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:52 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x9b4b)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt(r0, 0x1, 0x6, &(0x7f0000000000)=""/109, &(0x7f0000000080)=0x6d)

09:40:52 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
fchmod(r0, 0x100)
keyctl$clear(0x7, 0xfffffffffffffff8)

09:40:52 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  539.623252] binder: undelivered TRANSACTION_ERROR: 29201
[  539.628799] binder: undelivered TRANSACTION_ERROR: 29189
09:40:52 executing program 1:
r0 = socket$inet(0x2, 0x1, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0xfffffffffffffffc, 0x8972, 0xffffffffffffffff, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10)
connect$inet(r0, &(0x7f00000e5000)={0x2, 0x4e23, @loopback}, 0x10)
connect$inet(r0, &(0x7f00009322c4)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x2)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)

09:40:52 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000ab9ff0)={0x2055, &(0x7f000039a000)=[{0x20, 0x4, 0x0, 0xfffff03c}, {0x6}]}, 0x10)

09:40:52 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x12000000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:40:52 executing program 7:
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = socket(0x11, 0x3, 0x0)
r2 = socket$inet(0x2, 0x3, 0x7)
recvmsg(r2, &(0x7f0000001780)={&(0x7f0000000280)=@xdp, 0x80, &(0x7f0000000000), 0x0, &(0x7f0000000780)=""/4096, 0x1000}, 0x0)
setsockopt$inet_int(r2, 0x0, 0x7, &(0x7f00000001c0)=0xa, 0x4)
setsockopt$inet_mreqn(r2, 0x0, 0x4, &(0x7f0000006ff4)={@empty, @loopback}, 0xc)
sendto$inet(r2, &(0x7f0000000100), 0x0, 0x0, &(0x7f0000002000), 0x10)
setsockopt$packet_int(r1, 0x107, 0xa, &(0x7f0000000040)=0x1, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x2e, &(0x7f00000000c0)={@local, @remote, [{}], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @dev}, @igmp={0x0, 0x0, 0x0, @dev}}}}}, &(0x7f0000000200))

09:40:52 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070")
r1 = socket(0x11, 0x803, 0x300)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000140)={&(0x7f0000000040), 0xffe5, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="2800000010005fba0e0000000000000000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b0000000000"], 0x28}}, 0x0)
setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
recvmmsg(r1, &(0x7f0000002e00)=[{{&(0x7f0000002b80)=@pppol2tpv3={0x0, 0x0, {0x0, 0xffffffffffffffff, {0x0, 0x0, @multicast1}}}, 0x80, &(0x7f0000002d00), 0x0, &(0x7f0000002d40)=""/164, 0xa4}}], 0x40000000000014d, 0x0, 0x0)

09:40:52 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:52 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x0, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:52 executing program 3:
r0 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x3f, 0x200000)
setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000040)=0xfffffffffffffffe, 0x4)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x5)
ioctl$KVM_ASSIGN_PCI_DEVICE(r0, 0x8040ae69, &(0x7f0000000080)={0x9, 0x3, 0x80, 0x4, 0xfffffffffffffff8})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_MP_STATE(r3, 0x4004ae99, &(0x7f0000000300)=0x7)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(r2, 0x4008ae61, &(0x7f00000001c0)={0x0, 0x0, @ioapic})

[  540.271899] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  540.304638] binder: 6564:6572 got new transaction with bad transaction stack, transaction 3559 has target 6564:0
09:40:53 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  540.315165] binder: 6564:6572 transaction failed 29201/-71, size 0-0 line 2879
[  540.335634] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
09:40:53 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x0, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:53 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf401]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  540.370119] binder_alloc: binder_alloc_mmap_handler: 6564 20001000-20004000 already mapped failed -16
[  540.385480] binder: BINDER_SET_CONTEXT_MGR already set
[  540.393674] binder: 6564:6572 ioctl 40046207 0 returned -16
[  540.400379] binder_alloc: 6564: binder_alloc_buf, no vma
[  540.406099] binder: 6564:6587 transaction failed 29189/-3, size 24-8 line 2967
[  540.415447] binder: send failed reply for transaction 3559 to 6564:6572
[  540.447359] binder: undelivered TRANSACTION_ERROR: 29201
[  540.452955] binder: undelivered TRANSACTION_ERROR: 29189
09:40:53 executing program 6:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r1 = accept$alg(r0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f00000004c0)}, 0x0)
write$binfmt_script(r1, &(0x7f0000000300)=ANY=[], 0xffffffaa)
r2 = request_key(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={0x73, 0x79, 0x7a, 0x1}, &(0x7f0000000200)='gcm_base(ctr(aes-aesni),ghash-generic)\x00', 0xfffffffffffffffb)
r3 = add_key(&(0x7f0000000240)='dns_resolver\x00', &(0x7f0000000280)={0x73, 0x79, 0x7a, 0x0}, &(0x7f00000002c0)="f38dd41969589955ec5b4ef419e3865bc45a331219509bdd66aedb65c864d5e1a0908cd94e8f6defdf5bb59d55a9939dfada18c54936cce4f90585912a93c4a30a8a5ff4c07c1346075840315ba5a630e64a104b3bfaa4faf02cd884581c6212a3f2439ea6e16ab570c32561003ace3e5faf7838d76b1e15c5400f1106c21b1f273e5b2809218d29d19274363ca1a11423198d0e7c53b4fe034a26529edac5539ea4946af0331b2e79bcf817a0290c0f0e4abc6d", 0xb4, 0xfffffffffffffff9)
r4 = request_key(&(0x7f0000000380)='user\x00', &(0x7f00000003c0)={0x73, 0x79, 0x7a, 0x3}, &(0x7f0000000400)='gcm_base(ctr(aes-aesni),ghash-generic)\x00', 0xfffffffffffffff8)
keyctl$dh_compute(0x17, &(0x7f0000000440)={r2, r3, r4}, &(0x7f0000000500)=""/33, 0x21, 0x0)
socket$alg(0x26, 0x5, 0x0)
recvmsg(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000013c0)=""/4096, 0x1000}], 0x1, &(0x7f0000000100)=""/123, 0x66}, 0x0)

09:40:53 executing program 4:
r0 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r0, &(0x7f0000000180)={0x10, 0x0, 0x0, 0x802fffffffe}, 0xc)
r1 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x4)
r2 = socket(0x200000000010, 0x2, 0x0)
getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000040)={{{@in=@loopback, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in6=@remote}, 0x0, @in=@rand_addr}}, &(0x7f0000000140)=0xe8)
fcntl$getownex(r2, 0x10, &(0x7f00000001c0)={0x0, <r4=>0x0})
sendmsg$nl_generic(r1, &(0x7f00001cb000)={&(0x7f00008e5ff4), 0xc, &(0x7f0000f4a000)={&(0x7f0000000200)=ANY=[@ANYBLOB="58140000afa8c08153b04be011030000000000", @ANYRES32=r1, @ANYBLOB="04001900080003007f00000112659514ea8b9c09aa4c562ba369c3c2f601c4425a27b02be66203f69924c8723264d6d9344b1320687df7f54228993a1ffd9c11175281eea6d794be667038a7d93d01741e6bc374b7409613423041d1604170f9f64a50aa020a8833b7823f0193965338a2d68acdbfd81d71c256a794ff3dd80675996ab3cd99c9798c50ea1fc74fc1f27feea4dc60dd1f2a9258f7bd0f2fe94e245b28da571cac8a1a611553563056f31a3f4ec8bda0e0bf8efa119e047873730b3ac551e93b5a41c770e1fd365eefbf7bfeaa21e787ca501edc3540de90c900d800650014000f00fe8000000000000000000000000000bbee5810a03553cd1891f6a76bbd16ae7631f51172915fdd1d027971cb6507b9b590534e2c848eecd7124d24255e05fc6575144641f650dfd8917edc42e4131fdc32f844189fc4f1f0fa99cf45cd6423536af786c9cde05d08006f00ac1414150c002d00060000000000000008000000", @ANYRES32=r3, @ANYBLOB='\b\x00!\x00', @ANYRES32=r0, @ANYBLOB="1a08a6cd7563e8a6946dbc1ab64cf786adba614b5bc694e135299c352d9fc2d739d7c14ee528685572e3b233580fa6f588d1ea78acbde3782e4fefd5f5912ce58ec3980000639c6b6beb66770eab424fb031eed2c03b62bb773906d46004ff20bce7c3257343a7d8d4c8b7b08bf26200adc4e14e7a6d3d87ec590293e8ac6f18964868c41b254c404a5289289e8235169cec1a6270a435833be6e9d1ee720a4f616472176e3d97bc656f9183d6ef95447856e21eaa457784ebd26e5a5f5c2acd13293a8edf9e057af8b9b02b791a7589d29e4c292865eee80fa957668ba9e70f47c30d9ab2a92b81d6871508007300", @ANYRES32=r4, @ANYBLOB="279a7554edd4cedceeb74902aa7bc2e1e4ceea81536a0825fdb0c98f27c87e1ba2bb55bcde31e02ca6be615644173b6a58a11ecb3edf40a38a51c9d2fd9d1dd12851b3327ce3e21c899f6f1e7cd0ad8be7a572265241dee63842d7ebcb6de10929ace2f024b1dfd361e12b7db0893a1efc167ca39a9af21417806d2cd3228fa8d68052f2e1b193271e547d2407b1e0062966fb7a150cbb48fdab0f254c863478225a41006eaedc402a70744d2f7c7dc3a953a9cdde2edea708e30a2ddded55198c35ecc3d66e2b578f8509d68e1fde85ba996cfca07febc31fb8e42eabc9d8fe22db15ff783c0c35075c62f11efc5689ba5e798b3baa5e196c29ee6af1cf977792f208c3ab80c634d69ab6c3c87673d33b07f76cb31ceff11b204a834d366356f55f32368752751885032e1514f4d4548af2bf26677fe5abc3cc70eb4205e07c64d43e0299df97db1da5a81da14cc61b3465eb0613b3fa05a825d9b23884767b014b8d19babffef89c853a5e9985ce2c64ef40c3264e4d150100a303b7874a8904257fd1167d4d266c272763b4a40c07549363cb2031a1681caf8063b2cb49c486d0ca98e580f721c00b565274fdb7234be296a4bbe6e7e3158a74736dec6340e91c9750a5b2f7965893d66d2e8bb1376806a32a4bc3c72eeb783178ee2568474ad5bfb93cead174ecbd3a1a4547b5f26192804b83b322f506f5cf6d408060c9a1299b1147a019ef9c421983af6a2579963d377f489652348f36f7e090dba0ae621aa5fde6abd6a01d943ac00d1fd5b0801ec5201e97fccd7f11ad16255cb8e2ee3d9ceba83e07fa7b518b473ea1f80f93378525f888e8cd6e8d03280aacb9eeb5aabad8dae290e9bdf128832efa665b4aeccde183c3e5fba96614612618a071e8baac1ff5067bf4d36257e81bf2f2a22a22f1beb05721d77836f92500d275345808c6e0ae024e2b088ccdfc3460563169f9f61cdac367306498f721c05507e0cf2dd3bb559bba49c5410824fda70b605765bf31eb98c60f17c6bfa98fbd3387b7bbf885dbdeebe582699c3929ce2b91ae464fd4c5f833ce20fbe287a079c0d74da393eef960f44d657b43ffeabd440a1d4af67a40264821d3a770f7710584b2af82000eee73eee2b9980c85006f615b48cf17467cd26ff55801c3e589e51ef78b951d3d5d2acd032ae202cb127ce5734068c8d7950657742469bc7d16d5198b019bfb30a5bfbcbf672450cb9f7e80f5f5ac176df5c9d3ab09087475ba91505cba7c225434f9dc6afed77c2856fa6c2b63a8e0139fdab23fc1444e9aeefc6e567768258a9d48323e7d20539b71c7edaa9a440ed993a808f650e13e0581aadb577cf613b1dcd8bc04b59ef691a78f826ccf10f0f90aa3b0bb4a6944bfac48300f86d736d6af38bf33363f29744d9cc5881b1b8619b67d47089402cc4e047393b26278de3555bd1af4da764e5785579c0bbae4474fd5e04309d8d9efb0ec4dfe2d26b49b9c2c38bda0b5a9159e82223cecb952ac4bd2b5a2d95aeb11fbaa68b7ac30088854314d475bb3931c092d3fd87f8a0be1a1f17f20d3f9fa4f424c7245869cdc791078aef6f4b63ded6be73c4fafc9391b43c6f8f44cf55f05e1a73f2ce2109ba9fe18cc69f04044c881959041d07a7f9d41ec30c65b7babeda2840edc5a68ff938951a7d52d914c8b8d3be70b018efc8e1e138615a1cb80485e472bb5a254541de8bb2492c5e779656cffe805264449d89675c1d3656bc9001ca948006b267b30e5008597841ea15160b19eeb5b327795e72dd01037692f642a47c2d11e91e1fb351c05a84f9461ff00af5ba4fcac5994b8f9bcee7e8cd2980fad8c376c388da09cea8f29094be0feec58f7ae5692e6e68735f347d4677553a45cb6aaf4a7b2d7882abd9a2442f6253bcad6fa65f280dc4e4c641c6757961bbc82ee1625221dfada01e6cd864f3cf93900907c62d19356ba36c0d0c99b27345e706beffe31ca4709b7b4daaee502e50650089a75b227e225d088c2c2f2042a5267b387cd6698bdfa6cb934f03d7e77ff1e6a811dc231d7288fa91bf9974dc9a26354720d9d892c34ddcf457dc61c4be8dcc720ab4e6bc112b28fcf9ccd5cef20fe5044c0a3669e0c8f512cd13de8f2561715736413078fcfbfb2c458c86c3b405c20f562c45701332f600f8d58bdcad5f2346c6b629fbb8fde25fbf931d26780ab8bb320f3bf0a7191b5c1a31d8363409e2ff8077c2987aa3f9b4a7372909faa348906342dc9bc95bff4277d1391e9a041223fc60f2ecb8e0572c52f270f4529ae5d895cddd1b6320b6759f7dea5eda0131ef9d10a696ccfbb45f0a5603eede587ffbea3176d2f83f2f3618673b0c6b781ad58a851de161abe598e349af6fe906e07b4cb7d3a7b137318e375550f0d58913f3312d94739af7a8c8d2dea8dc1c37264f11efa3c414fd7869dd23784b9b1dfb2033b46b8cdf32cd11c3bddcbfdf22709aa3047f869dadf1c8010e096de84b04020be4040a88a3d56aca87d2a8a7764f46fdc64a690e17795df55a554f977276822835e527515ba4501db0da01c1201a8d7c1bf7f8877b370eae372973f6768b1b1f769cb567f32641b2c6d1da00c889f9a1f83ad0f8730d7206815c3f051491fe539acc3b0e966d02c91ad77bb31631240d0a80a63e893aec15a91260ff485535935b5728ab0eff9e6e5c976b49a2d4b8b325faa06575fe54e3b855e2b45dd36555089fdf4657739c8c8fbc655236e2ca1ff5a286640d8597ed12bbf32c966696ca74c5a89c878907f3a0c70cb8f46a865552fd3223b954713dc69e4c7c154efc7c3b151f6770fa85039f96ce3291cceb035058ec284a8077f013ec2d24efbc27e5c58291e3a62a1de73140be84537380d8757fe3a14447147ea26f42aa9e2e612320d3bce208a928e76a36ff65dcb9975bf0d8b8652e400c3c7f75988f9d92153262d81923b07820cb83f61b73eb7ad71545e07d8e5d05e3658146073b721fc03ae26137dcf39f530e8d550034d713e82a990aef6e049755d844e774dad65d07da2706399410d8fa7f32df9a7bb8038734cf5bfe31b65b09d03682cb753ca2653085ce65546f3a959c0cb25095fcfe36b82194693b4599eb6db59e5679745adf3b02e26b76cb29e89a5e070e9e126f0c54a79038c942fd1875de0fa11dfae40796fbf9ca3dd8085ec731b57ca4fc01292de30e1d4e86b712ec3eac02365d6747701131ba980dd363b19f83d524155b08efc97d43c91524517338222647a846a4ae7cf91adb5a1d29e3278e7b89c0dd3040c6e4f8aa6a62864c5fb5c20d60fcfd5bc78da7eb324013ba093f44cb00284529b1e975b71578792ed4f1de6687ed86cb2950692153c7d07b4839ed7d8ac91d96754b7f4f464194bd53ccfc72bb594c2e0fc06c3b1254b506b256b8a4e553c913d22f9db4cb2f8721a8a6c60106c312fdd184b3f168081dc0b2109393ff26545d7b56b6e851e13126e84bc76527fb41d1745ca30fa84862f63531516cba9857d9bbb920e4b1b74f81accf0656e3480257abc03b37b8e15b750d495953f2b3a73d91ac6f402c2cfc172d2469da78515631cdc25464b2133392a8a40e392927874d12a7a5c81da5c0767d92a06b9aac257db56209cb521d28024a44db2aa23e9c07abbf1cc43fcb4af08163fa90d8bd496b55d65c69a4ef6615e31df863da5c005db4a3a5e26baa4027a626542487381e1abc43cd1be1335fba7f938621da08c5fc3b0d01ad78683672da8ad47b9bebec4e7a323d77f86f28fee45332c93c42a54cf6b8359a8b1e81248c5ae646370a962bfbfb434e2cfbeb0b27c42ab17bdde868de5f0301075b7daf06b95c05a3cf6136cea323aa87a4efce8bf8809e891025dadc53caa7a6fe20a7edba1c37c9b2728eeff54d41bdac267251473abe5a6a8cd1a3aa01f192b2b19207d8be85f657f42cfbf6f0ce7ac1b8f8c97dba66c8bf0987d6270daa0ead80f930ff2d7283f8528a3f7e2e70f206301e7d7c20c2ca96f0cd1dee2b5cc86a82f611eb62d60eb9d5980175ece4cc8e928ca5fe18f69201eb2c797324d320b7dba4b1e55455db21cc219f7f4bb3c5df6bdfab7b4a698f8017e787f01ce24042b697dc95db2e788eb742e545d85bba924b5df14614a548dc3cb32362ec97ea7ebb88b4a66093c639ae7cda9ea367da9ed89a53d125e67e8c34481561a268b6962ac00d062aa2aef29901b9377056d8d7c6b5d8f436d6cec155d6824df269ec1c52439b786b3be7d53e25ab388edcfc5c04e2fea66f019b82d654ae7daa186134cddf29274831717d585e5667ab69f9a08373a29b6cbdbc5ab56f73a2ef52bfbbf8914480e2e2620a808dd47936a5f261a3c63a926bd81adbd20e335052d0283187ecdd83d3041adcfeac9d4915e44e13df903f6b3f5589b5e7673460b61911b895bfa11fc88147f833a8fecdd7e6f6645a7458c02e7d7d527eded9454759698655d9725bd6e505b50dcd4991bb6eff6844f0dcb7b07d6d049662f2020a08170582dcc1fbe6ed62923792998fdc81875094aea6ad0a3aefc687632080810f021ab67eb0a805ad1e8c96f09bd28d939c16509a53833804bb74fec40ebad4e8bf0f5a9140bd7fc2c2bb0fc018bfb5ead9050b4696ce41a78e9d1234edd0d309eb8d70914dd4eca61c31bec24fe1cbc7145c4ff59343d8b41f69d636ad6968a2b5775f9a2d0e91107d1d918412a74d67079f8a8489c52f7bf287e56cd19f10dda41319918046ca259a8d6ab1f38092107c5eb3e92408323d7e97ae92569f3aa8a6ffb5d778fdf135bd7dd2d35e353f30eacab16f3d6b769140517019dffc67e684875d8b638632a275dfdcae5cf7b6396fa9a4d355932ea17c06721bbb74fe73d9825e66dc3f9dcf37329c97d8eee6d696b99238cadae278ef4dbeb105be62fd49530556940af2e56cbbf816d26c3456ee7dfa61fa0b01852d36641ee0b8c4cdd642ae2d302eb1a08362b7e419e7069f7b0a6d4be75552c89f0f6e3332f557a069949dbffd076207d13d09ecd38148ada8b427c46263cb5b225089c433f24a826d3f1c4cfbbdf677b6b86b9f6e2db0318a7c2d288e53d56fd1d2f413c20511297369e3160cf501075130bd9095607c1d29a9060837ef5865a860d2093fad9903454a2ddd007c49b3aad6f604f9f1f934592a636872d5abad9062ed56864d87eeece36bf5f0204dd8abc0ef548306925a48384d981ddf5e4d8e47de100ebfd7ee6ae796725728a7397e6ab31f64c1593c97a9229dc20b8517751e99d0f89f07f89f3c793348936c3a7122f6bd8eeda5595193d76e16b2786037eb9ac15c19c5addd34476ccdc0e0173a3b03bdb0ac17b4262b338ae4f0ac1eb519d5a9e623ff2da50dd72f47ce32c55ad69207b30f86ef00fe33346d074251de58902a6d64905ac86f32d87c6800e9e7b94115a6b185e698bdd96fd033c2b1eca57c7a4a43167f40d51d6dd5fe26a82ae1a30cd387ffea3e8ea089e44e9c9fa463759b61787a57aaaa3a43ed14856497673311fafb64bd5f854fc120e920691d810d936e62a4aeaba8b4906713f618bb21f6fffdd3a48f8e7767f5cb1fac4050812db0f3a3d4367d51c9ddeee7f4f8dae909d190a0c0544d1ec0ba8a895625d12d0d09ae9f7a003c5d809b8bb341329557f1f80627cff2c3509bb6aebf24ac9bf13cc6a9f6c429d0bf2f3ae44964fe300499e7c91253254772079d0ffc625c2dbc56bf22af2ff14684821fca72bfd34151b1ae88dcfa85d73736a20a2a472213199797cc8016b0067f7286a1bb7ec8c2c12ce37ded3e104bd821de6b7f5c2946eb198e81d45624a489966150e28189ae20f4b338b6c5a79914d5f23b28598edc4e9d8156567dccae50492caa16131bc26eaca7a87fa7b5113b6704457dc1ec6bd23b8f2750e71189107bc12ea42f2ac8d142e44c73d7fbbf45b8f51f0d17e9618d64eadc26fd810e11c3216fb10def736a01bd374dad59bcf2397f39a415ae7afbd126d43d00fcc722070ba7d3d32aafb603713750d1a572ae78358e16bcd62f469bd6fc97c07d7b55bfdd4c510c622e574d1a4296e3361e2498a7a100be0cddf45ec5b6d0cbbb808bdbc7aa792244108008600ac14141e08006600ff0f00009b7c0149aa887cb9c5c5f98b3003f9eedd3952779140998ddf62fa5776cc1c00a2aa0896ffa4e7fba607e879f50dd68c2f60e11ac4990c7d5791a2947b200aba4c3b824c65cd8bdadccf4ee724eaaeb04b8825760f636e2189a2c168fc5cba26f41d94d8c9e035aced79df5043836b7311af49eb99ebc1940f5093ba699eb61b3876bcb60f6a9833b9bc76ba829c74726429be5048cceed34e3e6f39aee3c1cba573d5a820a6a8079b0468f7bef301d1767501bf3ac62ac4140074000000000000000000000000000000000008008800050000000000"], 0x1458}}, 0x0)
write(r2, &(0x7f000095c000)="2400000026007f000000000000007701000000ff0100000000000000ffffffff0100ff10", 0x24)

09:40:53 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe803]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:53 executing program 7:
r0 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c)
r1 = socket$inet_dccp(0x2, 0x6, 0x0)
listen(r0, 0x6)
setsockopt(r1, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1)
ioctl$sock_inet6_tcp_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000280))
r2 = accept4$inet(r1, &(0x7f0000000640)={0x0, 0x0, @dev}, &(0x7f0000000680)=0x10, 0x80800)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000500)=@assoc_value={<r3=>0x0}, &(0x7f0000000700)=0x8)
socketpair$inet_udp(0x2, 0x2, 0x0, &(0x7f00000002c0))
r4 = msgget(0x3, 0x200)
msgctl$MSG_INFO(r4, 0xc, &(0x7f0000000240)=""/2)
connect$inet(r1, &(0x7f0000e5c000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f00000001c0)={r3, 0xf2, 0x30, 0x9, 0x6}, &(0x7f0000000200)=0x18)
r5 = accept(r0, 0x0, &(0x7f0000000080))
getsockopt$IP_VS_SO_GET_DAEMON(r5, 0x0, 0x487, &(0x7f0000000040), &(0x7f0000000180)=0x30)
sendmsg$key(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB]}}, 0x0)
ioctl$PPPOEIOCDFWD(r5, 0xb101, 0x0)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f00000004c0), 0x4)
ppoll(&(0x7f0000000440)=[{r0, 0x50}, {r0, 0xa004}, {r5, 0x6003}, {r2, 0x8}], 0x0, &(0x7f0000000400)={0x0, 0x989680}, &(0x7f0000003780)={0x4}, 0x248)
sendmmsg(r1, &(0x7f0000005700)=[{{&(0x7f0000003900)=@pptp={0x18, 0x2, {0x0, @rand_addr}}, 0x80, &(0x7f0000003b80), 0x3a5, &(0x7f0000003bc0)}}], 0x3a6, 0x0)
r6 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r6, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
r7 = syz_open_dev$dmmidi(&(0x7f00000001c0)='/dev/dmmidi#\x00', 0x4010000034, 0x20082)
ioctl$int_out(r7, 0xc0305710, &(0x7f0000000100))
setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000100)='team0\x00', 0x10)
sendmmsg(r1, &(0x7f000000a080)=[{{&(0x7f0000005440)=@alg={0x26, 'skcipher\x00', 0x0, 0x0, 'chacha20\x00'}, 0x80, &(0x7f0000005640)=[{&(0x7f00000097c0)="bf", 0x1}], 0x1, &(0x7f0000000740)=[{0xa8, 0x12d, 0x40, "d6c944b858185a2b132cb7f4d02b7d45222c8aaf588ff35f4bc134c2d5b4e7da12934ce6f4fd27e3c468206d2140cd8eb72b56c1562238e594c904139e7d6f2f125193cc86c440911e931ab479011e21bba373f7495a2324aba7f64f31851346b8c826819e682ac5694313d3720803e33b1e04500e1ae9ba90abbb3cd6482fa1bd30423e8dc58e15086b6df111029e837b05563b7e"}, {0x18, 0x116, 0x1, "548313e8148ab5"}, {0x90, 0x103, 0xfffffffffffff801, "bac74ecf22b1f1585cec7b433d4e31fba30bc471b864cb78ba30ce6570c7653e3f74224c4e833568e27ca3f8e2ad7ad5ae527c9b00bffbe6e0b0820ef8c9d98c42af019ad17bb7d35bcc39dfb668b3fc366c3777d95c88633ceb74ccc2b2eacbd6bf98e9457b89faab322044f5c84f23204c46dbef416da69f36fabeb102"}, {0xb8, 0x11f, 0xca9a, "55cd23dbc62643fd507ddf1b1e77b8f2c1631fb70c10d0e815231e6026ea0e926cd77887145fbd6a9634ef77d2c1c568b3660e82bd410861772a38ddbd89e4c499f71cc02c0f389df87456a05138f53379d24cdab6ac406be774b9ac13c67c130eeadab76f8e9e0e4fc7b8d383999910599d2e63cc5b676d5fa082ea994e3633a7732c4d2b8dbfaeb52bb020afe45775f279c5206ca2dad643f1e0cdd9f91ab46cbe0522"}], 0x208}}], 0x1, 0x0)

09:40:53 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x9014030000000000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

[  540.549373] binder: 6606:6609 got new transaction with bad transaction stack, transaction 3565 has target 6606:0
[  540.559852] binder: 6606:6609 transaction failed 29201/-71, size 0-0 line 2879
[  540.570127] binder_alloc: binder_alloc_mmap_handler: 6606 20001000-20004000 already mapped failed -16
[  540.595105] binder: BINDER_SET_CONTEXT_MGR already set
[  540.616259] binder_alloc: 6606: binder_alloc_buf, no vma
[  540.617204] binder: 6606:6609 ioctl 40046207 0 returned -16
[  540.621842] binder: 6606:6620 transaction failed 29189/-3, size 24-8 line 2967
[  540.639721] binder: send failed reply for transaction 3565 to 6606:6609
[  540.650668] binder: undelivered TRANSACTION_ERROR: 29201
[  540.656239] binder: undelivered TRANSACTION_ERROR: 29189
[  540.685686] dccp_close: ABORT with 1061 bytes unread
09:40:53 executing program 1:
r0 = socket$inet(0x2, 0x1, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0xfffffffffffffffc, 0x8972, 0xffffffffffffffff, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e27, @rand_addr=0x800}, 0x1)
connect$inet(r0, &(0x7f00000e5000)={0x2, 0x4e23, @loopback}, 0x10)
connect$inet(r0, &(0x7f00009322c4)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x2)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)

09:40:53 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x0, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:53 executing program 4:
madvise(&(0x7f00001f2000/0x4000)=nil, 0x4000, 0x10000000e)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r1 = shmat(0xffffffffffffffff, &(0x7f0000ffe000/0x1000)=nil, 0x1000)
shmdt(r1)
madvise(&(0x7f0000153000/0x800000)=nil, 0x800000, 0xf)
ioctl$KDGETKEYCODE(r0, 0x4b4c, &(0x7f0000000000)={0xb8a})

09:40:53 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:40:53 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f00000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:53 executing program 7:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop-control\x00', 0x8000, 0x0)
close(r0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='oom_score_adj\x00')
write$cgroup_int(r1, &(0x7f0000000140)=0xfffffffffffffffc, 0x12)
setsockopt$sock_void(r1, 0x1, 0x3f, 0x0, 0x0)

09:40:53 executing program 4:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000600)=@broute={'broute\x00', 0x20, 0x2, 0x310, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000280), &(0x7f00000002c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0100000003000000000000000000766c616e3000000000000000000000007465616d5f736c6176655f3100000000626f6e645f736c6176655f300000000079616d300000000000000000000000007eed89a26ca0000000000000ffffffffffff0000000000000000b00000000001000030010000737461746973746963000000000000000000000000000000000000000000000018000000000000000000000000000000000000000000000000000000000000006c6f670000000000000000000000008000000000000000000000000000000000280000000000000000a05ad528f63fb9518fa5ec918b6dc1382288eb9e6aaff751d23f19a3fba500040000000000000072656469726563740000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff01000000090000000000000000007663616e3000000000000000000000006970366772657461703000000000000076657468305f746f5f7465616d00000069666230000000000000000000000000e8608c3ac7e1000000000000a36ac29c3a620000000000000000180100001801000050010000726174656573740000000000000000000000000000000000000000000000000048000000000000007465716c30000000000000000000000073797a5f74756e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000636c7573746572000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000006d61726b0000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000fcffffff00000000"]}, 0x388)
setsockopt$IP_VS_SO_SET_EDITDEST(r0, 0x0, 0x489, &(0x7f0000000000)={{0x33, @dev={0xac, 0x14, 0x14, 0xc}, 0x4e21, 0x3, 'lc\x00', 0x1, 0x81, 0x23}, {@rand_addr=0x4, 0x4e20, 0x12007, 0x20, 0xfffffffffffffffe, 0x9}}, 0x44)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcs\x00', 0x4000, 0x0)
getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffff9c, 0x84, 0x1, &(0x7f0000000140)={<r2=>0x0, 0x4, 0x7ff, 0x2, 0x0, 0x400}, &(0x7f0000000180)=0x14)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f00000001c0)={r2, 0x40}, &(0x7f0000000200)=0x8)

[  541.132962] binder: 6631:6635 got new transaction with bad transaction stack, transaction 3571 has target 6631:0
[  541.143483] binder: 6631:6635 transaction failed 29201/-71, size 0-0 line 2879
[  541.185421] binder_alloc: binder_alloc_mmap_handler: 6631 20001000-20004000 already mapped failed -16
[  541.210844] binder: BINDER_SET_CONTEXT_MGR already set
[  541.223475] binder: 6631:6635 ioctl 40046207 0 returned -16
09:40:53 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x4e20, @multicast1}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f00009ff000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3}}, &(0x7f00002bf000)='syzkaller\x00', 0x1, 0xb7, &(0x7f0000000780)=""/183}, 0x48)
r2 = socket$kcm(0x29, 0x200000000000002, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f000031aff8)={r0, r1})
setsockopt$inet_group_source_req(r0, 0x0, 0x2f, &(0x7f0000000640)={0x1, {{0x2, 0x4e24, @multicast2}}, {{0x2, 0x3f, @rand_addr=0x1}}}, 0x43c)
ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, &(0x7f0000000000)={<r3=>0xffffffffffffffff})
r4 = creat(&(0x7f00000000c0)='./file0\x00', 0x10)
read$eventfd(r4, &(0x7f00000003c0), 0x8)
sendmsg$TEAM_CMD_PORT_LIST_GET(r3, &(0x7f0000004640)={&(0x7f0000000040), 0xc, &(0x7f0000004600)={&(0x7f0000003d00)=ANY=[@ANYBLOB="90010000", @ANYBLOB="000000000000000000000300000008000100", @ANYBLOB="7401020038000100240001006d636173745f72656a6f696e5f696e74657276616c000000000000000000000008000300030000000800040000000000400001002400010071756575655f69640000000000000000000000000000000000000000000000000800030003000000080004000000000008000600", @ANYBLOB="44000100240001006270665f686173685f66756e6300000000000000000000000000000000000000080003000b000000140004001800000000000000000000000000000040000100240001006c1e5f706f72745f737461747300000000000000000000000000000000000000080003000b000000080004000000000008000600", @ANYBLOB="38000100240001006d636173745f72656a6f696e5f636f756e740000000000000000000000000000080003000300000008000400000000003c00010024000100757365725f6c696e6b757000000000000000000000000000000000000000000008000300060000000400040008000600"], 0x5}}, 0x0)
sendmsg$FOU_CMD_GET(r3, &(0x7f0000000180)={&(0x7f0000000080), 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x14}, 0x14}}, 0x20044000)
recvmmsg(r3, &(0x7f00000001c0)=[{{&(0x7f00000005c0)=@hci={0x1f, <r5=>0x0}, 0x80, &(0x7f00000049c0), 0x0, &(0x7f0000004a40)=""/241, 0xf1}}], 0x70, 0x0, &(0x7f0000000200)={0x77359400})
ioctl$sock_inet6_SIOCADDRT(r3, 0x890b, &(0x7f0000000240)={@mcast2, @local, @mcast1, 0x0, 0x6, 0x4, 0x500, 0xed, 0x4000000, r5})
sendmmsg(r3, &(0x7f0000000540)=[{{&(0x7f00000002c0)=@nl, 0x80, &(0x7f0000000500)}}], 0x1, 0x0)
r6 = socket$inet(0x2, 0x3, 0x2)
ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000440)={'vcan0\x00', &(0x7f0000000400)=@ethtool_ringparam={0x11, 0xf65f, 0x4, 0x1, 0x7fffffff, 0xfff, 0x0, 0x1, 0x7}})

09:40:53 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:53 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x0, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:53 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f00002aafe4)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000000380), 0x0, &(0x7f00000003c0)}}, {{&(0x7f00000004c0)=@in6={0xa, 0x4e22, 0x0, @mcast2}, 0x80, &(0x7f00000001c0), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="c2b2000000000000291902003e00000000000070"], 0x14}}], 0x2, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r2, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c)
sendmmsg(r2, &(0x7f0000007e00), 0x136a88c8311572c, 0x0)
listen(r1, 0x10001)
r3 = syz_open_dev$dspn(&(0x7f0000000240)='/dev/dsp#\x00', 0x0, 0x0)
ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000380)=<r4=>0x0)
mq_notify(r3, &(0x7f00000003c0)={0x0, 0x3d, 0x5, @tid=r4})
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r5, &(0x7f000087dffe)='F', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r6 = add_key$user(&(0x7f0000000000)='user\x00', &(0x7f00000000c0)={0x73, 0x79, 0x7a, 0x1}, &(0x7f0000000100)="be74dc9964fa05ab3f478d71c7f52e5639fd6987327c026125878242b2fff7236fd00b", 0x23, 0xfffffffffffffffb)
r7 = add_key(&(0x7f0000000140)='rxrpc_s\x00', &(0x7f0000000180)={0x73, 0x79, 0x7a, 0x1}, &(0x7f00000001c0)="ddae3275b6f0e3f5dc7a67ba309639a22fbb570c68f611fa572b3201845a6031c5f5f1617004812cdf76ac1ff02528af33918f6f08370ab8a1d597e1e0fa9e76e4fde7a7145414803bccd140be926c7df74cfa59", 0x54, 0xfffffffffffffffb)
keyctl$unlink(0x9, r6, r7)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f00000002c0)={0x0, @in={{0xa, 0x0, @dev}}, 0x0, 0x0, 0x0, 0x0, 0xd}, 0x98)
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r5, 0x84, 0x7d, &(0x7f0000000040), &(0x7f0000000080)=0xc)

[  541.248476] binder_alloc: 6631: binder_alloc_buf, no vma
[  541.254064] binder: 6631:6654 transaction failed 29189/-3, size 24-8 line 2967
[  541.268595] binder: send failed reply for transaction 3571 to 6631:6635
[  541.302635] binder: undelivered TRANSACTION_ERROR: 29201
[  541.308165] binder: undelivered TRANSACTION_ERROR: 29189
[  541.315125] IPVS: set_ctl: invalid protocol: 51 172.20.20.12:20001
[  541.336995] IPVS: set_ctl: invalid protocol: 51 172.20.20.12:20001
09:40:54 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x1ffffffffffffc)
ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000001000/0x18000)=nil, &(0x7f00000003c0)=[@textreal={0x8, &(0x7f00000000c0)="66b9d309000066b80300000066ba010000000f3067f2a767defaf20f23d88c1f0f019d6649ba4000ed0f01f20f01b2380d0f20e06635010000000f22e0", 0x3d}], 0x1, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f0000000100)=ANY=[@ANYBLOB="1801004e296df142bf5a7bb6f74b87c5f071be7d8d74ffff7f000000000000e4709bd2dbfe324ef15b09f65aefb856c13d6a0a14f03f08d0f3bb6f54464bb57f448504e505bab313e44651a76678a5d6b068f661fabe9ab23ac6a08357cee78a72db55859e8a7cd6d4e4b4ac693b406d2c169f98a04b5ef584a3533878f79fe368a7697255912243143be2d8cac2c4ab7a75fbe4ba406a773a9989d3750a9e1152067a9c4e247581bae1cf308a3b8243bfaece25c23fe72b4883a3abd37c3bfcb70d5bfebaf4b19ad62d68febce1765bf4ddffd3b743b15b2f82275828143564d330965c11c9fbaa2b7a3ad79989ffee4261d50a2a6cf16172459d5238f4e3233623804498643693bdb5c6e1d07b18331ec2a6626a1cd9813a2433208aef3e87daebe82a1e3be49748e0e3d7fccec7e72a1310485f169de1c32f6aed95ef8c75f26e17faf202b1e4e42d8f764619e07cc871db05dd8d334bd1ebe422d9e1e549ed59b1100675ca0262a2df0212105e6237f399f3077f29fcae9eff"], &(0x7f0000000080)=0x1)
r4 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x800, 0x0)
socket$bt_bnep(0x1f, 0x3, 0x4)
ioctl$KDGKBLED(r4, 0x4b64, &(0x7f0000000300))
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)

09:40:54 executing program 1:
r0 = socket$inet(0x2, 0x1, 0x0)
mmap(&(0x7f0000c13000/0x4000)=nil, 0x4000, 0xfffffffffffffff8, 0x8975, r0, 0x3)
bind$inet(r0, &(0x7f0000134000)={0x2, 0x4e23, @broadcast}, 0x10)
connect$inet(r0, &(0x7f00000e5000)={0x2, 0x4e23, @loopback}, 0x10)
connect$inet(r0, &(0x7f00009322c4)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x2)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10)
poll(&(0x7f00000001c0)=[{r0, 0xfffffffffffffffc}], 0x1, 0x0)

09:40:54 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:54 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0xc70b0000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:40:54 executing program 5 (fault-call:10 fault-nth:0):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:54 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070")
r1 = socket$inet6(0xa, 0x3, 0x2f)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
getsockopt$inet_sctp_SCTP_PR_STREAM_STATUS(r2, 0x84, 0x74, &(0x7f00000003c0)=""/231, &(0x7f0000000100)=0xe7)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@multicast2, 0x0, 0x32}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x90}}, 0xe8)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
socket$inet6(0xa, 0x1000000000002, 0x0)
bind$netlink(r3, &(0x7f0000000140)={0x10, 0x0, 0x0, 0x1}, 0xffffffffffffff79)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10)
connect$inet6(r1, &(0x7f00000000c0), 0x1c)
r4 = getpid()
ioctl$sock_SIOCSPGRP(r0, 0x8902, &(0x7f0000000000)=r4)
write$binfmt_misc(r1, &(0x7f00000004c0)=ANY=[@ANYBLOB="7379e4dcd37f1ee9d8e750f1962f6b130f7a313b813b581ef5c4d97dbdd0eefdd0dcbd668124eb8a63945485de7d25d1ae24a66b25d40ad55a3e812f7cba60d6e73016bbbbef1fecde0e25961fe197fc6acc205fb7d4d5db22f3ae984d4dd07e83085eed52a48f878808e0feffe097ce5c8965a376e92863a1890dc40603ecb85527efd9322402121d8f1db2781ed5b573d21f"], 0x4)

[  541.485309] binder: 6681:6686 got new transaction with bad transaction stack, transaction 3577 has target 6681:0
[  541.495800] binder: 6681:6686 transaction failed 29201/-71, size 0-0 line 2879
[  541.541438] FAULT_INJECTION: forcing a failure.
[  541.541438] name failslab, interval 1, probability 0, space 0, times 0
[  541.552798] CPU: 0 PID: 6692 Comm: syz-executor5 Not tainted 4.18.0-rc7+ #173
[  541.560073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  541.569414] Call Trace:
[  541.571997]  dump_stack+0x1c9/0x2b4
[  541.575622]  ? dump_stack_print_info.cold.2+0x52/0x52
[  541.580806]  ? lock_downgrade+0x8f0/0x8f0
[  541.584952]  should_fail.cold.4+0xa/0x1a
[  541.589009]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  541.594105]  ? lock_downgrade+0x8f0/0x8f0
[  541.598245]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  541.603774]  ? proc_fail_nth_write+0x9e/0x210
[  541.608260]  ? find_held_lock+0x36/0x1c0
[  541.612319]  ? check_same_owner+0x340/0x340
[  541.616628]  ? __lock_is_held+0xb5/0x140
[  541.620673]  ? rcu_note_context_switch+0x730/0x730
[  541.625592]  __should_failslab+0x124/0x180
[  541.629817]  should_failslab+0x9/0x14
[  541.633604]  __kmalloc_track_caller+0x2c4/0x760
[  541.638262]  ? strncpy_from_user+0x510/0x510
[  541.642656]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  541.648180]  ? strndup_user+0x77/0xd0
[  541.651970]  memdup_user+0x2c/0xa0
[  541.655499]  strndup_user+0x77/0xd0
[  541.659114]  ksys_mount+0x3c/0x140
[  541.662641]  __x64_sys_mount+0xbe/0x150
[  541.666603]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  541.671611]  do_syscall_64+0x1b9/0x820
[  541.675487]  ? finish_task_switch+0x1d3/0x870
[  541.679969]  ? syscall_return_slowpath+0x5e0/0x5e0
[  541.684891]  ? syscall_return_slowpath+0x31d/0x5e0
[  541.689812]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[  541.695253]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  541.700085]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  541.705259] RIP: 0033:0x456a09
[  541.708431] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  541.727660] RSP: 002b:00007f208a4d7c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  541.735352] RAX: ffffffffffffffda RBX: 00007f208a4d86d4 RCX: 0000000000456a09
09:40:54 executing program 1:
r0 = socket$inet(0x2, 0x1, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0xc)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0xfffffffffffffffc, 0x8972, 0xffffffffffffffff, 0x0)
bind$inet(r0, &(0x7f0000134000)={0x2, 0x4e23, @broadcast}, 0x10)
connect$inet(r0, &(0x7f00000e5000)={0x2, 0x4e23, @loopback}, 0x10)
connect$inet(r0, &(0x7f00009322c4)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x2)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
ioctl$int_in(r0, 0x5473, &(0x7f0000000380)=0x200)
r1 = syz_open_dev$amidi(&(0x7f0000000200)='/dev/amidi#\x00', 0x5, 0x40000)
ioctl$KVM_GET_CPUID2(r1, 0xc008ae91, &(0x7f0000000240)={0x7, 0x0, [{}, {}, {}, {}, {}, {}, {}]})
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)="2e0e7365637572697479707070316c6f73656c696e757800", 0xffffffffffffff9c}, 0x10)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r2, 0x40505412, &(0x7f0000000140)={0x7, 0x100, 0x100, 0x0, 0xf})

09:40:54 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = dup3(r0, r0, 0x80000)
ioctl$KVM_SET_MSRS(r1, 0x4008ae89, &(0x7f00000000c0)={0x2, 0x0, [{0xbcd, 0x0, 0x9}, {0x0, 0x0, 0xfffffffffffffffe}]})
ioctl$SNDRV_RAWMIDI_IOCTL_DROP(r1, 0x40045730, &(0x7f00000001c0)=0x2d)
sendmsg$nl_generic(r0, &(0x7f0000000000)={&(0x7f0000000040)={0x10, 0xf}, 0xc, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x22, 0x305, 0x0, 0x0, {0x3006}}, 0x14}}, 0x0)
recvmmsg(r0, &(0x7f0000002f80)=[{{&(0x7f0000002c80)=@xdp, 0x80, &(0x7f0000001e40), 0x0, &(0x7f0000002ec0)=""/173, 0xad}}], 0x1, 0x0, &(0x7f0000003080))
timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000140)={{0x0, 0x1c9c380}, {0x0, 0x989680}}, &(0x7f0000000180))

09:40:54 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xeffdffff00000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  541.742607] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000020000340
[  541.749859] RBP: 00000000009300a0 R08: 0000000020000580 R09: 0000000000000000
[  541.757111] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014
[  541.764364] R13: 00000000004d1738 R14: 00000000004c6e79 R15: 0000000000000000
09:40:54 executing program 4:
socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, <r2=>0x0})
r3 = getpgid(r2)
kcmp(r2, r3, 0x4, r1, r0)
r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x4000, 0x0)
ioctl$GIO_CMAP(r4, 0x4b70, &(0x7f0000000080))
socket$nl_route(0x10, 0x3, 0x0)
socket$packet(0x11, 0x3, 0x300)

[  541.830227] binder_alloc: binder_alloc_mmap_handler: 6681 20001000-20004000 already mapped failed -16
[  541.839883] binder: BINDER_SET_CONTEXT_MGR already set
[  541.852501] binder: 6681:6686 ioctl 40046207 0 returned -16
[  541.873520] binder_alloc: 6681: binder_alloc_buf, no vma
09:40:54 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff000000000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:54 executing program 7:
r0 = add_key(&(0x7f0000000440)='big_key\x00', &(0x7f0000000480), &(0x7f00000004c0)='r', 0x1, 0xfffffffffffffffb)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x80, 0x0)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f0000000500)={{{@in6=@mcast2, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{}, 0x0, @in6=@mcast1}}, &(0x7f00000001c0)=0xe8)
sendto$packet(r2, &(0x7f0000000080)="1120f438b34e7a4179bbd314ece753c5e52d94cfe01468aec64fa603e87f1969cf92c10d137171790b2b2c08d2374886cc0f3942546f6e79b585b6af4c9e14eabf5127ac7875bf5759c051c7d5ea08e2fa90b55ba9f471409018361f3e1bee636ce6778e249e7c46ac894e0f551aedb1d2b4b2bb462e7b6546ca6e42917293f632e3bb01b469fd10fb38d00c7cb2d80d162e7617a6b6fe8a3fabb268d877550bea773a358875509113b3b4ab764bcecc55af112695", 0xb5, 0x40000, &(0x7f0000000200)={0x11, 0x1c, r3, 0x1, 0x1, 0x6, @remote}, 0x14)
ioctl(r1, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070")
clone(0x0, &(0x7f00000010c0), &(0x7f0000000300), &(0x7f0000000240), &(0x7f0000000140))
keyctl$read(0x6, r0, &(0x7f00000009c0)=""/4096, 0xfffffd03)
syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x2, 0x400)

[  541.879208] binder: 6681:6709 transaction failed 29189/-3, size 24-8 line 2967
[  541.897583] binder: send failed reply for transaction 3577 to 6681:6686
[  541.905668] binder: undelivered TRANSACTION_ERROR: 29201
[  541.911201] binder: undelivered TRANSACTION_ERROR: 29189
09:40:54 executing program 3:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f00000a9000)={0x2, 0x0, @loopback}, 0x10)
r0 = socket(0x15, 0x80005, 0x0)
ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, &(0x7f0000000140)={0xffff})
getsockopt(r0, 0x114, 0x2715, &(0x7f0000000000)=""/13, &(0x7f0000000100)=0x347)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:40:54 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:40:54 executing program 4:
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000080)={"6c6f0040000000000000000000000400"})
ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(0xffffffffffffffff, 0xc08c5336, &(0x7f0000000200)={0x9c8, 0x0, 0x0, 'queue0\x00'})
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={"6c6f00000000114a401900", 0x800})

09:40:54 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf4010000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  542.178086] device lo left promiscuous mode
[  542.185459] binder: 6732:6735 got new transaction with bad transaction stack, transaction 3583 has target 6732:0
[  542.195944] binder: 6732:6735 transaction failed 29201/-71, size 0-0 line 2879
[  542.238799] binder_alloc: binder_alloc_mmap_handler: 6732 20001000-20004000 already mapped failed -16
[  542.259176] binder: BINDER_SET_CONTEXT_MGR already set
[  542.264575] binder: 6732:6744 ioctl 40046207 0 returned -16
[  542.273786] binder_alloc: 6732: binder_alloc_buf, no vma
[  542.279355] binder: 6732:6747 transaction failed 29189/-3, size 24-8 line 2967
[  542.296785] binder: send failed reply for transaction 3583 to 6732:6735
[  542.305820] binder: undelivered TRANSACTION_ERROR: 29201
[  542.311810] binder: undelivered TRANSACTION_ERROR: 29189
09:40:55 executing program 6:
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7ffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2)
ioctl$SG_NEXT_CMD_LEN(r0, 0x2283, &(0x7f00000000c0)=0x4b)
write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="7f454c460009040000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000064380000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x2b)

09:40:55 executing program 7:
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$urandom(0xffffffffffffff9c, &(0x7f0000000040)='/dev/urandom\x00', 0x20000000240262, 0x0)
signalfd4(0xffffffffffffffff, &(0x7f0000006000), 0xffffffffffffff85, 0x0)
pselect6(0x40, &(0x7f0000f33fc0)={0x3ffffd}, &(0x7f0000768000), &(0x7f0000086000), &(0x7f0000349000), &(0x7f0000f14000)={&(0x7f0000a65ff8), 0x8})

09:40:55 executing program 5 (fault-call:10 fault-nth:1):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:55 executing program 3:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f00000a9000)={0x2, 0x0, @loopback}, 0x10)
r0 = socket(0x15, 0x80005, 0x0)
ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, &(0x7f0000000140)={0xffff})
getsockopt(r0, 0x114, 0x2715, &(0x7f0000000000)=""/13, &(0x7f0000000100)=0x347)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:40:55 executing program 3:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f00000a9000)={0x2, 0x0, @loopback}, 0x10)
r0 = socket(0x15, 0x80005, 0x0)
ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, &(0x7f0000000140)={0xffff})
getsockopt(r0, 0x114, 0x2715, &(0x7f0000000000)=""/13, &(0x7f0000000100)=0x347)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:40:55 executing program 7:
r0 = socket$inet6(0xa, 0x3, 0x6)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4000000, 0x0, @local, 0xb}, 0x1c)
syz_emit_ethernet(0x4a, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd60d8652b00140600fe8000000000000000000000000000aafe8000000000000000000000000000aa00000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000100090780000"], &(0x7f00000002c0))
socket$vsock_stream(0x28, 0x1, 0x0)
socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
getsockopt$IPT_SO_GET_ENTRIES(r1, 0x0, 0x41, &(0x7f0000000300)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000fc000000773f3f6e6b917d92b1eac483fdbc581b63fb6b745901dba84d48dc27f3c4b57e07e8e0cc793740c686a379eac13a4e2227a507608d8372cec9f68615cdb95dfa8dbbec2d3bf8c57b8fdb1a28aee51d263beb40c2fa2ff37b4dbe8bd64dad0617f6d22c0be2f4872cdccb32b91cedf1256c6a2d0b7b6de541afeefd88adbc791ca7a6ee532e1b75b38d667c6414f2214164fbad08cec0d2b0b994a3acbfef8f313a424ed8ea5743df85d5de900d50a61b7d0ca4a50abe4693aabce2dab41db69dbe56b5bbe8d69469725071bfd25d867ad3c74b6d36d84af31354e24d5564b9dded4dc84be7c369c2fe6b27b6cf709a2f367d673ea26cf516f31a0000c06d075d046c6a908ccef61fa94def4794a1940f66fce4783570a696a47426476eeec3fc132d0abcc2a5c9e6b5ae30737c20bfdfef730cabce4ec093a1b0328d9655a91650c3964f0f0dcd69077072e3ea45648f799b6c505a5d92e693440013c204de8330b81c8ca857fa88376245410233a31b3f371831ab118fa1b217b65a8bc2ff2f61c0"], &(0x7f00000001c0)=0x120)

[  542.450977] sg_write: data in/out 264412/1 bytes for SCSI command 0x0-- guessing data in;
[  542.450977]    program syz-executor6 not setting count and/or reply_len properly
[  542.476747] FAULT_INJECTION: forcing a failure.
[  542.476747] name failslab, interval 1, probability 0, space 0, times 0
[  542.488059] CPU: 1 PID: 6761 Comm: syz-executor5 Not tainted 4.18.0-rc7+ #173
[  542.495337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  542.504695] Call Trace:
[  542.507302]  dump_stack+0x1c9/0x2b4
[  542.510947]  ? dump_stack_print_info.cold.2+0x52/0x52
[  542.516151]  ? __save_stack_trace+0x8d/0xf0
[  542.520500]  should_fail.cold.4+0xa/0x1a
[  542.524578]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  542.529695]  ? save_stack+0x43/0xd0
[  542.533340]  ? kasan_kmalloc+0xc4/0xe0
[  542.537240]  ? __kmalloc_track_caller+0x14a/0x760
[  542.542096]  ? memdup_user+0x2c/0xa0
[  542.545823]  ? strndup_user+0x77/0xd0
[  542.549638]  ? graph_lock+0x170/0x170
[  542.553456]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  542.558838]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  542.564395]  ? proc_fail_nth_write+0x9e/0x210
[  542.568906]  ? find_held_lock+0x36/0x1c0
[  542.572997]  ? check_same_owner+0x340/0x340
[  542.577326]  ? lock_release+0xa30/0xa30
[  542.581310]  ? rcu_note_context_switch+0x730/0x730
[  542.586250]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  542.591282]  __should_failslab+0x124/0x180
[  542.595531]  should_failslab+0x9/0x14
[  542.599343]  __kmalloc_track_caller+0x2c4/0x760
[  542.604023]  ? strncpy_from_user+0x510/0x510
[  542.608446]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  542.613995]  ? strndup_user+0x77/0xd0
[  542.617812]  memdup_user+0x2c/0xa0
[  542.621365]  strndup_user+0x77/0xd0
[  542.625005]  ksys_mount+0x73/0x140
[  542.628557]  __x64_sys_mount+0xbe/0x150
[  542.632541]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  542.637566]  do_syscall_64+0x1b9/0x820
[  542.641447]  ? finish_task_switch+0x1d3/0x870
[  542.645940]  ? syscall_return_slowpath+0x5e0/0x5e0
[  542.650872]  ? syscall_return_slowpath+0x31d/0x5e0
[  542.655802]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[  542.661164]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  542.666014]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  542.671201] RIP: 0033:0x456a09
[  542.674376] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  542.693751] RSP: 002b:00007f208a4b6c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  542.701453] RAX: ffffffffffffffda RBX: 00007f208a4b76d4 RCX: 0000000000456a09
[  542.708711] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000020000340
[  542.715972] RBP: 0000000000930140 R08: 0000000020000580 R09: 0000000000000000
[  542.723240] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014
[  542.730496] R13: 00000000004d1738 R14: 00000000004c6e79 R15: 0000000000000001
09:40:55 executing program 1:
r0 = socket$inet(0x2, 0x1, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0xffbffffffffffffa, 0x1f, r0, 0x400)
bind$inet(r0, &(0x7f0000134000)={0x2, 0x4e23, @broadcast}, 0x10)
r1 = dup(r0)
ioctl$SCSI_IOCTL_STOP_UNIT(r1, 0x6)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x101000, 0x0)
connect$inet(r0, &(0x7f00000e5000)={0x2, 0x4e23, @loopback}, 0x10)
connect$inet(r0, &(0x7f00009322c4)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x2)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)

09:40:55 executing program 6:
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/vs/conn_reuse_mode\x00', 0x2, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x0, 0x0)
setsockopt$packet_int(r0, 0x107, 0x1f, &(0x7f0000000040)=0x21f7, 0x4)
ioctl$BLKTRACESTART(r1, 0x1274, 0x0)
openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/drop_packet\x00', 0x2, 0x0)
r2 = getpid()
ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000100)={[], 0x3, 0x8, 0x200, 0x1, 0x10000, r2})

09:40:55 executing program 7:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/softnet_stat\x00')
preadv(r0, &(0x7f0000000700)=[{&(0x7f0000000600)=""/246, 0xf6}], 0x1, 0x80000000)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snapshot\x00', 0x0, 0x0)

09:40:55 executing program 3:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f00000a9000)={0x2, 0x0, @loopback}, 0x10)
r0 = socket(0x15, 0x80005, 0x0)
ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, &(0x7f0000000140)={0xffff})
getsockopt(r0, 0x114, 0x2715, &(0x7f0000000000)=""/13, &(0x7f0000000100)=0x347)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:40:55 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0xffffffff, 0xc0441)
r2 = getpgrp(0x0)
ioctl$sock_SIOCSPGRP(r1, 0x8902, &(0x7f0000000040)=r2)
r3 = open(&(0x7f00009e1000)='./file0\x00', 0x8040, 0x0)
fcntl$setlease(r3, 0x400, 0x0)
unshare(0x20020400)
mount(&(0x7f0000018000)='./file0\x00', &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='Qamfs\x00', 0x105403, &(0x7f000000a000))
poll(&(0x7f0000000140), 0x0, 0x200007f)
unlink(&(0x7f0000933ff8)='./file0\x00')

09:40:55 executing program 3:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f00000a9000)={0x2, 0x0, @loopback}, 0x10)
r0 = socket(0x15, 0x80005, 0x0)
ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, &(0x7f0000000140)={0xffff})
getsockopt(r0, 0x114, 0x2715, &(0x7f0000000000)=""/13, &(0x7f0000000100)=0x347)
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:40:55 executing program 1:
r0 = socket$inet(0x2, 0x1, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0xfffffffffffffffc, 0x8972, 0xffffffffffffffff, 0x0)
bind$inet(r0, &(0x7f0000134000)={0x2, 0x4e23, @broadcast}, 0x10)
connect$inet(r0, &(0x7f00000e5000)={0x2, 0x4e23, @loopback}, 0x10)
connect$inet(r0, &(0x7f00009322c4)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x2)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000000c0)={<r1=>0x0, @in6={{0xa, 0x4e20, 0xd5, @local, 0x5}}, 0x2, 0x4, 0x6}, &(0x7f0000000180)=0x98)
getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000200)={r1, 0x7fff}, &(0x7f0000000240)=0x8)
ioctl$sock_inet_SIOCSIFDSTADDR(r0, 0x8918, &(0x7f0000000040)={'veth0_to_team\x00', {0x2, 0x4e22, @broadcast}})
r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x4000, 0x0)
ioctl$KVM_GET_NR_MMU_PAGES(r2, 0xae45, 0x30)

09:40:55 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0xc60b, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:40:55 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000003, 0x100000003)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc8000000808f762078")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_NR_MMU_PAGES(r2, 0xae44, 0xa4f8)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x7, 0x0, 0x0, 0x0, 0x5})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

09:40:55 executing program 3:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f00000a9000)={0x2, 0x0, @loopback}, 0x10)
socket(0x15, 0x80005, 0x0)
ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, &(0x7f0000000140)={0xffff})
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:40:55 executing program 5 (fault-call:10 fault-nth:2):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:55 executing program 4:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f00000a9000)={0x2, 0x0, @loopback}, 0x10)
r0 = socket(0x15, 0x80005, 0x0)
ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, &(0x7f0000000140)={0xffff})
getsockopt(r0, 0x114, 0x2715, &(0x7f0000000000)=""/13, &(0x7f0000000100)=0x347)
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:40:55 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xeffdffff]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  543.085900] *** Guest State ***
[  543.089306] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  543.098195] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  543.107075] CR3 = 0x0000000000000000
[  543.110644] FAULT_INJECTION: forcing a failure.
[  543.110644] name failslab, interval 1, probability 0, space 0, times 0
[  543.110836] RSP = 0x0000000000000000  RIP = 0x000000000000fff0
[  543.122071] CPU: 0 PID: 6818 Comm: syz-executor5 Not tainted 4.18.0-rc7+ #173
[  543.127989] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  543.135225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  543.135230] Call Trace:
[  543.135253]  dump_stack+0x1c9/0x2b4
[  543.135275]  ? dump_stack_print_info.cold.2+0x52/0x52
[  543.141247] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  543.150598]  should_fail.cold.4+0xa/0x1a
[  543.150620]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  543.153197] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  543.156796]  ? kasan_kmalloc+0xc4/0xe0
[  543.156817]  ? __kmalloc_track_caller+0x14a/0x760
[  543.161999] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  543.168633]  ? memdup_user+0x2c/0xa0
[  543.168650]  ? strndup_user+0x77/0xd0
[  543.172706] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  543.177775]  ? graph_lock+0x170/0x170
[  543.177796]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  543.185753] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  543.189606]  ? proc_fail_nth_write+0x9e/0x210
[  543.189632]  ? find_held_lock+0x36/0x1c0
[  543.194465] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  543.202423]  ? check_same_owner+0x340/0x340
[  543.202441]  ? lock_release+0xa30/0xa30
[  543.206151] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  543.209908]  ? check_same_owner+0x340/0x340
[  543.209921]  ? rcu_note_context_switch+0x730/0x730
[  543.209939]  ? __check_object_size+0x9d/0x5f2
[  543.217893] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  543.221664]  __should_failslab+0x124/0x180
[  543.221683]  should_failslab+0x9/0x14
[  543.227222] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  543.235164]  kmem_cache_alloc_trace+0x2cb/0x780
[  543.235186]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  543.239671] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  543.243711]  ? _copy_from_user+0xdf/0x150
[  543.243733]  copy_mount_options+0x5f/0x380
[  543.251696] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  543.256011]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  543.256030]  ksys_mount+0xd0/0x140
[  543.256047]  __x64_sys_mount+0xbe/0x150
[  543.256068]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  543.260098] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  543.268081]  do_syscall_64+0x1b9/0x820
[  543.268103]  ? finish_task_switch+0x1d3/0x870
[  543.268115]  ? syscall_return_slowpath+0x5e0/0x5e0
[  543.268128]  ? syscall_return_slowpath+0x31d/0x5e0
[  543.268150]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[  543.268175]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  543.272551] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  543.277486]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  543.277499] RIP: 0033:0x456a09
[  543.277504] Code: fd 
[  543.282072] Interruptibility = 00000001  ActivityState = 00000000
[  543.289988] b4 fb ff c3 66 2e 0f 1f 84 00 00 
[  543.294269] *** Host State ***
[  543.298032] 00 00 00 66 90 48 
[  543.306032] RIP = 0xffffffff811f3d24  RSP = 0xffff8801d9aa7350
09:40:56 executing program 5 (fault-call:10 fault-nth:3):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

[  543.310647] 89 f8 48 89 f7 48 
[  543.316220] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  543.324133] 89 d6 48 89 ca 4d 
[  543.328301] FSBase=00007f77e0202700 GSBase=ffff8801db100000 TRBase=fffffe0000034000
[  543.332490] 89 c2 4d 89 c8 4c 
[  543.340480] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  543.345986] 8b 4c 24 08 0f 05 <48> 3d 01 
[  543.349566] CR0=0000000080050033 CR3=00000001af633000 CR4=00000000001426e0
[  543.353492] f0 ff ff 0f 83 cb 
[  543.358533] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff86c01380
09:40:56 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:56 executing program 3:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f00000a9000)={0x2, 0x0, @loopback}, 0x10)
socket(0x15, 0x80005, 0x0)
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

[  543.364890] b4 fb ff c3 66 2e 
[  543.368797] EFER = 0x0000000000000d01  PAT = 0x0000000000000000
[  543.373246] 0f 1f 84 00 00 00 
[  543.378188] *** Control State ***
[  543.383077] 00 
[  543.383089] RSP: 002b:00007f208a4d7c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  543.383107] RAX: ffffffffffffffda RBX: 00007f208a4d86d4 RCX: 0000000000456a09
[  543.388472] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2
[  543.393279] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000020000340
[  543.393289] RBP: 00000000009300a0 R08: 0000000020000580 R09: 0000000000000000
[  543.393302] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014
[  543.400740] EntryControls=0000d1ff ExitControls=0023efff
[  543.405890] R13: 00000000004d1738 R14: 00000000004c6e79 R15: 0000000000000002
[  543.460008] binder: 6811:6814 got new transaction with bad transaction stack, transaction 3589 has target 6811:0
[  543.464675] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  543.464685] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  543.464695] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  543.464703]         reason=80000021 qualification=0000000000000000
[  543.464711] IDTVectoring: info=00000000 errcode=00000000
[  543.464718] TSC Offset = 0xfffffeda8d0d8ce3
[  543.464726] EPT pointer = 0x00000001ce76c01e
[  543.611336] binder: 6811:6814 transaction failed 29201/-71, size 0-0 line 2879
09:40:56 executing program 4:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f00000a9000)={0x2, 0x0, @loopback}, 0x10)
r0 = socket(0x15, 0x80005, 0x0)
ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, &(0x7f0000000140)={0xffff})
getsockopt(r0, 0x114, 0x2715, &(0x7f0000000000)=""/13, &(0x7f0000000100)=0x347)
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:40:56 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:56 executing program 3:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f00000a9000)={0x2, 0x0, @loopback}, 0x10)
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

[  543.644604] binder_alloc: binder_alloc_mmap_handler: 6811 20001000-20004000 already mapped failed -16
[  543.660556] binder: BINDER_SET_CONTEXT_MGR already set
[  543.673234] binder: 6811:6814 ioctl 40046207 0 returned -16
[  543.684862] binder_alloc: 6811: binder_alloc_buf, no vma
09:40:56 executing program 7:
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0)
r1 = socket$inet6(0xa, 0x80003, 0x10000)
ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f000082ef0a)=""/246)
ioctl$EVIOCGREP(r0, 0x80047441, &(0x7f0000000140)=""/174)
setsockopt$inet6_dccp_int(r0, 0x21, 0x20000000000005, &(0x7f0000000000)=0x3, 0x0)
ioctl$FS_IOC_FSGETXATTR(r0, 0x801c581f, &(0x7f0000000080)={0x7ff, 0xfffffffffffffffd, 0xd, 0x3, 0x224f625})

09:40:56 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
socket$inet6(0xa, 0x800, 0x8)
ioctl(r0, 0x100008912, &(0x7f0000000100)="025cc80700145f8f764070")
syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x2, 0x1)
r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/ipc\x00')
ioctl$VT_RELDISP(r1, 0xb701)

[  543.690476] binder: 6811:6830 transaction failed 29189/-3, size 24-8 line 2967
[  543.698654] binder: send failed reply for transaction 3589 to 6811:6814
[  543.714136] binder: undelivered TRANSACTION_ERROR: 29201
[  543.720060] binder: undelivered TRANSACTION_ERROR: 29189
09:40:56 executing program 4:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f00000a9000)={0x2, 0x0, @loopback}, 0x10)
r0 = socket(0x15, 0x80005, 0x0)
ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, &(0x7f0000000140)={0xffff})
getsockopt(r0, 0x114, 0x2715, &(0x7f0000000000)=""/13, &(0x7f0000000100)=0x347)
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

[  543.809730] FAULT_INJECTION: forcing a failure.
[  543.809730] name failslab, interval 1, probability 0, space 0, times 0
[  543.821061] CPU: 0 PID: 6846 Comm: syz-executor5 Not tainted 4.18.0-rc7+ #173
[  543.828337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  543.837694] Call Trace:
[  543.840301]  dump_stack+0x1c9/0x2b4
[  543.843947]  ? dump_stack_print_info.cold.2+0x52/0x52
[  543.849150]  ? find_held_lock+0x36/0x1c0
[  543.853233]  should_fail.cold.4+0xa/0x1a
[  543.857309]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  543.862425]  ? kasan_check_read+0x11/0x20
[  543.866580]  ? rcu_is_watching+0x8c/0x150
[  543.870746]  ? rcu_report_qs_rnp+0x7a0/0x7a0
[  543.875164]  ? rcu_report_qs_rnp+0x7a0/0x7a0
[  543.879615]  ? find_held_lock+0x36/0x1c0
[  543.883698]  ? check_same_owner+0x340/0x340
[  543.888018]  ? rcu_note_context_switch+0x730/0x730
[  543.892941]  ? save_stack+0xa9/0xd0
[  543.896563]  __should_failslab+0x124/0x180
[  543.900797]  should_failslab+0x9/0x14
[  543.904589]  kmem_cache_alloc+0x2af/0x760
[  543.908738]  getname_flags+0xd0/0x5a0
[  543.912534]  user_path_at_empty+0x2d/0x50
[  543.916678]  do_mount+0x17a/0x30e0
[  543.920216]  ? copy_mount_string+0x40/0x40
[  543.924439]  ? rcu_pm_notify+0xc0/0xc0
[  543.928326]  ? copy_mount_options+0x5f/0x380
[  543.932726]  ? rcu_read_lock_sched_held+0x108/0x120
[  543.937754]  ? kmem_cache_alloc_trace+0x616/0x780
[  543.942595]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  543.948138]  ? _copy_from_user+0xdf/0x150
[  543.952284]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  543.957811]  ? copy_mount_options+0x285/0x380
[  543.962299]  ksys_mount+0x12d/0x140
[  543.965929]  __x64_sys_mount+0xbe/0x150
[  543.969893]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  543.974902]  do_syscall_64+0x1b9/0x820
[  543.978779]  ? finish_task_switch+0x1d3/0x870
[  543.983267]  ? syscall_return_slowpath+0x5e0/0x5e0
[  543.988186]  ? syscall_return_slowpath+0x31d/0x5e0
[  543.993125]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[  543.998483]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  544.003323]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  544.009213] RIP: 0033:0x456a09
[  544.012386] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  544.031726] RSP: 002b:00007f208a4d7c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  544.039442] RAX: ffffffffffffffda RBX: 00007f208a4d86d4 RCX: 0000000000456a09
[  544.046701] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000020000340
09:40:56 executing program 1:
r0 = socket$inet(0x2, 0x1, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0xfffffffffffffffc, 0x8972, 0xffffffffffffffff, 0x0)
bind$inet(r0, &(0x7f0000134000)={0x2, 0x4e23, @broadcast}, 0x10)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @broadcast}, 0x10)
connect$inet(r0, &(0x7f00009322c4)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x2)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10)
poll(&(0x7f00000001c0), 0x0, 0x0)

09:40:56 executing program 3:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:40:56 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:56 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

[  544.053958] RBP: 00000000009300a0 R08: 0000000020000580 R09: 0000000000000000
[  544.061216] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014
[  544.068474] R13: 00000000004d1738 R14: 00000000004c6e79 R15: 0000000000000003
09:40:56 executing program 7:
setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f0000000000)={0x0, 'bridge_slave_1\x00'}, 0x18)

09:40:56 executing program 5 (fault-call:10 fault-nth:4):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:56 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070")
r1 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r1, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000000)="24000000010407031dfffd946fa2830020200a0009000100021d85680c1baba20400ff7e28000000110affffba010000000009b356da5a80d18be34c8546c8243929db2406b20cd37ed01cc0", 0x4c}], 0x1000000000000312}, 0x0)
r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000080)='/dev/rfkill\x00', 0x1, 0x0)
mmap$binder(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1000000, 0x4010, r2, 0x0)

09:40:56 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

[  544.184069] binder: 6871:6874 got new transaction with bad transaction stack, transaction 3595 has target 6871:0
[  544.194621] binder: 6871:6874 transaction failed 29201/-71, size 0-0 line 2879
09:40:56 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  544.262737] binder_alloc: binder_alloc_mmap_handler: 6871 20001000-20004000 already mapped failed -16
[  544.285296] binder: BINDER_SET_CONTEXT_MGR already set
[  544.290732] binder: 6871:6874 ioctl 40046207 0 returned -16
[  544.296755] binder_alloc: 6871: binder_alloc_buf, no vma
[  544.302361] binder: 6871:6882 transaction failed 29189/-3, size 24-8 line 2967
[  544.311716] binder: send failed reply for transaction 3595 to 6871:6874
[  544.324819] binder: undelivered TRANSACTION_ERROR: 29201
[  544.330411] binder: undelivered TRANSACTION_ERROR: 29189
09:40:57 executing program 6:
r0 = socket$inet6(0xa, 0x800, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f000069c000)='/dev/sequencer2\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r1, 0x40085112, &(0x7f00000000c0)={{0xffff, 0x3}})

09:40:57 executing program 1:
r0 = socket$inet(0x2, 0x1, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0xfffffffffffffffc, 0x53, 0xffffffffffffffff, 0x0)
bind$inet(r0, &(0x7f0000134000)={0x2, 0x4e23, @broadcast}, 0x10)
connect$inet(r0, &(0x7f00000e5000)={0x2, 0x4e23, @loopback}, 0x10)
setsockopt$IP_VS_SO_SET_DEL(r0, 0x0, 0x484, &(0x7f0000000000)={0x3c, @broadcast, 0x4e22, 0x3, 'wlc\x00', 0x1, 0x7fffffff, 0x62}, 0x2c)
connect$inet(r0, &(0x7f0000000040)={0x2, 0xe23, @rand_addr=0x5}, 0x80)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10)
poll(&(0x7f00000000c0)=[{r0, 0x8210}, {r0, 0x1ff}, {r0, 0x4}, {r0, 0x30}, {r0, 0x18}, {r0, 0x2000}, {r0, 0x2}], 0x200002fb, 0x4)

09:40:57 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:40:57 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  544.430759] binder: 6902:6903 got new transaction with bad transaction stack, transaction 3601 has target 6902:0
[  544.435501] FAULT_INJECTION: forcing a failure.
[  544.435501] name failslab, interval 1, probability 0, space 0, times 0
[  544.441217] binder: 6902:6903 transaction failed 29201/-71, size 0-0 line 2879
[  544.452415] CPU: 1 PID: 6895 Comm: syz-executor5 Not tainted 4.18.0-rc7+ #173
[  544.452430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  544.476416] Call Trace:
[  544.479032]  dump_stack+0x1c9/0x2b4
[  544.482680]  ? dump_stack_print_info.cold.2+0x52/0x52
[  544.487883]  ? perf_trace_lock_acquire+0xeb/0x9a0
[  544.492732]  ? find_held_lock+0x36/0x1c0
[  544.496814]  should_fail.cold.4+0xa/0x1a
[  544.500891]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  544.504332] IPVS: set_ctl: invalid protocol: 60 255.255.255.255:20002
[  544.506006]  ? kasan_check_read+0x11/0x20
[  544.506026]  ? rcu_is_watching+0x8c/0x150
[  544.506039]  ? rcu_report_qs_rnp+0x7a0/0x7a0
[  544.506055]  ? rcu_report_qs_rnp+0x7a0/0x7a0
[  544.523198] IPVS: set_ctl: invalid protocol: 60 255.255.255.255:20002
[  544.525300]  ? find_held_lock+0x36/0x1c0
[  544.525341]  ? check_same_owner+0x340/0x340
[  544.525360]  ? rcu_note_context_switch+0x730/0x730
[  544.525378]  ? save_stack+0xa9/0xd0
[  544.530415] binder_alloc: binder_alloc_mmap_handler: 6902 20001000-20004000 already mapped failed -16
[  544.536342]  __should_failslab+0x124/0x180
[  544.536363]  should_failslab+0x9/0x14
[  544.536379]  kmem_cache_alloc+0x2af/0x760
[  544.536396]  ? find_held_lock+0x36/0x1c0
[  544.536419]  getname_flags+0xd0/0x5a0
[  544.536437]  user_path_at_empty+0x2d/0x50
[  544.549509] binder: BINDER_SET_CONTEXT_MGR already set
[  544.549711]  do_mount+0x17a/0x30e0
[  544.553486] binder: 6902:6903 ioctl 40046207 0 returned -16
[  544.562659]  ? do_raw_spin_unlock+0xa7/0x2f0
[  544.562681]  ? copy_mount_string+0x40/0x40
[  544.562695]  ? rcu_pm_notify+0xc0/0xc0
[  544.562721]  ? copy_mount_options+0x5f/0x380
[  544.562739]  ? rcu_read_lock_sched_held+0x108/0x120
[  544.562753]  ? kmem_cache_alloc_trace+0x616/0x780
[  544.562771]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  544.562789]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  544.562804]  ? copy_mount_options+0x285/0x380
[  544.562823]  ksys_mount+0x12d/0x140
[  544.577133] binder: send failed reply for transaction 3601 to 6902:6903
[  544.579019]  __x64_sys_mount+0xbe/0x150
[  544.579037]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  544.579058]  do_syscall_64+0x1b9/0x820
[  544.579073]  ? finish_task_switch+0x1d3/0x870
[  544.579090]  ? syscall_return_slowpath+0x5e0/0x5e0
[  544.579105]  ? syscall_return_slowpath+0x31d/0x5e0
[  544.579124]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[  544.686537]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  544.691384]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  544.696559] RIP: 0033:0x456a09
[  544.699730] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  544.719008] RSP: 002b:00007f208a4d7c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
09:40:57 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:57 executing program 7:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000001340)={&(0x7f00000000c0), 0xc, &(0x7f0000001300)={&(0x7f0000000280)=ANY=[@ANYBLOB="4000000010000100000000000000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000005000000000000006e000000cb9ea72042a05d66000300006803dc7d81c8b9469529f9537fcd3835a913a439cc598cf6b5778d6a99629063b287eb3cc461ac46453d3ce2757f37f115cd578b43159df87f29ee8b195cd064ee127f0c85664adc42bc684486991b9bc63ff8e47f5fffbf4f65f65a0a243980eb22f5902e9c4686f49151a650f66eb7ad217223c406db4351647fce86d9c98a96f2ab309e99219e21eeb058323eb5c1a30c3754f0e45a88400e0d134168a7ae6ce75b8693b983362483da78a6403b7d508e9965af304f1b5eb27d"], 0x40}}, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000000380)={{{@in6=@dev, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}}, {{@in6=@loopback}, 0x0, @in=@loopback}}, &(0x7f00000001c0)=0xe8)
sendmmsg(r0, &(0x7f0000005540)=[{{&(0x7f0000000200)=@hci={0x1f, r1, 0x2}, 0x80, &(0x7f0000000600)=[{&(0x7f0000000480)="b560cefda1a3d02376ba7f4bb31aabdabcfc312aa1d62376c27ca2116622b59a4cbd7f7c87544b0af79d4f7526893f274540113b27520d8e67f7ddfcf0980b3c14c7fc669c9b1b901b47dc4793eaa5fce970d9fd1ae6aab09307d354dcc7acdfc15eeeede1f90a1c6752961077d89e99cb02764662f37143f99338", 0x7b}, {&(0x7f0000000500)="6faf7c6806bcf44665d823dd8f2d8a3eb9befc943391236af3f607908f74631e324681b3bdb07d201baede04da10bd8022337700271ac0cec72e50ee2ecfcff19d3c69b225f95c267240b33b238adc64c2ff438e23463115803cbd75d0c78c5330b06ae62025592b2c2bcfc64e9ea2d5e5d6dad6fe2719a01e39f20431ae66bacc4c3c6613fade8debab2c750db0fa7f92ee3acfb3f8f7a617645e747e59813b1f6cd13b14a8126cc83406dfc6591f932fdcfc2f75b6d3fc558d81b30b4288427f1536ddbcce7cd48ae27113a1219084dcd5cf9ec10e41a3d87e91105338f114ea76e911876958260872c40d636bc2675b", 0xf1}], 0x2, &(0x7f0000001380)=[{0x100, 0x109, 0x80000000, "5c506fbc1ef9cbc1c6ab594e7c6733142377e600de19ae8db085980b29194b47daabb0dd83036f77e287eac17de059190b55c963e41ad55bd16cd174e01cba9bb4c9b777235b5aaf5acedcda6fb895dd3bb64d23cf23365c1ddf00ebe7f476a1db6bfd27ae73dd3fa4e4931f2bf32a224f091852dc491caa66e270214efabd2b17a24b6529d23e5c9a5d3e20a22a8030375fdbbb0d6fc5d9c83f4b59883e0ecb219f751f4b860829c791f624ca61eccd6570ed86d226a62a169878d64998783cb2bdd4d785b6d04a7e743cb567678eac7e18b8f0f2ef29836bf43a5679460ac0358870588b2f6cbeafe473fbf5"}, {0x1010, 0x0, 0xff, "0a2f4a7f3541af75d2e41df620f0c688c285f553352e05f913e58f97025e0a06e918b9e8b574452f05bc822315a61515294ca0292670f593dac551adc7f3dc6c91c9329a5485b4aef6d202a9244209c23dcb77eedb33b3ca138c68514226d2a0124e401fd403f0eaceab66c98cd6df2aa382b723c8762100df952af9bbe20501a997db9bafba678d41824f990599fa99ca82904f26290a7bab3ad5c26550ecfe2a618c8e0fd0fa5022d49b456e336822003a80fe95acc9eb2fe39fb8ad6fcc3a3f47cdb39a9b2878209521576df24b005543c3479d97371b129793afad83ddeaeb9cae2eba9815f4674a64f45605ea081156a067cc86f6053fc776aa273e286364c749d27073a510da0b789100468d541ed364515ffb9ace0901c0192595a699841712760640718e3b93fbc574be2c87da74fa2bfb5795d5b3e19152c1d6b457b902cb31397aa9e6a7c43b3abe4e5d35939a3cf6a7b8f1761552a634ef317d3a6b870907a45f200f1a8349864a0de8984c6b9cbd8608181461b5ac45e33a6390af3b8ee13d14bdfcac9072aefd2a59e8889359587c09d473e20be634b4daf5cc069bf6716be0c5be4463b1f91ebf0047cd063cfc47a4ae36066ff86b68a48f8601002567f30b4da4562c0a4e2c8bae711fd267f8a6c4be788239e7fda1899cb1e2c66412415ac34ebe5dfdbc81ecdf774829bd51593ac94c53430672631cdfb2485db029a5da5117a5b4e6c2313067eff45aec13335d400a81c8924ab7a771a4ec97aaade9d8384c8bded946cff6e0250dc0cd79dd95edefa6f383eeb59d42977b15ca74710617ca5d23391d822d94643c2dfdc07dc91995f267896d1f01006764de1a7138562ec35b3248c724b5b93fc060da3e36a95834f5aa1a4be45513d1b105535231cb381dd0e4d8c2ebf9508ddd5065b55132a897c1fd3d39a2da97ebb1bb2eaede30b7cb45e4b40b77bd9d32977d89d2a51eabd94bacb5f31ff16012960e261100378f7ce26d39844248cf3309b924eedd140c2d398126c530318c5809fa6d16b30e52fffbd2d3ed969c23673473158a3b4cd56f889320620c6eeb0ad9d4b8cc21538beb20ef8874a5cc3edfedc85c45d56fc581fb446d9431fd6ba637c10e86af5cd661a0a220ff3d03a7c6e7b0de474520f34be31e8d87caace0ccc2bcef8712f389553a0be7d9f39fa554ee1c7c96fa670c5792d3ce615baa91f92c85ff6e3422d9f4a16bf88ab4ad551f3bc92f7a6dd22537c41c4c6d5ccb4e3e57d3d6e17fa83893c7f1708f0a11dced45ac304fa9c6a1ebff623799989f50098fa8829e2ffa194f5cfd37fc87ff0f2a86eeb2d566cfa7cd1dec19a33cf4f808baa0852d31c52ec65c9433ff000789ac7e32cbac19184cf1318eb21dbfa5d87f6e979a61039b11b8bdab2f23f08a1915eb6253e91f8881340ae10787c78b6829032ae5816b000a1ad3398d3e220cb5b91115d1ff71d089925b195bf018355340e0132f4f5123131cad05929920e06e8a799ebab54a6dd4589a879fc188dab48a8c4bc320a2086fb1a9e1da0f74aa2429f6800d48c2db3fdd98407d4bf5d352edb19e4522714c7fb10c78960092c39a8554189932cb752d5bbc33b6b031255142b6e5761852a61eb0159e631c633df15cff254cb4766c98df874adf262c4da958031020a255c191fe0f397fb9c72d048d378d69006749900cb6e56b57fd88677408a15fea2c959203ff65b33e59f634b86995debcd78af9247077df175513d93bb2d185fc7851351cd50a519d160f32b6d0d34cec93ab33d3b6fbe4d1fd8776cbd01910311ad753c719bfec7e4565beffa78cfd8aa016da56c7882dad2f831f4cc73726d137004c6bff959d9d39e8685cf904010d645e504d9dd3cbc3caad387884e6b56ec49d6dd02b6e75365eab41e9fda2d6ff6c7877f745c944e77d5fb4fdfeae4d2f9b4dc660cd20b5221834b33fb60de41b9136ce7af6790dc7fdfd6ad147639e488ea1d6cdfddc32f3b3d9ec38f3952dbc3945f202cfa3252dc94409b419eead5fa700c2d2ea6f24d3c6d2a198747fa71b0a611823d2de9adb635827301236fb9d22413d3177af6f1f0453a8a23d371bcdbc51cc571f4cd3100aa8348b8c40765e64101ec115e106ea2931011fe7e3212ec3193d347f0da4e93d6719c15f52727ce7adfb8fd0eef76cd00db1fdb983ef7701c2a471b4326329723d6d78a02cba2f4fcedd36ebfa882db5b9309d7e93e440e983f17efab2b25d431268d7f4946605a975160ef8cdf7bb4de4c224dad8d0d5f646d177b132f63cc1c6d54414e223410077934a31d20867f43318c613cfadbeff25e022792811ce576b749352e65c353ea4537b8089132da76c87e3700218e9b563fa71559d9ebbce68637984b6b5cfc4a9f79be3aab299d7ed6eff3427376f3ae6de5a1367bb1aa718c05236baa118688913249c68df2d9efede7b48ac69c712509cfa652e60a14556955f88b4506d74da02e2f68268374efb0534b1d9f4edcbfcefa50cf5073337d28a042f078577f054174d6dffc66b1741f4504fc852d9c577b9b2753b45f4f53782ba9e196d1b0c94c5a4d76871bc1fa7f6d70d7fe892b949f34eaecb12dd418ff4e26f048f5c911fa0c7884b4fc86d75c838ab4180fab1dc48cd0add9ff542c4af933eeb0aebac4a0deb379eb03ba17fc67cd1116dc358dacd5ad35f8037ea147fe0fd3aa0e5bf4c91dfb717c64ab6c0c86e9854f3c1938ff1f14f4c4cdedae0e40cca2570dd86223326dfcad3fc660f52611b5bb522483ca13c64279230f98cea6cae8156d3bd0147ab7bc989d34e5a5776601ad5334f3604099ea930dc2a08cf25dee7f4f769e91d99d69722147a318f89f4b5708ab366dcd1861caf327c57af1e225e389bed8dcfd91530c9cd05d86afe83d7228fd80877ea2c08da2ac43e7207864a66751a03a93062e55a4a479ddabff2b9e6296dd9ece4f0ab797b655332821784dd4da2d80b092fb5b53b0f42aedcc690325275cf531fd42d358d2f8637278a1dbe68a7ac6c18bb024a6f03f4c169162d630bad51bcc21e9ac723790ff867a88c40bd923511b8555b8c35f11ab1fe73e17a8a68b1ca8b916a75095d1e97bc02ff599d36aa9eeabe47079ac29d04bfe49bfa6723589ae558d60795c33b5466443f9cb699db87d30f6c8e86631252fd3b5c4056f89d23c1d48c97e13ec2eeaa5cbc5014d7a3b18592b1d7d849b1ec3f28f7d1aa5b645b73377553f07cdeaa143faa853533aa01c07c39b5871fea57e3455ace7282cbe7e340d04a70e5c52ba1b825f08b19ec2d13520b367928a2babbb3f01279c5b7fd0e5fc286a0a1ddfc627442275a046fbbe26759e2c7766a88e45b0b71a84a917d17fe36e9ec0e9947dee34c0822a78d1cc11e9b994dcf24d786f0ddf784e0605ee25401f63fa785ae5f8283496f9f72f5932a8f56e6ca70e605e6911efa078583bf836839cec4e6fc2102033d0ca9087853d7e132e27f255642fe83f90b7a7f77a8c85d3c4a5e723042aaee86a7b13144d1830911a9158ab72577b102f59067365a3290a4799ae2f35037dc41ffa2897ddbd99ad74da1063086fe507de3a3c99401d1de8fb1b82ebeb66598d458cd8e8a3b3d0b71b900ce3fc66ff5cccd71d4e765e80e69af130a5605659c2d8b74ca7762accaa399ca3d3b8bbc8d583fc11ef5ccbd82e86082f8c898a2a7e87b62e351d4a681d601d13066f117e5cddac1e14142fe168b5e1e2688aa4294a75f36196a9348c704eec57998cbb506dce02b1e7748caf9c55d8c412b5ed1565211878991c0c7af4b3edd8245a01969adb6498b57e63ea30abb3afdf3fd89c3dfc1d2128eb27539a4481173c2c3b23556b3dbfd284d800c6e6269b64de160bceba0b7e79833aa12cd3f3e1fdb47700efa34f86df3626c4b2d8ab90df160b2b86e942aa11f8cb6bfc596934ce06631b267a9b06c150f454ea4346c39c3338558edb48e42b45348d979524ebceda2515ffff7b06774e31145a035f5543584050cab66a8f9a8f7d27695ccc266089261a5f22529988b4bef43abe15cb8e798480ca130e272a3887d945a31126e38f090745243dfbd568849f97153e07c44a69b9c1a0185c2a1bd7bb49eab49760acd051007292b1dfdab639338eab4f11b50f0a591f5cc5932ca540072ee0046fcde4ee3cf18c88598f0834e4fed1cd9e4b9e340c4b226056dbe40216a8126c2e14f09fb6c295350298de95e25b3e25851a60fba58fd40f7bf46e81a5a3e86403d3dbf5741cb0116c9ec34a15275c5ed7f5dcbb97e9aa6ed011ef2c332f7fb9f13d7f2d1b2751aad61a3f4ef8d8a7c906de26a6fbe10b229c0ecf17831235ac37cc2b77f63673306ea7cb18423d7c47fff9891d806b129f439f7ec22eeb5bfad7aac3507013bcdde53da8777ef2faeb5b6406fa3a594afa77364e6c7914de88c3fe5e8c6f045fa777475670d461360d0259d8964cc1fd26af89493bbb371221f42b39c686a8cd66d2889cce463b1b5a07c6f6a329c7bf4a280a975062c0227f07dd7de49e55214c225f04c3c61f5e7c8df9f86365f32fc19593f72594f211d83cbfc9fb11b859368476cd5cb8089a7ae6d24e3b05aa243bee37154ee4deb2c7a2307aceb9b831cb840893fae77e67fb29f0f941169c85592d7909b80e02ff70a8e98c67870c725fed33fc1fc7e6cf5ee9d9d9bd2928588a860d6dc98389efd3f531f17c0229a0dda7641f960da9ad9a7a5dc7fa21f1b4ecb39958f7ec461f79fc66fa68c0cff1f1c57a54319ada7c3b10e2c65a49c2cdded6a0a994d0d837c8f1ce7f2d64c5501c5b6b8b38afcfd87acc0c53ed67b7e87aecabc4ee05f95cf4d7376fd885c7d87464d09d934f0a8c657a347c047ce12857e65fb0061b02517be33dd155c58c5137fee70ed21e888bb0e88c5e3807ac8c5b84aa384a76e73631fb96f13d8793ff052a2a338e4ad309d61296799b9b2a1473526c2207377c900b17c7235eada85c0406946058cd801dc48ca14ad3ee167dd4e82948ab29d782c7c90edf2642a324eee825adfea6dfc09dbc471d98a2b97cc93bc14602c7ea42fd73da69807fbe5d5b1354a35024c1af74fe563da70bd6392cc205f5b539e61db17e56433c06e203117b86d37e1f48a4f76fc91282426b3ec203a49687511a847d68900fd171ab6da3e905ff926d88a13ea728657b1e7ff7fc2b1a731e5ad57c1036e7744a23daf85722b7b4171b72314cee6054e043a8572c03e392cc8eab0554004d94fc2839bf1d958ed72f0915fdbcdfea380baf1076c87e4d4387e6ed115fbf4718cd4c6743f392db1b1cbbace4489bc42d4e0f84ca9e9e7365eec56d050e015c6cf0345880f70bff2a784242d6a7c21e6a5d165ce2841e9de4d318ffff1591fa95e9291f52a033ecfd1eca784410c1b17245297264ca82df4b42f0b8a80d4d86322f50fbeff140091e0e1b626539cfb2057f2aa3ea3b9238a3882ed78941a56924e75f4d91cd256600ed3391d137a2679769c89c4b308a853ed1710eb94dd0fc30a99ec4bb1c060fc46e7e10696e47324d3909da25f3b156df831c5d6ca670a8a467a4bf4d9f503ab070c7f87ff66dfee1a64bd8c7bbe08bafa06d3aec3db3e8d915b0359a2c9668153da70ad61636d697debee61885be3f23b80730deff7b5f179cd0ff2cc2340985f347cf67dd6c0334708534d230af67b9110608a1bb8ffbacb315d7f92f6f3c16a4f941c27f427d60e9d15cb06746bbf5358aa3ceb9d593643fd97794d16b1d6ff36ba4b0e7a1f03"}, {0x70, 0x11d, 0x6, "0ba3fa7b2ff09e918779ee4b66d8615fa9ecaa3b711dd49757f325d6200457aab6d8cf0f300b31786a7e0d0029171183cac15f2f03d130ddd1289e67e112ab4b6699a46819dea0cfd7b23663883e5b1419c7594ee84d3530b8df6dd4c129c58c"}, {0x1010, 0x88, 0x7, "5494854a6f444cbc25b0cae4fa04deddc1fa555effa56d5b9fe4ca13ae8985efa4332c3f9cee902224bf6c66b2b70eef79dd12cff66482b784ea646a8198a2c89f19bbdc19130b87f7617d0ca261cd8eb57ecb717d0d8b3df9ec4d05d585b7d8c04e8637ed4934745902bd4ebe05b7d040d02f1f8a5400ea5c2ccd7798913907a45f62deb0e4b8850ae940daf03404040032ebe9546e08d04703ebacd7ef4c9b90db26588e310da494603d5010e8ea3a706024aa522f31af8902700a75635da6c7b2187ea529841432f9b6b40270ffa0ab68eb4e5aa6117523e0088d96622507d5676e39cdba2f8c72b5bc8d6b75c61b7fdf2b17b74ae595eea0bd71de5df430ccdffeb4a2dfebe0add9f4e2fed60d1a2c781fbecd5dbde0d77c431859eeddfab0185b633238c381d6c55e40b0374d38f74d861a57acda2400338377009e03bfb0d9d959b7d86a199cf80f37fb1e3a0103b586b30edeead6ee01ecc486ee56a684b829d27dfd948aa4d9da686992123296c809803dc1f7f84f978f4faac15e5a99a65182f9fa02624eca954b6286f3c26288519d5f24f2a77dbfdbbaa80027d12740ca4b1ed16486a6083633b42b3d6fa58757b869efbc295d941a09826e677c3163228ffae64b59a3b1d87ea88b2e641b33726bd7506670b28c30f9b199ea4db75d3feb8415f220f043e43265f2b9d37c7c2be5782dc5d387eee4ac2bfdfc4009ca45047916f3d23f2a11da4675b4e755a300030c4c95c3b0bd09ff1477418c272da136cf51277e400680144836c0059918f96e0f7d9f5c263fdf3de17f0e006e5bd5c5756cc6a17e4f1cd0ad3056e32c859b021e44e948ed28043c0671928e9689fff6f75a9b0f86b8e5e6c865cc17a1da172978eb58336f6eed89f1ee81b665c208a56ecde41cb8bcfe4106b8b1d837ac7647e77cb2864cb33416e3054f93db1e656ab16aabe909facc7d1b758fdc50f3b14858aa0e5e72f40d0cb86b03febe2cbe44019e63152b1ae3d90e393ea74d6083ace3fad1a88571287010e292d3c37d1122508fd5705af267202db69dea80a347935a8ce53923dcefbc22b28d49afa3d4ba1785d25a34c43ef59515386da12e759733abc57dd4af34863ea31b7c9a6e22a52c9161c8bd66710b701317edf4127bfcdde1c64b5e499316766e3d956d0751c7283f0a1112e2cc4bb2a89a8de099728c0f5b01b5423bc0fa2da16023c22b3a3de209249621e20b0212148bbf07b548cd53b43b728ccad13fd5a55f7c30fc3e49613c6c2ff9ceaf9dc03f267904ecdc5f5249f2e4503b34fee00a7761b210052d1f51954f7e5ceb30351e06534861d173499b419aebf5be536c711c14947ac62f45ed35b2374d5c769eca9d99c6c7acfc05f996b3adbb698d9a6d93d74e9ee37da7e55c1f721bbc8af703a4f55b141a70474237533035ad10215488c52b4bee6565bf138b415a0fa3e7602233d0065b3da9d3af2fee4ecec163fd9269d1c3bd6f7e7e05692eac2ddd116c0736af0ddaf9f592011354ee6023a55b61cf4a33fe0011cf01b78e437cf8082f42ba1198edc9f4ee129100f78ff748afe8a458259deca3032d40df53160670e289b6c6c32e468a78cdd4542ae21f7954a0b2eca8eb181e7a327b790cde1a7595abf8952a6a4dc70198936ed80b901dce3f95d4d9b151cb18eb71336c0be22f36eda4e64d132471089983778298f1a1c8ad9cdd4857c8cee4abc852d1dc86b83889bdeeaca33e1a9e21a42125d64d652081035cce6d1bcae9154e70acfd70454b46ca84c4e6cbf9596ba9d3a732a09046967f13c07fcbdbf22c404dfdb3c986b030d8b8dd93460f741d857f4f66c80fea5ee05f8f4b5cdb0de9db4ad227dcfaa1a4dfca5570a16a50268ada561c3dc0a440cbb4c0302a88cb035b06bc0e8eda4346e17291c7598df70924937eff9eab9679f15de552044fc74846563fec250d811d89d3cebdd097698001ef14da54aa8b5e2424e9685bd7eb408b3bc6365233914195c567a5c8f9e5c691c50c235588b32a1800e6f1938cd113ab753a23bd38b85c202f4766c1acccce2dacf36739838f5ab0d0218af52e969fbb658285ab052d87b4522515ab7d095737922410b12c18b4baba2df6057a87cd1a73d0c2978d8c9a85f0382ebf64bdce6689a5aadd7abdadf8db8af2061c8fa8ea05bed768be969adee1e434c8671c8d17350c501f3ba2c4c5527e0cd834452755d3dcc60593ad8325a80b8c505671c09696b35fc24a8e79f37eaed21786c67099a697e1144064999bdfce31776dbf1f3390b4cc30e26208712c61f72d18a0834b7fa221e6ffcdc94af8b823fbd7fff6379524004f229feaee4d903d3c4f9cd2aead1cf2ecc1b2c20d31ffe25eeed9ff95799be9dcae95618cc9c468b798fa9c54d441052b85cb6d3bb0edb0e6829f6213a205326c6d205cb545cc3409c4da0cad81c3fad71b0d462173fe67146dfb6bf3e547a2feffa6df735d3d3d3326b085d043713e8546d8114ae4257abd06131a3cf37e61e066cd216f5fa18af9d84f2e01d39487d91468619446efae630fb612206c9eaf79306b33772739ad02ad12e4dfe812930957c460b372f5bd277755e9487baa292b2514b0e0f41627563a6bbf31429424a40e9059fdb76479cc71f2704340d838715bd7e4ac5c5f9a0c6a9aff6c30437d52e0133bc14fc0a807a13626039ae66a31d05dae28da4315ff08c0da4009bd01fbf0c77fb543be31a88c7527ad05ca5ab290017d76cd61296a2af1340651882ac41ff476d41d911df5aea21f2fd2d3e0b0c2febdca2103f200adcbe5b9528e2a3fed8aaa2f83039dcb7245dbfcc15b17a56379316b0adc5a3f00ae87a6b91c9ad590413ca5db03063618ec414add67c7c73870f01130d5b9078e19bf9077173c9998c2ed50b6c56337c6a67ddbf53ace0b696f1831b5d1e4dcfaaf7178a3f149b5a6b720859d3ce42a0b05497704f9c3bf210c7f1be068fa38ae446f5d193d41b7b7bf9aa01922d58b1408d149d6ed729f62bc893587aa6b965b1add76011840f608f5b5c69190280129f7b235798163b8f5a5d98d405c98dc4cc88cf9df60ebfede5483573466946b71c95771f4697f4b896abafd6316d6b86ffd0fcd45e7de9b16299d5d45fed8972a4925c5ba1eb80c262866a33514be369532ed9fd2f4badf7e8b49b58345fec9ffa3037add53de4ddfd878f8c0c140ec6844f48918b348d8572687636aec3a4919ff430042a3f8486bf2cd056943ba9e31b541168be3924c92a6aba1ffe1bc3ba6f12d6195a984a9baf478331deace2711d253fe9ef012e918b0908b301de652d865a357c045f0495c862b7dc3da700ada90d68de8427e0997335663405b25014cc88163db7a1da784d92ff942a31caedb420aa5de5dc78707c450d024350e7a4c6e3a4914b19170623b6dddff3e93d6130ed69a470c8bba7d55594b83fe831031361007a3098c11128f35776d5bbdcfd731fb9905180e8edce2677261dce247abdf404fa57d583972fbd6f9bcdf0b423129b656093771992061eab563de1b5f6dbb3588853c268b3d2cb423f99844078adae40c38de4ecf145e8dbcb6f269cd628ff2f9537365d8d9d49d54c49456653b4d0695896c67183de1c6eb968739694151e413ea6b94554b5070cda4f1e169068caa80efc0e971346424fc36bab6406dedce1559b59576634a1b9a678b5de6005f0b5c745a1b818b982b0780c91188f71cdab3f4af09b77988458739f962b41b0b58f87a1813b56a712ae5bea6dbe255581dffdfac6831f61ff606a108120829bee6dd3b5e66382882c10a19e4699edb5d85da940bcbadc7fc703ab37e373254a1932a45e5c044d0ad304e9a43e7d1d7a97ad28778b8704a6617ee1ccd733e6188564168e673612f28c1678ae5e03439e35f2fd86cf0663ffaef2a12fcba6827f9b515e8703a04e0c083e9898d03b5d1e14bd976b82ad739ce5bf1d38cabd8ca715d37e1320e7c027632e2539d2b81af6013c0b342798e40a385fcff55bdce9b2ef0b608a44a12e09405f412a3bbe10d090787d3cd0dc84aad5ce4bd77a71e856176e7c8a28ded9deaad8687a2d476e643604e006da38673589d954a3b68423e3832659787fc9c5d25294468f53509a6486ceea1ffc2ceaae2a448d08ccdedb5a956bbf0f29681e186ab2624875aea6dcd16a7232ca8c2bf530084e589ef442fb2eb6e1d121463e01d5fb195d97f83fbd6046ea4638c441d00a672f2b6f1c313e14e58304effbf349b363b242a47c0ac9cd26bf3fa56d69c9c05c1a51dbbf442107ea73c63276dbc98457229960ceb9e3801591e75814d941538f145465cdbe7cd7b51f1844606baa041bdceb5d456b80ac103b4396b8077d870eec25fe05daa66b71df825db9af02a59e9da1bb42a8ad1b775f32f2f873f95b7ff8c57ab45bbf2163f66219d2126d76912d6274409ae775bc95a2e7b67c23a3f721ade080fc4ecd8e9bb6885e1683a44341d84a4a994224c1cd12bdc47eccef2ce364a5e3c9550c95caf8a71f632cededb0387cd3bdb83beb0708569f9cbfd2112b2816d5a4979298a023ead335aeb5a804df612e6610966e01e27ca8deb25a598abf88e9a8f54ce7f87b818f7b648e56418cd99461b30e12e04987ff5df2aa1d7443633717e937a0dca5a327e585da71ea50fbc9751c8eb12b20711ef6a2dd2f9f060c8618d3162463edfb952fac463d2342c173484619f02c9aaf4906cd28f5e8a41f335df0e4c29e9289b9ba83940fbd3a3941a400a968f8ae88b1b94df556be69483dc243fe7a0e52e331048c37e408d900c7d2706cb8cf790f9d6f082c83c9f81000e7b0baf3cfb68ab7edef41d9310455fb770d7ac8c2b34f6c684ed364389da5240d884d954c11b3dbddbf2c20572f12b6c459cd89c2abc53bba38fb39c52aaa6529c516b8752fe7306e47983a9b487f7549ea9c82af7a5c5218cf880a5bcb639501e936ffd671ac327b3156a0d8ee00234e3fb42707f4986c3da5a91b6f1e6bb4eef72ecd1209b1a607c8a51c55e9f20a13e943a9d3a721cf2d258e28ca89553eb493d360925c76bf10cc9de68d370e4c33792a007a9ca24d652a137558925f02b16d2b9cf50c869282ca20eb489d201a0d2b27a40243ffe3738adfae6188e97d62abfb2d2f3b15647b3da527f01f280221525990515677cc72580b4c487ea6bf44aa357bc113e96b377323f96f273d8b8193c0e647667e922564fe3dff2f0a20a1d28f5a5b107cee6f1ded7115f3e05dd128ff9cc84f1a37d5293f14f5c1e37e75e5cdc3ebec7de79930da28ac396b454caf71bc6b6ce66354024ec9d87bc97bb40779383927d872d5bd02c9d29605fcd736ab041284462aff6a6e4a058ed1c9785ac58f1fbf03fb992b836943ebe2296d2ae235d578995e65e9d9c0346ccfa6a1a681f3cdce7a677dd2cd92f82ba7bb4f5af1d5430ef555717b2628a60610a7317061227c0c2c2da1f38054f23226c0b5cf800be68d0bd4852cd7953eabc4480344cc0449a57be5795dfcc9ff5d526e99e16d165da04a0c07586d442dfca540e53776cd7e5ceb9768c8853e8f19f1ef055eaa5216605cf03860690cad8e6a9b8c76666f88c1103915b974ab683870ae315b4b87f8e3d2263c6474abda6e31b2a1df92fdffbb701eb40d1d47edf699c5fed29e9d3cfb79ecffc5c4a410bc3a52f607934172e614c442a5eb7fce3e6740793ed04beb789440c1b9214b6787ca138514cbf715d66023ea2b8ab5792845962345d4883ae4eabe248455588"}, {0x30, 0x113, 0x7, "9813e29317e2a20933705ed295e6bc0b9a4865ac856ff317086d81c0f16b6296"}], 0x21c0, 0x8000}, 0x8000}, {{&(0x7f0000000640)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e24, @multicast2}, 0x0, 0x2, 0x1}}, 0x80, &(0x7f0000000940)=[{&(0x7f00000006c0)="1ff72c45f6ad8a53eea7b2c38e8ca0f37f16a209a50c17c3dedc0ee1ca35c20fb9f6e9d02efba594ba199dd9867b6a41a68a378b493b3f567d63451a5d35a2c886ab30e485d63d18c64cb02605304fb6ff4546777f276cf4955b694b5de60245e6fa12656b15013cf33cb5e47cbf6c6fddaa7f1884a3940d3daaed86f192308892b6c6866f35eaf3a374f57e5ab3c84b19436300e355d194070875ca6bb7bf109c074a8cc83fefebcf181ff338dbb60304eb44c201d09d4c7fce0e22fa6010a66625946ad064049dfcfbf6468a7e04f9a6d5c9d1a3", 0xd5}, {&(0x7f00000007c0)="512118de88fa1b9ac74b7181b00118556b452db65874430aa1a521abef698fd76fa7daa4ec7578ec34abc7e15d2f26bd89a7ef2fb0feb61f442a4fe6819c0d60edde4f09bd36a692b21b3fd964e4c4441d1201ff7bed262ec3ce22c7a71980c81fe7a5d6e159bac82a8641e2f6e3df1b0bf672386c04fc4b742d60b0d1a5fa5c115ba516053459a7bc8ee41300ee0bb0bfdc87fa883bb3d1a8674d00e169f11b9206cb225e9c4325d3676abc82a9", 0xae}, {&(0x7f0000000880)="dec4c131f86a0646e80720f3e8e9367c34b0495810a877acf82a14fb64ec2326a513e772112959e1a9e46bbee85cc49b3a2cdbdcc5239955eb1a", 0x3a}, {&(0x7f0000003540)="90072b2e554962b5822a8e4e14651eaed876ecf719537477977edbcac46b033bcc0f45c65aa8b49d37ea2f79e34bfabf2c93495eaaf48411c7175c81401801ec3a69c9701ec13318c485895b7f4b8e69ea919f848f1f8dab3a4a461bccc99943fe8a098e20de49b2a0aca60009438c8760001975331549e071d76b6ff8e428a4f8e1ec255bf7dab133656e29b3243df82b879356887f2abbf9db2bd26b6b5aa5a77f304e4bb90e69a491d44d27d330eeb80c06ce8e9ceb68c4bdfec28a9f511d2edc0e85d6aca3a5a9da0785cc5d9ff605bee836b7420adb8f2d0ccecc93380578be274e428060705d40f82eac3d708b7b8c5817bc007c32cff82c9fc7a3f6d129fe5e008e76e2c0588490083295994bd1339b396c0037e9a6155a16e1ca2ba41e0e60df9a8d48f3d14b4626e308ce041f21e1d9ce631e7e08efaa3f15ea9587876b83352ec214784aa3ce5f852c5cc3ed0b0716efedcf551225962fc1a5dff83a4f963c808b15d435b84f3fc2a1936be60b395bb039bcd1adbb476d4c7ac43c88785585ba60cba254b4e10d15198f170d87b95bcd359cc627ab51a2d57a069b2752451dfe77afdbbaaffa6ffcba52dc42b5df1d2c9bc3cca04b24876867ac95d27d5024e1909c6655ebebc190ac66f837afa52e6d7c8285fe64a3310b0d4095d9e4daf42c297a76e08b7981fc2d440aab721b39aae89766a4b7e8b5bc9050707a863c17f443fb046e82c9d40614a3d83a1b19f0075a99405c9caa636f9d521cf4b16e7afe2d312f53ad5b421e02be138e548a948fe4e6599b49f73e51f80433f0424786ecb6d52fa862d0532480a97ee34c07bd61099fd99ce3f8b97ab879edca19395c6052a35280a073ab95df53b86e2646af90f503ad52118314abc6dd5f7b2cd2940365d6f4bcdc342ab8463af1cfd2d7ff7a3f7293bab13622251606ca81d7f8d81d004e614cb006d1ed63e4f12dc6d6d53d8c23e92500cac63895fd50664c44fffc754d6378464b2ecaf4ee0d95ecf384392b700d3dc15ae3a6b9515eda23d40126472eb5eb6d8d565649056b1d6d3b627457e573520b5de4ed57d2ec89dbc066f2b8513cf779040f88ed7f097c8055cab4dfabc0c26c4554735732d1b449a0f09cabff431b642176c10e9357dbdde725bc0809c05c607c28d6570736d2b5a3cd15f05444999377a47cc1847fbf485a048769e9a528d40197f71b52d27d414c953344c9f75d2ceb2b4f14034a216652a65c973b4a67dab75475c08472c6ce05e13dd9e8d5f89938661c79cafc805c06a0f722e4dee3661c4a154ecdc25d520705c28eb8bc378811bc4e82daf4d588ede8c6ec566187e3e0c776cd5c1e41c3035760536059a175408d68cb00e45ca0a7f438b946fb1fbfb497a88f317785eb72aee505cec5c21fce6ffd35d15fe6947fa137c20e55603d1063d15de42dbd628a3ada23329f224d7b5a9e3f3315a168f9ec01b684f1871c016c7635825287cda4375a504601abad2ed601da50698159770e6d1e30fea7be952d8401a46d3cb5d1134f367fe94cd6e178551b62b2a9edee4eb5ac56f9fb81483435cc32fe06fb604f48836d5728f1a908ac9bf38ded963153f0cd842693078f5bc9a130f8fc8fe050d38ec68ff7c31dd65634d412c7506395c52332841ef0d8895f20acba3fc8e3f356cd518c40b3b941cbbfcdb10e640f690e6267549f2f428c75c76fa50d0fe54d3b693ed602fa8e76a7ca86cb458872944c6300b36a2489eb53462b7c112e34ab5a0ead02d754ea6cdee38000495debecee57998876f841f48604ff5236de6d9ca185235b06670efec7b64f11f39437c8c6fd0c58a0ed13b3ef9c8f9a61e568f5624f1afd38d24acb616542183e7a52dd63cb5d84c20691d48f53382b8c555b9d559bd31c6b3515ec778a6cc1da7718466a35aad1f5aabacecf2807eb8e6a54e10607e84e73ff90d121b4d6af7e5cc6152ff4432fc46d461d60df6da8d68e87cefeef10a08ab57e506a5cf80cd6e3b59c59dc4f23ef74ecf42e5e6aa7c86b1e79861967cb189694544be3a06c039acc6b5c40727961424bb15d1d914af25afa43add859c5818b5b91a07912910b60b542e476b3a6b1b94f04362b3d4c9a4a69b06e3538f94ca38ba6651d43abd817cf2bcd3eed9069f49e00bbaca5de535062ae7ba613d01188b58f7661f8d5da24c73388f7e6aa3ee72f85cb23d590d5f7eb971b2756adcde17a7c7ff080eb3a09daa0aea84b39bcec6af35b92dcc803b12937e3319020a391768f0960b21fc00bf6926064f034597c98e7495cb72a2465b1f3699dd5cc1e7005580e033ea854875755978bf9706b746c0706a3065d7c2293216575f5efddf24347f7b149ee024d9df4ec2fedb75f20e303510eca34c2a8f704d3d8c69cf9d1ec420f90111494b7b9d325dd13624d60cac9217ee1a66864e915eec9979a6b0b4af74c51aa7fe124aeea1032ffedcd10e62433d1710e20ecb089d0ab06ab6ace90a6380b3e049dfee02ed3a0b956e9252deac712d88274bc0b26f91fca2e43233569bf895db34263b97110e3fbb30053142a57e60606e5bf71029cc7cde8a5cd5dd65051ef1a18478b38fb1cdac1d257cccdc2ab6c91196eb534af5bab238ea65849d6dc932525ef9e178f7cb90719e586fd9309b3e9fd2da8971784bff79c687a5f9e986dabbe5c2d78f076f575ba3224f4f59d9d9f8ebc7cb9a5b2883142b640cd6c49bc45d8cf00f6ecc3f9b8f66fc6d39a30dcd5435debf38fc04b59ec740c5b8dbed0a4acdbee62397daabc47b4a0bc6a167b9f7ee998c0db0e2b8662dd32ec7ef72d60022e79180932f95b08b128abd7b9f9800e69f2acd920d289a34c6150812cdd48f1d5880a6620cff51f56c2be05a3b2066fbb7766483b6cd1ed7e7978ce677edc1d412767666b992c708ed4928751d44f0e3da667496aa97c3e5be5b5a4697712669b025679506d7ea2f5d193028d9e896582f8f96e331527645dfd32eb055745a9e99a83739cec15172da714f57bbae776879e19bda24cca8fce75fc5e8cdf8e0ec560308ffe2efedecbed4683732842a2aaf4489f4724c35634afa4e57688d7a9685d2b62f0ec451dada99b604811c0f60106e3277ce49d496dfecf334d4f9de139f04b5780f5a5d5855c56b745e8f50a5dce58ff0e4ac92c4c0caebfa8bfd027d63e304bd47e97facee4388f8455aa82964fdf8efe21d64d4bf8205c20a7fcceab5ddfdcc7d831a9874fb35f4b60a0f0e9da5be32dbcc9c70c98d24f16b747be298f9d435b9eb932b7489af6b00ee64006561531fd060437ba8620e331d1b674bc27b7994858768c24801886167798fe1724d2027ffbd84d329c099f40923b8745b1cb9a278aff4c9148c544c388cb01b40f93a23eca2f384d96669e532ffd4a2ff9aefcb8554c1ea4f9cce36593c44e7fc7fdf85ce7d4cb3ba23e98728e418a2ee3ef647a08f61b2302714f5207a2465f9d0c870e137aec76f78077f46e37af9419955fe183fd82cf6a92d9e7374dca8ad108cf1777920d4fe5faee25f0a75137d6bfcef58404fc5141024b5d484d8ca48fe4e3d406c14d3a9c51824cca2e79838d3ba387b71845131e935139f6ea5aba9feda02820c5a6b6e2dd7130f00d7bde4b14d88de9047d67c803e9cab6363057e96aab6fe2009764a3c69224101115ba1f5f482a590eb560655edaddb2df1f666901d86bd2fcc3ee750144645e696d87228af3d1751a2e10f1a1ad514702f6feabf90707f9777dc60a172cc2a0a50c291c75fe3c6a3bbe0ce01db773a33d3af1974219a53494a803599d365a78fa5f50d6404d65db8aca9dcfa5cc36fcf3c3822851237aa26d541855ee77a698b18be0e210a973232ba7938becfb31dbe4be4daed638acac13cbf8ccc91fb87545132bba6007fe16565efb95686e1767925245807606f2b9db39abf62778d434f2b6e9cff2d5cf19236ff7d6fd9a930cc02f7f66b4b88725008544e352e0a1d6d8244a05f66d96cdf64a020c9a225a25fa6b49364b23225716518a1588aca89bdd0c6f88343f2a06dccf7c9d334be7ce93a7649aad5e6901a759ae81c27e81da818b7d4646c9b09c7c8413a1d44da5044e5248e205b7af9b3c26c7e240b86599052b869bef55a5c12b2fc66101c73aa9e0ac633f4d730540a2f6452dc44f892917f962a9308b711cc1b8281ce0b3aef377118422d9c0483e29bd67a66ee55e718338744ec379ad79efff9ddd9ab2ff729a669b73854e74a35b783efa29402a2f2614b8fcaa8f8ef9cab8c5c4b02fb27dc3c5da28b2bdeed3e19101392edbfc59f2c13635e5f10fe9d4ff3c1d457980777b5154f65700e849069a66774df108cabb554815c6963c85a8d0f0d6bd3a17efa062f552d50ee528da452ffdfbbf1302763241080440a7275367928c61e5f4f627819c546b0946eb54176ccd1f7f1516471634a03e35158246bb7842d3fb746c343b2a6ae66eea75423266f013043db27f2d9e5cbb92a1b418a4efcbcb0b6f9bca5c14f1475e38a65990d38cf325d74bbe9bcbc28778cd13f6035ca307a10269497e6363819b5d6edfb02e2a6045121761fe330f15ab35636d39ae0954c02d606882e46e55ca7225f7b509b40a5c52a47ec3821172c1b9af6168585cb29de3686918abfa1550c322a2ce1262fb0ba8acdd139b1b751899789e7e61a60564d7ef1c75e987585f937c3ded542a94ec1131035b3464a0ca2314f1992553727fcded8909031f4e73425050a09dbaf676af5c02cb1c5659d3243b86d5db986b1226a654bcb2b70ff7fa8360ff5db904361ae7ad11518e293a23695a4bed6968b38bd645c77ce959c65a16078b9fcb2275d24d907f4121d77c3be0c0453f00136d2a381ec963e980deeab705a3ba777774a64ca839e4493071651576d52d07d7dbf36bf323367820f179746da5841e22887b83f4c6c4a92d3238daf2f25102770649606aa9e138c7c5467289341befc2b95a328bee1dd3c4fb8c9d54bd160b7b45063350e102cf8477025ba5a7951cac3bc6fb61cbc1dc86876d85dbcbeaf216a9fe1fbe613674dbbe56c2350525d08c63d65b2891c3ac0006d8827cdbcbeedc945eac979eceb9b3146d7f8c2f934f939daef4024105aeaedc6d0d0816654ee9a9f37221ddf4cf1448a706cd870f0973676b19678af197a81ee0ce829c1ca33384ad95380108a88e12842903c1c23b5b717e472b8edc437f954b02e7f8625c053a6472af86d21630bda51526ef423ac02670a06b5fd2682a28063d1f972f1b5d6c6acece458d4f52765db92ce2a34d86edf13b8127c474ad3673c02fe6e7581997f4b0bf1f30ab1717a87b0d59e36407b5b8c98d08069dcb687a5f1678ffe6fb3155248fa0e06532fca2e52d284909305391c5ce1ca48948528bf85e014a9dbeaea41079c52f4377e4f54d3509f54b3728c05f1ef2714b1f1121c3fbe40e7990b9c43fdd0dff1977732bd037858fd54b2e39dd6f19b0417b6cc4cfe7e58c46ec7705170cae3c1bff72ff0fdc1a7960599255d186bdf869e8adc145842e2e146e4b57888f50124af73c9b1ebbd7c7b18f45b6b1f16d66a873b22676c3291435ba285e07502fae2bb6c2e59ca385b258d2b497673eccdc2cea54f82ceb0187ad4de7ccc55d1d17e16024ab663d7d513452785318e020d3b78a76e0b8051a4c0b0112c43702fe101d3b074c7b4bceb109cdebe4852f0041082852f768c04c5af7d231eed693f1f1867cb6207f02d1f0775aa27efe5e74e910d6981118bb5b2f21e524be84e9", 0x1000}, {&(0x7f0000004540)="c57ac1c6f89ee3206d263a3199d63e6e5c76b0bee83f870b6d5181892b08002b38116683abf816d4d033ebec502efbe1c3150410808d4e900a1a52618abf72e935b97dc86a767d013881b37267e3ce8ac2a26cf8dadac70d8f0a57b21433bc32d4283f6ff74aaafeba7844a7801952fd1350d0be17f986c6a345eef14e4fc02719bde031b2a65778a8d2691c614956de5d0724d0eeb208d39c01c627b945329bf074915ac6b4fa0bfb15b90034504fb5c0ff40f32d035a2084b9000e8c1ae8c862c90f9fe479c756a77c7f5af0c6df4190b3860a3373ae2ab744325e930b021671c6ce681d5803871a1d43d25936655a1cae82f43f1732ed4ee3c5704d43ecc43c8734523efb5ea9b60fd65f3fabad7a42fcee82f5df853c3a041beaf0b807ea86731f2bcb4123ec13230a4b17330f9df7a18bc59a24f8fdcf02880f7bf00e6014c0b7e93ea8d758c15eac1730a664fc31874476266cc11ac0e625c3ec2d131201a698b92de3d01245b8cab6d006a40852e54a026bdc59248f733c83848d196c75867ba0f69d895c12d27ecc6168ff01a28582b01998329d641fd881290f8571ddd00633ac082b692c2e5798ad763d9c849e36d6dff4e20e79476c418f846299acfc9b5fae05ca0bb0c970b1fff980913c15f085620d8dfc10d0da86aa1f740af8539923adb82606fd6cdb9a9d5fe82e00c5befa541fe0b0d501ea082f774e46ba4059e931bd68673fc637de506d17a34eb268ec57584869aac9d30d613ebccbb5494869cec4918f0926e8a01af1fa1012d96a87ec189b1abe4411e1de0925951aadc10bc86b146f587180876ef0da1f37acd1d0a49ad7f93de51c3000353a2977f34d3d140a8c2e41fa18be9a2a9b6f88b16581f9b5ef3d64c742f6bfd131dc19b869f5fb81b02a577a608cb1806edd827997fb2e442e94776433088bd35234bb204eec26969a6a1e18914064f799481449c8e10e7416bb7383e06bcb6aa812c5c30d2d2189f29c87beeeec5be28276ea7dbbb25935cb6e519fbbbe00bf21994f1c46a22bb98635cf7aed3ccf00fdd2121c2387d5b68bc308c49394dfd0fbd8a2912084ae4e2adcc68e021e587f2c0e46fb3387ec8bdeed203fd5c4f83936796d5d524d651faef0e52923c3d3417f4d7e3c547cdd7cee48d33c847bac1c076bd6e04188e0efa0b63802166b17436341449ca10122fb5863531de2cdca5ab416a66bfe0fcc03448e0913455cdcaeaf7d256575431c9a46c6325ce50977a21422e3a7dd31c21da103606e125929ce6f287da57e0419f37f802ce08adb7dc0e0829d3a62d6a4059deff2237b64afefd083bcff977458e7b15a5144db7e6d77099befad03f6c4de875b733e3ab1726f72fbf80fc678097bad8210c442737a754ff7fd651db250e292dd40cf6b1c2600c1c31fd1cc603b5d57eb55a8fb164b5572daa21850d08f011fb8f15f5c410b1d6d7f76d968ff79905da42333d091a3bb19d90be15ae28cb7978eb790f0d4be78ca728f5de3b55bf31cbfc0c0b0cee3484b78a0175f01350382ecb4afd722db944b073195db95a7c0a076b7220a46e265891d829e85d3be8b62982a8bfb323ae2fd03c90f575668156cef57dc21a79a987965c66ecf4307ad2950ec1afc00fa72b227fb4d2fc94a5e376047724ff0624f6489d63fb047702e63d7f2ac67f8cc57df182f6f0b07717cffdad50f537c99ea194777093dac7fe516f2556a0376a809e7924d542efdabb41beb23b634f983a34c8bb36205c1fabaa505fc7050f4f3e952d17094614bf77e76094174d8f7f079357ce46dbef3f7d5c87503e7e8600ee49d86246afa5e44a6bc933bd2cb28abb3303242840689886c2de46311202c7426310356c794b4185826e82e724ff194df121a8fd6000e6fe129eb39adfc80cfe11a5e95c39f35b8c1c68bb04843b6f2d76ded99511a89e4d29c6604b94162c60f74d018b625725e9c7882d7ff4ff36c715c6b611b5cbd75170552197aa0f5e81ae6f8a11bebacc0f6f6fd8d7196a91d02de88083dd610b9ea156f625edd6734c590a8257740d242c992b7f4d47a3252806d85832e7fd80ab50a08ed1a6b2f2a49673faded4c5a46c6ab484f3b747b18bd2bca3a2a85f11a4cb77b5a350f5ec8f2ccca3132661fb5793ad1e6864cceb4d46cf00cd36b0651946e692dbdd888e7c0fdf17c7be217dba82f1abadf6556d718808c332860be3ccb0130d276843d981dae284208fd100436ee3da8a6859aa2c31d2f697479e596aa3566b89a8e76f256a232ec5c363b6bc6cd7e9435c448d641bcbc76e5932e36d879b8eb0d8a4ed45f56e4c7015193194277c099d54be51edfe880b27399b22af62b3013c8d40d6c37e3ebc844d0b7b191d7c512c949833e34938610011d20b042e2aaac6493723d680a101ee3d37dd05960cc926ca5bfcdbee31346ab4bfe5ea461bc42f007b51450843695db84e8ed77a561e50fc106c8a4af2eae7c315308701697634c3b6fedcbe5271869f4d05051acffedaa2672ad2c7ba209e179d74e19502c7e4e7f182593ec9b6017dbdc82506e447881397172010874fbba2762fcf19b8484bd560d5fbfaacde161250c7357b725e6076f07e1e4a9628a47caf7cbaa3ceaadf99a7883f4958ec3cbbf71640db477da91917fef27d387a0ab4f2d10343cd0657d95d22d73c7e0277043d8d5f26bb58bb635350204929968ce8bdaff4627dad2ba02bf0b50e23f474727b10a50de59a263b969ec7e5173c1c8523f98da7d11730f4a18655892284aaf36d5e177ce93f3f01a8649aa56a362386cb84f6dc06586d4cf6bce428efcca6c1eaa9ad72739bc92e4732670bce652f199f900f2c9bedb8504aa20ae9c51499929f149fe6da309faf55971cb53ee64ee7aadba65c10e5dcb125a383ed4a11a4ab4bba1e0d04501f881d199931970c9dfefe6928c595c5fe4b164bbd941b56148146e28a83aebc0f9386ecb8b89e4f867523f582bd3125af66538f9adafdb95f1667f71057c2371fac84e4df0e5a2622fd11105d276e234b319793fec194f0282c22bd6404ef6b0cad36deaad00fb09882f80a4d7223d2b0ff4cd53b12cd4a265de9011ed84d0805754a483297f4cb3c12cbe5b40b796f431daabbf8fb03dcff704be0666591146385720592115090dddde6cad5b2fb9a17d3fefe6a08e1da5b3cc86fac72e5a3bd1b9ed4ab7c2406f631e48a0c6073b01909f50aa0a5c842a23a84a8ad7b8dc88250942deb335ad5266b9d9342ca91a079c6c32c17bdc72d1376c4a071b32547b038adf181c521a4d65481360029c133608ae96221ecaae4b4ec8dc5d37ed3e6b21ea79086a07ef32939b1cde3e3f9e37fb682639b1b2a24eed37a391052ac1bc806812647550b9bc0ec9b499c132fa71f012ede2398b46b93d0c53627417ef636e248b7a476115092ae4bf1d72c5d3b306d8332c957be25c2e94a3d85bfc08449b17d5b2fd14b71b6d5da93a4dd831c91bd0d89919b84317733390cb10b7922885b0c9d3921650e91f2514f24236bf8edc0a849421013d7a51b6b35f1910bb6fd6b341f3783af6eb318dcbcd21a100143e91c53e2df70a87971429997e1faa9ebaf98ccffc7e1d4d7d63412507e92cebd23d6e9b70dc7f5c883b9b5102bf9d0a2222b6dc181f3eaa3eefbcb8c781b8284a6e5922a6181c876b0fe3ea873c58a61a7bd407de041c9fe447c8cf26f5c9c470cb0b28a5bb51885c84e51b4be248992c54d9f28d9f1690c89bf2085213888ccedba15139176a0371ca6a956a0733f3f3c2ac80fbaa5526a9249ee0bbd176d314d3e064bbfdc35d1e980d67575d85ccec75a4beb57a7449af6eecceac6d56ffaad3108362d8a9a882edceafb671492b916a1dc87fbb1a72e885396342f2ec4541fff0b6ede219d3ab4bfb554138e78a6249f532941c0bc5aad25a8a81573bca64a407f3204ddd5ccac19eb951f1225869e314eebd79aaccb3567069511513dc7966b91c7f3a4d15513b69a77f192f6443f2978fb17aea5d3bf5e9f781bb601a491109566b35c4f176c5ea83e722bd8ae238b910e5e7887fa5b3afa9f1c23de9456b26df63632e40482fd29f87037deeceb3a9bf5d520eb74236b812c466eae5055f1655ceff714efc13a20d3aa78f8b17aef3bda35464d04c842a6c317d3d3ba189e5ca4baaf5a3ee8681d6cefa3d97bd8edb4b6cab3056f83a764ba7f694803412af557058c861805200f1f96d2ad767bd3786d31b95b872378690e1b1e23a3e7f4c5754c575587e3ce7ad7a31555b6acc79381702ec43b86b686d1a14ecee6395758aad777939594daab6868a9cd6e23a560507d7694aba73fcec9183bb3d28417c2ea601901e0044228121e43d998d42394c33d0236d3a662eacde3ea80c6fc887b891eef43b13ee5402073c2b37ce8b0581906221f57f42930b24e736fb1ba776e607ef6f2094cf4d2ec99c61f8e3d23a225d80b0aba38a54d988b3ef502c3d4e1a9bddae96f3de87bbd161700c08bc3c2e740caab03eb8cc6a8ff2cfd9fa70d09ad5c0dbcfdf306fb2a98a2457b77690c4ce684adaeab655a8cc97bead62c9b78106bd348cdbde55c22ef08fc1d50d043cf586e891fc735b520581faf8b2080e709d3e1f0683dcccf09715a4d5fcea004801a9eb1e7c1d1da37ff1046a2e4b313535da5f0adbc5d3bfca9fe0d86407532b0422c029a8461c5624dd8946a9f2bdb9ddb180eb378823b35ddbaf4da8460afce9c17379a339a764730d2a7e987df9262f4ca3cfb835bb6fe4c6c90a5564fb1cd59db39e0e6e79d65943078fdbd67f25cf6dbeebb71dfbe4fc473f9fde30963460b2bc237605389e43dd78da5e9ceeb95dab9502e70c31d3f3b8183243c3cdff95853ae98cdcd50876327cba1e1112a76438fd2175283cb38c4c7cb112b381b5825d3f80838fd96075e6736ac2de55f327fca8920abd56dcab49868d600c8815d3147577c294f01a2818d69520ec62d23c66d5e5a59f8195f9940c12a6a6c6b2c5020f6b8bae49fe6ed450465ee2b54bf2f74dd9a4fef3eb9dbc88c2f90a969ee16531584452117ab55f1f14eb135dc383cd83417ca83815c44eb4f103e17991d4736af223be1804644015eeccf49d5ec15e19f2b68be72296c969954b12b610281b8f5c3a20a3d583d1b42c9fcbefa9934fd70decb8240061f51ae9c932db86fc38b8785fb30a8d68b88568e15b5e3d35f0d1bd6798865a838176061d98e9218a8019d06916b910129bc487fbca7c5fee89c14ed8e0dfdd44a16a4a452393a309852e7c630933609bc2489859899a89a5f17dd450d0bea3fdd7df573cfd01b374d8a84b1c5e97df909b9ab2caaf2724f281ab6856494fc27b9925de515c1bd7dfe716139e71091088c96e078376419b72a0d1ef9bfa60f288922c08bcefa683b33dd23890f9a7bf835c69eb8cb08b9c5c15f20c369a143f6b4520f522f050524a6c5e80b4d7fb3e96be4667fa125217d0f37aedceefaeb019091612d9cd3d9e08ad7d9610d32e66139b3397e07d48eceb87256b210de06e7463aa1833f3f6f3cb54797f53080e48ddeb3cc4dc87ebb8387d24ef018266686817052daeeb5748fea96a75f60ffdfa67ad000f8416be186e2e4fd10625859ed6dba61aebf6e652fca128cfbc51b738214b314620c4496211c871e59a5fed30a8db6226c8efbdfa3c6114f4d9896f028076b23df42bb75e5f09db90584e328a98a8cddd7698aebcaa2d6b37452c51c5f5f75343f064037f0fdc088c3cda25955c057b80ba042bc3f9b221", 0x1000}, {&(0x7f00000008c0)="755bd6d9fcfcefe612e2cd805bcfdcf5e7d6530909e9caf815c55eb1d18db4a027b43d5741da40e285c28db81f52041f356df5d3a3d1ed0ec0c51719df5f059b17ed1d856a4f75f48e1830965586219404bfcb229c5e2ca2761c29521de06abd328896cd9478952c91b77ac04f95f6288c1dd29692dc40a55519c02ca270", 0x7e}], 0x6, &(0x7f00000009c0)=[{0x28, 0x19d, 0x0, "9b2100dd3193c3d0424b223a27e733fe8a89f2a9fa096f8b"}, {0x68, 0x115, 0x8, "182e3b34fa79fc4b459bca41d099a4ec56e82d434481272cf2eb0d1e7c8d60e3f283f77cd0d5dd4d41de78da44a6115e44255d30c9a7f2f79c466c7b4318240996676042996783080d053e596c95703bc0"}, {0x38, 0x11f, 0x5, "3d1859adb85339ece7c656a629a7ec3a8cc767eea4bcb4791f39b8e05d3ae3fdefea30d67d"}], 0xc8, 0x24000000}, 0x6}, {{&(0x7f0000000ac0)=@generic={0x9, "54644f5c37b7ebcefb00fb0a76b0b1730c649a11cc6d688e171b3cc442278c87eadd2d13783f442a1705d272f3dbee8a9a857ce301e61fcf4ace23cab491ddf9d752f86ce9b4a68f3e375ccaa1d4be8fde9f60eb53c624aeacf42e44442ff76822c96b26136f5969ac97d3186f6c19a43b39dbce6bcd1b52031d96292f03"}, 0x80, &(0x7f0000000b80)=[{&(0x7f0000000b40)="8165b584c3bfb94253000c546eed5bf22f", 0x11}], 0x1, &(0x7f0000000bc0)=[{0x10, 0x117, 0x9}], 0x10, 0x20008000}, 0x1887}, {{&(0x7f0000000c00)=@ipx={0x4, 0xbb98, 0xfffffffffffffffd, "635eb0e61ad5"}, 0x80, &(0x7f0000001240)=[{&(0x7f0000000c80)="9bbbcb66c4c74ecb33ca6b60fa953f99cf5ff64764a346256081b9ff3a6d175f10bc81324c28dce4e54b957f0f4fb5df272ac11090a17d6c7f7d5b6fcb9bbea2fa3ac26558901355ead9404d715bd1e373aca1591e466892283d4483fef28fcd4c11578000a28cc449cdf8ca3eb910ca35b52e6d1f48099c213923ef803b189d5862cb0798170f86c914ab2b5625794f0c2434836db89081a84c4543b0b4fa66e08d240a99e59578314fc427df1f69e504e5afd0ccf0568fba63127a8f3b69bfc1e0aaa4669a25e1263307675ddbcbb5d173c07e3e7af21644387683f3bc1e1d1be3cf", 0xe3}, {&(0x7f0000000d80)="0e7b29bafab73d8a64341ebf27125cf65f08e7c7ee83c418e7e88c661793205faaf681e41747bd98b8d98911dfff4d8ef0ba3ad95246f8c0dd88c3", 0x3b}, {&(0x7f0000000dc0)="2fcb25b2e5249d3ac6601199b13dbc4085292544c52250618faea419e61c406ac3289498ae82aad8e9f0e0075b1747980eccbae761c8cd704a668a8ab57f9bc7e68e41e49d0ebbcf297f10", 0x4b}, {&(0x7f0000000e40)="7d7108c6d19f395b6d2283b0f6ba29e9e64755e1cc6a7bea7e6b552a9918c631d7df03b62f57f44fc771970fac26609b29017f30981e7e85fee93764618074f621f368780138ac5dd4bd5b66c9fa511345d48f7f354cb0f23dae", 0x5a}, {&(0x7f0000000ec0)="e09e5af0fb9dbbb8fd9cd384da87b6723ec4277da07461525fde29cdb83af3e46bb137014d15840599946122eb8324a74e10a2d4a13863624b38c5cad6031af1a15b4116ecf765281585142eb9409e5a9bbea50c47776dd22f26fe1c568f5c67d2831a282847974c16601b6d5552e71b2f8cc0cdd109345c45b76a3804908c98257e0244c8b5e6ce22d97ab284f9ceccb57380ebf7d313fed29309b2949239d145fbca2384df910f4a31880afd90", 0xae}, {&(0x7f0000000f80)="64ec27256a39f33b13f97b1e40b9b703bf456f0811100866716de7e769fbc6c5f635d7692b11a2680fc06a4a39a0b1e58108f8430fd6a3d94edf8610ad3b2ebb63540f4242334ae878a4c571a7a1b525a5820a1b49fb03fc9f7e564c1476d2792e1cb7f8485e68c35015ac594dee32e1c9633e7789c4a8e4c0176eab76058037941fab9ee2da398f9f7e29da543a474b866e7988d986e8342f3c8f548439159481dcc401d8cda20a8fafabf555ed4806b777895bdebb37eb10a91915608e06df5a8ea138440b17c18725dc44275009", 0xcf}, {&(0x7f0000001080)="94c1df8df91b9153a5c051fff21351b10c678eaadf48062dcccffb979b418c656d4d0afdd7d2608cc34d438be6d9329122848db4d00e5d34fd17aca73856d5e0fd9e64e2abbf1c6057bf9e6fa24965a7d92c8c487cd431fa0a1b6a9242e4b7a5fd91efb1c3206e22f7213217aaea18700bbd78dfd6bc311b337d95cc7d64adcb29ae8cb34bfa1c88b20032932a52ace0ce6cf1639fdccf661a68d4b769a06c91f44d8fd84b14", 0xa6}, {&(0x7f0000001140)="446473cbe5fedf0829ff687809f441033e9d6c94ad69e2b70816", 0x1a}, {&(0x7f0000001180)="4b523bc84bdcfe97afa11046d782bf5d68061d80df2ecc030ee8f533dbccbf9e93859fa76234857c0b5f86cadef42acf3f0e96c93a77d150537271919190ee4dc811b055e948c7c74bf7583549686218f15b67ca186f965419e4b4acf32353860f085d8b42fa893c35f5dc4a0b7a94816aa902878adfa4d2e84eabb5ac4bacd44c1c25bd4f6a6cff8f548661a0cb706d17", 0x91}], 0x9, 0x0, 0x0, 0x4}}], 0x4, 0x20000000)
fcntl$getownex(r0, 0x10, &(0x7f0000000000)={0x0, <r2=>0x0})
r3 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x7, 0x105000)
getsockopt$inet6_mreq(r3, 0x29, 0x1b, &(0x7f0000000140)={@dev}, &(0x7f0000000180)=0x14)
fcntl$lock(r0, 0x6, &(0x7f0000000040)={0x1, 0x3, 0x0, 0x4, r2})
ioctl$sock_SIOCSPGRP(r0, 0x8902, &(0x7f0000000080)=r2)

[  544.726711] RAX: ffffffffffffffda RBX: 00007f208a4d86d4 RCX: 0000000000456a09
[  544.733977] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000020000340
[  544.741239] RBP: 00000000009300a0 R08: 0000000020000580 R09: 0000000000000000
[  544.748494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014
[  544.755752] R13: 00000000004d1738 R14: 00000000004c6e79 R15: 0000000000000004
[  544.789054] netlink: 32 bytes leftover after parsing attributes in process `syz-executor7'.
[  544.825428] netlink: 32 bytes leftover after parsing attributes in process `syz-executor7'.
09:40:57 executing program 4:
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r0, 0x28, 0x0, &(0x7f0000000140), 0x7)
r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x200000, 0x0)
ioctl$BLKIOOPT(r1, 0x1279, &(0x7f0000000040))

09:40:57 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x0, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:40:57 executing program 1:
r0 = socket$inet(0x2, 0x1, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0xfffffffffffffffc, 0x28972, 0xffffffffffffffff, 0xfffffffffffffffc)
bind$inet(r0, &(0x7f0000134000)={0x2, 0x4e23, @broadcast}, 0x10)
connect$inet(r0, &(0x7f00000e5000)={0x2, 0x4e23, @loopback}, 0x10)
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cuse\x00', 0x80180, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r1, 0x28, 0x2, &(0x7f0000000200)=0x3, 0x8)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r1, 0xc02c5341, &(0x7f00000000c0))
connect$inet(r0, &(0x7f00009322c4)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x2)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1a}}, 0x10)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
getsockopt$IPT_SO_GET_ENTRIES(r0, 0x0, 0x41, &(0x7f0000000040)={'raw\x00', 0x50, "2946eb2213dfdd613635c84f79b2ef9d5a3c6cc783bd503f8b04a6b34c52b5fc56939a4db7b5e94241754f40ee19cfb5698819d41680805024ee57c1a132927ccd6dbe78d78b3692a3d256092c4acd93"}, &(0x7f0000000140)=0x74)

09:40:57 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x700000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:40:57 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:57 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070")
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000002000))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_mreqsrc(r2, 0x0, 0x2000000000000004, &(0x7f0000013ff4)={@local, @rand_addr}, 0xc)
r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer2\x00', 0x0, 0x0)
getsockopt$inet_mtu(r2, 0x0, 0x29, &(0x7f0000000040), &(0x7f0000000080)=0x1)
ioctl$sock_inet_SIOCGARP(r2, 0x8953, &(0x7f00000000c0)={{0x2, 0x0, @multicast2}, {0xffffffffffffffff, @local}, 0x4, {0x2, 0x0, @rand_addr}, "000000000000000000000000001edb00"})
ioctl$TCGETA(r3, 0x5405, &(0x7f0000000000))
close(r2)
dup3(r3, r1, 0x0)

[  544.942173] binder: 6937:6941 got new transaction with bad transaction stack, transaction 3606 has target 6937:0
[  544.952624] binder: 6937:6941 transaction failed 29201/-71, size 0-0 line 2879
[  544.988416] binder: undelivered TRANSACTION_ERROR: 29201
[  544.994072] binder: undelivered TRANSACTION_ERROR: 29189
[  545.028118] binder_alloc: binder_alloc_mmap_handler: 6937 20001000-20004000 already mapped failed -16
09:40:57 executing program 5 (fault-call:10 fault-nth:5):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:57 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070")
readv(r0, &(0x7f0000000240)=[{&(0x7f0000000040)=""/36, 0x24}, {&(0x7f0000000080)=""/240, 0xf0}, {&(0x7f0000000180)=""/138, 0x8a}, {&(0x7f00000002c0)=""/132, 0x84}], 0x4)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
r2 = perf_event_open(&(0x7f000001d000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x13fe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
dup2(r1, r2)

09:40:57 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000005, 0x0)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)
ioctl(r0, 0x8912, &(0x7f00000000c0)="025cc80700145f8f764070")
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000200)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes256\x00'}, 0x36)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000000c0), 0x100000331)
close(r1)

09:40:57 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x0, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:40:57 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000))

09:40:57 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:57 executing program 1:
r0 = socket$inet(0x2, 0x1, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0xfffffffffffffffc, 0x8972, 0xffffffffffffffff, 0x0)
bind$inet(r0, &(0x7f0000134000)={0x2, 0x4e23, @broadcast}, 0x10)
mmap(&(0x7f0000a74000/0x4000)=nil, 0x4000, 0x0, 0x41810, r0, 0x0)
connect$inet(r0, &(0x7f00000e5000)={0x2, 0x4e23, @loopback}, 0x10)
connect$inet(r0, &(0x7f00009322c4)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x2)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)="76626f786e657430fe00"}, 0x10)
getsockopt$IP6T_SO_GET_REVISION_TARGET(r1, 0x29, 0x45, &(0x7f00000000c0)={'icmp\x00'}, &(0x7f0000000100)=0x1e)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)

[  545.053121] binder: BINDER_SET_CONTEXT_MGR already set
[  545.058521] binder: 6937:6941 ioctl 40046207 0 returned -16
[  545.059434] binder_alloc: 6937: binder_alloc_buf, no vma
[  545.069815] binder: 6937:6955 transaction failed 29189/-3, size 24-8 line 2967
[  545.077884] binder: send failed reply for transaction 3606 to 6937:6941
[  545.097786] binder: undelivered TRANSACTION_ERROR: 29201
09:40:57 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:40:57 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x0, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

[  545.103330] binder: undelivered TRANSACTION_ERROR: 29189
09:40:57 executing program 7:
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket(0xa, 0x2, 0x2)
r1 = syz_open_dev$amidi(&(0x7f0000000180)='/dev/amidi#\x00', 0x5, 0xc0080)
ioctl$VHOST_SET_VRING_ENDIAN(r1, 0x4008af13, &(0x7f0000000080)={0x2, 0x5})
ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r1, 0xc08c5336, &(0x7f00000001c0)={0x4, 0x20, 0x9, 'queue0\x00', 0x31bb})
connect(r0, &(0x7f00000000c0)=@un=@file={0x0, './file0\x00'}, 0x80)

09:40:57 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8030000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  545.196063] binder: 6977:6978 got new transaction with bad transaction stack, transaction 3612 has target 6977:0
[  545.206568] binder: 6977:6978 transaction failed 29201/-71, size 0-0 line 2879
[  545.234132] FAULT_INJECTION: forcing a failure.
[  545.234132] name failslab, interval 1, probability 0, space 0, times 0
[  545.245515] CPU: 0 PID: 6979 Comm: syz-executor5 Not tainted 4.18.0-rc7+ #173
[  545.252796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  545.262153] Call Trace:
[  545.264740]  dump_stack+0x1c9/0x2b4
[  545.268367]  ? dump_stack_print_info.cold.2+0x52/0x52
[  545.273552]  ? lock_downgrade+0x8f0/0x8f0
[  545.277700]  should_fail.cold.4+0xa/0x1a
[  545.281757]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  545.286853]  ? rcu_report_qs_rnp+0x7a0/0x7a0
[  545.291256]  ? is_bpf_text_address+0xd7/0x170
[  545.295745]  ? find_held_lock+0x36/0x1c0
[  545.299814]  ? check_same_owner+0x340/0x340
[  545.304126]  ? kasan_slab_free+0xe/0x10
[  545.308091]  ? kmem_cache_free+0x86/0x2d0
[  545.312246]  ? putname+0xf2/0x130
[  545.315693]  ? rcu_note_context_switch+0x730/0x730
[  545.320616]  ? ksys_mount+0x12d/0x140
[  545.324405]  ? __x64_sys_mount+0xbe/0x150
[  545.328551]  __should_failslab+0x124/0x180
[  545.332780]  should_failslab+0x9/0x14
[  545.336574]  kmem_cache_alloc+0x2af/0x760
[  545.340728]  ? kasan_check_write+0x14/0x20
[  545.344954]  ? do_raw_spin_lock+0xc1/0x200
[  545.349196]  alloc_vfsmnt+0xe8/0x9f0
[  545.352901]  ? mnt_free_id.isra.27+0x60/0x60
[  545.357302]  ? kasan_check_read+0x11/0x20
[  545.361441]  ? graph_lock+0x170/0x170
[  545.365246]  ? rcu_pm_notify+0xc0/0xc0
[  545.369126]  ? putname+0xf2/0x130
[  545.372594]  ? find_held_lock+0x36/0x1c0
[  545.376680]  ? lock_downgrade+0x8f0/0x8f0
[  545.380821]  ? module_unload_free+0x5d0/0x5d0
[  545.385319]  ? lock_release+0xa30/0xa30
[  545.389290]  ? mpi_free.cold.1+0x19/0x19
[  545.393347]  vfs_kern_mount.part.34+0x90/0x4e0
[  545.397921]  ? may_umount+0xb0/0xb0
[  545.401551]  ? _raw_read_unlock+0x22/0x30
[  545.405688]  ? __get_fs_type+0x97/0xc0
[  545.409581]  do_mount+0x581/0x30e0
[  545.413116]  ? copy_mount_string+0x40/0x40
[  545.417346]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  545.422096]  ? retint_kernel+0x10/0x10
[  545.425980]  ? copy_mount_options+0x1f0/0x380
[  545.430470]  ? copy_mount_options+0x1f3/0x380
[  545.434956]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  545.440493]  ? copy_mount_options+0x285/0x380
[  545.444982]  ksys_mount+0x12d/0x140
[  545.448605]  __x64_sys_mount+0xbe/0x150
[  545.452569]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  545.457579]  do_syscall_64+0x1b9/0x820
[  545.461470]  ? finish_task_switch+0x1d3/0x870
[  545.465955]  ? syscall_return_slowpath+0x5e0/0x5e0
[  545.470873]  ? syscall_return_slowpath+0x31d/0x5e0
[  545.476316]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[  545.481683]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  545.486524]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  545.491702] RIP: 0033:0x456a09
[  545.494875] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  545.514218] RSP: 002b:00007f208a4d7c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  545.521928] RAX: ffffffffffffffda RBX: 00007f208a4d86d4 RCX: 0000000000456a09
[  545.529188] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000020000340
[  545.536448] RBP: 00000000009300a0 R08: 0000000020000580 R09: 0000000000000000
09:40:58 executing program 4:
r0 = socket$pptp(0x18, 0x1, 0x2)
bind$pptp(r0, &(0x7f00000000c0)={0x18, 0x2, {0x0, @rand_addr}}, 0x1e)
r1 = socket$pptp(0x18, 0x1, 0x2)
r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0)
setsockopt$inet_mreq(r2, 0x0, 0x24, &(0x7f0000000040)={@loopback}, 0x8)
dup2(r1, r0)

09:40:58 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe803000000000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  545.543707] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014
[  545.550964] R13: 00000000004d1738 R14: 00000000004c6e79 R15: 0000000000000005
09:40:58 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0x0, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

[  545.630144] binder_alloc: binder_alloc_mmap_handler: 6977 20001000-20004000 already mapped failed -16
[  545.644474] binder: BINDER_SET_CONTEXT_MGR already set
[  545.649997] binder_alloc: 6977: binder_alloc_buf, no vma
[  545.655143] binder: 6977:6978 ioctl 40046207 0 returned -16
[  545.655629] binder: 6977:6995 transaction failed 29189/-3, size 24-8 line 2967
[  545.671055] binder: send failed reply for transaction 3612 to 6977:6978
09:40:58 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe00]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:58 executing program 5 (fault-call:10 fault-nth:6):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:58 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0x0, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

[  545.689689] binder: undelivered TRANSACTION_ERROR: 29201
[  545.695220] binder: undelivered TRANSACTION_ERROR: 29189
[  545.804657] FAULT_INJECTION: forcing a failure.
[  545.804657] name failslab, interval 1, probability 0, space 0, times 0
[  545.816084] CPU: 0 PID: 7014 Comm: syz-executor5 Not tainted 4.18.0-rc7+ #173
[  545.823371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  545.832747] Call Trace:
[  545.835352]  dump_stack+0x1c9/0x2b4
[  545.838994]  ? dump_stack_print_info.cold.2+0x52/0x52
[  545.844199]  ? kernel_text_address+0x79/0xf0
[  545.848633]  should_fail.cold.4+0xa/0x1a
[  545.852713]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  545.857825]  ? save_stack+0x43/0xd0
[  545.861439]  ? kasan_kmalloc+0xc4/0xe0
[  545.865312]  ? kasan_slab_alloc+0x12/0x20
[  545.869447]  ? kmem_cache_alloc+0x12e/0x760
[  545.873772]  ? alloc_vfsmnt+0xe8/0x9f0
[  545.877652]  ? find_held_lock+0x36/0x1c0
[  545.881715]  ? check_same_owner+0x340/0x340
[  545.886046]  ? rcu_note_context_switch+0x730/0x730
[  545.890964]  __should_failslab+0x124/0x180
[  545.895188]  should_failslab+0x9/0x14
[  545.898973]  __kmalloc_track_caller+0x2c4/0x760
[  545.903647]  ? kasan_check_read+0x11/0x20
[  545.907804]  ? do_raw_spin_unlock+0xa7/0x2f0
[  545.912232]  ? kstrdup_const+0x66/0x80
[  545.916129]  kstrdup+0x39/0x70
[  545.919333]  kstrdup_const+0x66/0x80
[  545.923054]  alloc_vfsmnt+0x1bb/0x9f0
[  545.926858]  ? mnt_free_id.isra.27+0x60/0x60
[  545.931279]  ? kasan_check_read+0x11/0x20
[  545.935440]  ? graph_lock+0x170/0x170
[  545.939250]  ? rcu_pm_notify+0xc0/0xc0
[  545.943139]  ? putname+0xf2/0x130
[  545.946583]  ? find_held_lock+0x36/0x1c0
[  545.950634]  ? lock_downgrade+0x8f0/0x8f0
09:40:58 executing program 6:
r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0xfbd, 0x50200)
fcntl$setlease(r0, 0x400, 0x1)
fanotify_mark(0xffffffffffffffff, 0xa8, 0x4000002, r0, &(0x7f0000000940)='./file0\x00')

09:40:58 executing program 7:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000000)="005cc80758b02f7fc394030f9700145f8f764070212819970d37385077843bad54d4665850b955baaca09f4032d95fdf3a56e490b8ec0da44b9a9492bc08b4fa1a2280")
getresuid(&(0x7f0000000080)=<r1=>0x0, &(0x7f00000000c0), &(0x7f0000000140))
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000180)={{{@in6=@loopback, @in=@loopback, 0x4e22, 0x0, 0x4e21, 0x7fff, 0xa, 0x0, 0x20, 0x3b, 0x0, r1}, {0x3, 0x1192, 0x3ff, 0x1, 0x3, 0x3, 0x2, 0x4}, {0xfffffffffffffffa, 0x4, 0x10000, 0x3}, 0x1, 0x0, 0x2, 0x0, 0x1, 0x1}, {{@in=@remote, 0x4d2, 0x3c}, 0xa, @in=@local, 0x3504, 0x7, 0x3, 0x10000000000000, 0x33, 0x4, 0xc8}}, 0xe8)
r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/pid\x00')
setns(r2, 0x20000000)

09:40:58 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x815030000000000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:40:58 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070")
r1 = socket$l2tp(0x18, 0x1, 0x1)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = socket$l2tp(0x18, 0x1, 0x1)
connect$l2tp(r3, &(0x7f00005fafd2)=@pppol2tpv3={0x18, 0x1, {0x0, r2, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e)
connect$l2tp(r1, &(0x7f00000000c0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @rand_addr}, 0x4, 0x1}}, 0x2e)
setsockopt$sock_timeval(r3, 0x1, 0x15, &(0x7f0000000000)={0x77359400}, 0x10)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
ioctl$PPPIOCGL2TPSTATS(r1, 0x80487436, &(0x7f00000003c0))

09:40:58 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:58 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0x0, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:40:58 executing program 1:
r0 = socket$inet(0x2, 0x1, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0xfffffffffffffffc, 0x8972, 0xffffffffffffffff, 0x0)
bind$inet(r0, &(0x7f0000134000)={0x2, 0x4e23, @broadcast}, 0x10)
connect$inet(r0, &(0x7f00000e5000)={0x2, 0x4e23, @loopback}, 0x10)
ioctl$sock_inet_SIOCGIFBRDADDR(r0, 0x8919, &(0x7f0000000000)={'ip6gre0\x00', {0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x21}}})
connect$inet(r0, &(0x7f00009322c4)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x2)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)

[  545.954767]  ? module_unload_free+0x5d0/0x5d0
[  545.959264]  ? lock_release+0xa30/0xa30
[  545.963225]  ? mpi_free.cold.1+0x19/0x19
[  545.967275]  vfs_kern_mount.part.34+0x90/0x4e0
[  545.971861]  ? may_umount+0xb0/0xb0
[  545.975493]  ? _raw_read_unlock+0x22/0x30
[  545.979647]  ? __get_fs_type+0x97/0xc0
[  545.983543]  do_mount+0x581/0x30e0
[  545.987090]  ? copy_mount_string+0x40/0x40
[  545.991341]  ? copy_mount_options+0x5f/0x380
[  545.995779]  ? rcu_read_lock_sched_held+0x108/0x120
[  546.000806]  ? kmem_cache_alloc_trace+0x616/0x780
[  546.005658]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  546.011205]  ? _copy_from_user+0xdf/0x150
[  546.015365]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  546.020914]  ? copy_mount_options+0x285/0x380
[  546.025427]  ksys_mount+0x12d/0x140
[  546.029070]  __x64_sys_mount+0xbe/0x150
[  546.031179] binder: 7026:7033 got new transaction with bad transaction stack, transaction 3618 has target 7026:0
[  546.033045]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  546.033066]  do_syscall_64+0x1b9/0x820
09:40:58 executing program 6:
r0 = socket$inet6(0xa, 0x1, 0x0)
fallocate(r0, 0x43, 0x7, 0xe5)
ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070")
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "f2786cce0fad21c4ce22cf1aed03b5ee77000000000000000000023ae9bf4041000ae3f4eb7505000000bb02107e7060799f0d8813c9caadc9e163c77b492492", "c3ad24a5ccb7412c2ab68f4429c8d2dd6c39de29daf4692562dce4423008719f30a13fcc8346eb3b962f8a512471d87c1e0bea3523941df7054fdd81130cdc2e", "22481815e3f3c8f7cb5d417c992df1e792cb400c906176bce6107e55707b7802"})
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000000)={0x0, 0xffffffffffffff3f})
ioctl$TCSETS(r1, 0x40045431, &(0x7f00005befdc))
ioctl$PIO_UNISCRNMAP(0xffffffffffffffff, 0x4b6a, &(0x7f0000000140)="20f3ba84a02858a2fa7d5e8b3a1f3a90a8311e3508f90d370ba3eb282ee9b5e32272dc9dc6aec17936d268f739c4f57c03b44f6b9a2042db0f7faf54672816355e11b2d17803d660ad49d5786f494d46927037da4035b2a8b960d454faaebe2ee8557cfed6428f699aa48f5931159b27b0f51dfd0d066c2c9af25b1a1cb0e457f83be9bd09")
r2 = syz_open_pts(r1, 0x20201)
write(r2, &(0x7f0000000140), 0x28d)

[  546.033081]  ? finish_task_switch+0x1d3/0x870
[  546.033098]  ? syscall_return_slowpath+0x5e0/0x5e0
[  546.033116]  ? syscall_return_slowpath+0x31d/0x5e0
[  546.033134]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[  546.033155]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  546.043482] binder: 7026:7033 transaction failed 29201/-71, size 0-0 line 2879
[  546.048468]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  546.048480] RIP: 0033:0x456a09
[  546.048490] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  546.111918] RSP: 002b:00007f208a4d7c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  546.119644] RAX: ffffffffffffffda RBX: 00007f208a4d86d4 RCX: 0000000000456a09
[  546.126921] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000020000340
[  546.134199] RBP: 00000000009300a0 R08: 0000000020000580 R09: 0000000000000000
[  546.137608] binder_alloc: binder_alloc_mmap_handler: 7026 20001000-20004000 already mapped failed -16
09:40:58 executing program 3 (fault-call:0 fault-nth:0):
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

[  546.141471] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014
[  546.141480] R13: 00000000004d1738 R14: 00000000004c6e79 R15: 0000000000000006
[  546.168865] binder: BINDER_SET_CONTEXT_MGR already set
[  546.176105] binder_alloc: 7026: binder_alloc_buf, no vma
[  546.181639] binder: 7026:7038 transaction failed 29189/-3, size 24-8 line 2967
[  546.197670] binder: 7026:7033 ioctl 40046207 0 returned -16
[  546.228962] FAULT_INJECTION: forcing a failure.
[  546.228962] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  546.240939] CPU: 1 PID: 7052 Comm: syz-executor3 Not tainted 4.18.0-rc7+ #173
[  546.241163] binder: send failed reply for transaction 3618 to 7026:7033
[  546.248207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  546.248214] Call Trace:
[  546.248237]  dump_stack+0x1c9/0x2b4
[  546.248257]  ? dump_stack_print_info.cold.2+0x52/0x52
[  546.275680]  ? print_usage_bug+0xc0/0xc0
[  546.279739]  should_fail.cold.4+0xa/0x1a
[  546.283792]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  546.288887]  ? print_usage_bug+0xc0/0xc0
[  546.292940]  ? __lock_acquire+0x7fc/0x5020
[  546.297166]  ? print_usage_bug+0xc0/0xc0
[  546.301212]  ? rcu_is_watching+0x8c/0x150
[  546.305349]  ? __lock_acquire+0x7fc/0x5020
[  546.309587]  ? __lock_acquire+0x7fc/0x5020
[  546.313824]  ? trace_hardirqs_on+0x10/0x10
[  546.318051]  ? trace_hardirqs_on+0x10/0x10
[  546.322276]  __alloc_pages_nodemask+0x36e/0xdb0
[  546.326931]  ? trace_hardirqs_on+0x10/0x10
[  546.331154]  ? save_stack+0xa9/0xd0
[  546.334772]  ? __alloc_pages_slowpath+0x2d90/0x2d90
[  546.339772]  ? d_alloc+0x96/0x380
[  546.343220]  ? __lock_acquire+0x7fc/0x5020
[  546.347447]  ? graph_lock+0x170/0x170
[  546.351234]  ? __lock_acquire+0x7fc/0x5020
[  546.355458]  ? print_usage_bug+0xc0/0xc0
[  546.359507]  ? graph_lock+0x170/0x170
[  546.363296]  ? print_usage_bug+0xc0/0xc0
[  546.367348]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  546.372878]  alloc_pages_current+0x10c/0x210
[  546.377274]  skb_page_frag_refill+0x45f/0x6a0
[  546.381757]  ? sock_kfree_s+0x60/0x60
[  546.385546]  ? check_noncircular+0x20/0x20
[  546.389769]  ? kasan_check_read+0x11/0x20
[  546.393903]  ? rcu_is_watching+0x8c/0x150
[  546.398038]  ? rcu_report_qs_rnp+0x7a0/0x7a0
[  546.402438]  tun_build_skb.isra.54+0x35c/0x2280
[  546.407100]  ? tun_device_event+0x1030/0x1030
[  546.411582]  ? print_usage_bug+0xc0/0xc0
[  546.415626]  ? __wake_up_common_lock+0x1d0/0x330
[  546.420370]  ? print_usage_bug+0xc0/0xc0
[  546.424421]  ? __lock_acquire+0x7fc/0x5020
[  546.428645]  ? __lock_acquire+0x7fc/0x5020
[  546.432870]  ? print_usage_bug+0xc0/0xc0
[  546.436918]  ? trace_hardirqs_on+0x10/0x10
[  546.441139]  ? trace_hardirqs_on+0x10/0x10
[  546.445362]  ? print_usage_bug+0xc0/0xc0
[  546.449432]  ? print_usage_bug+0xc0/0xc0
[  546.453483]  ? print_usage_bug+0xc0/0xc0
[  546.457531]  ? d_splice_alias+0x7c9/0x11f0
[  546.461753]  ? print_usage_bug+0xc0/0xc0
[  546.465804]  ? __lock_acquire+0x7fc/0x5020
[  546.470031]  ? trace_hardirqs_on+0x10/0x10
[  546.474263]  ? trace_hardirqs_on+0x10/0x10
[  546.478494]  ? __lock_acquire+0x7fc/0x5020
[  546.482717]  tun_get_user+0xc61/0x42c0
[  546.486598]  ? trace_hardirqs_on+0x10/0x10
[  546.490838]  ? tun_build_skb.isra.54+0x2280/0x2280
[  546.495761]  ? graph_lock+0x170/0x170
[  546.499550]  ? graph_lock+0x170/0x170
[  546.503355]  ? _raw_spin_unlock+0x22/0x30
[  546.507491]  ? graph_lock+0x170/0x170
[  546.511278]  ? find_held_lock+0x36/0x1c0
[  546.515331]  ? lock_downgrade+0x8f0/0x8f0
[  546.519469]  ? kasan_check_read+0x11/0x20
[  546.523604]  ? rcu_report_qs_rnp+0x7a0/0x7a0
[  546.528016]  ? tun_get+0x231/0x370
[  546.531547]  ? tun_chr_close+0x180/0x180
[  546.535602]  tun_chr_write_iter+0xb9/0x154
[  546.539823]  do_iter_readv_writev+0x897/0xa90
[  546.544308]  ? vfs_dedupe_file_range+0xa00/0xa00
[  546.549054]  ? rw_verify_area+0x118/0x360
[  546.553192]  do_iter_write+0x185/0x5f0
[  546.557068]  ? dup_iter+0x270/0x270
[  546.560690]  ? proc_cwd_link+0x1d0/0x1d0
[  546.564738]  ? kasan_check_read+0x11/0x20
[  546.568873]  vfs_writev+0x1f1/0x360
[  546.572486]  ? __fget_light+0x2f7/0x440
[  546.576446]  ? vfs_iter_write+0xb0/0xb0
[  546.580411]  ? wait_for_completion+0x8d0/0x8d0
[  546.584980]  ? __lock_is_held+0xb5/0x140
[  546.589040]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  546.594561]  ? __fdget_pos+0xde/0x200
[  546.598347]  ? __fdget_raw+0x20/0x20
[  546.602050]  ? __sb_end_write+0xac/0xe0
[  546.606018]  do_writev+0x11a/0x310
[  546.609553]  ? vfs_writev+0x360/0x360
[  546.613341]  ? syscall_slow_exit_work+0x500/0x500
[  546.618168]  ? ksys_ioctl+0x81/0xd0
[  546.621794]  __x64_sys_writev+0x75/0xb0
[  546.625768]  do_syscall_64+0x1b9/0x820
[  546.629641]  ? finish_task_switch+0x1d3/0x870
[  546.634125]  ? syscall_return_slowpath+0x5e0/0x5e0
[  546.639044]  ? syscall_return_slowpath+0x31d/0x5e0
[  546.643966]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[  546.649316]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  546.654146]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  546.659320] RIP: 0033:0x4568c1
09:40:59 executing program 4:
execve(&(0x7f0000001140)='./file0\x00', &(0x7f0000001340)=[&(0x7f0000001180)='^self\x00', &(0x7f00000011c0)='trusted&]}\x00', &(0x7f0000001200)='lo-wlan1ppp1\x00', &(0x7f0000001240)='%*-ppp0%\x00', &(0x7f0000001280)='\x00', &(0x7f00000012c0)='\x00', &(0x7f0000001300)='\x00'], &(0x7f00000013c0)=[&(0x7f0000001380)='em1lo\x00'])
utime(&(0x7f0000000080)='./file0\x00', &(0x7f0000001440)={0xbe2e, 0x9e2})
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x100008912, &(0x7f0000000100)="025cc80700145f8f764070")
r1 = open(&(0x7f0000000000)='./file0\x00', 0xd288c17ed60fb419, 0xd4)
ioctl$PIO_SCRNMAP(r1, 0x4b41, &(0x7f0000000040)="408881a6bdc8ca58cf1f43d9ae5330adcd116b")
r2 = socket$inet_dccp(0x2, 0x6, 0x0)
getsockopt$inet_int(r2, 0x10d, 0x11, &(0x7f000079bffc), &(0x7f0000001400)=0x4)
getsockopt$inet_opts(r2, 0x0, 0xd, &(0x7f0000000140)=""/4096, &(0x7f00000000c0)=0x1000)
fcntl$setstatus(r0, 0x4, 0x46800)

09:40:59 executing program 5 (fault-call:10 fault-nth:7):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:40:59 executing program 7:
r0 = openat$cuse(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/cuse\x00', 0x82, 0x0)
r1 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = fcntl$getown(r1, 0x9)
fcntl$setown(r0, 0x8, r2)
write$FUSE_OPEN(r0, &(0x7f0000000080)={0x20, 0x0, 0x8, {0x0, 0x4}}, 0x20)
mkdir(&(0x7f00000001c0)='./file0\x00', 0x0)
mount(&(0x7f00000000c0)='./file0//ile0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='cgroup2\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000040)='./file0//ile0\x00', 0x0, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
clock_nanosleep(0x0, 0x0, &(0x7f0000000140)={0x0, 0x1c9c380}, &(0x7f0000000280))
getsockopt$inet6_mreq(r3, 0x29, 0x14, &(0x7f0000000380)={@local}, &(0x7f00000003c0)=0x14)
socketpair$inet6_sctp(0xa, 0x0, 0x84, &(0x7f0000000300))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x8031, 0xffffffffffffffff, 0x0)
mknodat(r3, &(0x7f0000000240)='./file0\x00', 0x1000, 0x4)
io_setup(0x4, &(0x7f00000000c0))
write$FUSE_NOTIFY_POLL(r3, &(0x7f0000000040)={0x18}, 0xfffffe46)
sendto$inet(r0, &(0x7f0000000400)="45cca77415f81df6244e61fa7ebc1ad4ffb3eb01c5307cf8c42ea975bae6d0bdc903b1a2b519455d14d60a2745fd1aa62b090ec14c21ac9bdc05eb05ec7e44c270e66c1ac2d77b62da7ae58269d81a", 0x4f, 0x4000010, &(0x7f0000000480)={0x2, 0x4e23, @local}, 0x10)
ioctl$sock_inet_SIOCGIFBRDADDR(r0, 0x8919, &(0x7f0000000340)={'syz_tun\x00', {0x2, 0x4e23, @rand_addr=0x7}})

[  546.662494] Code: 75 14 b8 14 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 34 b6 fb ff c3 48 83 ec 08 e8 da 2c 00 00 48 89 04 24 b8 14 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 23 2d 00 00 48 89 d0 48 83 c4 08 48 3d 01 
[  546.681802] RSP: 002b:00007f6097fd4ba0 EFLAGS: 00000293 ORIG_RAX: 0000000000000014
[  546.689496] RAX: ffffffffffffffda RBX: 0000000000000066 RCX: 00000000004568c1
[  546.696762] RDX: 0000000000000001 RSI: 00007f6097fd4bf0 RDI: 00000000000000f0
[  546.704026] RBP: 0000000020000000 R08: 00000000000000f0 R09: 0000000000000000
[  546.711292] R10: 0000000000000064 R11: 0000000000000293 R12: 0000000000000013
[  546.718546] R13: 00000000004d53e0 R14: 00000000004c8d24 R15: 0000000000000000
09:40:59 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:59 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x6000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:40:59 executing program 6:
r0 = socket$inet6(0xa, 0x1, 0x0)
fallocate(r0, 0x43, 0x7, 0xe5)
ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070")
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "f2786cce0fad21c4ce22cf1aed03b5ee77000000000000000000023ae9bf4041000ae3f4eb7505000000bb02107e7060799f0d8813c9caadc9e163c77b492492", "c3ad24a5ccb7412c2ab68f4429c8d2dd6c39de29daf4692562dce4423008719f30a13fcc8346eb3b962f8a512471d87c1e0bea3523941df7054fdd81130cdc2e", "22481815e3f3c8f7cb5d417c992df1e792cb400c906176bce6107e55707b7802"})
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000000)={0x0, 0xffffffffffffff3f})
ioctl$TCSETS(r1, 0x40045431, &(0x7f00005befdc))
ioctl$PIO_UNISCRNMAP(0xffffffffffffffff, 0x4b6a, &(0x7f0000000140)="20f3ba84a02858a2fa7d5e8b3a1f3a90a8311e3508f90d370ba3eb282ee9b5e32272dc9dc6aec17936d268f739c4f57c03b44f6b9a2042db0f7faf54672816355e11b2d17803d660ad49d5786f494d46927037da4035b2a8b960d454faaebe2ee8557cfed6428f699aa48f5931159b27b0f51dfd0d066c2c9af25b1a1cb0e457f83be9bd09")
r2 = syz_open_pts(r1, 0x20201)
write(r2, &(0x7f0000000140), 0x28d)

[  546.839938] binder: 7066:7068 got new transaction with bad transaction stack, transaction 3624 has target 7066:0
[  546.850415] binder: 7066:7068 transaction failed 29201/-71, size 0-0 line 2879
[  546.864185] FAULT_INJECTION: forcing a failure.
[  546.864185] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  546.876132] CPU: 0 PID: 7065 Comm: syz-executor5 Not tainted 4.18.0-rc7+ #173
09:40:59 executing program 1:
r0 = socket$inet(0x2, 0x1, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0xfffffffffffffffc, 0x8972, 0xffffffffffffffff, 0x0)
bind$inet(r0, &(0x7f0000134000)={0x2, 0x4e23, @broadcast}, 0x10)
connect$inet(r0, &(0x7f00000e5000)={0x2, 0x4e23, @loopback}, 0x10)
connect$inet(r0, &(0x7f00009322c4)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x2)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @remote}, 0x10)
openat$cgroup(r0, &(0x7f0000000200)='syz1\x00', 0x200002, 0x0)
llistxattr(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)=""/153, 0x99)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
getsockopt$inet_sctp_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000040), &(0x7f0000000180)=0xb)

09:40:59 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900000000000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  546.883413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  546.892769] Call Trace:
[  546.895375]  dump_stack+0x1c9/0x2b4
[  546.899025]  ? dump_stack_print_info.cold.2+0x52/0x52
[  546.904231]  ? zap_class+0x740/0x740
[  546.907969]  should_fail.cold.4+0xa/0x1a
[  546.912051]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  546.917174]  ? pcpu_balance_workfn+0x1700/0x1700
[  546.921946]  ? find_held_lock+0x36/0x1c0
[  546.926038]  ? check_same_owner+0x340/0x340
[  546.930375]  ? __lockdep_init_map+0x105/0x590
[  546.934882]  ? rcu_note_context_switch+0x730/0x730
09:40:59 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  546.939837]  __alloc_pages_nodemask+0x36e/0xdb0
[  546.944525]  ? __alloc_pages_slowpath+0x2d90/0x2d90
[  546.949559]  ? kasan_check_read+0x11/0x20
[  546.953719]  ? rcu_pm_notify+0xc0/0xc0
[  546.957633]  ? find_held_lock+0x36/0x1c0
[  546.961721]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  546.967278]  alloc_pages_current+0x10c/0x210
[  546.971702]  __get_free_pages+0xf/0x40
[  546.975600]  get_zeroed_page+0x11/0x20
[  546.979499]  mount_fs+0x210/0x328
[  546.982963]  ? mpi_free.cold.1+0x19/0x19
09:40:59 executing program 1:
r0 = socket$inet(0x2, 0x1, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0xfffffffffffffffc, 0x8972, 0xffffffffffffffff, 0x0)
bind$inet(r0, &(0x7f0000134000)={0x2, 0x4e23, @broadcast}, 0x10)
connect$inet(r0, &(0x7f00000e5000)={0x2, 0x4e23, @loopback}, 0x10)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x4000, 0x0)
connect$inet(r0, &(0x7f00009322c4)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x2)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)

[  546.987038]  vfs_kern_mount.part.34+0xdc/0x4e0
[  546.991634]  ? may_umount+0xb0/0xb0
[  546.995293]  ? _raw_read_unlock+0x22/0x30
[  546.999463]  ? __get_fs_type+0x97/0xc0
[  547.003371]  do_mount+0x581/0x30e0
[  547.006929]  ? copy_mount_string+0x40/0x40
[  547.011178]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  547.015953]  ? retint_kernel+0x10/0x10
[  547.019865]  ? copy_mount_options+0x1f0/0x380
[  547.024386]  ? __sanitizer_cov_trace_pc+0x38/0x50
[  547.029243]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  547.034794]  ? copy_mount_options+0x285/0x380
09:40:59 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400300]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:59 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

[  547.039318]  ksys_mount+0x12d/0x140
[  547.042967]  __x64_sys_mount+0xbe/0x150
[  547.046958]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  547.051991]  do_syscall_64+0x1b9/0x820
[  547.055886]  ? finish_task_switch+0x1d3/0x870
[  547.060401]  ? syscall_return_slowpath+0x5e0/0x5e0
[  547.065354]  ? syscall_return_slowpath+0x31d/0x5e0
[  547.070298]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[  547.075686]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  547.080545]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  547.085739] RIP: 0033:0x456a09
[  547.088928] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  547.108327] RSP: 002b:00007f208a4d7c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  547.116049] RAX: ffffffffffffffda RBX: 00007f208a4d86d4 RCX: 0000000000456a09
[  547.123328] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000020000340
[  547.130603] RBP: 00000000009300a0 R08: 0000000020000580 R09: 0000000000000000
09:40:59 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:59 executing program 6:
r0 = syz_open_dev$sndctrl(&(0x7f0000012000)='/dev/snd/controlC#\x00', 0x0, 0x0)
r1 = perf_event_open(&(0x7f0000001000)={0x0, 0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000005000), 0x2}, 0x3fffffffffffc}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000200)={<r2=>0x0, 0xff}, &(0x7f0000000240)=0x8)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000280)={r2, 0x80000001, 0x10001}, &(0x7f00000002c0)=0x8)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000040)={{{@in=@broadcast, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in=@broadcast}, 0x0, @in=@loopback}}, &(0x7f0000000140)=0xe8)
fstat(r1, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0})
lchown(&(0x7f0000000000)='./file0\x00', r3, r4)
ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc1105517, &(0x7f0000001000))
epoll_create1(0x80000)

09:40:59 executing program 3:
syz_emit_ethernet(0x20000066, &(0x7f0000000000)={@broadcast, @dev, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

[  547.137880] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014
[  547.145152] R13: 00000000004d1738 R14: 00000000004c6e79 R15: 0000000000000007
[  547.167997] binder: undelivered TRANSACTION_ERROR: 29201
[  547.173657] binder: undelivered TRANSACTION_ERROR: 29189
09:40:59 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:40:59 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x5c, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x48, 0x11, [@generic="e2abb4ec7645192056d52f76aacc17fd28d66a75a08d136f699d897bdabf4fd3c08e579e5253c2081c92cacb9693e7bb692f4ba15133ce6266b2a62bbacd9d21aa"]}]}, 0x5c}}, 0x0)
ioctl$BLKRESETZONE(r0, 0x40101283, &(0x7f0000000140)={0xffff, 0x2})
r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x1, 0x0)
sendto$inet(r1, &(0x7f0000000180)="f90d731b18b12f23e5d3a3e527bb534bd46cd2fbc4a3ecf57bc75798375ab0b4b9ffb256be6dddfc937857d5c66a3c1849a25d3c554e663efa22a862e77abb53011efcb8dca4863cfc7d5562cda28640361866a81af2eca2aa4937580bb7e216735316489a38ee79bb1f47ced40aca5fcaae8595cccf3760820b2ba62b67e26767e8681b6081ff5e6cd0a5307d899b45cead73942c2d6714bd5398411d6ede9bb05673e4643fc833b7b801b8ae383875636c16814156a32ce199edb6eca6287d7fe33c2e29371021b9af3558718f2c4805b09e3dd8506607910e", 0xda, 0x800, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10)

09:40:59 executing program 5 (fault-call:10 fault-nth:8):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

[  547.283906] binder_alloc: binder_alloc_mmap_handler: 7066 20001000-20004000 already mapped failed -16
[  547.309151] binder: BINDER_SET_CONTEXT_MGR already set
[  547.314766] binder: 7066:7068 ioctl 40046207 0 returned -16
[  547.355514] binder: send failed reply for transaction 3624 to 7066:7068
[  547.375242] FAULT_INJECTION: forcing a failure.
[  547.375242] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  547.387184] CPU: 0 PID: 7123 Comm: syz-executor5 Not tainted 4.18.0-rc7+ #173
[  547.394468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  547.403819] Call Trace:
[  547.403848]  dump_stack+0x1c9/0x2b4
[  547.403870]  ? dump_stack_print_info.cold.2+0x52/0x52
[  547.403889]  ? zap_class+0x740/0x740
[  547.418980]  should_fail.cold.4+0xa/0x1a
[  547.423060]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  547.428182]  ? pcpu_balance_workfn+0x1700/0x1700
[  547.432412] binder: undelivered TRANSACTION_ERROR: 29201
[  547.432944]  ? find_held_lock+0x36/0x1c0
[  547.438418] binder: undelivered TRANSACTION_ERROR: 29189
[  547.442447]  ? check_same_owner+0x340/0x340
[  547.442468]  ? __lockdep_init_map+0x105/0x590
[  547.456693]  ? rcu_note_context_switch+0x730/0x730
[  547.461642]  __alloc_pages_nodemask+0x36e/0xdb0
[  547.466327]  ? __alloc_pages_slowpath+0x2d90/0x2d90
[  547.471359]  ? kasan_check_read+0x11/0x20
[  547.475516]  ? rcu_pm_notify+0xc0/0xc0
[  547.479427]  ? find_held_lock+0x36/0x1c0
[  547.483502]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  547.489054]  alloc_pages_current+0x10c/0x210
[  547.493471]  __get_free_pages+0xf/0x40
[  547.497361]  get_zeroed_page+0x11/0x20
[  547.501254]  mount_fs+0x210/0x328
[  547.504718]  ? mpi_free.cold.1+0x19/0x19
[  547.508792]  vfs_kern_mount.part.34+0xdc/0x4e0
[  547.513471]  ? may_umount+0xb0/0xb0
[  547.517107]  ? _raw_read_unlock+0x22/0x30
[  547.521262]  ? __get_fs_type+0x97/0xc0
[  547.525163]  do_mount+0x581/0x30e0
[  547.528707]  ? do_raw_spin_unlock+0xa7/0x2f0
[  547.533125]  ? copy_mount_string+0x40/0x40
[  547.537368]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  547.542136]  ? retint_kernel+0x10/0x10
[  547.546036]  ? copy_mount_options+0x1f0/0x380
[  547.550540]  ? copy_mount_options+0x1f6/0x380
[  547.555043]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  547.560584]  ? copy_mount_options+0x285/0x380
[  547.565098]  ksys_mount+0x12d/0x140
[  547.568741]  __x64_sys_mount+0xbe/0x150
[  547.572723]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  547.577754]  do_syscall_64+0x1b9/0x820
[  547.581658]  ? syscall_return_slowpath+0x5e0/0x5e0
[  547.586605]  ? syscall_return_slowpath+0x31d/0x5e0
[  547.591551]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[  547.596932]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  547.601789]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  547.606970] RIP: 0033:0x456a09
[  547.610143] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  547.629483] RSP: 002b:00007f208a4d7c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  547.637181] RAX: ffffffffffffffda RBX: 00007f208a4d86d4 RCX: 0000000000456a09
[  547.644437] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000020000340
[  547.651695] RBP: 00000000009300a0 R08: 0000000020000580 R09: 0000000000000000
[  547.658952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014
[  547.666210] R13: 00000000004d1738 R14: 00000000004c6e79 R15: 0000000000000008
09:41:00 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:41:00 executing program 3:
syz_emit_ethernet(0x7ffff000, &(0x7f0000000000)={@broadcast, @dev, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:00 executing program 6:
r0 = socket$inet6(0xa, 0x40000080806, 0x0)
connect$inet6(r0, &(0x7f0000000100), 0x1c)
ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f0000000040))
getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000000), &(0x7f0000000080)=0x14)
ioctl$sock_SIOCGIFBR(r0, 0x8940, &(0x7f0000000140)=@get={0x1, &(0x7f00000000c0)=""/19, 0xca})

09:41:00 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x6000000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:41:00 executing program 4:
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(&(0x7f0000000280)='./file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f000000c000)='ramfs\x00', 0x0, &(0x7f000000a000))
mknod(&(0x7f0000000080)='./file0/file2\x00', 0x0, 0x0)

09:41:00 executing program 7:
r0 = socket$inet(0x10, 0x3, 0x40000000000010)
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
r1 = openat$mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/mixer\x00', 0x100, 0x0)
ioctl$PIO_UNIMAPCLR(r1, 0x4b68, &(0x7f0000000100)={0x2, 0xff, 0x10001})
socketpair(0x11, 0x3, 0x2, &(0x7f0000000140)={<r2=>0xffffffffffffffff})
socket$inet6_tcp(0xa, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001ac0)=[{{&(0x7f0000000500)=@ethernet={0x0, @remote}, 0x80, &(0x7f0000000600), 0x0, &(0x7f0000000640)=""/71, 0x47}}], 0x1, 0x0, &(0x7f0000001b80))
r3 = dup2(r2, r2)
setsockopt$inet6_icmp_ICMP_FILTER(r3, 0x1, 0x1, &(0x7f0000000240)={0x7}, 0x4)
sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000005c0)}, 0x0)
socketpair(0x13, 0x3, 0x4, &(0x7f0000000040)={<r4=>0xffffffffffffffff})
ioctl$PIO_UNIMAPCLR(r4, 0x4b68, &(0x7f0000000080)={0x80, 0x5e7c, 0x80000001})
execveat(r2, &(0x7f0000000280)='./file0\x00', &(0x7f0000000440)=[&(0x7f00000002c0)='\'\x00', &(0x7f0000000300)='ppp0~\x00', &(0x7f0000000340)='/dev/mixer\x00', &(0x7f0000000380)='/dev/mixer\x00', &(0x7f00000003c0)='/dev/mixer\x00', &(0x7f0000000400)='/dev/mixer\x00'], &(0x7f0000000580)=[&(0x7f0000000480)='/dev/mixer\x00', &(0x7f00000004c0)='/dev/mixer\x00'], 0x1800)
poll(&(0x7f0000000200)=[{r1, 0x20}, {r4, 0x8000}], 0x2, 0x7)

09:41:00 executing program 5 (fault-call:10 fault-nth:9):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

[  547.817454] binder: 7133:7136 got new transaction with bad transaction stack, transaction 3629 has target 7133:0
[  547.828020] binder: 7133:7136 transaction failed 29201/-71, size 0-0 line 2879
09:41:00 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c00000000000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:41:00 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070")
syz_open_dev$sndctrl(&(0x7f0000000080)='/dev/snd/controlC#\x00', 0x0, 0x0)
socket$inet6(0xa, 0x1000000000002, 0x0)
r1 = openat$ion(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/ion\x00', 0x0, 0x0)
ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000080)={0x7, 0x80000001, 0x0, <r2=>0xffffffffffffff9c})
openat$vsock(0xffffffffffffff9c, &(0x7f00000009c0)='/dev/vsock\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x4, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
dup2(r1, r2)

09:41:00 executing program 4:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = dup(r0)
ioctl$PIO_UNISCRNMAP(r1, 0x4b6a, &(0x7f0000000040)="6921150dedae0f91152521800cdb5e7c5b4013b8269eeaf665b9a5cfcbb2c84df6464220b24c57f422")
getsockopt$IPT_SO_GET_REVISION_TARGET(r0, 0x0, 0x43, &(0x7f0000000080)={'icmp\x00'}, &(0x7f00000000c0)=0x1e)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/sctp\x00')
ioctl$sock_inet_SIOCADDRT(r1, 0x890b, &(0x7f0000000200)={0xf7b, {0x2, 0x4e20}, {0x2, 0x4e20, @broadcast}, {0x2, 0x4e20}, 0x324, 0x7, 0x6, 0x200, 0x6, &(0x7f00000001c0)="73ffe0ffffffffffc03000000900", 0x7fffffff, 0x3c100000000})
ioctl$PERF_EVENT_IOC_REFRESH(r2, 0x2402, 0x6)

09:41:00 executing program 1:
r0 = socket$inet(0x2, 0x1, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0xfffffffffffffffc, 0x8972, 0xffffffffffffffff, 0x0)
bind$inet(r0, &(0x7f0000134000)={0x2, 0x4e23, @broadcast}, 0x10)
connect$inet(r0, &(0x7f00000e5000)={0x2, 0x4e23, @loopback}, 0x10)
connect$inet(r0, &(0x7f00009322c4)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x2)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10)
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r0, 0x0, 0x1000, 0xf0, &(0x7f0000000200)="eddc871c2f38a4913b198dc7280b1e0605a848ce692c996115b546ec0c20da3c694bbfd2d0631af4de7bfa7ca14de0334034dbf8c90e373cad3d1aa6fe3d00d1082b85af7bce316034a5d3d6d84060cf177a1a3ed0e2d3de51dad49bd40d827676e4d5b1dc6787e2be408a34b3581777ac8cd138ca02ec6526dc55391f8a39c6d83fbf0530432cca2a67d18256bcbc2a0da9f71e731e90e1c9185424bda7c0199b3b6c3a5ca1d1d1a257581bbe8afecd94e6014ba8629d2076f843b79981ae6f102628f8de9ecbde86afb5829f2bbcd002160fdda961e36be0bb9830efebf6c43bd98b19d955ede649fecb4e5256fd71a82442434e7450a902f5ec469644e3ce8cfc4af8959aa731767010f6e6e1c5515099dd47d0e693457d2a02dcb69db8ff6322442f7c6097e2e0e71d4e465ead2dee5da8a6f935b541018d3975949eb845ffdeec0346d3e32edf552052b56f9b23701cb8f498fd439e8885ce1ac1fa5440ac79b05007205b85cdef3410089b913fc6b670d9578fb3da98ba961ece0110cd60efcd46880af00535db45de52f4a0ba462863ae5df1e55f5da7353e41cf944861a04cc9747c4adaae5c215ab547da3c7749741a63daa68ae3240fda616d10ba73c3a6169345aabfed2344b748a5e81d30e723a8a82fb56d3fb10d25bca2fd2e992c2d0c819e518b601e96880e0b79f4d376897ca10f76e0b17f0de0350261b6981927b68c7f671d60d6e71aef2956ff9dda79e72f5d35154c5cbabe8fe798f63500d6db408700ffdc478bb21cd33e04bb8bd74f5eacb0a2d650a95b0e1d8a083a2abede64c2f4efa2dca78387b0976448dd407efdea4ca86b0fc6fd2982a389fff839e72c3d8f7fb7164cf726df015ae8f4471a7ca181713b14dc4130e3d7fa8b8588403c728391559237386baf3451013ce79755bf479d435081441b53c5a8e5ccd7df7d8e521a04307d0d7fa19facc27cdf1cab485a9cb482f8f56838bd50214cfb5081eabd64cb6d58c23378e4bd4644fc70187fabd19b435c6442826bc05cf0ec53ecd4fadfd5113364e278cc0bd7904ba12b117f1aa3b5425430cf24153040b1e51e73e01937099acc6a34d0f59c9a65d0192a9fde16a38d809b9e996625c6d25786fb3bbbc401df5ae94bb79a0d44dd803d24f3e1ba74777a9d12977ade47a5b1a54b93f9a0a19ffbb10b8f332d7d6d0d52b46bf6e58e233ec86b7f246192d5d518a51bc3197b05acdeefd4f322dc3f0acec0830ca9baf20394dedf647c2c24c37a138361585862239fde10c658332b8276f2b3841f8f08ccd623f4332fee402e6a39ed27f363a236b4b77635c59dc06fdcc02cda9fd34b3f08d4e24c2572cce73c07ce288be9930191f9788406912652df35c4561f618c26c3444545ac148a847b0985e1ace121af58e23cb2e8c09f4944d13457870a4f753376c12eac235abf1e75eb2e77c40ff89c0a0c9c5ea55a14c0c4fdc33d46e3fc397bef43b942b0f816c3ea8d015b5bd52684bbca4d486f7b873b697a6cd2279bfce77a50c73b515e1e8fb054ff51fd868517076bf067c346c01b2b4479ae82d5fe12c1284d5433fa8cbad2cbcccca812671e6a1dfeda7905324dba6820d339959377e609f3f9b88091cfbf5f53346d0ed7d3e39af0547c82702bb659b201b370402ae74af0161190446ae15561c6138f7c6e883c116f6c3d18b7e15836b960ccb95740752dff85ecad6b3fe4f0ecca721f0a2ecb416d8c4988be78093c682ac4e469f303098fd262c562c61ae9569af7d5f795478294abe044c2a7c8312d263d021e8b217ec0a01cd896eb38880417cf17d32383aa8c40050879129fb070ba7830595b2ee859f5dbff7e29c931950917751e383587b6b3c978c19585d05ebf9d57924518ba3a9b5b50811b3e8ca0360914c9f251e112dc7c6f9ea9540941a62d56aa2c38aba24de2b9a134634d147aed09cf085ec2b2254c252c98e86f594d44b001858fe3d13100006d097e69ff2d22e14a11f44ed179f5a585b07ad4cbaf0b216e4ec2e2950521ce032456fa51fd657cd05e14c75e236444af60c6e48404dbfafb93e9cee64585e2347afad43c663fbc8e4b63526d0953ad3078e99ee2ef5f50fe6fabf76530075c0b1fd0619e8bcaa3f42f4c373511485578e7e6aaf122711bc92bc435c2c2161932e99a2cd464daf5785350bf3e307cdd04718b0bd44420a3f91f48f577737d0cd6a19e8844724b71a9dd62bf0facd410c4d4482bbdbbcd5bba64e54a123b2ed3fea34167f20d178094442ed85984e02d84d8a249db156a7fd5f79f753bd2fbf25bcc2119193a423762478add05b60da7b76471aa3010b468f912c2a173ab3b100fba9a43ca2f74c86ccbd3d8534cb83b6ae87651909b290a5b9bd82fa030988455d9afcbd252352228da3f29a5dcc63cfa479d047d26fc773ef8ab69fb59b01f167b2c938c976cfa651991c348eb77d29d9d9ace0ed1fab6a3983f5c0aed9a226c90cc1e0bf1c63234995fff73e8a0321265d1d2150fccf58b3f206249c555b236ce48adbd819fdfa3063d33a100dbcefb8b20548da11e3235ee814f442bdde81de86277d646632ad2c460b681c0fb3b84e0dd06b30956b465ace7f191717137d7debd9ec5b591c4f002e679f5f280f07ac7d46f8d3010350bb5c3ee78765c7718bc61a761ab2c3ea358a22bb541da7404fa7d92d3916b9c939030e4d2e1b58bd0809506b34885d2a12f9a79543c24fda5958af8026887060e84860d74ae9c3a57a87416889aaff2fdad7deb0c1ca0372ea9e2f172ffa8e04e6185e176879567715d95b17e6a30cb809cba5e8e477eddb7feea86e0d0476d7ff4fc63f548ece5dc1b079afb31b245c897e610d600931fd3e76497ce16133581f67bf50495b6a457696023cf7a8b9c539f077f86ae090513fdb2ccb1987c9b738dd4237927e31048f65f5cbbcd5dac7d9940ef5998d90d6106874566359761997dbcc6e6891c075a55427c917dac4be4b1e31d02dac6ea1ebe88afc136d05bf0b437a93c0c0bb2da15f3a9d3682588895c74021ef55360e8a3c835eb814f265dec4e199e324eb115a282c2041f03147af5503f91a7f1796019ab53c280a340378679acb5820f22a0e6fc7d051ae81b4b3c5de09254db2112faf2502cf21a85ea9c22b9bd070efb0350c2fc2cb4370a27d93e8b97842e4ccbe307c6c233d329de423d2d0ac9588e975142b5b55599b43953cd50b0ae8356ce526c9835253b0de1a1c686416f84e8f983b336e904383b0fc02021d1cad1b0ecf46ddd49ccf2c994ff0902d837cd208040913f631e93e1b405511c0ff1f980ade3c46d2db6840044bcf64bddf3ba469d2d2592362d67cbfbf97c30ae87bb2f6c2c27578c5d72378a05142de2588dfdb8676b4530601674612de8d9a917da073dfb69814af19a5b770babb92efbde70494a1b9e7b4fac21eabea2d0d99a6ed391f2a835cb5bd468c161e7e1b103dec9581db77109534593421d006e9f35738ae9755689ae164ff4d10f2bd656eeccf4dd73a253fc5831bdde8cc8d7fa977b13f681e3968d9750ca9b57be116c4d10ffcd61e9bb0e4805745878bc916a2ec6fd232249441d3d5ba738bf6041fe4de8dbff4369f432e51838ba5e8cd2a3e2a6b392dc74253691e4879d95a196a96732430e81a6ec477a9873664f5d97495714841f6bc67210ab8c12d6b1684765fcd7d69cb47ebf9edffb4c972acdcc4b70138e2d02c4f4a94962e8c176ee81c5652c1299cc4ff7d217f9c6d792849bdbec5da0fb6b341cdeadfc8902365161008c2723fd9d57254ea79e18f4b7fa055107093f77d09081d312b1469fa7848859f6a2c828d36f39b377a6b81aa47fe9bc78edfd87e0cd79a7daae36487ac63d7baae84e9fdd1e29f2d39ed95046114accaa4fb498a6a88dd54b7e8ea92ca5670a484890b57943e8b590abcac0eb964fb85ec6701878b5ac3cb1883cfbd1257114795066e41f9f4f5e0659a7e4959ff396da6efbd5f19495e74c6b02d4dc1749d9b1ddaa0455d8a1d96d9c0b60dc20391bd8b3fd261547691f1aa476b6a37d6861a2e5abd661207cc7aa5fc565a30119f5e852a528094cb3e5d9eddcee5eb10f3cd0590d11e039aef8e28572a9e197c04b9715180707aa99c3c5e18ec5e0945dd2a80ddee08caa983b718eb08f53526153fa0dd506c10a85dbd2a8e2d4ea02d7f90c4ea76d9d63c7ae3bddac3f1bd7321014260ef4502afb9726af31be2ed261424975a564f226fddabe4e10643154705455b12549095e681b8c2e16e4fcff4046aa1a98ffb34424dd816d694c4bfc7e02781cda835eaf0e4389f96c2ca7cd475297271e8dd0e9beff8245cb5afc40c4a7870339dc3aa94d65aefa2ab6106cf6e162ce4c6f784490ee1809498e9db412e155c4d32be7ec66382a3838631eee8c862bd7805f10d156b1258ffcef7235e79628a008ce20a63eb922519884c6e40066ddc452e991fe7e99fd12a83b7a3054f1e283ebe986056f40dc6923074a7840277dda239aaef3f2135c3848dd2378deb5e72d2c49a6feba43c7846561f79ab85d2ad1a9898481a964d61f3f0da2b74e480c9a7ba931910d1011249f222e9c9d973c26bfdb4447fd1390ec87c343caad4ea0e97111980f05abd6485146b69355fc7c78afc2a02eac10b9a523cddf0151474fea92698f3418368ec70c10d0d35575a44144adf2976286ea421311ab9089c04094afff5b499198aeb88d462039bb6f8fd5a317fa649b2104884a70c85a38a0311666f2180519dc6ca7b2753404bf5b2ae57a4c6fcfa1f6e4f5f824fa6ea6ea4d9bf0f914bc0d073a628ace14e44961e68f84286e70044412ca362e24b97adad4d99a437e27e6cb04ffe78553c40a06ce8d8841c127dfdddde8caff27849418db7b0139e117130cb7d2eeeb5a8bda809a93038d6923c664a38cea08631090a0b0d0f9b2d638668352b30d9dbeb1f41ea119ac5ce3e08aef9683cd81baefe834ad552ec686dd0bc2f51fb16758a09d555b7ec9febb304a773a86d7a59917e6500a517e70cd250a7fb89b7a0ed0b7fa5d95f65730cd56e354143a0728e803e46a9bb33695d8ee2e88361c0042e40dd3d336e6f9a125592450e7be1dbe9b908e1121b41eac75637f28501a6c467008a0e3bbc9161a373ce39b4ad6f4fd72b30638770469d8fb7e132bf051219ff242c13e126b29c0e3d3bc8f4c06bc870fd98bd165206bbfd2bbd6b33f3d80469a1a9bdda9204812880f15fed44d8e843a66a55fcba2b96f2d275f0915164ce9edb40abff05cdb110b38c8399cb4c2602142210220a3612333a7dce9b63b11b1ed63776e6502b98bb154d16395faef88ce13a2d6a28c03326253216659ba8a18f9fa16660fd0efdcba78f167fa3dfdd4e03656848288c770fd767412fb9fe8cf3f51751021b3db03f1768ae19ef8a91cc61eff07f811a089c1da67f578b35d35c4859a20915a8f7addd501bf74bde0440d915c73bca7f791b12a04fa983804d351f08d0b89d077beda217439cd73e84c48c250f0cd4d33a64f4f73716356e6c4d1c828aa79bcb15b705e04fe6e0463cd307c0201d2c16b840a756c6b48da4cddc0cb481aa6083766236dddda3b8aae49a1d2baccf30f136018a2ec81a687c3c389f9c1d04545ef283fcf1e44fe0d3a4657949e575be055f0cd183f039b2783d7446ba30892a5cccf9338ecefb3ed69366a683d4b47ff4538b2971fd6637c80424cd91a71642acdc4594130fe4f23b9b29c8e13f1e2110ad1f3cd85a83ae829575fbb", &(0x7f00000000c0)=""/240, 0x4}, 0x28)

09:41:00 executing program 3:
syz_emit_ethernet(0xfffffdef, &(0x7f0000000000)={@broadcast, @dev, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

[  547.905398] binder_alloc: binder_alloc_mmap_handler: 7133 20001000-20004000 already mapped failed -16
[  547.933818] FAULT_INJECTION: forcing a failure.
[  547.933818] name failslab, interval 1, probability 0, space 0, times 0
[  547.945443] CPU: 1 PID: 7148 Comm: syz-executor5 Not tainted 4.18.0-rc7+ #173
[  547.952722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  547.962079] Call Trace:
[  547.964679]  dump_stack+0x1c9/0x2b4
[  547.968323]  ? dump_stack_print_info.cold.2+0x52/0x52
[  547.973531]  ? __lock_acquire+0x7fc/0x5020
[  547.977788]  should_fail.cold.4+0xa/0x1a
[  547.981870]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  547.986990]  ? trace_hardirqs_on+0x10/0x10
[  547.991239]  ? trace_hardirqs_on+0x10/0x10
[  547.995486]  ? graph_lock+0x170/0x170
[  547.999308]  ? find_held_lock+0x36/0x1c0
[  548.003389]  ? __lock_is_held+0xb5/0x140
[  548.007480]  ? check_same_owner+0x340/0x340
[  548.011813]  ? graph_lock+0x170/0x170
[  548.015624]  ? rcu_note_context_switch+0x730/0x730
[  548.017527] binder_alloc: 7133: binder_alloc_buf, no vma
[  548.020562]  __should_failslab+0x124/0x180
[  548.020613]  should_failslab+0x9/0x14
[  548.020629]  kmem_cache_alloc_trace+0x2cb/0x780
[  548.020647]  ? find_held_lock+0x36/0x1c0
[  548.026174] binder: 7133:7136 transaction failed 29189/-3, size 24-8 line 2967
[  548.030343]  ? graph_lock+0x170/0x170
[  548.030367]  get_mountpoint+0x162/0x410
[  548.030381]  ? namespace_unlock+0x210/0x210
[  548.030407]  attach_recursive_mnt+0x121/0xb70
[  548.043645] binder: send failed reply for transaction 3629 to 7133:7136
[  548.050257]  ? count_mounts+0x360/0x360
[  548.050275]  ? rcu_read_lock_sched_held+0x108/0x120
[  548.050290]  ? kfree+0x1e9/0x260
[  548.050310]  ? get_mountpoint+0xe6/0x410
[  548.089954]  ? namespace_unlock+0x210/0x210
[  548.094263]  ? down_read+0x1d0/0x1d0
[  548.097971]  graft_tree+0x1aa/0x240
[  548.101586]  do_add_mount+0x1fe/0x370
[  548.105376]  do_mount+0x193f/0x30e0
[  548.108990]  ? do_raw_spin_unlock+0xa7/0x2f0
[  548.113391]  ? copy_mount_string+0x40/0x40
[  548.117636]  ? copy_mount_options+0x5f/0x380
[  548.122037]  ? rcu_read_lock_sched_held+0x108/0x120
[  548.127044]  ? kmem_cache_alloc_trace+0x616/0x780
[  548.131880]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  548.137411]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  548.143396]  ? copy_mount_options+0x285/0x380
[  548.147883]  ksys_mount+0x12d/0x140
[  548.151498]  __x64_sys_mount+0xbe/0x150
[  548.155464]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  548.160469]  do_syscall_64+0x1b9/0x820
[  548.164344]  ? finish_task_switch+0x1d3/0x870
[  548.168826]  ? syscall_return_slowpath+0x5e0/0x5e0
[  548.173742]  ? syscall_return_slowpath+0x31d/0x5e0
[  548.178662]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[  548.184023]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  548.188858]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  548.194039] RIP: 0033:0x456a09
[  548.197212] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  548.216465] RSP: 002b:00007f208a4d7c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  548.224163] RAX: ffffffffffffffda RBX: 00007f208a4d86d4 RCX: 0000000000456a09
[  548.231417] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000020000340
[  548.238669] RBP: 00000000009300a0 R08: 0000000020000580 R09: 0000000000000000
[  548.245922] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014
09:41:00 executing program 3:
syz_emit_ethernet(0xfdef, &(0x7f0000000000)={@broadcast, @dev, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:00 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
r1 = syz_open_procfs(0x0, &(0x7f0000000080)='net/icmp\x00')
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000040)={0x7ff, 0x3ff, 0x4, 0x2, 0xffff, 0x20, 0x80, 0x8, 0x55, 0x3, 0x1, 0x3})

[  548.253178] R13: 00000000004d1738 R14: 00000000004c6e79 R15: 0000000000000009
09:41:01 executing program 4:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='attr/sockcreate\x00')
ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000180)={0xabf2, 0x80000001})
syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x8a57, 0x2)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_open_dev$vcsa(&(0x7f0000000200)='/dev/vcsa#\x00', 0x6, 0x20000)
inotify_init()
openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x200000, 0x154)
r1 = socket(0x2, 0x3, 0x40000000000000ff)
sendto$unix(r1, &(0x7f0000000100)="92c681d56cf54d9cf6a74b5c39753b260e23f7a92b74950379387a6ba4ceb2150600588bbe460cb519b5084ceaf5b86582dc8ef75d9940ef6d391910d37989587fd33eaab4b4", 0x46, 0xffffffffffffffff, &(0x7f0000000080)=@abs, 0x6e)

09:41:01 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1100]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:41:01 executing program 6:
personality(0xffffffffffffff7f)
perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000380)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x0, 0x0)
uname(&(0x7f0000000780)=""/176)
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000600)='/dev/vga_arbiter\x00', 0x109001, 0x0)
setsockopt$inet_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000640)='tls\x00', 0x4)
socket$nl_generic(0x10, 0x3, 0x10)

09:41:01 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x68000000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:41:01 executing program 3:
syz_emit_ethernet(0xfffffffffffffdef, &(0x7f0000000000)={@broadcast, @dev, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:01 executing program 5 (fault-call:10 fault-nth:10):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:41:01 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdef]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  548.453241] binder: 7197:7198 got new transaction with bad transaction stack, transaction 3635 has target 7197:0
[  548.463746] binder: 7197:7198 transaction failed 29201/-71, size 0-0 line 2879
[  548.472913] binder: undelivered TRANSACTION_ERROR: 29201
[  548.478463] binder: undelivered TRANSACTION_ERROR: 29189
[  548.513177] binder: BINDER_SET_CONTEXT_MGR already set
[  548.515804] binder_alloc: binder_alloc_mmap_handler: 7197 20001000-20004000 already mapped failed -16
[  548.521984] binder: 7197:7198 ioctl 40046207 0 returned -16
[  548.576310] binder_alloc: 7197: binder_alloc_buf, no vma
[  548.581927] binder: 7197:7211 transaction failed 29189/-3, size 24-8 line 2967
[  548.583856] FAULT_INJECTION: forcing a failure.
[  548.583856] name failslab, interval 1, probability 0, space 0, times 0
[  548.594666] binder: send failed reply for transaction 3635 to 7197:7198
[  548.600631] CPU: 1 PID: 7208 Comm: syz-executor5 Not tainted 4.18.0-rc7+ #173
[  548.614640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  548.623980] Call Trace:
[  548.626559]  dump_stack+0x1c9/0x2b4
[  548.630177]  ? dump_stack_print_info.cold.2+0x52/0x52
[  548.635361]  ? print_usage_bug+0xc0/0xc0
[  548.639419]  should_fail.cold.4+0xa/0x1a
[  548.643474]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  548.648575]  ? graph_lock+0x170/0x170
[  548.652366]  ? __lock_acquire+0x7fc/0x5020
[  548.656590]  ? find_held_lock+0x36/0x1c0
[  548.660642]  ? __lock_is_held+0xb5/0x140
[  548.664702]  ? check_same_owner+0x340/0x340
[  548.669037]  ? rcu_note_context_switch+0x730/0x730
[  548.673958]  __should_failslab+0x124/0x180
[  548.678183]  should_failslab+0x9/0x14
[  548.681971]  kmem_cache_alloc+0x2af/0x760
[  548.686105]  ? zap_class+0x740/0x740
[  548.689804]  ? zap_class+0x740/0x740
[  548.693518]  alloc_vfsmnt+0xe8/0x9f0
[  548.697219]  ? mnt_free_id.isra.27+0x60/0x60
[  548.701618]  ? print_usage_bug+0xc0/0xc0
[  548.705681]  ? trace_hardirqs_on+0x10/0x10
[  548.709909]  ? lock_downgrade+0x8f0/0x8f0
[  548.714047]  ? lock_downgrade+0x8f0/0x8f0
[  548.718186]  ? kasan_check_read+0x11/0x20
[  548.722322]  ? perf_trace_lock+0xde/0x920
[  548.726460]  ? kasan_check_write+0x14/0x20
[  548.730686]  ? zap_class+0x740/0x740
[  548.734391]  clone_mnt+0x124/0x14a0
[  548.738013]  ? kern_mount_data+0xc0/0xc0
[  548.742068]  ? perf_trace_lock+0xde/0x920
[  548.746205]  ? perf_trace_lock+0xde/0x920
[  548.750342]  ? zap_class+0x740/0x740
[  548.754042]  ? zap_class+0x740/0x740
[  548.757745]  ? find_held_lock+0x36/0x1c0
[  548.761800]  ? lock_downgrade+0x8f0/0x8f0
[  548.765936]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  548.771465]  ? kasan_check_read+0x11/0x20
[  548.775600]  ? do_raw_spin_unlock+0xa7/0x2f0
[  548.779996]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  548.784573]  copy_tree+0x169/0xb00
[  548.788121]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  548.793123]  ? is_subdir+0x2f1/0x4a0
[  548.796826]  ? to_mnt_ns+0x20/0x20
[  548.800357]  ? __lock_is_held+0xb5/0x140
[  548.804411]  propagate_one+0x4e3/0x930
[  548.808298]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  548.813304]  ? next_group+0x400/0x400
[  548.817099]  propagate_mnt+0x18a/0x3e0
[  548.820989]  attach_recursive_mnt+0x60c/0xb70
[  548.825481]  ? count_mounts+0x360/0x360
[  548.829446]  ? rcu_read_lock_sched_held+0x108/0x120
[  548.834449]  ? kfree+0x1e9/0x260
[  548.837803]  ? get_mountpoint+0xe6/0x410
[  548.841852]  ? namespace_unlock+0x210/0x210
[  548.846160]  ? down_read+0x1d0/0x1d0
[  548.849868]  graft_tree+0x1aa/0x240
[  548.853485]  do_add_mount+0x1fe/0x370
[  548.857291]  do_mount+0x193f/0x30e0
[  548.860921]  ? copy_mount_string+0x40/0x40
[  548.865150]  ? copy_mount_options+0x5f/0x380
[  548.869547]  ? rcu_read_lock_sched_held+0x108/0x120
[  548.874549]  ? kmem_cache_alloc_trace+0x616/0x780
[  548.879382]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  548.884907]  ? _copy_from_user+0xdf/0x150
[  548.889047]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  548.894570]  ? copy_mount_options+0x285/0x380
[  548.899056]  ksys_mount+0x12d/0x140
[  548.902675]  __x64_sys_mount+0xbe/0x150
[  548.906647]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  548.911661]  do_syscall_64+0x1b9/0x820
[  548.915535]  ? finish_task_switch+0x1d3/0x870
[  548.920024]  ? syscall_return_slowpath+0x5e0/0x5e0
[  548.924945]  ? syscall_return_slowpath+0x31d/0x5e0
[  548.929864]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[  548.935232]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  548.940067]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  548.945243] RIP: 0033:0x456a09
[  548.948431] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  548.967688] RSP: 002b:00007f208a4d7c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  548.975384] RAX: ffffffffffffffda RBX: 00007f208a4d86d4 RCX: 0000000000456a09
[  548.982636] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000020000340
[  548.989893] RBP: 00000000009300a0 R08: 0000000020000580 R09: 0000000000000000
[  548.997147] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014
[  549.004404] R13: 00000000004d1738 R14: 00000000004c6e79 R15: 000000000000000a
09:41:01 executing program 7:
mkdir(&(0x7f00000001c0)='./file0\x00', 0x0)
mount(&(0x7f0000000380)='./file0//ile0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000440)="6367726f757032007228bd0805723570aa0af79485aca52dc2d78e6e0837a4c041ed7c4ed979d62a636345c892647189e19fdeb2fe4e69daadbcac4a7636a3b430a7d3a0c4c3e87e72897a3bc7d8433e71d47d67c4b69dcdac061c950ce7d99bbb01fa08b4a4d7d5a5f9a00000000000eb7d40657c0e23aaecd4a17a4b9138c39f48eec31910b05395b9253ea42e79f28dada69e7b65663f7a6ca32edaa331aee72587e77d80b63ce88f8930056ca6b83a7880b6b2725f6a0636a71d1246fc9dfa824920e8ca9bf743e92534eb8874fe2d495eaae8a5b8bf17b6af014f802926257a932c3e620d2ca8658c8f9a79aee239baa4e9912ccbe50da0a9382ca53a5c5ee79bd17b533c9bc22333465eccde63b67890753aeebb746ac693e5c5bb3abb4c7568bd98cb5b82ce90a954d77d4f495a3495f941b6a7e29308593b7b48a9b6f1a03af9282c326bf9c546e609a19021d7985d1547a69e1337a7129094a9f4c98da8f1ae0ab346f6006665da4baaffd65d10e340e738659fd789e924fe005ce369c1690297f43b556b6e5b5f400b201f58f0a37da3ee49c59d4b04cd3c3f39afc0cc24468cb520f665b0bad4f4de886e397008db6c933d7d66a920cf2338023c6dd39b2a17d2bc522ab70324bd4bec26911a29c9a4f8c333e0fb84eddd7170e85c5074b5b3b281dda7ce888c8636b8c1a953eba47f4a2e5b0084c4e5d53d6f404869227a3199", 0x0, 0x0)
gettid()
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000080)={0x0, <r0=>0x0})
syz_open_procfs(r0, &(0x7f0000000040)='net/dev\x00')
open(&(0x7f0000000200)='./file0//ile0\x00', 0x0, 0x0)
unshare(0x60040200)
sendmsg$IPVS_CMD_NEW_DAEMON(0xffffffffffffffff, &(0x7f0000000b40)={&(0x7f0000000980)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000b00)={&(0x7f0000000a40)={0x64, 0x0, 0x0, 0x70bd29, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DEST={0x40, 0x2, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x3}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e21}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x8000}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x413b}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x7}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@multicast1}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x40}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}]}, 0x64}, 0x1, 0x0, 0x0, 0x1}, 0x11)
sched_getaffinity(0x0, 0x8, &(0x7f00000009c0))

09:41:01 executing program 6:
recvmmsg(0xffffffffffffffff, &(0x7f0000000240)=[{{&(0x7f0000000080)=@alg, 0x80, &(0x7f0000000200)}, 0x3}], 0x1, 0x0, &(0x7f0000000280)={0x77359400})
r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x40200, 0x0)
sendto(r0, &(0x7f00000002c0)="5d3698b914cc7f51a01fabaf71ec7825749ef604c9ec3f6a3378e460e99d9415ab5effa9f98b8c58d5162227c241fc1b79a693f22008feaff4b1beb851964e9d502e3446c36fa89c04e83e2bed0fd8f93d41573cbefe66034770d021cda01a1a13fe5ede6083af9f7e3419b6f476d52e38c657c9721d8be4a2089aaf80aac45b39b450aff18db10316fd4d1bd831bb0e5e3cb8594c813178c9abba5c359120db972a91a156163f1748e8a4964407ac0aed0b4d17a5fb91a51b3b816b56dbac21df68c766e4fd12f4078fb0c30766dfe380817248121610f3aaf1396979b3495d7fb7ba", 0xe3, 0x4000004, 0x0, 0x0)
write$P9_RUNLINKAT(r0, &(0x7f0000000040)={0x2e5, 0x4d, 0x1}, 0x7)
r1 = syz_open_procfs(0x0, &(0x7f0000000140)="6183787600")
preadv(r1, &(0x7f0000000100), 0x361, 0x0)

09:41:01 executing program 4:
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x801, 0x0)
ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
prctl$intptr(0x2a, 0x4)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x2, 0x7}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r0, &(0x7f00000000c0)={0x4, 0x8, 0xfa00, {r1, 0x3c}}, 0x10)

09:41:01 executing program 3:
syz_emit_ethernet(0xd, &(0x7f0000000000)={@broadcast, @dev, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:01 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  549.036370] binder: undelivered TRANSACTION_ERROR: 29201
[  549.041914] binder: undelivered TRANSACTION_ERROR: 29189
09:41:01 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x6c00, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:41:01 executing program 5 (fault-call:10 fault-nth:11):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:41:01 executing program 1:
r0 = socket$inet(0x2, 0x1, 0x4)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0xfffffffffffffffc, 0x8972, 0xffffffffffffffff, 0x0)
r1 = request_key(&(0x7f00000002c0)='cifs.spnego\x00', &(0x7f0000000300)={0x73, 0x79, 0x7a, 0x2}, &(0x7f0000000340)='/dev/vcs\x00', 0xfffffffffffffffa)
r2 = add_key(&(0x7f0000000380)='user\x00', &(0x7f0000000500)={0x73, 0x79, 0x7a, 0x1}, &(0x7f0000000400)="fb0f9520ac2d8819d3b0c384a039c38aa88c0958ae92b0cf3c0828fd649e8b69eb2c2c343404510645e66c9012cd47c796f423f201baa8f239e5141d9afbecb94b46149c0da766a64d034ebd221509bc07215d", 0x53, 0xfffffffffffffff9)
keyctl$unlink(0x9, r1, r2)
bind$inet(r0, &(0x7f0000134000)={0x2, 0x4e23, @remote}, 0x10)
r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000240)='/dev/vcs\x00', 0x400, 0x0)
write$eventfd(r3, &(0x7f0000000280)=0xa90, 0x8)
connect$inet(r0, &(0x7f00000e5000)={0x2, 0x4e1f, @loopback}, 0x10)
connect$inet(r0, &(0x7f00009322c4)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x2)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10)
ioctl$sock_SIOCGSKNS(r3, 0x894c, &(0x7f00000004c0)=0xfffffffffffffb9f)
fremovexattr(r3, &(0x7f0000000480)=@random={'btrfs.', 'eth1\x00'})
poll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0)
r4 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer\x00', 0x10101, 0x0)
ioctl$TCSBRKP(r4, 0x5425, 0x3)
socket$inet6(0xa, 0x80000, 0x4)
r5 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0xcb0a855813943612, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r5, 0x40605346, &(0x7f00000000c0)={0x9, 0x0, {0x2, 0x0, 0x7f, 0x0, 0x3f}})
ppoll(&(0x7f0000000040)=[{r0, 0x1}], 0x1, &(0x7f0000000140)={0x77359400}, &(0x7f0000000180)={0x3}, 0x8)

09:41:01 executing program 3:
syz_emit_ethernet(0xa6, &(0x7f0000000000)={@broadcast, @dev, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

[  549.159905] IPVS: ftp: loaded support on port[0] = 21
[  549.168424] binder: 7231:7236 got new transaction with bad transaction stack, transaction 3641 has target 7231:0
[  549.178896] binder: 7231:7236 transaction failed 29201/-71, size 0-0 line 2879
[  549.200999] FAULT_INJECTION: forcing a failure.
[  549.200999] name failslab, interval 1, probability 0, space 0, times 0
[  549.212349] CPU: 1 PID: 7239 Comm: syz-executor5 Not tainted 4.18.0-rc7+ #173
[  549.219627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  549.229511] Call Trace:
[  549.229534]  dump_stack+0x1c9/0x2b4
[  549.229556]  ? dump_stack_print_info.cold.2+0x52/0x52
[  549.240951]  ? kernel_text_address+0x79/0xf0
[  549.245384]  should_fail.cold.4+0xa/0x1a
[  549.249465]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  549.254588]  ? graph_lock+0x170/0x170
[  549.258404]  ? save_stack+0x43/0xd0
[  549.261321] binder_alloc: binder_alloc_mmap_handler: 7231 20001000-20004000 already mapped failed -16
[  549.262038]  ? kasan_kmalloc+0xc4/0xe0
[  549.262049]  ? kasan_slab_alloc+0x12/0x20
[  549.262068]  ? kmem_cache_alloc+0x12e/0x760
[  549.280109] binder: BINDER_SET_CONTEXT_MGR already set
[  549.283737]  ? alloc_vfsmnt+0xe8/0x9f0
[  549.283760]  ? find_held_lock+0x36/0x1c0
[  549.283781]  ? __lock_is_held+0xb5/0x140
[  549.283808]  ? check_same_owner+0x340/0x340
[  549.305363]  ? rcu_note_context_switch+0x730/0x730
[  549.310309]  __should_failslab+0x124/0x180
[  549.314557]  should_failslab+0x9/0x14
[  549.316079] binder: 7231:7236 ioctl 40046207 0 returned -16
[  549.318362]  __kmalloc_track_caller+0x2c4/0x760
[  549.318381]  ? kasan_check_read+0x11/0x20
[  549.318398]  ? do_raw_spin_unlock+0xa7/0x2f0
[  549.318417]  ? kstrdup_const+0x66/0x80
[  549.318439]  kstrdup+0x39/0x70
[  549.344397]  kstrdup_const+0x66/0x80
[  549.348125]  alloc_vfsmnt+0x1bb/0x9f0
[  549.349388] binder_alloc: 7231: binder_alloc_buf, no vma
[  549.351931]  ? mnt_free_id.isra.27+0x60/0x60
[  549.351951]  ? print_usage_bug+0xc0/0xc0
[  549.351979]  ? trace_hardirqs_on+0x10/0x10
[  549.352004]  ? lock_downgrade+0x8f0/0x8f0
[  549.352021]  ? lock_downgrade+0x8f0/0x8f0
[  549.352044]  ? kasan_check_read+0x11/0x20
[  549.357558] binder: 7231:7255 transaction failed 29189/-3, size 24-8 line 2967
[  549.361877]  ? do_raw_spin_unlock+0xa7/0x2f0
[  549.361892]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  549.361909]  ? kasan_check_write+0x14/0x20
[  549.361925]  ? do_raw_spin_lock+0xc1/0x200
[  549.370477] binder: send failed reply for transaction 3641 to 7231:7236
[  549.374326]  clone_mnt+0x124/0x14a0
[  549.374348]  ? kern_mount_data+0xc0/0xc0
[  549.374372]  ? save_stack+0xa9/0xd0
[  549.374393]  ? find_held_lock+0x36/0x1c0
[  549.374418]  ? lock_downgrade+0x8f0/0x8f0
[  549.374435]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  549.374454]  ? kasan_check_read+0x11/0x20
[  549.443169]  ? do_raw_spin_unlock+0xa7/0x2f0
[  549.447563]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  549.452141]  copy_tree+0x169/0xb00
[  549.455673]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  549.460677]  ? is_subdir+0x2f1/0x4a0
[  549.464380]  ? to_mnt_ns+0x20/0x20
[  549.467906]  ? __lock_is_held+0xb5/0x140
[  549.471960]  propagate_one+0x4e3/0x930
[  549.475839]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  549.480841]  ? next_group+0x400/0x400
[  549.484637]  propagate_mnt+0x18a/0x3e0
[  549.488513]  attach_recursive_mnt+0x60c/0xb70
[  549.492999]  ? count_mounts+0x360/0x360
[  549.496965]  ? rcu_read_lock_sched_held+0x108/0x120
[  549.501968]  ? kfree+0x1e9/0x260
[  549.505322]  ? get_mountpoint+0xe6/0x410
[  549.509369]  ? namespace_unlock+0x210/0x210
[  549.513678]  ? down_read+0x1d0/0x1d0
[  549.517384]  graft_tree+0x1aa/0x240
[  549.520999]  do_add_mount+0x1fe/0x370
[  549.524792]  do_mount+0x193f/0x30e0
[  549.528412]  ? copy_mount_string+0x40/0x40
[  549.532638]  ? copy_mount_options+0x5f/0x380
[  549.537038]  ? rcu_read_lock_sched_held+0x108/0x120
[  549.542043]  ? kmem_cache_alloc_trace+0x616/0x780
[  549.546891]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  549.552416]  ? _copy_from_user+0xdf/0x150
[  549.556554]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  549.562079]  ? copy_mount_options+0x285/0x380
[  549.566566]  ksys_mount+0x12d/0x140
[  549.570181]  __x64_sys_mount+0xbe/0x150
[  549.574145]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  549.579149]  do_syscall_64+0x1b9/0x820
[  549.583030]  ? finish_task_switch+0x1d3/0x870
[  549.587513]  ? syscall_return_slowpath+0x5e0/0x5e0
[  549.592429]  ? syscall_return_slowpath+0x31d/0x5e0
[  549.597346]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[  549.602702]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  549.607532]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  549.612707] RIP: 0033:0x456a09
[  549.615880] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  549.635121] RSP: 002b:00007f208a4d7c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  549.642816] RAX: ffffffffffffffda RBX: 00007f208a4d86d4 RCX: 0000000000456a09
[  549.650071] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000020000340
09:41:01 executing program 6:
r0 = socket$inet6(0xa, 0x21000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
r1 = creat(&(0x7f0000000180)='./bus\x00', 0x0)
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x2, 0x32, r1, 0x0)
ioctl$sock_inet_udp_SIOCINQ(r1, 0x541b, &(0x7f00000001c0))

09:41:02 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0x2}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:02 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  549.657326] RBP: 00000000009300a0 R08: 0000000020000580 R09: 0000000000000000
[  549.664577] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014
[  549.671844] R13: 00000000004d1738 R14: 00000000004c6e79 R15: 000000000000000b
09:41:02 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0x8}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:02 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x4800000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:41:02 executing program 6:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
signalfd4(r0, &(0x7f0000000080)={0x2}, 0x8, 0x80800)
write$binfmt_misc(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="73797a311d43cfed1cd0b261dd66ad841d653ba8b41afa2e017c19f26e98250000000000"], 0x24)

[  549.714886] IPVS: ftp: loaded support on port[0] = 21
09:41:02 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0x4000}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

[  549.773108] binder: undelivered TRANSACTION_ERROR: 29201
[  549.778744] binder: undelivered TRANSACTION_ERROR: 29189
[  549.793713] binder: 7265:7268 got new transaction with bad transaction stack, transaction 3647 has target 7265:0
[  549.804291] binder: 7265:7268 transaction failed 29201/-71, size 0-0 line 2879
[  549.868947] binder_alloc: binder_alloc_mmap_handler: 7265 20001000-20004000 already mapped failed -16
[  549.880542] binder: BINDER_SET_CONTEXT_MGR already set
[  549.886527] binder: 7265:7268 ioctl 40046207 0 returned -16
[  549.888396] binder_alloc: 7265: binder_alloc_buf, no vma
[  549.897842] binder: 7265:7274 transaction failed 29189/-3, size 24-8 line 2967
[  549.906878] binder: send failed reply for transaction 3647 to 7265:7268
[  549.916287] binder: undelivered TRANSACTION_ERROR: 29201
[  549.921833] binder: undelivered TRANSACTION_ERROR: 29189
09:41:03 executing program 7:
r0 = socket$packet(0x11, 0x3, 0x300)
readv(r0, &(0x7f0000000240)=[{&(0x7f0000000000)=""/150, 0x96}, {&(0x7f00000000c0)=""/62, 0x3e}, {&(0x7f0000000180)=""/160, 0xa0}], 0x3)
write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="7f454c460000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000380000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000"], 0xfffffc53)
sync()
getsockopt(r0, 0x8, 0x2, &(0x7f0000000280)=""/188, &(0x7f0000000340)=0xbc)

09:41:03 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1100000000000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:41:03 executing program 6:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x400000, 0x0)
ioctl$KVM_TRANSLATE(r1, 0xc018ae85, &(0x7f00000000c0)={0x0, 0x4000, 0xffffffff, 0xfffffffffffffffc, 0x5})
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000000)=ANY=[@ANYBLOB="05000000000000000d0000400500000005000000000100000000004000000000010000000000000025000000ffffffff00040000000000000a00000006"])
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)={0x1, 0x0, [{0x38f, 0x0, 0x2}]})

09:41:03 executing program 5 (fault-call:10 fault-nth:12):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:41:03 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0x600}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:03 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x500000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:41:03 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cd27a04e2bbcbb2c970257e640400000018f788ae40db64271d3b099f435463d7c3")
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$SG_GET_KEEP_ORPHAN(r1, 0x40096101, &(0x7f0000000040))

09:41:03 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070")
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000000c0)="80d56c84a60008f2cfe0ef", 0xb)
r2 = accept$alg(r1, 0x0, 0x0)
write$binfmt_elf32(r2, &(0x7f0000000100)=ANY=[], 0x0)
read(r2, &(0x7f0000000bc0)=""/93, 0x20000e40)

[  551.294944] QAT: Device 0 not found
09:41:04 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  551.324916] binder: 7293:7300 got new transaction with bad transaction stack, transaction 3653 has target 7293:0
[  551.335364] binder: 7293:7300 transaction failed 29201/-71, size 0-0 line 2879
09:41:04 executing program 6:
openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/sequencer\x00', 0x2, 0x0)
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x1, 0xa8000)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nullb0\x00', 0x4000000004002, 0x0)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r1, 0x0)
timer_create(0x3, &(0x7f0000000ec0)={0x0, 0x0, 0x1}, &(0x7f0000000e40))
timer_settime(0x0, 0x1, &(0x7f00009c8000)={{}, {0x0, 0x9}}, &(0x7f0000105000))
syz_genetlink_get_family_id$team(&(0x7f0000000080)='team\x00')
getsockopt$IP_VS_SO_GET_SERVICES(r0, 0x0, 0x482, &(0x7f0000000100)=""/167, &(0x7f0000000040)=0xa7)
socket$inet_tcp(0x2, 0x1, 0x0)

09:41:04 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0xb00}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

[  551.369874] FAULT_INJECTION: forcing a failure.
[  551.369874] name failslab, interval 1, probability 0, space 0, times 0
[  551.381206] CPU: 1 PID: 7299 Comm: syz-executor5 Not tainted 4.18.0-rc7+ #173
[  551.388484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  551.397835] Call Trace:
[  551.400433]  dump_stack+0x1c9/0x2b4
[  551.404083]  ? dump_stack_print_info.cold.2+0x52/0x52
[  551.409280]  ? finish_task_switch+0x1d3/0x870
[  551.413781]  ? finish_task_switch+0x18a/0x870
09:41:04 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)=':\x00'}, 0x10)
syz_extract_tcp_res(&(0x7f00000000c0)={0x41424344, <r2=>0x41424344}, 0xe27, 0xff)
syz_extract_tcp_res$synack(&(0x7f0000000100)={0x41424344, <r3=>0x41424344}, 0x1, 0x0)
write$tun(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="000000006064d3400280010200000000000000000000ffffac14142000000000000000000000ffffac1414bbaf07000000000000c91000000000000000000000ffffac14141500010007100000ffff027f06000100000000000000c20400000004010400000000c20400000000050200050000006600000000000000000100000000000087000601650000000005000000000000c910fe8000000000000000000000000000aac2040000052004010307100000007b0203000004000000000000000000002e22000000000000040156072000000006060601040400000000000000f7ffffffffffffffff0000000000000000010000010005020009040101c2040000000500d7cb768b1d6a1bab57c586436313808be8912a4f8618221b3242e86f75a6b98e4a8fa7f09a13baf614c37b3b0dd93983f151bb0ef9a92dfb4070356d4e04476b31ca319251618b2f59a4045b828762be316cb47a2692fcb914fe0838be815222acf97051290ba207a039d9d58d3a32af6668dda80096c8a67180de619c857ae1922883b4e69c600cfc6499de9b097e00ee102ca88cf35526893f9e633c55810f7a90cbdbccb76bfb32819ccf890dedef2308d5b4900ae288e4a4f2520219610b461e8dfee9a49d2619c9da72cf02dcf5e5aefed590d24e1a040102000000004e234e20", @ANYRES32=r2, @ANYRES32=r3, @ANYBLOB="f0101a019078000504020204fffffe05f98913fe06e2d4c3d9080a000000040000010000fe06e2d4c3d9fe06e2d4c3d9c224afb3ef8b3b25777f28289caf945120cd09d540001fbf53c380a5445ddc66ef03370094bb2de5560a726a63db78c37362f65ee8ef56f6fdc56adfd272d91050f144f988594264f85a3ee4be4682937a1d0400823a14a14c35f7c9be8f98d056243393caf51c3a51084040511ef7a783d512b4c957a811ace32716b32999ea49e1ff50b16262bacfc87f8b"], 0x2ac)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000240)={0xa, 0x0, 0x0, @mcast2}, 0x1c)
r5 = socket$l2tp(0x18, 0x1, 0x1)
dup2(r5, r0)

09:41:04 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x200, 0x80)
fstat(r1, &(0x7f0000000440))
setsockopt$netlink_NETLINK_CAP_ACK(r1, 0x10e, 0xa, &(0x7f0000000040)=0x400, 0x4)
connect(r1, &(0x7f0000000080)=@rc, 0x80)
r2 = gettid()
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0xc)
getresgid(&(0x7f00000002c0), &(0x7f0000000300)=<r4=>0x0, &(0x7f0000000340))
r5 = socket$inet(0x10, 0x400000200000003, 0x6)
sendmsg(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f00000000c0)="1b0000001200030207fffd946fa283080700190000000000000085", 0x1b}], 0x1}, 0x0)
sendmsg$netlink(r1, &(0x7f0000000400)={&(0x7f0000000100)=@kern={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000200)=[{&(0x7f0000000140)=ANY=[@ANYBLOB="900000002b00080027bd7000ffdbdf25d5d60cd239f67ff12a6f33497c7be7b58ab36ac27e2a0346d9ca0bfd4a534fe2643c05fea8e3a4adf02e48bfa348e0d38eb53d88507d60493d81c660607ebee702feeca286576dd259ae26e31f0c57c7803e95e2f509fbe930100889024672b5fbbd252df6db23368fa813f18b7b5d345ac1262b47f056eb8a670350ac000000"], 0x90}], 0x1, &(0x7f0000000380)=[@rights={0x18, 0x1, 0x1, [r1]}, @cred={0x20, 0x1, 0x2, r2, r3, r4}, @rights={0x30, 0x1, 0x1, [r1, r0, r0, r1, r1, r0, r0, r0]}, @rights={0x18, 0x1, 0x1, [r1, r0]}], 0x80, 0x20008080}, 0x4000)

[  551.418296]  should_fail.cold.4+0xa/0x1a
[  551.422369]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  551.427491]  ? __schedule+0x884/0x1ec0
[  551.431387]  ? save_stack+0x43/0xd0
[  551.435023]  ? kasan_kmalloc+0xc4/0xe0
[  551.438921]  ? __sched_text_start+0x8/0x8
[  551.443082]  ? find_held_lock+0x36/0x1c0
[  551.447161]  ? __lock_is_held+0xb5/0x140
[  551.451244]  ? check_same_owner+0x340/0x340
[  551.455583]  __should_failslab+0x124/0x180
[  551.459828]  should_failslab+0x9/0x14
[  551.463641]  __kmalloc_track_caller+0x2c4/0x760
[  551.468319]  ? kasan_check_read+0x11/0x20
[  551.472485]  ? do_raw_spin_unlock+0xa7/0x2f0
[  551.476905]  ? kstrdup_const+0x66/0x80
[  551.480803]  kstrdup+0x39/0x70
[  551.484007]  kstrdup_const+0x66/0x80
[  551.487731]  alloc_vfsmnt+0x1bb/0x9f0
[  551.491537]  ? mnt_free_id.isra.27+0x60/0x60
[  551.495953]  ? print_usage_bug+0xc0/0xc0
[  551.500039]  ? trace_hardirqs_on+0x10/0x10
[  551.504300]  ? lock_downgrade+0x8f0/0x8f0
[  551.506310] binder: BINDER_SET_CONTEXT_MGR already set
[  551.508459]  ? lock_downgrade+0x8f0/0x8f0
[  551.508482]  ? kasan_check_read+0x11/0x20
[  551.508500]  ? do_raw_spin_unlock+0xa7/0x2f0
[  551.508517]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  551.508536]  ? kasan_check_write+0x14/0x20
[  551.508547]  ? do_raw_spin_lock+0xc1/0x200
[  551.508566]  clone_mnt+0x124/0x14a0
[  551.517244] netlink: 'syz-executor1': attribute type 25 has an invalid length.
[  551.517979]  ? kern_mount_data+0xc0/0xc0
[  551.518003]  ? save_stack+0xa9/0xd0
[  551.518023]  ? find_held_lock+0x36/0x1c0
[  551.518050]  ? lock_downgrade+0x8f0/0x8f0
09:41:04 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0x300}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

[  551.518067]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  551.518086]  ? kasan_check_read+0x11/0x20
[  551.518104]  ? do_raw_spin_unlock+0xa7/0x2f0
[  551.522361] netlink: 3 bytes leftover after parsing attributes in process `syz-executor1'.
[  551.526740]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  551.526763]  copy_tree+0x169/0xb00
[  551.532870] binder: release 7293:7300 transaction 3653 out, still active
[  551.535544]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  551.535557]  ? is_subdir+0x2f1/0x4a0
[  551.535573]  ? to_mnt_ns+0x20/0x20
09:41:04 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
getpid()
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000100))
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000002c0))
getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000300), &(0x7f0000000340)=0xc)
ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000380))
getpgid(0xffffffffffffffff)
ioctl$TIOCGSID(0xffffffffffffff9c, 0x5429, &(0x7f00000005c0))
openat$uinput(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput\x00', 0x400000, 0x0)
socketpair$inet_sctp(0x2, 0x5, 0x84, &(0x7f00000003c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=<r2=>0x0)
r3 = syz_open_procfs(r2, &(0x7f0000000640)='net/sockstat6\x00')
lseek(r3, 0x4, 0x5)
getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r3, 0x84, 0x70, &(0x7f00000001c0)={<r4=>0x0, @in={{0x2, 0x4e24, @multicast2}}, [0x80000000, 0x0, 0x80000000, 0xb281, 0x7ff, 0x5, 0xfff, 0x1, 0x5, 0x3, 0xffffffffffffffb0, 0x5, 0xffffffff, 0xba8, 0x6]}, &(0x7f0000000000)=0x100)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r3, 0x84, 0x1a, &(0x7f0000000440)=ANY=[@ANYRES32=r4, @ANYBLOB="ea00000078b8b90e13ffd81ffbdd4470f00421a635289113eeb5caf02bfaa1d15b0ef4fe3fbbf05dae49421f8bc0b3a5c5e0541f20906a51e1e63102209cc0b7eef15e49ce487b9da3e6f1d758f70b771602d9f38057e6e61f83017d58dd179840904f63d4d8e2d724bf3ffda47a51e4065a3c9159a72df9a8ccc28ce9473bcf33f61955a51c5d99148f6f30759594822881b383240b491103f5c2c4b768e6a0b76046a6ab7fabac6c43166de857496449e74b5bd04ab13f0c78a84b43d59d9da4d453a12e0cbd19ecb204eaf6f5e726be8757e4d4848261fa107e6adfb30f1bd52634be73b8c1aedfe4be9aa1348e5c83d884b7dc86688e76558219f10cb7c96b9417035053927b8e0a1333d6a615fd3872105c523b14588e5b4e35de3a8e16efe07ae6870ba18082511dcbe4005cd764393bcad887c5abb3fa971e59d62c1fc246ef409c5f5efc1d4edbfbc0ea61a40b794932fef7fe5fe079f36eb01546c9f8d7b4c18ed2f47f2f188a4fe3f136b5dc4817687353b5"], &(0x7f0000000080)=0xf2)

[  551.539811] binder: undelivered TRANSACTION_ERROR: 29201
[  551.543395]  ? __lock_is_held+0xb5/0x140
[  551.543416]  propagate_one+0x4e3/0x930
[  551.543434]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  551.552258] binder: 7293:7300 ioctl 40046207 0 returned -16
[  551.554814]  ? next_group+0x400/0x400
[  551.554841]  propagate_mnt+0x18a/0x3e0
[  551.554862]  attach_recursive_mnt+0x60c/0xb70
[  551.554883]  ? count_mounts+0x360/0x360
[  551.554899]  ? rcu_read_lock_sched_held+0x108/0x120
[  551.554916]  ? kfree+0x1e9/0x260
[  551.565501] IPVS: length: 167 != 8
[  551.566705]  ? get_mountpoint+0xe6/0x410
[  551.566720]  ? namespace_unlock+0x210/0x210
[  551.566737]  ? down_read+0x1d0/0x1d0
[  551.566763]  graft_tree+0x1aa/0x240
[  551.566782]  do_add_mount+0x1fe/0x370
[  551.566800]  do_mount+0x193f/0x30e0
[  551.566818]  ? copy_mount_string+0x40/0x40
[  551.695619]  ? copy_mount_options+0x5f/0x380
[  551.700022]  ? rcu_read_lock_sched_held+0x108/0x120
[  551.705032]  ? kmem_cache_alloc_trace+0x616/0x780
[  551.709868]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  551.715390]  ? copy_mount_options+0x285/0x380
[  551.719876]  ksys_mount+0x12d/0x140
[  551.723493]  __x64_sys_mount+0xbe/0x150
[  551.727454]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  551.732461]  do_syscall_64+0x1b9/0x820
[  551.736333]  ? finish_task_switch+0x1d3/0x870
[  551.740815]  ? syscall_return_slowpath+0x5e0/0x5e0
[  551.745730]  ? syscall_return_slowpath+0x31d/0x5e0
[  551.750646]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[  551.755997]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  551.760833]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  551.766007] RIP: 0033:0x456a09
[  551.769180] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  551.788403] RSP: 002b:00007f208a4d7c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  551.796115] RAX: ffffffffffffffda RBX: 00007f208a4d86d4 RCX: 0000000000456a09
[  551.803372] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000020000340
[  551.810624] RBP: 00000000009300a0 R08: 0000000020000580 R09: 0000000000000000
09:41:04 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0x8dffffff00000000}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

[  551.817877] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014
[  551.825130] R13: 00000000004d1738 R14: 00000000004c6e79 R15: 000000000000000c
[  551.906095] binder: send failed reply for transaction 3653, target dead
09:41:04 executing program 7:
r0 = socket$packet(0x11, 0x3, 0x300)
readv(r0, &(0x7f0000000240)=[{&(0x7f0000000000)=""/150, 0x96}, {&(0x7f00000000c0)=""/62, 0x3e}, {&(0x7f0000000180)=""/160, 0xa0}], 0x3)
write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="7f454c460000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000380000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000"], 0xfffffc53)
sync()
getsockopt(r0, 0x8, 0x2, &(0x7f0000000280)=""/188, &(0x7f0000000340)=0xbc)

09:41:04 executing program 1:
syz_emit_ethernet(0x3e, &(0x7f0000000380)=ANY=[@ANYBLOB="ffffffffffff0180c200000086dd60c42e590008670000000000000000000000fff9fffffffffe8000000000000000000000000000aa0009000000089078"], &(0x7f0000000000))
r0 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x8001, 0x200000)
r1 = socket$inet6(0xa, 0x80001, 0x8)
ioctl$sock_inet_SIOCGIFADDR(r1, 0x8915, &(0x7f0000000500)={'bond0\x00', {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0xd}}})
getsockopt$inet_mreqn(0xffffffffffffff9c, 0x0, 0x20, &(0x7f0000000080)={@multicast2, @remote, <r2=>0x0}, &(0x7f00000000c0)=0xc)
getsockopt$ARPT_SO_GET_ENTRIES(r0, 0x0, 0x61, &(0x7f0000000280)={'filter\x00', 0x9f, "330005d8c4b21e1890cb6889771a7c23a3d32e2931238929ba581dfbfe120d88bc846c7ae0f079ae48d739ae9130106c6efaa41a7ea15782a512d45bd322aa4f618ae4f37e8586756fa18b8cdf678cae19025705a3e1cfe97bc902d2114e91eb16a1199f9e012b54dc6c09063718c4a0db70490f4632f49a639f934df6e036571bc95492991e37d539997e2f2e8c59dd26f698b528f037308ca16fc93c1f32"}, &(0x7f00000003c0)=0xc3)
getresgid(&(0x7f0000000400), &(0x7f0000000440)=<r3=>0x0, &(0x7f0000000480))
getgroups(0x5, &(0x7f00000004c0)=[0xee00, 0xee00, 0xffffffffffffffff, 0xffffffffffffffff, <r4=>0xee00])
setregid(r3, r4)
clock_gettime(0x0, &(0x7f0000000140)={<r5=>0x0, <r6=>0x0})
sendmsg$can_bcm(r0, &(0x7f0000000240)={&(0x7f0000000100)={0x1d, r2}, 0x10, &(0x7f0000000200)={&(0x7f0000000180)={0x7, 0x200, 0x6, {r5, r6/1000+30000}, {0x0, 0x7530}, {0x4, 0x2, 0x7fffffff, 0x1}, 0x1, @canfd={{0x1, 0x5, 0x2, 0x2}, 0x7, 0x2, 0x0, 0x0, "6cf28c94b2c2380844d30e16693a1a20441a07110e117072777bf613a3f6d6e95c4e9e9e531a1ca10a297bb4fd393f4baf344f87c4a7ceda7ffec0c19a9fc4fb"}}, 0x80}, 0x1, 0x0, 0x0, 0x80}, 0xbd6766636f288a2d)
ioctl$TIOCSWINSZ(r0, 0x5414, &(0x7f0000000540)={0x8, 0x4, 0x7, 0x7})

09:41:04 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0x100000000000000}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:04 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x600000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:41:04 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x34000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:41:04 executing program 5 (fault-call:10 fault-nth:13):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:41:04 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
mprotect(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x1000003)
ioctl(r0, 0x8912, &(0x7f0000000280)="0000000626e211078f39f1")
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, &(0x7f00000000c0), 0x1, 0xffffffffffffffff)

09:41:04 executing program 6:
r0 = socket$inet6(0xa, 0x0, 0x0)
ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070")
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x1, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r1, 0x40045542, &(0x7f0000000100))
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000000c0), 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000200)={0x5, 0x40, 0xfa00, {{0xa, 0x4e20}, {0xa, 0x0, 0x0, @loopback}}}, 0x48)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000000)={0xbf, @remote, 0x4e21, 0x2, 'lblc\x00', 0xa89c62e492b39af3, 0xffffffffffff00e3, 0x1f}, 0x2c)

[  552.163909] binder: 7354:7355 got new transaction with bad transaction stack, transaction 3658 has target 7354:0
[  552.174348] binder: 7354:7355 transaction failed 29201/-71, size 0-0 line 2879
[  552.187538] FAULT_INJECTION: forcing a failure.
[  552.187538] name failslab, interval 1, probability 0, space 0, times 0
[  552.198875] CPU: 0 PID: 7352 Comm: syz-executor5 Not tainted 4.18.0-rc7+ #173
[  552.206158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  552.215509] Call Trace:
[  552.218111]  dump_stack+0x1c9/0x2b4
[  552.221738]  ? dump_stack_print_info.cold.2+0x52/0x52
[  552.226917]  ? print_usage_bug+0xc0/0xc0
[  552.230971]  should_fail.cold.4+0xa/0x1a
[  552.235031]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  552.240125]  ? graph_lock+0x170/0x170
[  552.243916]  ? __lock_acquire+0x7fc/0x5020
[  552.248140]  ? find_held_lock+0x36/0x1c0
[  552.252191]  ? __lock_is_held+0xb5/0x140
[  552.256249]  ? check_same_owner+0x340/0x340
[  552.260557]  ? rcu_note_context_switch+0x730/0x730
[  552.265484]  __should_failslab+0x124/0x180
[  552.269711]  should_failslab+0x9/0x14
[  552.273499]  kmem_cache_alloc+0x2af/0x760
[  552.277631]  ? memcpy+0x45/0x50
[  552.280909]  alloc_vfsmnt+0xe8/0x9f0
[  552.284610]  ? mnt_free_id.isra.27+0x60/0x60
[  552.289011]  ? print_usage_bug+0xc0/0xc0
[  552.293071]  ? trace_hardirqs_on+0x10/0x10
[  552.297297]  ? lock_downgrade+0x8f0/0x8f0
[  552.301432]  ? lock_downgrade+0x8f0/0x8f0
[  552.305569]  ? kasan_check_read+0x11/0x20
[  552.310080]  ? do_raw_spin_unlock+0xa7/0x2f0
[  552.314475]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  552.319049]  ? kasan_check_write+0x14/0x20
[  552.323267]  ? do_raw_spin_lock+0xc1/0x200
[  552.327493]  clone_mnt+0x124/0x14a0
[  552.331109]  ? kern_mount_data+0xc0/0xc0
[  552.335162]  ? save_stack+0xa9/0xd0
[  552.338777]  ? find_held_lock+0x36/0x1c0
[  552.342833]  ? lock_downgrade+0x8f0/0x8f0
[  552.346972]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  552.352498]  ? kasan_check_read+0x11/0x20
[  552.356631]  ? do_raw_spin_unlock+0xa7/0x2f0
[  552.361032]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  552.365606]  copy_tree+0x169/0xb00
[  552.369134]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  552.374138]  ? is_subdir+0x2f1/0x4a0
[  552.377837]  ? to_mnt_ns+0x20/0x20
[  552.381364]  ? __lock_is_held+0xb5/0x140
[  552.385415]  propagate_one+0x4e3/0x930
[  552.389287]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  552.394289]  ? next_group+0x400/0x400
[  552.398081]  propagate_mnt+0x18a/0x3e0
[  552.401958]  attach_recursive_mnt+0x60c/0xb70
[  552.406440]  ? count_mounts+0x360/0x360
[  552.410400]  ? rcu_read_lock_sched_held+0x108/0x120
[  552.415400]  ? kfree+0x1e9/0x260
[  552.418754]  ? get_mountpoint+0xe6/0x410
[  552.422800]  ? namespace_unlock+0x210/0x210
[  552.427110]  ? down_read+0x1d0/0x1d0
[  552.430817]  graft_tree+0x1aa/0x240
[  552.434431]  do_add_mount+0x1fe/0x370
[  552.438219]  do_mount+0x193f/0x30e0
[  552.441836]  ? copy_mount_string+0x40/0x40
[  552.446062]  ? copy_mount_options+0x5f/0x380
[  552.450458]  ? rcu_read_lock_sched_held+0x108/0x120
[  552.455461]  ? kmem_cache_alloc_trace+0x616/0x780
[  552.460292]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  552.465815]  ? _copy_from_user+0xdf/0x150
[  552.469953]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  552.475477]  ? copy_mount_options+0x285/0x380
[  552.479964]  ksys_mount+0x12d/0x140
[  552.483580]  __x64_sys_mount+0xbe/0x150
[  552.487539]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  552.492542]  do_syscall_64+0x1b9/0x820
[  552.496415]  ? finish_task_switch+0x1d3/0x870
[  552.500896]  ? syscall_return_slowpath+0x5e0/0x5e0
[  552.505814]  ? syscall_return_slowpath+0x31d/0x5e0
[  552.510734]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[  552.516085]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  552.520917]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  552.526089] RIP: 0033:0x456a09
[  552.529258] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  552.548484] RSP: 002b:00007f208a4d7c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  552.556182] RAX: ffffffffffffffda RBX: 00007f208a4d86d4 RCX: 0000000000456a09
09:41:05 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0x58000000}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:05 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  552.563436] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000020000340
[  552.570689] RBP: 00000000009300a0 R08: 0000000020000580 R09: 0000000000000000
[  552.577943] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014
[  552.585195] R13: 00000000004d1738 R14: 00000000004c6e79 R15: 000000000000000d
09:41:05 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x44, 0x0, &(0x7f0000000440)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f00000003c0)=[@fd], &(0x7f00000000c0)=[0x0]}}], 0x0, 0x0, &(0x7f00000004c0)})

[  552.639357] binder_alloc: binder_alloc_mmap_handler: 7354 20001000-20004000 already mapped failed -16
[  552.660292] binder: BINDER_SET_CONTEXT_MGR already set
[  552.672102] binder: 7354:7355 ioctl 40046207 0 returned -16
[  552.678675] binder_alloc: 7354: binder_alloc_buf, no vma
09:41:05 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf401000000000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:41:05 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0x5}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

[  552.684762] binder: 7354:7381 transaction failed 29189/-3, size 24-8 line 2967
[  552.686655] binder: send failed reply for transaction 3658 to 7354:7355
[  552.726181] binder: 7391:7394 got transaction with fd, -1, but target does not allow fds
09:41:05 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x1200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:41:05 executing program 1:
ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000000)=<r0=>0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000000c0), &(0x7f0000000100)=0xc)
r1 = getpgrp(r0)
fcntl$getownex(0xffffffffffffff9c, 0x10, &(0x7f0000000040)={0x0, <r2=>0x0})
tkill(r1, 0x2f)
r3 = syz_open_procfs(r2, &(0x7f0000000080)='net/softnet_stat\x00')
setsockopt$bt_BT_VOICE(r3, 0x112, 0xb, &(0x7f0000000180)=0x3, 0x2)
bind$vsock_dgram(r3, &(0x7f00000001c0)={0x28, 0x0, 0xffffffff, @host}, 0x10)
ioctl$TIOCGPGRP(r3, 0x540f, &(0x7f0000000140))
read$FUSE(r3, &(0x7f0000003400), 0x825)

09:41:05 executing program 6:
r0 = socket(0x10, 0x802, 0x0)
write(r0, &(0x7f0000000640)="240000001a0025f0006bb4f7fdff141c020b5aff6e10b500000780cc08001b0001000000", 0x24)
r1 = mmap$binder(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x8, 0x12, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000500)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x8050, r2, 0x0)
ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffff9c, 0xc018620b, &(0x7f0000000280)={<r4=>0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0xd4, 0x0, &(0x7f0000000340)=[@reply_sg={0x40486312, {{0x2, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x58, 0x50, &(0x7f0000000040)=[@ptr={0x70742a85, 0x0, &(0x7f0000000000), 0x1, 0x0, 0x15}, @flat={0x0, 0xa, r1, 0x4}, @flat={0x776a2a85, 0x1, r3, 0x3}], &(0x7f00000000c0)=[0x38, 0x38, 0x18, 0x38, 0x40, 0x28, 0x48, 0x18, 0x48, 0x68]}, 0x2}}, @transaction={0x40406300, {0x2, 0x0, 0x2, 0x0, 0x11, 0x0, 0x0, 0x60, 0x38, &(0x7f0000000180)=[@ptr={0x70742a85, 0x1, &(0x7f0000000140), 0x1, 0x0, 0x1a}, @fd={0x66642a85, 0x0, r0}, @fda={0x66646185, 0x4, 0x0, 0x4}], &(0x7f0000000200)=[0x30, 0x78, 0x20, 0x18, 0x0, 0x28, 0x78]}}, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x40, 0x10, &(0x7f00000002c0)=[@ptr={0x70742a85, 0x1, &(0x7f0000000240), 0x1, 0x3, 0x16}, @flat={0x77622a85, 0x10b, r4, 0x3}], &(0x7f0000000300)=[0x0, 0x0]}}], 0x6e, 0x0, &(0x7f0000000440)="8b64c9c9d3cd592f9e560e94d2570225641ab62e167c0d796cf1bbc4db0446f74bb263445365daa90696e2236b950393e81e5a50cb83f9dfde5cb3cbd09d97c8c7257042ce22cba4d69329013381f2eef3f664c14e05feaed4b7cd12edefe16ed61f88dff36ef08092d12255b3f3"})

[  552.750887] binder: undelivered TRANSACTION_ERROR: 29201
[  552.756576] binder: undelivered TRANSACTION_ERROR: 29189
[  552.787087] binder: 7391:7394 transaction failed 29201/-1, size 24-8 line 3072
09:41:05 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0xf5ffffff00000000}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

[  552.850157] binder: BINDER_SET_CONTEXT_MGR already set
[  552.853389] netlink: 'syz-executor6': attribute type 27 has an invalid length.
[  552.876539] binder: 7408:7413 ioctl 40046207 0 returned -16
[  552.884877] binder_alloc: 7391: binder_alloc_buf, no vma
[  552.890454] binder: 7408:7418 transaction failed 29189/-3, size 24-8 line 2967
[  552.900112] binder: BINDER_SET_CONTEXT_MGR already set
[  552.903431] binder_alloc: binder_alloc_mmap_handler: 7391 20001000-20004000 already mapped failed -16
[  552.905626] binder_alloc: 7391: binder_alloc_buf, no vma
[  552.920429] binder: 7391:7415 transaction failed 29189/-3, size 24-8 line 2967
[  552.924249] netlink: 'syz-executor6': attribute type 27 has an invalid length.
[  552.936325] binder: 7391:7394 ioctl 40046207 0 returned -16
[  552.940219] binder: undelivered TRANSACTION_ERROR: 29201
09:41:05 executing program 7:
r0 = socket$packet(0x11, 0x3, 0x300)
readv(r0, &(0x7f0000000240)=[{&(0x7f0000000000)=""/150, 0x96}, {&(0x7f00000000c0)=""/62, 0x3e}, {&(0x7f0000000180)=""/160, 0xa0}], 0x3)
write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="7f454c460000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000380000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000"], 0xfffffc53)
sync()
getsockopt(r0, 0x8, 0x2, &(0x7f0000000280)=""/188, &(0x7f0000000340)=0xbc)

09:41:05 executing program 1:
r0 = socket$netlink(0x10, 0x3, 0x0)
socketpair$inet6_dccp(0xa, 0x6, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
getsockopt$IP_VS_SO_GET_VERSION(r0, 0x0, 0x480, &(0x7f0000000200), &(0x7f0000000240)=0x40)
getsockopt$inet6_dccp_int(r1, 0x21, 0x0, &(0x7f0000000100), &(0x7f0000000140)=0x4)
sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000040), 0xc, &(0x7f0000000080)={&(0x7f0000000180)=@ipv6_newrule={0x48, 0x20, 0x803, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18}, [@FRA_SRC={0x14}, @FIB_RULE_POLICY=@FRA_IIFNAME={0x14, 0x3, 'veth1_to_team\x00'}]}, 0x48}}, 0x0)

09:41:05 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe00000000000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:41:05 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0xb00000000000000}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:05 executing program 5 (fault-call:10 fault-nth:14):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

[  552.945077] binder: 7408:7423 BC_INCREFS_DONE u0000000000000000 no match
[  552.962865] binder: undelivered TRANSACTION_ERROR: 29189
[  552.984253] binder: 7408:7423 transaction failed 29189/-22, size 0-0 line 2852
09:41:05 executing program 6:
r0 = perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x80011, r0, 0x0)
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7ffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000040)={<r1=>0x0, <r2=>0x0})
futex(&(0x7f0000001ac0), 0x3, 0x0, &(0x7f0000000080)={r1, r2+10000000}, &(0x7f0000001c40), 0x4)

09:41:05 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x400, 0x0)
ioctl$TIOCSLCKTRMIOS(r0, 0x5457, &(0x7f0000000040))
ioctl$TIOCSLCKTRMIOS(r0, 0x5457, &(0x7f0000000080))
r1 = openat$zero(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/zero\x00', 0x2800, 0x0)
write$FUSE_OPEN(r1, &(0x7f0000000100)={0x20, 0x0, 0x6, {0x0, 0x1}}, 0x20)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0)
ioctl$EVIOCGKEYCODE_V2(r1, 0x80284504, &(0x7f0000000180)=""/146)
getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000300)={{{@in=@dev, @in6=@ipv4={[], [], @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in=@remote}, 0x0, @in=@dev}}, &(0x7f0000000400)=0xe8)
fstat(r0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0})
mount$fuseblk(&(0x7f0000000240)='/dev/loop0\x00', &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)='fuseblk\x00', 0x2900002, &(0x7f00000004c0)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0xf000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}]}})
write$binfmt_misc(r2, &(0x7f0000000580)={'syz0', "378ad7426b2a6ad6c969709e40576cd0abbf457b2cfce2b62af560176dd3a50fc95e0ce6ca8caac74413f7a2fbd367926f92ad68dabe60a6c266712cd9795dae6b700be5d609b18b2fb690b08e0a09500bed065fb05b0122eaab95bcd18a87dd80cf66d1a394d9edb03f8ecf5bac796cf459cb69b86973ddf27b897d6da41d3771a4dc6b872341929428ff67b63bbdf2117eebb87bbd7b4af92768028d35b02272f013898ce10ef3db4608c0200114183c57cb3bbbdef29458a2d0793579cb9211610f4aa4"}, 0xc9)
ioctl$SG_GET_LOW_DMA(r2, 0x227a, &(0x7f0000000680))
connect$pptp(r1, &(0x7f00000006c0)={0x18, 0x2, {0x3, @rand_addr=0x4000000}}, 0x1e)
r5 = creat(&(0x7f0000000700)='./file0\x00', 0x2)
ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r5, 0x80dc5521, &(0x7f0000000740)=""/118)
ioctl$VT_GETSTATE(r5, 0x5603, &(0x7f00000007c0)={0x4, 0x0, 0x6})
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000800)={0x0, 0x3, 0x3, 0x7})
ioctl$VT_DISALLOCATE(r0, 0x5608)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000840)=<r6=>0x0)
fcntl$lock(r1, 0x5, &(0x7f0000000880)={0x0, 0x3, 0x5, 0x8, r6})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r1, 0x4058534c, &(0x7f00000008c0)={0x200, 0x4, 0x4844, 0x2, 0x6, 0x6})
getsockopt$inet_sctp6_SCTP_RTOINFO(r5, 0x84, 0x0, &(0x7f0000000940)={<r7=>0x0, 0xffffffffffffff4c, 0xf0, 0x4}, &(0x7f0000000980)=0x10)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r5, 0x84, 0x7b, &(0x7f00000009c0)={r7, 0x6}, &(0x7f0000000a00)=0x8)
socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000a40)={<r8=>0xffffffffffffffff})
sendmsg$nl_route(r1, &(0x7f0000000b40)={&(0x7f0000000a80)={0x10, 0x0, 0x0, 0x808}, 0xc, &(0x7f0000000b00)={&(0x7f0000000ac0)=@ipmr_delroute={0x24, 0x19, 0x408, 0x70bd29, 0x25dfdbff, {0x80, 0x0, 0x20, 0x5962, 0x0, 0x0, 0xff, 0x8, 0x1800}, [@RTA_PRIORITY={0x8, 0x6, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x1)
ioctl$BLKGETSIZE(r5, 0x1260, &(0x7f0000000b80))
r9 = syz_open_dev$dspn(&(0x7f0000000bc0)='/dev/dsp#\x00', 0xd94d, 0x10002)
ioctl$KVM_GET_ONE_REG(r9, 0x4010aeab, &(0x7f0000000c00)={0xff, 0x1})
ioctl$KVM_GET_DEVICE_ATTR(r5, 0x4018aee2, &(0x7f0000000c80)={0x0, 0x6, 0x178, &(0x7f0000000c40)=0x100000000})
getsockopt$ARPT_SO_GET_INFO(r8, 0x0, 0x60, &(0x7f0000000cc0)={'filter\x00'}, &(0x7f0000000d40)=0x44)

[  553.018535] binder_alloc: binder_alloc_mmap_handler: 7408 20001000-20004000 already mapped failed -16
[  553.043335] binder_alloc: 7408: binder_alloc_buf, no vma
[  553.048957] binder: 7408:7418 transaction failed 29189/-3, size 24-8 line 2967
09:41:05 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  553.068626] binder: undelivered TRANSACTION_ERROR: 29189
09:41:05 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0x3}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:05 executing program 1:
r0 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x7f, 0x4000)
ioctl$KVM_HAS_DEVICE_ATTR(r0, 0x4018aee3, &(0x7f00000000c0)={0x0, 0x5, 0x7, &(0x7f0000000080)=0x6})
setsockopt$netlink_NETLINK_RX_RING(0xffffffffffffffff, 0x10e, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8}, 0x10)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000ca3000)='/dev/autofs\x00', 0x0, 0x0)
ioctl(r1, 0x800000000000937e, &(0x7f0000017000)="010000000000000018")
personality(0x400000b)
ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000100)={0x5, 0x2, 0x1, r1})

09:41:05 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  553.142529] FAULT_INJECTION: forcing a failure.
[  553.142529] name failslab, interval 1, probability 0, space 0, times 0
[  553.153877] CPU: 1 PID: 7446 Comm: syz-executor5 Not tainted 4.18.0-rc7+ #173
[  553.161158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  553.170518] Call Trace:
[  553.173121]  dump_stack+0x1c9/0x2b4
[  553.176766]  ? dump_stack_print_info.cold.2+0x52/0x52
[  553.181973]  ? print_usage_bug+0xc0/0xc0
[  553.186055]  should_fail.cold.4+0xa/0x1a
[  553.190132]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  553.195254]  ? graph_lock+0x170/0x170
[  553.199073]  ? __lock_acquire+0x7fc/0x5020
[  553.203327]  ? find_held_lock+0x36/0x1c0
[  553.207402]  ? __lock_is_held+0xb5/0x140
[  553.211472]  ? perf_trace_udp_fail_queue_rcv_skb+0xc0/0x680
[  553.217200]  ? check_same_owner+0x340/0x340
[  553.221531]  ? rcu_note_context_switch+0x730/0x730
[  553.226475]  __should_failslab+0x124/0x180
[  553.230722]  should_failslab+0x9/0x14
[  553.234524]  kmem_cache_alloc+0x2af/0x760
[  553.238660]  ? memcpy+0x45/0x50
[  553.241935]  alloc_vfsmnt+0xe8/0x9f0
[  553.245633]  ? mnt_free_id.isra.27+0x60/0x60
[  553.250037]  ? print_usage_bug+0xc0/0xc0
[  553.254094]  ? trace_hardirqs_on+0x10/0x10
[  553.258322]  ? lock_downgrade+0x8f0/0x8f0
[  553.262459]  ? lock_downgrade+0x8f0/0x8f0
[  553.266603]  ? kasan_check_read+0x11/0x20
[  553.270737]  ? do_raw_spin_unlock+0xa7/0x2f0
[  553.275131]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  553.279699]  ? kasan_check_write+0x14/0x20
[  553.283920]  ? do_raw_spin_lock+0xc1/0x200
[  553.288148]  clone_mnt+0x124/0x14a0
[  553.291766]  ? kern_mount_data+0xc0/0xc0
[  553.295823]  ? save_stack+0xa9/0xd0
[  553.299439]  ? find_held_lock+0x36/0x1c0
[  553.303493]  ? lock_downgrade+0x8f0/0x8f0
[  553.307626]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  553.313157]  ? kasan_check_read+0x11/0x20
[  553.317294]  ? do_raw_spin_unlock+0xa7/0x2f0
[  553.321711]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  553.326283]  copy_tree+0x169/0xb00
[  553.329815]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  553.334819]  ? is_subdir+0x2f1/0x4a0
[  553.338520]  ? to_mnt_ns+0x20/0x20
[  553.342047]  ? __lock_is_held+0xb5/0x140
[  553.346098]  propagate_one+0x4e3/0x930
[  553.349972]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  553.354972]  ? next_group+0x400/0x400
[  553.358765]  propagate_mnt+0x18a/0x3e0
[  553.362643]  attach_recursive_mnt+0x60c/0xb70
[  553.367127]  ? count_mounts+0x360/0x360
[  553.371088]  ? rcu_read_lock_sched_held+0x108/0x120
[  553.376091]  ? kfree+0x1e9/0x260
[  553.379442]  ? get_mountpoint+0xe6/0x410
[  553.383487]  ? namespace_unlock+0x210/0x210
[  553.387795]  ? down_read+0x1d0/0x1d0
[  553.391501]  graft_tree+0x1aa/0x240
[  553.395114]  do_add_mount+0x1fe/0x370
[  553.398903]  do_mount+0x193f/0x30e0
[  553.402520]  ? copy_mount_string+0x40/0x40
[  553.406746]  ? copy_mount_options+0x5f/0x380
[  553.411140]  ? rcu_read_lock_sched_held+0x108/0x120
[  553.416141]  ? kmem_cache_alloc_trace+0x616/0x780
[  553.420969]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  553.426492]  ? _copy_from_user+0xdf/0x150
[  553.430628]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  553.436153]  ? copy_mount_options+0x285/0x380
[  553.440635]  ksys_mount+0x12d/0x140
[  553.444248]  __x64_sys_mount+0xbe/0x150
[  553.448208]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  553.453211]  do_syscall_64+0x1b9/0x820
[  553.457085]  ? finish_task_switch+0x1d3/0x870
[  553.461566]  ? syscall_return_slowpath+0x5e0/0x5e0
[  553.466482]  ? syscall_return_slowpath+0x31d/0x5e0
[  553.471403]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[  553.476758]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  553.481590]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  553.486762] RIP: 0033:0x456a09
[  553.489933] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  553.509168] RSP: 002b:00007f208a4d7c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  553.516861] RAX: ffffffffffffffda RBX: 00007f208a4d86d4 RCX: 0000000000456a09
[  553.524115] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000020000340
[  553.531369] RBP: 00000000009300a0 R08: 0000000020000580 R09: 0000000000000000
09:41:06 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

[  553.538622] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014
[  553.545878] R13: 00000000004d1738 R14: 00000000004c6e79 R15: 000000000000000e
09:41:06 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0x2000000000000000}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:06 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0x20000000}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:06 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f4]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:41:06 executing program 6:
r0 = socket$l2tp(0x18, 0x1, 0x1)
io_setup(0x1, &(0x7f0000000000)=<r1=>0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x400, 0x0)
io_submit(r1, 0x1, &(0x7f0000000840)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x8, 0x0, r0, &(0x7f0000000100)}])

[  553.610522] binder: 7465:7466 got new transaction with bad transaction stack, transaction 3671 has target 7465:0
[  553.620983] binder: 7465:7466 transaction failed 29201/-71, size 0-0 line 2879
[  553.647637] binder_alloc: binder_alloc_mmap_handler: 7465 20001000-20004000 already mapped failed -16
[  553.657415] binder: BINDER_SET_CONTEXT_MGR already set
[  553.663803] binder: 7465:7466 ioctl 40046207 0 returned -16
[  553.669890] binder_alloc: 7465: binder_alloc_buf, no vma
[  553.675552] binder: 7465:7470 transaction failed 29189/-3, size 24-8 line 2967
[  553.683830] binder: send failed reply for transaction 3671 to 7465:7466
[  553.700686] binder: undelivered TRANSACTION_ERROR: 29201
[  553.706234] binder: undelivered TRANSACTION_ERROR: 29189
09:41:06 executing program 7:
r0 = socket$packet(0x11, 0x3, 0x300)
readv(r0, &(0x7f0000000240)=[{&(0x7f0000000000)=""/150, 0x96}, {&(0x7f00000000c0)=""/62, 0x3e}, {&(0x7f0000000180)=""/160, 0xa0}], 0x3)
write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="7f454c460000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000380000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000"], 0xfffffc53)
sync()
getsockopt(r0, 0x8, 0x2, &(0x7f0000000280)=""/188, &(0x7f0000000340)=0xbc)

09:41:06 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB]}}, 0x0)
r2 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0)
readv(r2, &(0x7f0000000080)=[{&(0x7f0000000440)=""/128, 0x80}], 0x1)
r3 = dup3(r0, r2, 0x0)
r4 = gettid()
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000000)={<r5=>0xffffffffffffffff}, 0x13f, 0x1008}}, 0x20)
write$RDMA_USER_CM_CMD_BIND(r3, &(0x7f00000002c0)={0x14, 0x88, 0xfa00, {r5, 0x3c, 0x0, @ib={0x1b, 0x9, 0xffffffffffffffff, {"340d77b684bb354ea5aeed8fee27bc07"}, 0x40, 0x7ff, 0x4}}}, 0x90)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
accept4$vsock_stream(r3, &(0x7f0000000240), 0x10, 0x80000)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000100)=@assoc_value={<r6=>0x0}, &(0x7f0000000180)=0x8)
getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r3, 0x84, 0x6, &(0x7f0000000380)={r6, @in6={{0xa, 0x4e21, 0x7, @local, 0x7f}}}, &(0x7f0000000200)=0x84)
tkill(r4, 0x1000000000016)

09:41:06 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8, &(0x7f00000000c0)="225cca0702145f8f764070085e4176517d8df5f96d5391ac2d7c8566bbd89207340e5e46ee13b35d56abfb71456b41cfc9f2da63dacd307fd4aab5e023c8a0994fa74f3b8cb81e7aad4d1a11b869d34dbac67165407ed8cb9c9c0ed8f0cdd75354e957e31536914b24325628f4d2ef1eb6344a3a996cea3fdbd65d94764767c38f122b7f7797d795af488b08bcd3ac6052a602fcf1fed9a533023c0ac447fa65de1168c734e318b61fd5bfa8a030d534a0dbfc55b038fdd023b90ae7c5431596710000000000000000")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_TRANSLATE(r3, 0xc018ae85, &(0x7f0000000380)={0x4000, 0x15000, 0x0, 0x10000, 0x8})
ioctl$KDGETLED(r3, 0x4b31, &(0x7f0000000000))
r4 = add_key$user(&(0x7f0000000040)='user\x00', &(0x7f0000000240)={0x73, 0x79, 0x7a, 0x0}, &(0x7f0000000280)="92538175d3712ad3656e837aa305eca958d2c83c5d59e897696f88f66f9a480b59c8a9f3e82055529a545ad866ae352250cbe932a9c591fb5f1f1b30bc90c82384d8535e9c35444d63704b80c0865b0f04a7be6431fd3146f72d90fb277f297d5999d55925e84a9ac0218e92c4861add0d693936e9c39c9b09435d111a8fd69c6bf5bb64da4d68ca57a9337ee235da66c450fea493bf0ead92b2be9afcaf6137dd1d5aaed04e8a7d3a07a0249756e1f6e3bc99bc7eabc56226ff7cacd5db16d63a6f96d0f6b35be6c89348a23b8ac2e16e00e3e52300441e71362a000cecf26ce2c4bbb54f3bedb367", 0xe9, 0xfffffffffffffff8)
keyctl$invalidate(0x15, r4)
ioctl$KVM_ENABLE_CAP_CPU(r3, 0xc008ae88, &(0x7f00000001c0)={0x7b, 0x0, [0x4b564d04]})
madvise(&(0x7f0000ff7000/0x9000)=nil, 0x9000, 0x11)

09:41:06 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:41:06 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd00000000000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:41:06 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0x8000000000000000}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:06 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
r1 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x9, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r1, 0xae03, 0x1)
ioctl(r0, 0x8913, &(0x7f0000000280)="025cb72076407000000000")
r2 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f00000002c0)={{{@in6, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in6}, 0x0, @in=@multicast2}}, &(0x7f0000000040)=0xe8)
connect$can_bcm(r1, &(0x7f0000000180)={0x1d, r3}, 0x10)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r2, 0xc0a85320, &(0x7f00000000c0)={{0x5, 0x5}, 'port1\x00', 0xa0, 0xc0000, 0x2e, 0x48, 0x0, 0x7fff, 0x1, 0x0, 0x1, 0x203})
setsockopt$sock_linger(r2, 0x1, 0x1b, &(0x7f0000000240), 0x8)

09:41:06 executing program 5 (fault-call:10 fault-nth:15):
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

[  553.871392] binder: 7489:7491 got new transaction with bad transaction stack, transaction 3677 has target 7489:0
[  553.881821] binder: 7489:7491 transaction failed 29201/-71, size 0-0 line 2879
[  553.957354] FAULT_INJECTION: forcing a failure.
[  553.957354] name failslab, interval 1, probability 0, space 0, times 0
[  553.968872] CPU: 0 PID: 7504 Comm: syz-executor5 Not tainted 4.18.0-rc7+ #173
[  553.976156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  553.978253] binder_alloc: binder_alloc_mmap_handler: 7489 20001000-20004000 already mapped failed -16
[  553.985504] Call Trace:
[  553.985530]  dump_stack+0x1c9/0x2b4
[  553.985553]  ? dump_stack_print_info.cold.2+0x52/0x52
[  553.985575]  ? print_usage_bug+0xc0/0xc0
[  554.003095] binder: BINDER_SET_CONTEXT_MGR already set
[  554.006305]  should_fail.cold.4+0xa/0x1a
[  554.006327]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  554.006350]  ? graph_lock+0x170/0x170
[  554.012686] binder: 7489:7491 ioctl 40046207 0 returned -16
[  554.015662]  ? __lock_acquire+0x7fc/0x5020
[  554.015683]  ? find_held_lock+0x36/0x1c0
[  554.015705]  ? __lock_is_held+0xb5/0x140
[  554.031112] binder_alloc: 7489: binder_alloc_buf, no vma
[  554.034337]  ? check_same_owner+0x340/0x340
[  554.034356]  ? rcu_note_context_switch+0x730/0x730
[  554.034376]  __should_failslab+0x124/0x180
[  554.038637] binder: 7489:7511 transaction failed 29189/-3, size 24-8 line 2967
[  554.042643]  should_failslab+0x9/0x14
[  554.042658]  kmem_cache_alloc+0x2af/0x760
[  554.042675]  ? memcpy+0x45/0x50
[  554.054686] binder: send failed reply for transaction 3677 to 7489:7491
[  554.056469]  alloc_vfsmnt+0xe8/0x9f0
[  554.056486]  ? mnt_free_id.isra.27+0x60/0x60
[  554.098942]  ? print_usage_bug+0xc0/0xc0
[  554.103002]  ? trace_hardirqs_on+0x10/0x10
[  554.107233]  ? lock_downgrade+0x8f0/0x8f0
[  554.111370]  ? lock_downgrade+0x8f0/0x8f0
[  554.115509]  ? kasan_check_read+0x11/0x20
[  554.119641]  ? do_raw_spin_unlock+0xa7/0x2f0
[  554.124036]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  554.128605]  ? kasan_check_write+0x14/0x20
[  554.132827]  ? do_raw_spin_lock+0xc1/0x200
[  554.137064]  clone_mnt+0x124/0x14a0
[  554.140691]  ? kern_mount_data+0xc0/0xc0
[  554.144750]  ? save_stack+0xa9/0xd0
[  554.148370]  ? find_held_lock+0x36/0x1c0
[  554.152427]  ? lock_downgrade+0x8f0/0x8f0
[  554.156560]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  554.162089]  ? kasan_check_read+0x11/0x20
[  554.166223]  ? do_raw_spin_unlock+0xa7/0x2f0
[  554.170616]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  554.175187]  copy_tree+0x169/0xb00
[  554.178716]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  554.183720]  ? is_subdir+0x2f1/0x4a0
[  554.187423]  ? to_mnt_ns+0x20/0x20
[  554.190968]  ? __lock_is_held+0xb5/0x140
[  554.195026]  propagate_one+0x4e3/0x930
[  554.198901]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  554.203901]  ? next_group+0x400/0x400
[  554.207692]  propagate_mnt+0x18a/0x3e0
[  554.211567]  attach_recursive_mnt+0x60c/0xb70
[  554.216053]  ? count_mounts+0x360/0x360
[  554.220017]  ? rcu_read_lock_sched_held+0x108/0x120
[  554.225025]  ? kfree+0x1e9/0x260
[  554.228378]  ? get_mountpoint+0xe6/0x410
[  554.232425]  ? namespace_unlock+0x210/0x210
[  554.236751]  ? down_read+0x1d0/0x1d0
[  554.240458]  graft_tree+0x1aa/0x240
[  554.244072]  do_add_mount+0x1fe/0x370
[  554.247859]  do_mount+0x193f/0x30e0
[  554.251479]  ? copy_mount_string+0x40/0x40
[  554.255700]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  554.260445]  ? retint_kernel+0x10/0x10
[  554.264327]  ? copy_mount_options+0x1f0/0x380
[  554.268810]  ? copy_mount_options+0x1fa/0x380
[  554.273293]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  554.278814]  ? copy_mount_options+0x285/0x380
[  554.283298]  ksys_mount+0x12d/0x140
[  554.286916]  __x64_sys_mount+0xbe/0x150
[  554.290876]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  554.295881]  do_syscall_64+0x1b9/0x820
[  554.299757]  ? syscall_return_slowpath+0x5e0/0x5e0
[  554.304672]  ? syscall_return_slowpath+0x31d/0x5e0
[  554.310008]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[  554.315366]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  554.320198]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  554.325370] RIP: 0033:0x456a09
[  554.328539] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  554.347769] RSP: 002b:00007f208a4d7c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
09:41:07 executing program 6:
r0 = open(&(0x7f00009e1000)='./file0\x00', 0x8040, 0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl$sock_SIOCOUTQNSD(r1, 0x894b, &(0x7f0000000080))
ioctl(r1, 0x8912, &(0x7f0000000000)="025cc80700145f8f764070")
setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000180), 0xc)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000040)=@ipv4_newrule={0x20}, 0x20}}, 0x0)
fcntl$setlease(r0, 0x400, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$setlease(r0, 0x400, 0x0)

09:41:07 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0x1000000}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

[  554.355484] RAX: ffffffffffffffda RBX: 00007f208a4d86d4 RCX: 0000000000456a09
[  554.362779] RDX: 0000000020000000 RSI: 0000000020000380 RDI: 0000000020000340
[  554.370088] RBP: 00000000009300a0 R08: 0000000020000580 R09: 0000000000000000
[  554.377443] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014
[  554.384728] R13: 00000000004d1738 R14: 00000000004c6e79 R15: 000000000000000f
09:41:07 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:41:07 executing program 7:
r0 = socket$packet(0x11, 0x3, 0x300)
readv(r0, &(0x7f0000000240)=[{&(0x7f0000000000)=""/150, 0x96}, {&(0x7f00000000c0)=""/62, 0x3e}, {&(0x7f0000000180)=""/160, 0xa0}], 0x3)
write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="7f454c460000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000380000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000"], 0xfffffc53)
sync()

09:41:07 executing program 4:
r0 = syz_open_dev$sndctrl(&(0x7f0000006000)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f000000affc))
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000009000)='/dev/audio\x00', 0x0, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f00000000c0)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
r3 = syz_open_dev$sndpcmc(&(0x7f00006a6fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x40400)
r4 = request_key(&(0x7f0000000000)='.request_key_auth\x00', &(0x7f0000000040)={0x73, 0x79, 0x7a, 0x3}, &(0x7f0000000080)='/dev/audio\x00', 0xfffffffffffffffa)
fstat(r1, &(0x7f0000000180))
keyctl$describe(0x6, r4, &(0x7f0000000300)=""/4096, 0x1000)
r5 = dup2(r2, r1)
getsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r5, 0x84, 0x8, &(0x7f0000000100), &(0x7f0000000140)=0x4)
read(r3, &(0x7f0000000280)=""/116, 0x4f)

09:41:07 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:41:07 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0x2000}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:07 executing program 6:
sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0x6)
r0 = syz_open_dev$sndmidi(&(0x7f0000000200)='/dev/snd/midiC#D#\x00', 0x200, 0x0)
read(r0, &(0x7f0000000240)=""/224, 0xfffffc71)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x3, 0x0)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r1, 0x10e, 0x5, &(0x7f0000000000)=0x8, 0x4)
dup2(r0, r1)

09:41:07 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c00]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  554.594156] binder: 7530:7531 got new transaction with bad transaction stack, transaction 3683 has target 7530:0
[  554.604627] binder: 7530:7531 transaction failed 29201/-71, size 0-0 line 2879
09:41:07 executing program 4:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
sendto$inet(r0, &(0x7f0000a34fff)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
sendto$inet(r0, &(0x7f00000000c0)="c6", 0x1, 0x0, &(0x7f0000000080)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
shutdown(r0, 0x1)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f00000001c0)=@nat={'nat\x00', 0x1b, 0x5, 0x6b0, 0x0, 0x1f0, 0x518, 0x1f0, 0x1f0, 0x618, 0x618, 0x618, 0x618, 0x618, 0x5, &(0x7f0000000140), {[{{@ip={@loopback, @loopback, 0xffffffff, 0xffffff00, 'bcsf0\x00', 'veth0_to_team\x00', {}, {0xff}, 0x2e, 0x3, 0x4}, 0x0, 0xc0, 0xf8, 0x0, {}, [@common=@ttl={0x28, 'ttl\x00', 0x0, {0x2}}]}, @MASQUERADE={0x38, 'MASQUERADE\x00', 0x0, {0x1, {0x2, @remote, @empty, @gre_key=0x9, @port=0x4e21}}}}, {{@uncond, 0x0, 0x98, 0xf8}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @link_local, 0x1, 0xa, [0x3f, 0x28, 0xa, 0x38, 0x2f, 0xf, 0x21, 0x2, 0x38, 0x3a, 0x4, 0x7, 0xd, 0x19, 0xa, 0x24], 0x1, 0x5, 0x6}}}, {{@ip={@rand_addr=0x100000001, @multicast1, 0xffffff00, 0xff000000, 'gre0\x00', 'bond_slave_0\x00', {0xc9688bcccf7e6166}, {0xff}, 0x6e, 0x2, 0x1}, 0x0, 0x2f0, 0x328, 0x0, {}, [@common=@icmp={0x28, 'icmp\x00', 0x0, {0xc, 0x1, 0x4}}, @common=@unspec=@bpf1={0x230, 'bpf\x00', 0x1, @fd={0x2, 0x0, r0}}]}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0xb, @dev={0xac, 0x14, 0x14, 0xd}, @broadcast, @icmp_id=0x65, @port=0x4e24}}}}, {{@ip={@multicast2, @empty, 0xffffffff, 0xff000000, 'teql0\x00', 'team0\x00', {0xff}, {}, 0xff, 0x3, 0x1}, 0x0, 0xc8, 0x100, 0x0, {}, [@common=@addrtype={0x30, 'addrtype\x00', 0x0, {0x94, 0x400, 0x1, 0x1}}]}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0x2, @rand_addr=0xc01, @remote, @icmp_id=0x64, @gre_key=0x3}}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x710)
getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000100)={0x0, 0x10000000}, &(0x7f0000000000)=0x8)

09:41:07 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0x6}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:07 executing program 1:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
unshare(0x2000400)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22}, 0x1c)
r1 = getpgid(0xffffffffffffffff)
process_vm_readv(r1, &(0x7f0000000440)=[{&(0x7f0000000300)=""/102, 0x66}, {&(0x7f0000000380)=""/86, 0x56}], 0x2, &(0x7f0000001740)=[{&(0x7f0000000480)=""/152, 0x98}, {&(0x7f0000000540)=""/60, 0x3c}, {&(0x7f0000000580)=""/172, 0xac}, {&(0x7f0000000640)=""/111, 0x6f}, {&(0x7f00000006c0)=""/4096, 0x1000}, {&(0x7f00000016c0)=""/94, 0x5e}], 0x6, 0x0)
gettid()
listen(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffff9c, 0x84, 0x6f, &(0x7f0000000040)={<r2=>0x0, 0xa4, &(0x7f0000000240)=[@in={0x2, 0x4e21}, @in6={0xa, 0x4e22, 0x1f, @mcast2, 0x5}, @in={0x2, 0x4e22, @local}, @in={0x2, 0x4e21, @local}, @in={0x2, 0x4e24}, @in6={0xa, 0x4e21, 0x7, @remote, 0x4}, @in6={0xa, 0x4e24, 0x3, @dev={0xfe, 0x80, [], 0xd}, 0x3}, @in={0x2, 0x4e23}]}, &(0x7f00000000c0)=0x10)
r3 = socket$inet6(0x10, 0x1000000000000003, 0x0)
sendmsg(r3, &(0x7f000000bfc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f00000012c0)=[{&(0x7f0000001300)="5500000018007fafb7a41cb22da280000206000000a843096c37236939000900210003004b00ca8a9848a3090000006b7b31afdc1375a4ff671138d5053c3403992fc05c5afb83de4411006827c43ab8220000bf0c", 0x55}], 0x1, &(0x7f0000002040)}, 0x0)
setsockopt$inet_sctp_SCTP_RESET_ASSOC(r0, 0x84, 0x78, &(0x7f0000000100)=r2, 0x4)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000400))
r5 = dup(r0)
r6 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, r6)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000200)={0x1}, 0x8)
syz_open_dev$ndb(&(0x7f0000000080)='/dev/nbd#\x00', 0x0, 0x4000)
tkill(r4, 0x1000000000016)
sendto$inet6(r0, &(0x7f0000000240), 0x0, 0x20000003, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c)

09:41:07 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  554.678349] binder_alloc: binder_alloc_mmap_handler: 7530 20001000-20004000 already mapped failed -16
[  554.704248] binder: BINDER_SET_CONTEXT_MGR already set
[  554.720194] binder: 7530:7531 ioctl 40046207 0 returned -16
09:41:07 executing program 6:
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000003fe8))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
geteuid()
setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000013e95), 0x4)
r2 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x10000)
ioctl$PIO_SCRNMAP(r2, 0x4b41, &(0x7f00000000c0)="1070349c38150c8d954537612d622115fea0d98ac14028bdd3cd9e8a97e4e0a665231c15a97abb1cf3fb4f724a687c478234d171788210cf52936092ff6038b6241dd38bae8621db86cd9ccd41c21dec9971b558dedf9ab0c12be881c2a9c0a8d573b0ded6d16dd903c2b157fd740d1423a0109f726079e3e02395050fde5d7e6ebbeac7fede64e02767e963416f8580ecfe303fd96e9963edbd8a4c095759d243716e9873a8fecf88d861481dcac19c5d6e87e92fe69ac0fb2689f51eb11f4f6a0cde5abdb51d9b08d1305a608bf8e9006cbd11a2d4c94a582dacee8ee6dfda51b97b15a53fa3be479c57da489cf1458d6fb7e64baf0142d605")
getsockopt$inet_sctp_SCTP_ASSOCINFO(r1, 0x84, 0xd, &(0x7f0000000240), &(0x7f0000000280)=0x14)
sendmsg$TEAM_CMD_OPTIONS_GET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080), 0xc, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[]}}, 0x0)
close(r0)

[  554.776976] binder_alloc: 7530: binder_alloc_buf, no vma
[  554.782590] binder: 7530:7555 transaction failed 29189/-3, size 24-8 line 2967
[  554.799007] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
09:41:07 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0xffffffff00000000}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:07 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:41:07 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x31508, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:41:07 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:41:07 executing program 6:
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000000)={0x2, 0x3, 0x0, 0xfffffffffffffffd, 0xa, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}, @sadb_sa={0x2}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}]}, 0x50}}, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x240, 0x0)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f00000000c0)={<r2=>0x0, @in6={{0xa, 0x4e21, 0x0, @ipv4={[], [], @multicast2}, 0xffffffffffffffff}}, 0x400, 0x5}, &(0x7f0000000180)=0x90)
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f00000001c0)={r2, 0x101}, 0x8)

[  554.975887] binder: release 7530:7531 transaction 3683 out, still active
[  554.982892] binder: undelivered TRANSACTION_ERROR: 29201
[  554.997164] binder: send failed reply for transaction 3683, target dead
[  555.004576] binder: undelivered TRANSACTION_ERROR: 29201
[  555.010148] binder: undelivered TRANSACTION_ERROR: 29189
[  555.054436] binder: 7579:7582 got new transaction with bad transaction stack, transaction 3689 has target 7579:0
[  555.064893] binder: 7579:7582 transaction failed 29201/-71, size 0-0 line 2879
[  555.074080] binder_alloc: binder_alloc_mmap_handler: 7579 20001000-20004000 already mapped failed -16
[  555.083612] binder: BINDER_SET_CONTEXT_MGR already set
[  555.089643] binder: 7579:7582 ioctl 40046207 0 returned -16
[  555.097202] binder_alloc: 7579: binder_alloc_buf, no vma
[  555.102783] binder: 7579:7584 transaction failed 29189/-3, size 24-8 line 2967
[  555.109503] binder: send failed reply for transaction 3689 to 7579:7582
[  555.123585] binder: undelivered TRANSACTION_ERROR: 29201
[  555.129179] binder: undelivered TRANSACTION_ERROR: 29189
09:41:08 executing program 7:
r0 = socket$packet(0x11, 0x3, 0x300)
readv(r0, &(0x7f0000000240)=[{&(0x7f0000000000)=""/150, 0x96}, {&(0x7f00000000c0)=""/62, 0x3e}, {&(0x7f0000000180)=""/160, 0xa0}], 0x3)
sync()

09:41:08 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0x500000000000000}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:08 executing program 1:
r0 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x404000)
ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000080))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
setsockopt$inet_sctp_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f00000000c0)={0x1}, 0x1)
r2 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0)
ioctl$BLKTRACETEARDOWN(r2, 0x5382, 0x70c000)

09:41:08 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:41:08 executing program 6:
r0 = socket$inet(0x10, 0x3, 0x22)
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7ffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmsg(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000040)="24000000250007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)
r1 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x101, 0x0)
ioctl$IOC_PR_PREEMPT_ABORT(r1, 0x401870cc, &(0x7f0000000080)={0x1556a6f5, 0x7, 0x400, 0x10001})

09:41:08 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

[  555.367356] binder: 7593:7598 got new transaction with bad transaction stack, transaction 3695 has target 7593:0
[  555.377833] binder: 7593:7598 transaction failed 29201/-71, size 0-0 line 2879
[  555.450324] binder_alloc: binder_alloc_mmap_handler: 7593 20001000-20004000 already mapped failed -16
[  555.460224] binder_alloc: 7593: binder_alloc_buf, no vma
[  555.460427] binder: BINDER_SET_CONTEXT_MGR already set
[  555.465828] binder: 7593:7610 transaction failed 29189/-3, size 24-8 line 2967
[  555.474642] binder: 7593:7598 ioctl 40046207 0 returned -16
[  555.484863] binder: 7593:7598 BC_INCREFS_DONE u0000000000000000 no match
[  555.485352] binder: send failed reply for transaction 3695 to 7593:7598
[  555.492811] binder: 7593:7598 transaction failed 29189/-22, size 0-0 line 2852
[  555.506005] binder: undelivered TRANSACTION_ERROR: 29201
[  555.511698] binder: undelivered TRANSACTION_ERROR: 29189
[  555.517297] binder: undelivered TRANSACTION_ERROR: 29189
09:41:08 executing program 4:

09:41:08 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)="6d71756575658c", 0x0, &(0x7f0000000580))

09:41:08 executing program 6:

09:41:08 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:41:08 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x7400000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:41:08 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0x800000000000000}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:08 executing program 1:

09:41:08 executing program 1:

09:41:08 executing program 6:

09:41:08 executing program 4:

[  555.647197] binder: 7617:7623 got new transaction with bad transaction stack, transaction 3702 has target 7617:0
[  555.657795] binder: 7617:7623 transaction failed 29201/-71, size 0-0 line 2879
[  555.680546] binder_alloc: binder_alloc_mmap_handler: 7617 20001000-20004000 already mapped failed -16
[  555.706174] binder: BINDER_SET_CONTEXT_MGR already set
[  555.711707] binder: 7617:7623 ioctl 40046207 0 returned -16
[  555.773086] binder_alloc: 7617: binder_alloc_buf, no vma
[  555.778697] binder: 7617:7641 transaction failed 29189/-3, size 24-8 line 2967
[  555.787356] binder: send failed reply for transaction 3702 to 7617:7623
[  555.799620] binder: undelivered TRANSACTION_ERROR: 29201
[  555.805193] binder: undelivered TRANSACTION_ERROR: 29189
09:41:08 executing program 1:

09:41:08 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:41:08 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0x5800000000000000}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:08 executing program 4:

09:41:08 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:41:08 executing program 7:
socket$packet(0x11, 0x3, 0x300)
sync()

09:41:08 executing program 6:

09:41:08 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0xfdfdffff, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:41:08 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0xf5ffffff}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:08 executing program 6:

09:41:08 executing program 4:

[  556.250902] binder: 7652:7656 got new transaction with bad transaction stack, transaction 3708 has target 7652:0
[  556.261329] binder: 7652:7656 transaction failed 29201/-71, size 0-0 line 2879
09:41:08 executing program 1:

09:41:09 executing program 7:
sync()

09:41:09 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdef]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  556.334942] binder: BINDER_SET_CONTEXT_MGR already set
[  556.340349] binder_alloc: binder_alloc_mmap_handler: 7652 20001000-20004000 already mapped failed -16
[  556.342005] binder: 7652:7656 ioctl 40046207 0 returned -16
[  556.360848] binder: release 7652:7656 transaction 3708 out, still active
[  556.367761] binder: undelivered TRANSACTION_ERROR: 29201
09:41:09 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0x3f000000}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:09 executing program 4:

09:41:09 executing program 1:

09:41:09 executing program 6:

[  556.415518] binder: send failed reply for transaction 3708, target dead
09:41:09 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:41:09 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf401000000000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:41:09 executing program 7:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f000001a000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000ab9ff0)={0x1, &(0x7f000039a000)=[{0x6, 0x0, 0x0, 0x4}]}, 0x10)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmmsg(r0, &(0x7f0000003040)=[{{&(0x7f00000018c0)=@ipx={0x4, 0x0, 0x0, "982a5c276750"}, 0x80, &(0x7f0000002f80)}}], 0x1, 0x0)

09:41:09 executing program 4:
r0 = socket$inet_dccp(0x2, 0x6, 0x0)
connect$inet(r0, &(0x7f0000772000), 0x10)

09:41:09 executing program 1:
r0 = socket$kcm(0x2, 0x2, 0x0)
sendmsg(r0, &(0x7f0000000080)={&(0x7f00000000c0)=@in={0x2, 0x4e22}, 0x80, &(0x7f0000003580), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="3800000000000000000000000700000044240ff16f013c14ed83481540fecc30356e9c19e16c00000000000000000000000000000000000085807fd8771be22dc93b879beaf5d83c98f307e394d376e774af5a4bad68cb56d62a259a61ceb13dec8dd39dda8fc40d4205b600c99563494568e82160048cdee66db442827a72af57ba14393f8b53dd9934ab03915ed933ac35c721a9019ef4f438"], 0x9a}, 0x0)

09:41:09 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x6c000000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:41:09 executing program 6:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000004c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg(r1, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000840), 0x0, &(0x7f0000000c00)}, 0x0)
recvmsg(r0, &(0x7f00000018c0)={&(0x7f0000001500)=@pppol2tp={0x0, 0x0, {0x0, <r2=>0xffffffffffffffff, {0x0, 0x0, @multicast1}}}, 0x80, &(0x7f0000001b00), 0x0, &(0x7f0000001800)=""/153, 0x99}, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x28, &(0x7f0000000140)=r2, 0x4)

09:41:09 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0x5000000}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:09 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  556.649739] binder: 7706:7709 got new transaction with bad transaction stack, transaction 3713 has target 7706:0
[  556.660216] binder: 7706:7709 transaction failed 29201/-71, size 0-0 line 2879
09:41:09 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ptmx\x00', 0x0, 0x0)
read(r0, &(0x7f0000000200)=""/11, 0xffffff51)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000))
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040))
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000080))
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0))

09:41:09 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0xffffff8d}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:09 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160\x00'}, 0x58)
r2 = accept$alg(r1, 0x0, 0x0)
sendmmsg(r2, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can, 0x10, &(0x7f00000000c0)}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0)

09:41:09 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\a', 0x0, &(0x7f0000000580))

[  556.775905] binder_alloc: binder_alloc_mmap_handler: 7706 20001000-20004000 already mapped failed -16
[  556.801162] binder: BINDER_SET_CONTEXT_MGR already set
[  556.808721] binder: 7706:7709 ioctl 40046207 0 returned -16
09:41:09 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:41:09 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0x80ffffff00000000}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:09 executing program 7:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000040)={&(0x7f0000000100), 0xc, &(0x7f0000000000)={&(0x7f0000000680)={0x14, 0x1d, 0xfffffffffffffffd, 0x0, 0x0, {0x1f}}, 0x14}}, 0x0)
recvmmsg(r0, &(0x7f0000005fc0)=[{{&(0x7f0000002b40)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @ipv4={[], [], @multicast1}}}}, 0x80, &(0x7f0000004d80), 0x0, &(0x7f0000004e00)=""/118, 0x76}}], 0x1, 0x0, &(0x7f0000006140))

[  556.846201] binder_alloc: 7706: binder_alloc_buf, no vma
[  556.851814] binder: 7706:7737 transaction failed 29189/-3, size 24-8 line 2967
[  556.862518] binder: send failed reply for transaction 3713 to 7706:7709
[  556.873124] binder: undelivered TRANSACTION_ERROR: 29201
[  556.878708] binder: undelivered TRANSACTION_ERROR: 29189
09:41:09 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x74, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:41:09 executing program 6:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0xffffff8d}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:09 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:41:09 executing program 7 (fault-call:0 fault-nth:0):
sync()

[  556.996400] binder: 7756:7759 got new transaction with bad transaction stack, transaction 3719 has target 7756:0
[  557.006931] binder: 7756:7759 transaction failed 29201/-71, size 0-0 line 2879
[  557.053966] binder_alloc: binder_alloc_mmap_handler: 7756 20001000-20004000 already mapped failed -16
[  557.065723] binder: BINDER_SET_CONTEXT_MGR already set
[  557.072933] binder: 7756:7759 ioctl 40046207 0 returned -16
[  557.074905] FAULT_INJECTION: forcing a failure.
[  557.074905] name failslab, interval 1, probability 0, space 0, times 0
[  557.090230] CPU: 1 PID: 7773 Comm: syz-executor7 Not tainted 4.18.0-rc7+ #173
[  557.091001] binder_alloc: 7756: binder_alloc_buf, no vma
[  557.097528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  557.097535] Call Trace:
[  557.097561]  dump_stack+0x1c9/0x2b4
[  557.097584]  ? dump_stack_print_info.cold.2+0x52/0x52
[  557.097610]  should_fail.cold.4+0xa/0x1a
[  557.103094] binder: 7756:7768 transaction failed 29189/-3, size 24-8 line 2967
[  557.112406]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  557.112425]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  557.112449]  ? print_usage_bug+0xc0/0xc0
[  557.112468]  ? _raw_spin_unlock+0x22/0x30
[  557.116687] binder: send failed reply for transaction 3719 to 7756:7759
[  557.118668]  ? __queue_work+0x68d/0x1410
[  557.118683]  ? stub_timer+0x10/0x10
[  557.118701]  ? graph_lock+0x170/0x170
[  557.118723]  ? flush_rcu_work+0x90/0x90
[  557.175205]  ? _raw_spin_unlock_irqrestore+0x63/0xc0
[  557.180325]  ? lock_acquire+0x1e4/0x540
[  557.184288]  ? bdi_split_work_to_wbs+0x128/0x1360
[  557.189123]  __should_failslab+0x124/0x180
[  557.193347]  should_failslab+0x9/0x14
[  557.197133]  kmem_cache_alloc_trace+0x4b/0x780
[  557.201702]  ? wb_wait_for_completion+0x2e0/0x2e0
[  557.206537]  bdi_split_work_to_wbs+0x5a7/0x1360
[  557.211194]  ? trace_hardirqs_on+0x10/0x10
[  557.215418]  ? locked_inode_to_wb_and_lock_list+0xac0/0xac0
[  557.221117]  ? graph_lock+0x170/0x170
[  557.224907]  ? kasan_check_read+0x11/0x20
[  557.229041]  ? do_raw_spin_unlock+0xa7/0x2f0
[  557.233434]  ? __local_bh_enable_ip+0x161/0x230
[  557.238091]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  557.243095]  ? wb_wakeup+0x65/0xd0
[  557.246623]  ? find_held_lock+0x36/0x1c0
[  557.250678]  ? graph_lock+0x170/0x170
[  557.254468]  ? lock_acquire+0x1e4/0x540
[  557.258429]  ? iterate_supers+0xe2/0x290
[  557.262484]  sync_inodes_sb+0x333/0x480
[  557.266443]  ? rcu_note_context_switch+0x730/0x730
[  557.271358]  ? try_to_writeback_inodes_sb+0x70/0x70
[  557.276366]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  557.280935]  ? kasan_check_write+0x14/0x20
[  557.285159]  sync_inodes_one_sb+0x59/0x70
[  557.289292]  iterate_supers+0x149/0x290
[  557.293265]  ? __ia32_sys_tee+0x2b0/0x2b0
[  557.297398]  ksys_sync+0xec/0x1e0
[  557.300837]  ? sync_filesystem+0x330/0x330
[  557.305058]  ? __ia32_sys_read+0xb0/0xb0
[  557.309108]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  557.314631]  ? ksys_ioctl+0x81/0xd0
[  557.318242]  ? do_syscall_64+0x9a/0x820
[  557.322203]  __ia32_sys_sync+0xe/0x20
[  557.325992]  do_syscall_64+0x1b9/0x820
[  557.329869]  ? finish_task_switch+0x1d3/0x870
[  557.334367]  ? syscall_return_slowpath+0x5e0/0x5e0
[  557.339282]  ? syscall_return_slowpath+0x31d/0x5e0
[  557.344210]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[  557.349566]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  557.354398]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  557.359582] RIP: 0033:0x456a09
[  557.362753] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  557.381995] RSP: 002b:00007f77e0201c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[  557.389696] RAX: ffffffffffffffda RBX: 00007f77e02026d4 RCX: 0000000000456a09
[  557.396953] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
09:41:10 executing program 4:
r0 = socket(0x1e, 0x1, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x183072d2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmsg(r0, &(0x7f00003bbfc8)={&(0x7f0000fdbf80)=@generic={0x10000000001e, "02ff0100000001000000000000000ae77f5bf86c48020002000000f1ffffff009a480075e6a50000de010300000000e4ff064b3f013a000000080000008f00000000ac50d5fe32c4000000007fffffff6a008356edb9a6341c1fd45624281e00070ecddd0206c39750c40000fd00000900000000000b0000db000004da36"}, 0x2ef, &(0x7f0000d1b000), 0x0, &(0x7f000012e000)}, 0x0)
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7ffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000480)={<r1=>0x0, @in={{0x2, 0x4e20, @loopback}}, 0x40, 0x4, 0x80000001, 0x7, 0x20}, &(0x7f0000000040)=0x98)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, &(0x7f0000000100)={0xfc3e, 0x100000000, 0x867, 0x20}, 0x10)
setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x19, &(0x7f0000000080)={r1, 0x2}, 0x8)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(r0, &(0x7f00000000c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000280)}}, 0x200000d8)

09:41:10 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0x200000000000000}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:10 executing program 6:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ppp\x00', 0x101002, 0x0)
ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000400)=""/246)
ioctl$TUNSETVNETLE(r0, 0x400454dc, &(0x7f0000000080))
ioctl$PPPIOCSFLAGS(r0, 0x40047459, &(0x7f0000000000)=0x600210)
pwritev(r0, &(0x7f0000000140)=[{&(0x7f0000000040)='\f', 0x1}], 0x1, 0x0)

09:41:10 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:41:10 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)="6d7175657565f6", 0x0, &(0x7f0000000580))

[  557.404211] RBP: 00000000009300a0 R08: 0000000000000000 R09: 0000000000000000
[  557.411466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000013
[  557.418735] R13: 00000000004d5320 R14: 00000000004c73e1 R15: 0000000000000000
[  557.438326] binder: undelivered TRANSACTION_ERROR: 29201
[  557.444768] binder: undelivered TRANSACTION_ERROR: 29189
09:41:10 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000ad7000)={0x1, &(0x7f0000acbff8)=[{0x6, 0x0, 0x0, 0x6}]}, 0x10)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22}, 0x1c)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000903000)={0x1, 0x1e, &(0x7f0000000680)=ANY=[@ANYBLOB="18800010000000000000000000000000850000002a000000170000000000000095000000210000007d5c560056b64303cb4b10eaa43b70a4a43d1ad34ace288dd61e11a76a02f4289986a8c66daf68bd63016b1f8372018538787cf117baa0bc367b06cb81896f39ff7f0000000000008b2866bed7ec9ce00fa20b5f89367e84ac4baccace9f5c9a424f3448cc2e378ee1d9ea30f0f058a25edf4801a75eb7424181911478a6fa1f994852f953ad3a867d9bd76260bc2b0e4df98a42c8647d9c2ad7260aea1edc5573861f091d44ac38f7017d1a5c9f3f92a1b27e1474a441f16dcb27f96e3bec35ab8f266a8725c65ec0567485dae73ae6301fd85ed044dd00c5000025bc00463243fbff8dfed3ac28ef4ad81897bd565cc99b98fc6301284e63efb33d86024ec8811ff1be5817c500b63120856fb515e45159dfd3a8cb90a84f12c54d215220682d4078f500a3397d92aee0fb8a99eff2249c39d5dfc39ef1a320b277fb5a212f7e94764799cad09ccc4b8ea43ec7ecd83ad78877289b1599cc819d4fe04cb168af9722a6f8ea55c889fc6570d0c6d5f621e01a7c6f577d1e05fd2a8dd0d2e1c0e79f6df17f34ac12e2ebab12be0b1fdc2f28fcfc3345e8c4ed716d86633b35ced9454a3066b1f020e319047bbb073a7419c4db7297edf81567f8631c"], &(0x7f0000000200)="73797a6b616c6c65722c493d6c2b78db01beb8234b8301e2918b8b33e703f173263d15127d1c5309a0593d0f6dbe9cd5434619dfff6e61ba74ed3776315503f2d22b3ecd7a62819bc2345afd348344bed224a114267fd4cd1e55f8cf69c16cfffd3a4dc7721aacdfb55e39d507f86531752d2affc30318f5da65be34374a24f6", 0xfffffffffffffffa, 0x1000, &(0x7f00009ab000)=""/4096}, 0x48)
r2 = socket(0x10, 0x3, 0x0)
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00009da000)=r1, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000040)={0x80, 0x10001, 0x7fff, 0x10001, 0xfffffffffffffffa}, 0x14)
sendmsg$nl_route_sched(r2, &(0x7f0000000280)={&(0x7f0000000000), 0xc, &(0x7f0000000100)={&(0x7f0000000640)=ANY=[@ANYBLOB="1400000b320005061100004e060000000000000029094d4121ccf7000000000000000000"], 0x1}}, 0x4000000000000000)
r3 = bpf$OBJ_GET_MAP(0x7, &(0x7f00000005c0)={&(0x7f0000000600)='./file0\x00', 0x0, 0x40000000}, 0x10)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000000c0)={r3, &(0x7f0000000d40)="a142f75bc30000000000000000e79fa6b144788da1f7bb7b89d574113f803b937e81bb05b56151b4ee7f44ec532c4aa49591db70a4f195a92ab852172a9dfe1123f6b604dad855fddcf2c873201a7c1c3b65758dc496b890cfc246b4f7a9b1e44eff0dfea32e3730b38383f48fcb3836bfd645070000000000000012b87875fafa1de4010947e90a72bf4ad2db3d3c004d1e2ad3c2540b9fae948688c0d61c0f68ee1807d0d46fafddc9d6526a2c11c3793a0bf03b5b4956fdef3c4afd2116ff8d9561e2312455e5b909317c33ea8453303beda5ac8a4334c02f188155aef658023fdfcd3680e12883da37e4c40c34ac2d7fa512d4eba18de62ea4ad3836c71f32125325e718aa0f866e92375eb99d697b0e776f73041a40847e856913a54c199cbd60b5a51ab0046fc6ce34dfac09b205063bd0b048765afc2aff7ff2384721b2729f9eb4c3b6690b7944b3e668abdc2c0fc94d5698d3e72255869e5beb027968bebec1bbd29cf3d616b21f868a3656", &(0x7f0000000ac0)=""/96}, 0x18)
r4 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r4, 0x100008912, &(0x7f0000000100)="025cc80700145f8f764070")
unshare(0x24020400)
r5 = socket$inet6(0xa, 0x1000000000002, 0x0)
mknod(&(0x7f00000056c0)='./file0\x00', 0x1040, 0x0)
execve(&(0x7f0000f8aff8)='./file0\x00', &(0x7f0000000380), &(0x7f00000001c0))
r6 = gettid()
socketpair$unix(0x1, 0x5, 0x0, &(0x7f000000d000)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
r9 = socket$nl_xfrm(0x10, 0x3, 0x6)
kcmp(r6, r6, 0x0, r9, r5)
ioctl$int_in(r7, 0x5452, &(0x7f0000008ff8)=0x3f)
r10 = getpid()
execve(&(0x7f0000000000)='./bus\x00', &(0x7f00000000c0), &(0x7f0000000140))
fcntl$setown(r7, 0x8, r10)
fcntl$setsig(r7, 0xa, 0x12)
dup2(r7, r8)
tkill(r6, 0x16)
open(&(0x7f0000363ff8)='./file0\x00', 0x401, 0x0)
sendto$inet6(r0, &(0x7f0000000180), 0x0, 0x200408d4, &(0x7f000072e000)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
ioctl$int_out(0xffffffffffffffff, 0x0, &(0x7f0000000480))

09:41:10 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x31490, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:41:10 executing program 7 (fault-call:0 fault-nth:1):
sync()

09:41:10 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0x40000000}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:10 executing program 6:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$TIOCGSID(0xffffffffffffff9c, 0x5429, &(0x7f000000a500)=<r1=>0x0)
process_vm_readv(r1, &(0x7f000000a700)=[{&(0x7f000000a540)=""/92, 0x5c}, {&(0x7f000000a5c0)=""/125, 0x7d}, {&(0x7f000000a640)=""/12, 0xc}, {&(0x7f000000a680)=""/81, 0x51}], 0x4, &(0x7f000000ac40)=[{&(0x7f000000a740)=""/107, 0x6b}, {&(0x7f000000a7c0)=""/145, 0x91}, {&(0x7f000000a880)=""/111, 0x6f}, {&(0x7f000000a900)=""/103, 0x67}, {&(0x7f000000a980)=""/146, 0x92}, {&(0x7f000000aa40)=""/23, 0x17}, {&(0x7f000000aa80)=""/44, 0x2c}, {&(0x7f000000aac0)=""/185, 0xb9}, {&(0x7f000000ab80)=""/188, 0xbc}], 0x9, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000500)={&(0x7f0000000300), 0xc, &(0x7f00000004c0)={&(0x7f0000000340)=@getae={0x40, 0x1f, 0x103, 0x0, 0x0, {{}, @in6=@local}}, 0x40}}, 0x0)
r2 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x5, 0x208000)
clock_gettime(0x0, &(0x7f000000ad00)={<r3=>0x0, <r4=>0x0})
recvmmsg(r0, &(0x7f000000a200)=[{{0x0, 0x0, &(0x7f0000002640)=[{&(0x7f0000000080)=""/204, 0xcc}, {&(0x7f0000000200)=""/6, 0x6}, {&(0x7f0000000540)=""/4096, 0x1000}, {&(0x7f0000000240)=""/75, 0x4b}, {&(0x7f0000000380)=""/97, 0x61}, {&(0x7f0000000400)=""/66, 0x42}, {&(0x7f0000001540)=""/4096, 0x1000}, {&(0x7f0000002540)=""/246, 0xf6}, {&(0x7f00000002c0)=""/64, 0x40}], 0x9, &(0x7f0000002700)=""/143, 0x8f, 0x9}, 0xffffffff}, {{&(0x7f00000027c0)=@xdp, 0x80, &(0x7f0000003b80)=[{&(0x7f0000002840)=""/4096, 0x1000}, {&(0x7f0000000480)=""/47, 0x2f}, {&(0x7f0000003840)=""/202, 0xca}, {&(0x7f0000003940)=""/31, 0x1f}, {&(0x7f0000003980)=""/57, 0x39}, {&(0x7f00000039c0)=""/157, 0x9d}, {&(0x7f0000003a80)=""/246, 0xf6}], 0x7, 0x0, 0x0, 0x10001}, 0xffffffffffffff6f}, {{&(0x7f0000003c00)=@vsock, 0x80, &(0x7f0000006180)=[{&(0x7f0000003c80)=""/212, 0xd4}, {&(0x7f0000003d80)=""/4096, 0x1000}, {&(0x7f0000004d80)=""/206, 0xce}, {&(0x7f0000004e80)=""/46, 0x2e}, {&(0x7f0000004ec0)=""/4096, 0x1000}, {&(0x7f0000005ec0)=""/151, 0x97}, {&(0x7f0000005f80)=""/147, 0x93}, {&(0x7f0000006040)=""/47, 0x2f}, {&(0x7f0000006080)=""/196, 0xc4}], 0x9, &(0x7f0000006240)=""/95, 0x5f, 0xd35d}, 0xfa6}, {{&(0x7f00000062c0)=@in6={0xa, 0x0, 0x0, @remote}, 0x80, &(0x7f0000006540)=[{&(0x7f0000006340)=""/132, 0x84}, {&(0x7f0000006400)=""/11, 0xb}, {&(0x7f0000006440)=""/188, 0xbc}, {&(0x7f0000006500)=""/46, 0x2e}], 0x4, &(0x7f0000006580)=""/4096, 0x1000, 0x9}, 0x8}, {{&(0x7f0000007580)=@l2, 0x80, &(0x7f0000007c00)=[{&(0x7f0000007600)=""/233, 0xe9}, {&(0x7f0000007700)=""/107, 0x6b}, {&(0x7f0000007780)=""/159, 0x9f}, {&(0x7f0000007840)=""/28, 0x1c}, {&(0x7f0000007880)=""/160, 0xa0}, {&(0x7f0000007940)=""/251, 0xfb}, {&(0x7f0000007a40)=""/149, 0x95}, {&(0x7f0000007b00)=""/251, 0xfb}], 0x8, &(0x7f0000007c80)=""/89, 0x59, 0x2}, 0x7}, {{0x0, 0x0, &(0x7f0000007e40)=[{&(0x7f0000007d00)=""/82, 0x52}, {&(0x7f0000007d80)=""/188, 0xbc}], 0x2, &(0x7f0000007e80)=""/6, 0x6, 0x10001}, 0x5}, {{&(0x7f0000007ec0)=@xdp={0x2c, 0x0, <r5=>0x0}, 0x80, &(0x7f0000009480)=[{&(0x7f0000007f40)=""/135, 0x87}, {&(0x7f0000008000)=""/4096, 0x1000}, {&(0x7f0000009000)=""/2, 0x2}, {&(0x7f0000009040)=""/92, 0x5c}, {&(0x7f00000090c0)=""/83, 0x53}, {&(0x7f0000009140)=""/189, 0xbd}, {&(0x7f0000009200)=""/18, 0x12}, {&(0x7f0000009240)=""/248, 0xf8}, {&(0x7f0000009340)=""/72, 0x48}, {&(0x7f00000093c0)=""/140, 0x8c}], 0xa, &(0x7f0000009540)=""/202, 0xca, 0x1}, 0x9a}, {{&(0x7f0000009640)=@ethernet={0x0, @broadcast}, 0x80, &(0x7f0000009b40)=[{&(0x7f00000096c0)=""/244, 0xf4}, {&(0x7f00000097c0)=""/212, 0xd4}, {&(0x7f00000098c0)=""/8, 0x8}, {&(0x7f0000009900)=""/12, 0xc}, {&(0x7f0000009940)=""/11, 0xb}, {&(0x7f0000009980)=""/180, 0xb4}, {&(0x7f0000009a40)=""/3, 0x3}, {&(0x7f0000009a80)=""/158, 0x9e}], 0x8, &(0x7f0000009bc0)=""/23, 0x17, 0x2}, 0x3ff}, {{&(0x7f0000009c00)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast1}}}, 0x80, &(0x7f000000a100)=[{&(0x7f0000009c80)=""/133, 0x85}, {&(0x7f0000009d40)=""/134, 0x86}, {&(0x7f0000009e00)=""/147, 0x93}, {&(0x7f0000009ec0)=""/158, 0x9e}, {&(0x7f0000009f80)=""/177, 0xb1}, {&(0x7f000000a040)=""/25, 0x19}, {&(0x7f000000a080)=""/83, 0x53}], 0x7, &(0x7f000000a180)=""/67, 0x43, 0x2}, 0x1}], 0x9, 0x10000, &(0x7f000000a480)={r3, r4+30000000})
ioctl$sock_inet6_SIOCSIFDSTADDR(r2, 0x8918, &(0x7f000000a4c0)={@empty, 0x71, r5})

09:41:10 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xeffdffff00000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:41:10 executing program 4:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ptype\x00')
write$eventfd(r0, &(0x7f0000000040), 0xffffff16)

09:41:10 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

[  557.734240] FAULT_INJECTION: forcing a failure.
[  557.734240] name failslab, interval 1, probability 0, space 0, times 0
[  557.745839] CPU: 1 PID: 7806 Comm: syz-executor7 Not tainted 4.18.0-rc7+ #173
[  557.753124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  557.762483] Call Trace:
[  557.765068]  dump_stack+0x1c9/0x2b4
[  557.768690]  ? dump_stack_print_info.cold.2+0x52/0x52
[  557.773882]  should_fail.cold.4+0xa/0x1a
[  557.777945]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  557.783044]  ? find_held_lock+0x36/0x1c0
[  557.787098]  ? lock_downgrade+0x8f0/0x8f0
[  557.791240]  ? print_usage_bug+0xc0/0xc0
[  557.795295]  ? kvm_clock_read+0x25/0x30
[  557.799254]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  557.804255]  ? ktime_get+0x2e1/0x440
[  557.807958]  __should_failslab+0x124/0x180
[  557.812206]  should_failslab+0x9/0x14
[  557.815998]  kmem_cache_alloc_node+0x56/0x780
[  557.820495]  create_task_io_context+0xbd/0x600
[  557.825063]  ? ioc_clear_queue+0x610/0x610
[  557.829287]  ? lock_downgrade+0x8f0/0x8f0
[  557.833428]  ? kasan_check_read+0x11/0x20
[  557.837567]  ? rcu_is_watching+0x8c/0x150
[  557.841701]  ? __lock_is_held+0xb5/0x140
[  557.845746]  ? rcu_report_qs_rnp+0x7a0/0x7a0
[  557.850146]  generic_make_request_checks+0x164f/0x2410
[  557.855412]  ? blk_init_queue+0x30/0x30
[  557.859373]  ? __save_stack_trace+0x8d/0xf0
[  557.863681]  ? blk_queue_enter+0xbf7/0xe10
[  557.867908]  ? blk_exit_rl+0x80/0x80
[  557.871612]  ? save_stack+0x43/0xd0
[  557.875227]  ? kasan_kmalloc+0xc4/0xe0
[  557.879097]  ? kasan_slab_alloc+0x12/0x20
[  557.883232]  ? kmem_cache_alloc+0x12e/0x760
[  557.887541]  ? mempool_alloc_slab+0x44/0x60
[  557.891847]  ? mempool_alloc+0x193/0x4b0
[  557.895892]  ? bio_alloc_bioset+0x39c/0x6f0
[  557.900199]  ? submit_bh_wbc+0x14b/0x790
[  557.904245]  ? __block_write_full_page+0x836/0xf10
[  557.909163]  ? block_write_full_page+0x1ff/0x250
[  557.913913]  ? trace_hardirqs_on+0x10/0x10
[  557.918136]  ? __ia32_sys_sync+0xe/0x20
[  557.922097]  ? do_syscall_64+0x1b9/0x820
[  557.926148]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  557.931499]  ? print_usage_bug+0xc0/0xc0
[  557.935545]  ? graph_lock+0x170/0x170
[  557.939330]  ? graph_lock+0x170/0x170
[  557.943119]  ? lock_downgrade+0x8f0/0x8f0
[  557.947261]  generic_make_request+0x2aa/0x1800
[  557.951833]  ? blk_get_request+0x7e0/0x7e0
[  557.956059]  ? rcu_read_lock_sched_held+0x108/0x120
[  557.961062]  ? graph_lock+0x170/0x170
[  557.964852]  ? graph_lock+0x170/0x170
[  557.968643]  ? mempool_alloc_slab+0x44/0x60
[  557.972955]  ? mempool_free+0x370/0x370
[  557.976917]  ? mempool_alloc_slab+0x44/0x60
[  557.981227]  ? find_held_lock+0x36/0x1c0
[  557.985281]  ? lock_downgrade+0x8f0/0x8f0
[  557.989417]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  557.994945]  submit_bio+0xba/0x460
[  557.998473]  ? submit_bio+0xba/0x460
[  558.002175]  ? rcu_report_qs_rnp+0x7a0/0x7a0
[  558.006570]  ? generic_make_request+0x1800/0x1800
[  558.011400]  ? __bio_add_page+0x122/0x280
[  558.015539]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  558.020542]  ? guard_bio_eod+0x2b4/0x600
[  558.024587]  ? bio_add_page+0xed/0x120
[  558.028466]  submit_bh_wbc+0x5de/0x790
[  558.032358]  __block_write_full_page+0x836/0xf10
[  558.037104]  ? check_disk_change+0x140/0x140
[  558.041498]  ? __getblk_gfp+0xb10/0xb10
[  558.045462]  ? submit_bh_wbc+0x790/0x790
[  558.049511]  ? __lock_is_held+0xb5/0x140
[  558.053573]  block_write_full_page+0x1ff/0x250
[  558.058144]  ? check_disk_change+0x140/0x140
[  558.062544]  blkdev_writepage+0x24/0x30
[  558.066509]  __writepage+0x69/0xe0
[  558.070040]  write_cache_pages+0x92f/0x16b0
[  558.074352]  ? tag_pages_for_writeback+0x4a0/0x4a0
[  558.079274]  ? clear_page_dirty_for_io+0x1240/0x1240
[  558.084366]  ? trace_hardirqs_on+0x10/0x10
[  558.088602]  ? lock_acquire+0x1e4/0x540
[  558.092563]  ? iterate_bdevs+0xce/0x291
[  558.096531]  ? lock_release+0xa30/0xa30
[  558.100492]  ? check_same_owner+0x340/0x340
[  558.104799]  ? rcu_note_context_switch+0x730/0x730
[  558.109716]  ? graph_lock+0x170/0x170
[  558.113504]  ? kasan_check_write+0x14/0x20
[  558.117725]  ? __mutex_lock+0x7e8/0x1820
[  558.121770]  ? iterate_bdevs+0xce/0x291
[  558.125734]  ? blk_start_plug+0xcc/0x370
[  558.129779]  ? find_held_lock+0x36/0x1c0
[  558.133827]  ? blk_lld_busy+0x70/0x70
[  558.137622]  ? lock_downgrade+0x8f0/0x8f0
[  558.142479]  ? kasan_check_read+0x11/0x20
[  558.146634]  generic_writepages+0xda/0x150
[  558.150856]  ? write_cache_pages+0x16b0/0x16b0
[  558.155429]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  558.160957]  blkdev_writepages+0x1d/0x30
[  558.165008]  ? blkdev_readpages+0x40/0x40
[  558.169150]  do_writepages+0x9a/0x1a0
[  558.172943]  __filemap_fdatawrite_range+0x364/0x4a0
[  558.177950]  ? delete_from_page_cache_batch+0xf90/0xf90
[  558.183304]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  558.187878]  filemap_fdatawrite+0x26/0x30
[  558.192026]  fdatawrite_one_bdev+0x50/0x70
[  558.196246]  iterate_bdevs+0x11e/0x291
[  558.200122]  ? fdatawait_one_bdev+0x70/0x70
[  558.204429]  ksys_sync+0x11a/0x1e0
[  558.207957]  ? sync_filesystem+0x330/0x330
[  558.212192]  ? __ia32_sys_read+0xb0/0xb0
[  558.216238]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  558.221760]  ? ksys_ioctl+0x81/0xd0
[  558.225373]  ? do_syscall_64+0x9a/0x820
[  558.229338]  __ia32_sys_sync+0xe/0x20
[  558.233127]  do_syscall_64+0x1b9/0x820
[  558.237002]  ? finish_task_switch+0x1d3/0x870
[  558.241490]  ? syscall_return_slowpath+0x5e0/0x5e0
[  558.246408]  ? syscall_return_slowpath+0x31d/0x5e0
[  558.251325]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[  558.256675]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  558.261508]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  558.266681] RIP: 0033:0x456a09
09:41:11 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0x500}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

[  558.269850] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  558.289093] RSP: 002b:00007f77e0201c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[  558.296787] RAX: ffffffffffffffda RBX: 00007f77e02026d4 RCX: 0000000000456a09
[  558.304041] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  558.311299] RBP: 00000000009300a0 R08: 0000000000000000 R09: 0000000000000000
[  558.318554] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000013
[  558.325808] R13: 00000000004d5320 R14: 00000000004c73e1 R15: 0000000000000001
09:41:11 executing program 7 (fault-call:0 fault-nth:2):
sync()

09:41:11 executing program 4:
r0 = memfd_create(&(0x7f0000000080)="5bd295e7a5c45ebd0000", 0x0)
write$binfmt_aout(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="cc0000000000000000dbeacdd5e1b68141104414720bf147bb"], 0x19)
execveat(r0, &(0x7f0000000000)='\x00', &(0x7f0000000100)=[&(0x7f0000000040)='cpuset\'\x00', &(0x7f00000000c0)='[\x00'], &(0x7f00000005c0), 0x1000)

[  558.374749] binder: 7810:7817 got new transaction with bad transaction stack, transaction 3725 has target 7810:0
[  558.385254] binder: 7810:7817 transaction failed 29201/-71, size 0-0 line 2879
09:41:11 executing program 6:
r0 = socket(0x1e, 0x2, 0x0)
bind(r0, &(0x7f0000d80f80)=@generic={0x1e, "0101000000000000000000000000000009a979f321b30c7bc8790405c7bad62e0a43a632ed4938d36d73fb8f8401a3ff59829a2b0afe7ce43a4b2470a0c5216669ca021f6f65dcf160e7e58f358c0002f0000158d19bcb31f1314a8ef151622ca5bdb9c8ead2000077aeb81c90001d6d7c980ee590c8b9f70dc136cd184a"}, 0x80)
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/amemthresh\x00', 0x2, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r1, 0x4068aea3, &(0x7f0000000040)={0x7b, 0x0, [0x5fbf, 0x7, 0x100000000, 0x100]})
r2 = socket(0x1e, 0x5, 0x0)
sendmsg(r2, &(0x7f0000316000)={&(0x7f0000dd7000)=@generic={0x10000000001e, "010000000000000000000001e526cc573c5bf86c483724c71e14dd6a739effea1b48006be61ffe06d79f00000000000000076c3f010039d8f986ff03000000000000af50d5fe32c419d67bcbc7e3ad316a198356ed0008341c1fd45624281e27800ece70b076cf979ac40000bd767e2e78a1dfd300981a1565b3b16d7436"}, 0x80, &(0x7f0000001000), 0x0, &(0x7f00002d4000)}, 0x0)
close(r0)

09:41:11 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:41:11 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0xfffffff5}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

[  558.489454] binder_alloc: binder_alloc_mmap_handler: 7810 20001000-20004000 already mapped failed -16
[  558.511413] FAULT_INJECTION: forcing a failure.
[  558.511413] name failslab, interval 1, probability 0, space 0, times 0
[  558.522756] CPU: 1 PID: 7837 Comm: syz-executor7 Not tainted 4.18.0-rc7+ #173
[  558.530041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
09:41:11 executing program 6:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000cd8ff4))
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0)

[  558.539398] Call Trace:
[  558.541999]  dump_stack+0x1c9/0x2b4
[  558.545644]  ? dump_stack_print_info.cold.2+0x52/0x52
[  558.550850]  ? __lock_acquire+0x7fc/0x5020
[  558.555104]  should_fail.cold.4+0xa/0x1a
[  558.559180]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  558.564298]  ? trace_hardirqs_on+0x10/0x10
[  558.568550]  ? lock_acquire+0x1e4/0x540
[  558.572539]  ? find_held_lock+0x36/0x1c0
[  558.576611]  ? graph_lock+0x170/0x170
[  558.580429]  ? lock_downgrade+0x8f0/0x8f0
[  558.584596]  ? __lock_is_held+0xb5/0x140
09:41:11 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0xb}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

[  558.588674]  __should_failslab+0x124/0x180
[  558.592925]  should_failslab+0x9/0x14
[  558.596739]  kmem_cache_alloc+0x47/0x760
[  558.600809]  ? rcu_note_context_switch+0x730/0x730
[  558.605758]  ? mempool_free+0x370/0x370
[  558.609745]  mempool_alloc_slab+0x44/0x60
[  558.613910]  mempool_alloc+0x193/0x4b0
[  558.617812]  ? mempool_destroy+0x30/0x30
[  558.621886]  ? mark_held_locks+0xc9/0x160
[  558.626041]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  558.630639]  ? find_held_lock+0x36/0x1c0
[  558.634720]  bio_alloc_bioset+0x39c/0x6f0
[  558.638886]  ? bvec_alloc+0x2d0/0x2d0
[  558.642700]  ? check_same_owner+0x340/0x340
[  558.647029]  ? rcu_is_watching+0x8c/0x150
[  558.651193]  submit_bh_wbc+0x14b/0x790
[  558.654537] binder: BINDER_SET_CONTEXT_MGR already set
[  558.655091]  __block_write_full_page+0x836/0xf10
[  558.655122]  ? check_disk_change+0x140/0x140
[  558.669534]  ? __getblk_gfp+0xb10/0xb10
[  558.673522]  ? submit_bh_wbc+0x790/0x790
[  558.674194] binder: 7810:7817 ioctl 40046207 0 returned -16
[  558.677581]  ? __lock_is_held+0xb5/0x140
[  558.677613]  block_write_full_page+0x1ff/0x250
[  558.677631]  ? check_disk_change+0x140/0x140
[  558.677650]  blkdev_writepage+0x24/0x30
[  558.677668]  __writepage+0x69/0xe0
[  558.677685]  write_cache_pages+0x92f/0x16b0
[  558.677705]  ? tag_pages_for_writeback+0x4a0/0x4a0
[  558.683669] binder_alloc: 7810: binder_alloc_buf, no vma
[  558.687464]  ? clear_page_dirty_for_io+0x1240/0x1240
[  558.687480]  ? trace_hardirqs_on+0x10/0x10
[  558.687499]  ? lock_acquire+0x1e4/0x540
[  558.687513]  ? iterate_bdevs+0xce/0x291
[  558.687534]  ? lock_release+0xa30/0xa30
[  558.687549]  ? check_same_owner+0x340/0x340
[  558.687567]  ? rcu_note_context_switch+0x730/0x730
[  558.687585]  ? graph_lock+0x170/0x170
[  558.692200] binder: 7810:7861 transaction failed 29189/-3, size 24-8 line 2967
[  558.696551]  ? kasan_check_write+0x14/0x20
[  558.696568]  ? __mutex_lock+0x7e8/0x1820
[  558.696587]  ? iterate_bdevs+0xce/0x291
[  558.701247] binder: send failed reply for transaction 3725 to 7810:7817
[  558.704069]  ? blk_start_plug+0xcc/0x370
[  558.704085]  ? find_held_lock+0x36/0x1c0
[  558.704102]  ? blk_lld_busy+0x70/0x70
[  558.704126]  ? lock_downgrade+0x8f0/0x8f0
[  558.704148]  ? kasan_check_read+0x11/0x20
[  558.704168]  generic_writepages+0xda/0x150
[  558.704184]  ? write_cache_pages+0x16b0/0x16b0
[  558.704209]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  558.813587]  blkdev_writepages+0x1d/0x30
[  558.817633]  ? blkdev_readpages+0x40/0x40
[  558.821768]  do_writepages+0x9a/0x1a0
[  558.825560]  __filemap_fdatawrite_range+0x364/0x4a0
[  558.830568]  ? delete_from_page_cache_batch+0xf90/0xf90
[  558.835926]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  558.840502]  filemap_fdatawrite+0x26/0x30
[  558.844636]  fdatawrite_one_bdev+0x50/0x70
[  558.848858]  iterate_bdevs+0x11e/0x291
[  558.852731]  ? fdatawait_one_bdev+0x70/0x70
[  558.857042]  ksys_sync+0x11a/0x1e0
[  558.860571]  ? sync_filesystem+0x330/0x330
[  558.864794]  ? __ia32_sys_read+0xb0/0xb0
[  558.868845]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  558.874372]  ? ksys_ioctl+0x81/0xd0
[  558.877989]  ? do_syscall_64+0x9a/0x820
[  558.881955]  __ia32_sys_sync+0xe/0x20
[  558.885741]  do_syscall_64+0x1b9/0x820
[  558.889615]  ? finish_task_switch+0x1d3/0x870
[  558.894100]  ? syscall_return_slowpath+0x5e0/0x5e0
[  558.899026]  ? syscall_return_slowpath+0x31d/0x5e0
[  558.903949]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[  558.909304]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  558.914136]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  558.919309] RIP: 0033:0x456a09
[  558.922480] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  558.941700] RSP: 002b:00007f77e0201c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[  558.949395] RAX: ffffffffffffffda RBX: 00007f77e02026d4 RCX: 0000000000456a09
[  558.956648] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  558.963903] RBP: 00000000009300a0 R08: 0000000000000000 R09: 0000000000000000
[  558.971156] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000013
[  558.978408] R13: 00000000004d5320 R14: 00000000004c73e1 R15: 0000000000000002
[  559.059200] binder: undelivered TRANSACTION_ERROR: 29201
[  559.064788] binder: undelivered TRANSACTION_ERROR: 29189
09:41:13 executing program 1:
r0 = fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff)
readlinkat(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)=""/196, 0xc4)
r1 = syz_open_dev$sndseq(&(0x7f0000dcc000)='/dev/snd/seq\x00', 0x0, 0x0)
readlinkat(r0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)=""/20, 0x14)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r1, 0xc0bc5310, &(0x7f0000000000)={0x80, 0x0, 'client1\x00', 0x0, "db4d69353cfe0bea", "4fac36b40b7b5604618a899daca7f196ebb2561c301768276b23d225dd12e98a"})

09:41:13 executing program 4:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
setrlimit(0x7, &(0x7f0000000000))
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r0 = socket(0x0, 0x804, 0x6)
ioctl$sock_bt(r0, 0xdd1f, &(0x7f0000000040)="7af43362eb9fe6a74a71d82df4a4912344310d0c00b0671e7ab0ee1a940e0ab9db8dbec9de7eba90710787aecd6c8b7da84e1e316708a9ac994e0d7e71996a2995e0ebd2a8ad2ec5588250a4f23d95c73f806927f8a193a48e7a82577851d136c1dd3813d04eae50985780113c72cc68d9f134156cad29581842d0678e5549")

09:41:13 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:41:13 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f00000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:41:13 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0xb000000}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:13 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:41:13 executing program 7 (fault-call:0 fault-nth:3):
sync()

09:41:13 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
socket(0x2, 0x80003, 0x5)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r1, &(0x7f0000000240), 0x19)
sendmsg$can_bcm(r1, &(0x7f00000003c0)={&(0x7f0000000280), 0x10, &(0x7f0000000380)={&(0x7f0000000300)={0x5, 0x0, 0x0, {}, {0x0, 0x7530}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "388dbba2b150d176"}}, 0x48}}, 0x0)
sendmsg$can_bcm(r1, &(0x7f0000000140)={&(0x7f0000000000), 0x10, &(0x7f0000000040)={&(0x7f00000000c0)={0x7, 0x0, 0x0, {0x0, 0x2710}, {0x77359400}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "c4d981aeb150d176"}}, 0x48}}, 0x0)
bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f0000000080)=0x1, 0x4)
ioctl$sock_bt(r1, 0x8906, &(0x7f0000000080))
recvmmsg(r1, &(0x7f0000000600)=[{{&(0x7f0000000400)=@pppol2tpv3={0x0, 0x0, {0x0, <r2=>0xffffffffffffffff, {0x0, 0x0, @dev}}}, 0x80, &(0x7f00000005c0)}}], 0x1, 0x0, &(0x7f00000006c0))
ioctl$sock_ifreq(r2, 0x89a2, &(0x7f0000000180)={'veth0_to_team\x00', @ifru_flags=0x1000})
ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070")
r3 = socket(0x1e, 0x1, 0x0)
getsockopt(r3, 0x800000010f, 0x20080000000087, &(0x7f00004ad000), &(0x7f0000a3c000)=0x8b)
socket(0xa, 0xb, 0x3)

[  560.801735] binder: 7877:7882 got new transaction with bad transaction stack, transaction 3731 has target 7877:0
[  560.812204] binder: 7877:7882 transaction failed 29201/-71, size 0-0 line 2879
[  560.836709] FAULT_INJECTION: forcing a failure.
[  560.836709] name failslab, interval 1, probability 0, space 0, times 0
[  560.847983] CPU: 0 PID: 7878 Comm: syz-executor7 Not tainted 4.18.0-rc7+ #173
[  560.855264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  560.864622] Call Trace:
[  560.867224]  dump_stack+0x1c9/0x2b4
[  560.870874]  ? dump_stack_print_info.cold.2+0x52/0x52
[  560.876085]  should_fail.cold.4+0xa/0x1a
[  560.878578] binder: BINDER_SET_CONTEXT_MGR already set
[  560.880166]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  560.880193]  ? kasan_kmalloc+0xc4/0xe0
[  560.880207]  ? kasan_slab_alloc+0x12/0x20
09:41:13 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:41:13 executing program 1:
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000019fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
r0 = memfd_create(&(0x7f0000000040)='/dev/sg#\x00', 0x0)
pwritev(r0, &(0x7f0000000000)=[{&(0x7f0000012000)="ca", 0x1}], 0x1, 0x0)
lseek(r0, 0xfffffffffffffffb, 0x3)
close(0xffffffffffffffff)

09:41:13 executing program 4:
sched_setaffinity(0x0, 0xfffffffffffffeec, &(0x7f0000004000))
mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f00006ee000)='/dev/rfkill\x00', 0x0, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e53fe8))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1})
r2 = fcntl$getown(r1, 0x9)
ptrace$setsig(0x4203, r2, 0x1, &(0x7f0000000080)={0x41, 0x9, 0x0, 0xa06})
r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00')
sendmsg$IPVS_CMD_ZERO(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000200)={&(0x7f0000000640)=ANY=[@ANYBLOB="000001005bc148b675b7a236a136582a242a249112309508d0dbd75606ca99927e6af1d92e74e83b0e04968df8d5e9001ae97dd6c3940902b61501baf04962d52b301c090000000000000045fe3f0121ae6f3198915fa812aaccb57575df304f2e732c5a76a671f09bb5fa876e16c406b3a268049daa560c737103a12cdfed40551dacd5ac904bd7d56e8be85097cf58980a4a910aae2317459fc5582cc681f074eae79dd06fba7c536af4e3616ad4df2682245db86e0f3c24d61f06ae4bbbd98f0f6a1c19ee0d538415158641959ab6907139ef709c2d07471d94c7e4a788fa1ff2fe9ef3c7988e10d67c32f4010000000000000000000000000000", @ANYRES16=r3, @ANYBLOB="010029bd7000fbdbdf25100000000800050001ffffff1c00020008000300000000000800060003000000080009000100000008000500001000006c0003001400020073797a5f74756e0000000000000000000800030003000000080007004e20000014000600fe80000000000000000000000000000f08000300010000000800010000000000080005000000000008000300040000000800030002000000080001000100000020000100080001000a00000014000300e00000020000000000000000000000003400020008000b0002000000080005000000000008000700fdffffff08000500400000000800050006000000080002004e220000"], 0x100}, 0x1, 0x0, 0x0, 0x20000080}, 0x4000800)
ioctl$PPPIOCGCHAN(r0, 0x80047437, &(0x7f0000000240))
readv(r0, &(0x7f00001f2ff0)=[{&(0x7f0000001fb2)=""/1, 0x1}], 0x1)
ioctl$RNDADDTOENTCNT(r0, 0x40045201, &(0x7f0000011000))
read(r0, &(0x7f0000000180)=""/20, 0x14)
ioctl$UFFDIO_UNREGISTER(r1, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000})
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f00000000c0)={0xfdd, 0x10001})
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000100)={<r4=>0x0, 0x9, 0x30}, &(0x7f0000000140)=0xc)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000340)={r4, @in6={{0xa, 0x4e23, 0x3, @mcast1, 0x7}}}, &(0x7f0000000400)=0x84)

09:41:13 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0x6000000}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

[  560.880230]  ? lock_acquire+0x1e4/0x540
[  560.880248]  ? find_held_lock+0x36/0x1c0
[  560.886218] binder: release 7877:7895 transaction 3735 out, still active
[  560.890620]  ? graph_lock+0x170/0x170
[  560.890643]  ? lock_downgrade+0x8f0/0x8f0
[  560.890669]  ? __lock_is_held+0xb5/0x140
[  560.890691]  __should_failslab+0x124/0x180
[  560.890708]  should_failslab+0x9/0x14
[  560.890721]  kmem_cache_alloc+0x47/0x760
[  560.890738]  ? rcu_note_context_switch+0x730/0x730
[  560.898081] binder: 7877:7882 ioctl 40046207 0 returned -16
[  560.898756]  ? mempool_free+0x370/0x370
[  560.898776]  mempool_alloc_slab+0x44/0x60
[  560.898791]  mempool_alloc+0x193/0x4b0
[  560.898811]  ? mempool_destroy+0x30/0x30
[  560.905923] binder: release 7877:7882 transaction 3731 out, still active
[  560.906823]  ? find_held_lock+0x36/0x1c0
[  560.906847]  bio_alloc_bioset+0x39c/0x6f0
[  560.906864]  ? bvec_alloc+0x2d0/0x2d0
[  560.913763] binder: undelivered TRANSACTION_ERROR: 29201
[  560.917472]  ? check_same_owner+0x340/0x340
[  560.917485]  ? rcu_is_watching+0x8c/0x150
[  560.917505]  submit_bh_wbc+0x14b/0x790
09:41:13 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

[  561.000937]  __block_write_full_page+0x836/0xf10
[  561.005704]  ? check_disk_change+0x140/0x140
[  561.010117]  ? __getblk_gfp+0xb10/0xb10
[  561.014099]  ? submit_bh_wbc+0x790/0x790
[  561.018171]  ? __lock_is_held+0xb5/0x140
[  561.018831] binder: send failed reply for transaction 3731, target dead
[  561.022246]  block_write_full_page+0x1ff/0x250
[  561.022264]  ? check_disk_change+0x140/0x140
[  561.022283]  blkdev_writepage+0x24/0x30
[  561.022300]  __writepage+0x69/0xe0
[  561.022319]  write_cache_pages+0x92f/0x16b0
09:41:13 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0x3a00}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

[  561.022341]  ? tag_pages_for_writeback+0x4a0/0x4a0
[  561.022365]  ? clear_page_dirty_for_io+0x1240/0x1240
[  561.022382]  ? trace_hardirqs_on+0x10/0x10
[  561.029147] binder: send failed reply for transaction 3735, target dead
[  561.033688]  ? lock_acquire+0x1e4/0x540
[  561.033701]  ? iterate_bdevs+0xce/0x291
[  561.033719]  ? lock_release+0xa30/0xa30
[  561.033736]  ? check_same_owner+0x340/0x340
[  561.087054]  ? rcu_note_context_switch+0x730/0x730
[  561.091994]  ? graph_lock+0x170/0x170
[  561.095807]  ? kasan_check_write+0x14/0x20
09:41:13 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf4010000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:41:13 executing program 6:
r0 = syz_open_dev$sndtimer(&(0x7f0000000000)='/dev/snd/timer\x00', 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000040)={{0x1}})
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f00000001c0)={0x0, 0x81, 0x6})
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x200080, 0x0)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f0000000240)={0xc65ce84ae7ec1250, 0x6, 0x3, 0x0, 0x7})
getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(0xffffffffffffff9c, 0x84, 0x73, &(0x7f00000000c0)={<r2=>0x0, 0xfff, 0x0, 0x8, 0x5}, &(0x7f0000000100)=0x18)
setsockopt$inet_sctp_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000140)=ANY=[@ANYRES32=r2, @ANYBLOB="ca78f80408006508b500"], 0xe)

[  561.100053]  ? __mutex_lock+0x7e8/0x1820
[  561.104120]  ? iterate_bdevs+0xce/0x291
[  561.108107]  ? blk_start_plug+0xcc/0x370
[  561.112184]  ? find_held_lock+0x36/0x1c0
[  561.116254]  ? blk_lld_busy+0x70/0x70
[  561.120071]  ? lock_downgrade+0x8f0/0x8f0
[  561.124241]  ? kasan_check_read+0x11/0x20
[  561.128413]  generic_writepages+0xda/0x150
[  561.132654]  ? write_cache_pages+0x16b0/0x16b0
[  561.137249]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  561.139137] binder: 7913:7914 got new transaction with bad transaction stack, transaction 3739 has target 7913:0
[  561.142820]  blkdev_writepages+0x1d/0x30
[  561.142837]  ? blkdev_readpages+0x40/0x40
[  561.142853]  do_writepages+0x9a/0x1a0
[  561.142877]  __filemap_fdatawrite_range+0x364/0x4a0
[  561.142896]  ? delete_from_page_cache_batch+0xf90/0xf90
[  561.142918]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  561.142938]  filemap_fdatawrite+0x26/0x30
[  561.153287] binder: 7913:7914 transaction failed 29201/-71, size 0-0 line 2879
[  561.157288]  fdatawrite_one_bdev+0x50/0x70
[  561.157302]  iterate_bdevs+0x11e/0x291
[  561.157316]  ? fdatawait_one_bdev+0x70/0x70
[  561.157331]  ksys_sync+0x11a/0x1e0
[  561.207500]  ? sync_filesystem+0x330/0x330
[  561.211722]  ? __ia32_sys_read+0xb0/0xb0
[  561.215769]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  561.221295]  ? ksys_ioctl+0x81/0xd0
[  561.224909]  ? do_syscall_64+0x9a/0x820
[  561.228869]  __ia32_sys_sync+0xe/0x20
[  561.232659]  do_syscall_64+0x1b9/0x820
[  561.236546]  ? finish_task_switch+0x1d3/0x870
[  561.241034]  ? syscall_return_slowpath+0x5e0/0x5e0
[  561.245950]  ? syscall_return_slowpath+0x31d/0x5e0
[  561.250869]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[  561.256224]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  561.261060]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  561.266270] RIP: 0033:0x456a09
[  561.269443] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  561.288673] RSP: 002b:00007f77e0201c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[  561.296367] RAX: ffffffffffffffda RBX: 00007f77e02026d4 RCX: 0000000000456a09
09:41:14 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0x4000000000000000}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

[  561.303621] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  561.310875] RBP: 00000000009300a0 R08: 0000000000000000 R09: 0000000000000000
[  561.318131] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000013
[  561.325403] R13: 00000000004d5320 R14: 00000000004c73e1 R15: 0000000000000003
09:41:14 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:41:14 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
r1 = syz_open_dev$admmidi(&(0x7f0000000040)='/dev/admmidi#\x00', 0x1000, 0x80080)
ioctl$SCSI_IOCTL_START_UNIT(r1, 0x5)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000003fe8))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r3, 0x84, 0x8, &(0x7f0000013e95), 0x4)
setsockopt$IP_VS_SO_SET_TIMEOUT(r3, 0x0, 0x16, &(0x7f0000000000), 0xc)
close(r3)
close(r2)

09:41:14 executing program 6:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r0, &(0x7f0000000140), 0x3c, 0x20000802, &(0x7f0000000040)={0x2, 0x4e23}, 0x10)
r1 = getgid()
getgroups(0x1, &(0x7f0000000000)=[r1])
shutdown(r0, 0x1)
shutdown(r0, 0x0)

09:41:14 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd00]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:41:14 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0x3f00000000000000}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:14 executing program 7 (fault-call:0 fault-nth:4):
sync()

[  561.408243] binder_alloc: binder_alloc_mmap_handler: 7913 20001000-20004000 already mapped failed -16
[  561.433844] binder: BINDER_SET_CONTEXT_MGR already set
[  561.439394] binder: 7913:7914 ioctl 40046207 0 returned -16
[  561.483235] binder_alloc: 7913: binder_alloc_buf, no vma
[  561.488795] binder: 7913:7937 transaction failed 29189/-3, size 24-8 line 2967
[  561.526754] FAULT_INJECTION: forcing a failure.
[  561.526754] name failslab, interval 1, probability 0, space 0, times 0
[  561.538107] CPU: 0 PID: 7946 Comm: syz-executor7 Not tainted 4.18.0-rc7+ #173
[  561.545392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  561.554746] Call Trace:
[  561.555627] binder: release 7913:7914 transaction 3739 out, still active
[  561.557340]  dump_stack+0x1c9/0x2b4
[  561.557364]  ? dump_stack_print_info.cold.2+0x52/0x52
[  561.557391]  should_fail.cold.4+0xa/0x1a
[  561.557411]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  561.557429]  ? kasan_kmalloc+0xc4/0xe0
[  561.557444]  ? kasan_slab_alloc+0x12/0x20
[  561.564325] binder: undelivered TRANSACTION_ERROR: 29201
[  561.567906]  ? lock_acquire+0x1e4/0x540
[  561.567927]  ? find_held_lock+0x36/0x1c0
[  561.567945]  ? graph_lock+0x170/0x170
[  561.594860] binder: send failed reply for transaction 3739, target dead
[  561.595726]  ? lock_downgrade+0x8f0/0x8f0
[  561.595753]  ? __lock_is_held+0xb5/0x140
[  561.595777]  __should_failslab+0x124/0x180
[  561.595796]  should_failslab+0x9/0x14
[  561.595812]  kmem_cache_alloc+0x47/0x760
[  561.634528]  ? rcu_note_context_switch+0x730/0x730
[  561.639448]  ? mempool_free+0x370/0x370
[  561.643409]  mempool_alloc_slab+0x44/0x60
[  561.647546]  mempool_alloc+0x193/0x4b0
[  561.651426]  ? mempool_destroy+0x30/0x30
[  561.655478]  ? find_held_lock+0x36/0x1c0
[  561.659531]  bio_alloc_bioset+0x39c/0x6f0
[  561.663667]  ? bvec_alloc+0x2d0/0x2d0
[  561.667454]  ? check_same_owner+0x340/0x340
[  561.671760]  ? rcu_is_watching+0x8c/0x150
[  561.675899]  submit_bh_wbc+0x14b/0x790
[  561.679777]  __block_write_full_page+0x836/0xf10
[  561.684519]  ? check_disk_change+0x140/0x140
[  561.688912]  ? __getblk_gfp+0xb10/0xb10
[  561.692878]  ? submit_bh_wbc+0x790/0x790
[  561.696924]  ? __lock_is_held+0xb5/0x140
[  561.700980]  block_write_full_page+0x1ff/0x250
[  561.705549]  ? check_disk_change+0x140/0x140
[  561.709945]  blkdev_writepage+0x24/0x30
[  561.713908]  __writepage+0x69/0xe0
[  561.717436]  write_cache_pages+0x92f/0x16b0
[  561.721746]  ? tag_pages_for_writeback+0x4a0/0x4a0
[  561.726682]  ? clear_page_dirty_for_io+0x1240/0x1240
[  561.731769]  ? trace_hardirqs_on+0x10/0x10
[  561.735991]  ? lock_acquire+0x1e4/0x540
[  561.739954]  ? iterate_bdevs+0xce/0x291
[  561.743915]  ? lock_release+0xa30/0xa30
[  561.747886]  ? check_same_owner+0x340/0x340
[  561.752196]  ? rcu_note_context_switch+0x730/0x730
[  561.757119]  ? graph_lock+0x170/0x170
[  561.760909]  ? kasan_check_write+0x14/0x20
[  561.765132]  ? __mutex_lock+0x7e8/0x1820
[  561.769179]  ? iterate_bdevs+0xce/0x291
[  561.773144]  ? blk_start_plug+0xcc/0x370
[  561.777189]  ? find_held_lock+0x36/0x1c0
[  561.781236]  ? blk_lld_busy+0x70/0x70
[  561.785033]  ? lock_downgrade+0x8f0/0x8f0
[  561.789173]  ? kasan_check_read+0x11/0x20
[  561.793321]  generic_writepages+0xda/0x150
[  561.797541]  ? write_cache_pages+0x16b0/0x16b0
[  561.802117]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  561.807642]  blkdev_writepages+0x1d/0x30
[  561.811690]  ? blkdev_readpages+0x40/0x40
[  561.815824]  do_writepages+0x9a/0x1a0
[  561.819619]  __filemap_fdatawrite_range+0x364/0x4a0
[  561.824622]  ? delete_from_page_cache_batch+0xf90/0xf90
[  561.829976]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  561.834547]  filemap_fdatawrite+0x26/0x30
[  561.838693]  fdatawrite_one_bdev+0x50/0x70
[  561.842911]  iterate_bdevs+0x11e/0x291
[  561.846783]  ? fdatawait_one_bdev+0x70/0x70
[  561.851090]  ksys_sync+0x11a/0x1e0
[  561.854622]  ? sync_filesystem+0x330/0x330
[  561.858841]  ? __ia32_sys_read+0xb0/0xb0
[  561.862902]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  561.868449]  ? ksys_ioctl+0x81/0xd0
[  561.872071]  ? do_syscall_64+0x9a/0x820
[  561.876038]  __ia32_sys_sync+0xe/0x20
[  561.879823]  do_syscall_64+0x1b9/0x820
[  561.883694]  ? finish_task_switch+0x1d3/0x870
[  561.888176]  ? syscall_return_slowpath+0x5e0/0x5e0
[  561.893090]  ? syscall_return_slowpath+0x31d/0x5e0
[  561.898019]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[  561.903379]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  561.908212]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  561.913389] RIP: 0033:0x456a09
[  561.916557] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  561.935791] RSP: 002b:00007f77e0201c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[  561.943485] RAX: ffffffffffffffda RBX: 00007f77e02026d4 RCX: 0000000000456a09
[  561.950740] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  561.957996] RBP: 00000000009300a0 R08: 0000000000000000 R09: 0000000000000000
[  561.965255] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000013
09:41:14 executing program 6:
r0 = add_key$keyring(&(0x7f0000000300)='keyring\x00', &(0x7f0000000280), 0x0, 0x0, 0xfffffffffffffffd)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000100)=@assoc_value, &(0x7f00000001c0)=0x8)
r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x2, 0x0)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000000340)=ANY=[@ANYRES32=<r3=>0x0, @ANYBLOB="d700005500fe6553ac1784fedb853a118c09057598d5d652424d4a65268758708d4367649762f45fe2a14277e3e2ee0a7d7896b13abe797992c5a75ec0f4104dd45ac94f8dabd1bb3da8b161c92199a51f329078abe1e718702f4d0a744402b62fcd61e54e420058cff843f32a3e02aa74272c4d3892de7d5e1d4d220725b256ef7a90505ab4a8798e51cc6e07367f9e58b485464dd0e960c69b6d279de3ce88097528721acb418e16ac13266be4ed4da3e60daaaced5022b2b47dde4f69753192e67f96d06fb87be3f5fb86f4cd58c7bb70edeca66fd464643e546dfc54bac6b30d4ea25189250d07f98db39065c33169c8c3f2b63aa9b75c883bff546ef42fc70f80dca900f9286226abaab16e99b91736a51358dc3fc77bc2b6ed95e7a196756215720dd438adcce4f4027df44b65848349c5d5470ce2719f194e4d195442e875396dc507257386d2321dfd1baf66f9550a1a34de10ad5add17def8b94fcfd3259c0d2bb81ef4e271563c8b2c6045c4dbb7f53f9e907d63e432d91eb3aadd867b30bfa834dd89d80f78169f7d8d68a0915244d864db1c6b68"], &(0x7f0000000140)=0xdf)
add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000200)={0x73, 0x79, 0x7a, 0x0}, &(0x7f0000000240), 0x0, r0)
setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, &(0x7f0000000180)={r3, 0x5}, 0x8)
keyctl$unlink(0x9, 0x0, r0)

09:41:14 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1100]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  561.972520] R13: 00000000004d5320 R14: 00000000004c73e1 R15: 0000000000000004
09:41:14 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x68, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

[  562.079646] binder: 7960:7965 got new transaction with bad transaction stack, transaction 3745 has target 7960:0
[  562.090197] binder: 7960:7965 transaction failed 29201/-71, size 0-0 line 2879
[  562.108268] binder_alloc: binder_alloc_mmap_handler: 7960 20001000-20004000 already mapped failed -16
[  562.130081] binder: BINDER_SET_CONTEXT_MGR already set
[  562.135496] binder_alloc: 7960: binder_alloc_buf, no vma
[  562.141558] binder: 7960:7968 transaction failed 29189/-3, size 24-8 line 2967
[  562.149515] binder: 7960:7965 ioctl 40046207 0 returned -16
[  562.156976] binder: send failed reply for transaction 3745 to 7960:7965
[  562.165256] binder: undelivered TRANSACTION_ERROR: 29201
[  562.170838] binder: undelivered TRANSACTION_ERROR: 29189
09:41:16 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x100008912, &(0x7f0000000100)="025cc80700145f8f764070")
r1 = socket(0x40000000015, 0x5, 0x20000000)
setsockopt$SO_RDS_TRANSPORT(r1, 0x114, 0x8, &(0x7f00000007c0)=0x2, 0x4)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00006dbffc), 0x4)
bind$inet(r1, &(0x7f0000000840)={0x2, 0x4e20, @loopback}, 0x10)
sendto$inet(r1, &(0x7f0000000000)="ba671368d1010000004900000001000000018be49e9301442865319997d0efdb2f54b6a10c7327757482bfce945c2a91fb8dfafc1d3f56bc543ab87321e12cca08a744a2d128b00634bc882151d36809229a96bc3437ef159489384ade077ba295eac2882dbfd3781dd4d4e609c42628dbb709b3eb1fa030009045dd98b9e6d77b6cec9ceb685595d43995e0f04c32260943add79831e661c6a351dedc8b9d220fbf9fb6e44fb6a629ce9a82025124fec9f3ee751f7da0cd7e799be88ddbdac20b48e890ff81d7fa28c2d017d7932f2569038740461accd4582f576e4fdb6150a3399f8266bc19eb943648ad1ad81420ed6c382436e474390c8995e829e4f9df43eed85a60b9ee254e31eb62900857fa134e76cc64880334adbff069a2e5e647d2ed36a96b23834b6f6ca6b8113baf4cf30347fbb7ffc30aea99872cc0dba03b07d3347b2d257edbe2733c26b7337a79962d8ce85469e3bcbe0e4a48a6ae69d13f2d4b5155b390ef67aa714b82b6313ee277cb8986eca5db2e97cb1ae2243bba80274f614ece521baef443394b4c161cb9ae926e21892578b49cfd6efe1cb1572148c10d92218ed73ec116a18de80ac42d2726a4523a764fc6dc356c5fbbf9d2c947ae3bc9a3dc76099f3257c8d5952876151b0326d8cb1d5683ee4ad5ded9a34c00ac1b03f34627ec18a7c2e92c87b7896549cfab5eb55fa85a970994bd4b22b5f0d045e241256d06f485a47b4a55ed389bc1734541232cd41908b5cfa4b8fcfcafce500a0c7ae99767713a98e7927aa69f6ccd7daea62f19ceb82559f41899c9a9aee99113e7e64b5f8b9824be9fdbfa4dd4995673d882bb4daeb64413b334e114965d2ba3cea8051e692508701b9400cb12eae457f8b8549944091b729160939918d8fcae611a5ded665f770db637487a236da1a58ba7566668651a77171fc4fe506496d19059343dbe4f426625d3f2b705f54581372361770bf5a9098a9fafefaf546426b294239ac33e3186e4d58ad2fa995a6ad4dc074e7cca11aead109563b2076c7c6e9f57ec63df960804e2e7f9d8444de9550cca3df7834d864e9777291c2e1f6205de2e43dc995ab8bb1515a365efc2830fa3e7a1dd137f550d6035212bc1f51c3b4ceea430df49ffc9210084ef156ad7e0d219efd6c116693735b44521d389969a3a65617cd2fd6e14060601cee4cd054cf36fe048b57d1d9ee3cad2a73552449926b4a6b03fbe9c0ec68357e1fbe52ed77b67f5870c0aefb7ee8236747e0d67a26725fb515544cbbe8464da94cfd8c0b94bb4e51a263b1749bd0a7cf651931f806d1b928d1f9994f1ad4d50e6a5cd7a8e4e687f8564fdacc864013d095ba9d5709eced3c28eabda476d177a7836400a01e02beeb5a6636d4064fdda344967ad8682d14b87c71727cb66be27d1d39191f4223c545b62fb4860262ba8076a65dbc194cee1df846c584b7bbe9dce6e6895b2cbbb64b03b55548b845cc3de2f939ef918421af9a5e9157e837651245299c03992d0ddee06bd22a31522aca0f309b1feccebc0b1c0ed9d21c19bfd15cd313ff64394fd6a10904890c9f6d646b026f27253e8f584c3ffd20ad67e8b62ed7676706d40bc5c80e376980b81", 0x481, 0x0, &(0x7f000069affb)={0x2, 0x4e20, @loopback}, 0x10)
setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f0000000500), 0x4)

09:41:16 executing program 1:
r0 = socket(0x1e, 0x1, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmsg(r0, &(0x7f00003bbfc8)={&(0x7f0000fdbf80)=@generic={0x10000000001e, "02ff0100000001000000000000000ae77f5bf86c48020002000000f1ffffff009a480075e6a50000de010300000000e4ff064b3f013a000000080000008f00000000ac50d5fe32c4000000007fffffff6a008356edb9a6341c1fd45624281e00070ecddd0206c39750c40000fd00000900000000000b0000db000004da36"}, 0x2ef, &(0x7f0000d1b000), 0x0, &(0x7f000012e000)}, 0x0)
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7ffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(r0, &(0x7f00000000c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000280)}}, 0x200000d8)
r1 = syz_open_dev$admmidi(&(0x7f0000000040)='/dev/admmidi#\x00', 0x7fffffff, 0x8000)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r1, 0xc04c5349, &(0x7f0000000100)={0x6, 0x7, 0x2406})

09:41:16 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0x80ffffff}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:16 executing program 6:
r0 = timerfd_create(0x0, 0x0)
timerfd_settime(r0, 0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000100))
read(r0, &(0x7f0000a16000)=""/71, 0x47)

09:41:16 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:41:16 executing program 7 (fault-call:0 fault-nth:5):
sync()

09:41:16 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:41:16 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

[  564.037528] FAULT_INJECTION: forcing a failure.
[  564.037528] name failslab, interval 1, probability 0, space 0, times 0
[  564.048978] CPU: 0 PID: 7985 Comm: syz-executor7 Not tainted 4.18.0-rc7+ #173
[  564.056275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  564.060062] binder: 7981:7989 got new transaction with bad transaction stack, transaction 3751 has target 7981:0
[  564.065629] Call Trace:
[  564.065656]  dump_stack+0x1c9/0x2b4
[  564.065679]  ? dump_stack_print_info.cold.2+0x52/0x52
[  564.065697]  ? perf_trace_lock_acquire+0xeb/0x9a0
[  564.065722]  should_fail.cold.4+0xa/0x1a
[  564.065743]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  564.076086] binder: 7981:7989 transaction failed 29201/-71, size 0-0 line 2879
[  564.078634]  ? kasan_kmalloc+0xc4/0xe0
[  564.078669]  ? lock_acquire+0x1e4/0x540
[  564.116715]  ? find_held_lock+0x36/0x1c0
[  564.120845]  ? graph_lock+0x170/0x170
[  564.124701]  ? lock_downgrade+0x8f0/0x8f0
[  564.128899]  ? __lock_is_held+0xb5/0x140
[  564.133020]  __should_failslab+0x124/0x180
[  564.137280]  should_failslab+0x9/0x14
[  564.141104]  kmem_cache_alloc+0x47/0x760
[  564.145179]  ? rcu_note_context_switch+0x730/0x730
[  564.150123]  ? mempool_free+0x370/0x370
[  564.154113]  mempool_alloc_slab+0x44/0x60
[  564.158272]  mempool_alloc+0x193/0x4b0
[  564.162173]  ? mempool_destroy+0x30/0x30
[  564.163782] binder_alloc: binder_alloc_mmap_handler: 7981 20001000-20004000 already mapped failed -16
[  564.166250]  ? find_held_lock+0x36/0x1c0
[  564.166279]  bio_alloc_bioset+0x39c/0x6f0
[  564.166300]  ? bvec_alloc+0x2d0/0x2d0
[  564.166316]  ? check_same_owner+0x340/0x340
[  564.166332]  ? rcu_is_watching+0x8c/0x150
[  564.190171] binder: BINDER_SET_CONTEXT_MGR already set
[  564.191973]  submit_bh_wbc+0x14b/0x790
[  564.191995]  __block_write_full_page+0x836/0xf10
[  564.198665] binder: 7981:7989 ioctl 40046207 0 returned -16
[  564.201401]  ? check_disk_change+0x140/0x140
[  564.201418]  ? __getblk_gfp+0xb10/0xb10
[  564.201441]  ? submit_bh_wbc+0x790/0x790
[  564.201458]  ? __lock_is_held+0xb5/0x140
[  564.201488]  block_write_full_page+0x1ff/0x250
[  564.216282] binder_alloc: 7981: binder_alloc_buf, no vma
[  564.220198]  ? check_disk_change+0x140/0x140
[  564.220220]  blkdev_writepage+0x24/0x30
[  564.220239]  __writepage+0x69/0xe0
[  564.220260]  write_cache_pages+0x92f/0x16b0
[  564.220280]  ? zap_class+0x740/0x740
[  564.224279] binder: 7981:7996 transaction failed 29189/-3, size 24-8 line 2967
[  564.228286]  ? tag_pages_for_writeback+0x4a0/0x4a0
[  564.228312]  ? clear_page_dirty_for_io+0x1240/0x1240
[  564.228332]  ? trace_hardirqs_on+0x10/0x10
[  564.237707] binder: send failed reply for transaction 3751 to 7981:7989
[  564.242399]  ? zap_class+0x740/0x740
[  564.242416]  ? perf_trace_lock+0xde/0x920
[  564.242434]  ? rcu_note_context_switch+0x730/0x730
[  564.242456]  ? graph_lock+0x170/0x170
[  564.242478]  ? perf_trace_lock+0x920/0x920
[  564.311695]  ? iterate_bdevs+0xce/0x291
[  564.315664]  ? blk_start_plug+0xcc/0x370
[  564.319712]  ? find_held_lock+0x36/0x1c0
[  564.323761]  ? blk_lld_busy+0x70/0x70
[  564.327559]  ? lock_downgrade+0x8f0/0x8f0
[  564.331704]  ? kasan_check_read+0x11/0x20
[  564.335844]  generic_writepages+0xda/0x150
[  564.340068]  ? write_cache_pages+0x16b0/0x16b0
[  564.344643]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  564.350175]  blkdev_writepages+0x1d/0x30
[  564.354224]  ? blkdev_readpages+0x40/0x40
[  564.358360]  do_writepages+0x9a/0x1a0
[  564.362152]  __filemap_fdatawrite_range+0x364/0x4a0
[  564.367159]  ? delete_from_page_cache_batch+0xf90/0xf90
[  564.372517]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  564.377093]  filemap_fdatawrite+0x26/0x30
[  564.381229]  fdatawrite_one_bdev+0x50/0x70
[  564.385450]  iterate_bdevs+0x11e/0x291
[  564.389325]  ? fdatawait_one_bdev+0x70/0x70
[  564.393633]  ksys_sync+0x11a/0x1e0
[  564.397162]  ? sync_filesystem+0x330/0x330
[  564.401383]  ? __ia32_sys_read+0xb0/0xb0
[  564.405436]  ? syscall_slow_exit_work+0x500/0x500
[  564.410263]  ? ksys_ioctl+0x81/0xd0
[  564.413880]  ? do_syscall_64+0x9a/0x820
[  564.417849]  __ia32_sys_sync+0xe/0x20
[  564.421637]  do_syscall_64+0x1b9/0x820
[  564.425514]  ? finish_task_switch+0x1d3/0x870
[  564.429999]  ? syscall_return_slowpath+0x5e0/0x5e0
[  564.434923]  ? syscall_return_slowpath+0x31d/0x5e0
[  564.439845]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[  564.445199]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  564.450041]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  564.455215] RIP: 0033:0x456a09
[  564.458387] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  564.477671] RSP: 002b:00007f77e0201c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
09:41:17 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:41:17 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0x700}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

[  564.485367] RAX: ffffffffffffffda RBX: 00007f77e02026d4 RCX: 0000000000456a09
[  564.492621] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  564.499874] RBP: 00000000009300a0 R08: 0000000000000000 R09: 0000000000000000
[  564.507132] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000013
[  564.514391] R13: 00000000004d5320 R14: 00000000004c73e1 R15: 0000000000000005
09:41:17 executing program 4:
r0 = getpid()
r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000140)='/dev/full\x00', 0x400, 0x0)
getsockopt$inet_tcp_int(r1, 0x6, 0x17, &(0x7f0000000180), &(0x7f00000001c0)=0x4)
sched_setaffinity(r0, 0x8, &(0x7f00000000c0)=0x2)
clone(0x200, &(0x7f0000000440), &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000500))
mknod(&(0x7f0000000100)='./file0\x00', 0x1040, 0x0)
execve(&(0x7f0000000a40)='./file0\x00', &(0x7f0000000d00), &(0x7f0000000200))
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='stack\x00')
pread64(r2, &(0x7f00009f3000), 0x352, 0x0)
kcmp$KCMP_EPOLL_TFD(r0, r0, 0x7, 0xffffffffffffffff, &(0x7f0000000080))
open$dir(&(0x7f0000000780)='./file0\x00', 0x27a, 0x0)

09:41:17 executing program 1:
mmap(&(0x7f000000c000/0x3000)=nil, 0x3000, 0x3, 0x31, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000048000/0x1000)=nil, 0x1000, 0x6, 0x31, 0xffffffffffffffff, 0x0)
futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, &(0x7f000043bff0), &(0x7f0000048000), 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$VT_OPENQRY(r0, 0x5600, &(0x7f0000000040))

09:41:17 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3e8]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:41:17 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0xc70b, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:41:17 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)="6d717565756501", 0x0, &(0x7f0000000580))

09:41:17 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0xffffff80}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:17 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe00000000000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  564.699485] binder: 8011:8014 got new transaction with bad transaction stack, transaction 3757 has target 8011:0
[  564.710019] binder: 8011:8014 transaction failed 29201/-71, size 0-0 line 2879
09:41:17 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070")
futex(&(0x7f000000cffc), 0x0, 0x0, &(0x7f0000edfff0)={0x77359400, 0x4}, &(0x7f0000048000)=0x10000000, 0x0)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
r1 = socket$inet(0x2, 0x3, 0x21)
sendto$inet(r1, &(0x7f0000000000), 0x0, 0x8000, &(0x7f00005b5ff0), 0x10)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000600)='/dev/nullb0\x00', 0x6000, 0x0)
sendto$inet(r1, &(0x7f00000004c0)="ca25854614833e380165aeb3b5993f5d9bbdec256fb547c51a0e01a80f42e505a439cbbe110576e815348642abae4e7cd3d80ac17e7a01bd2a3e0dc4fd01f07b619cf8278383e1e87218ae371ad19f9f", 0x50, 0x0, &(0x7f0000000080), 0x10)

09:41:17 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0x600000000000000}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

[  564.763529] binder_alloc: binder_alloc_mmap_handler: 8011 20001000-20004000 already mapped failed -16
[  564.789103] binder: BINDER_SET_CONTEXT_MGR already set
[  564.811156] binder: 8011:8014 ioctl 40046207 0 returned -16
[  564.812730] binder_alloc: 8011: binder_alloc_buf, no vma
[  564.822508] binder: 8011:8035 transaction failed 29189/-3, size 24-8 line 2967
09:41:17 executing program 6:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
futex(&(0x7f0000000040)=0x1, 0x400000088, 0x0, &(0x7f00000002c0), &(0x7f0000000100), 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'lo\x00', {0x2, 0x0, @rand_addr=0x40000000}})
r2 = socket(0x400000000010, 0x3, 0x0)
getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r2, 0x84, 0x66, &(0x7f0000000080)={<r3=>0x0, 0x9cd}, &(0x7f00000000c0)=0x8)
prctl$intptr(0x17, 0x6)
getsockopt$inet_sctp_SCTP_CONTEXT(r2, 0x84, 0x11, &(0x7f0000000140)={r3, 0x5}, &(0x7f0000000200)=0x8)
write(r2, &(0x7f0000000000)="2400000021002551071c0165ff00fc020200000000100f000ee1000c08000b0000000000", 0x24)
connect$rds(r0, &(0x7f0000000240)={0x2, 0x4e22, @rand_addr=0x4}, 0x10)

09:41:17 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe803]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  564.887770] dccp_invalid_packet: P.CsCov 3 exceeds packet length 80
09:41:17 executing program 7:
sync()

09:41:17 executing program 4:
r0 = perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x80011, r0, 0x0)
r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7ffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = shmget$private(0x0, 0x1000, 0x200, &(0x7f0000001000/0x1000)=nil)
shmctl$IPC_STAT(r2, 0x2, &(0x7f00000000c0)=""/115)
io_setup(0x7b42, &(0x7f0000000040)=<r3=>0x0)
r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000280)='/dev/zero\x00', 0xc0002, 0x0)
io_cancel(r3, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x8, 0x1f, r1, &(0x7f0000000140)="2a94f137dc28bffe479d4e91983bb6e3e5b7c949bfd41f65013ce0139eb257d3ea860edbf3a4cf2d837b980058509d72897490f91e101e51e63e571f4e847871ea6a717a32b29e0eaef798785067de937ec8775614e787e4e9aff1c8850b66b5dfbe26d5a5932c0a7b4ffef8c1b36110f18bbb056e29193853ea8a5dc73cfa5d452b6b0fa7d1da94fa6d9f8130b7a6a86eec648e58e3ee60eca82ad4c0", 0x9d, 0x2, 0x0, 0x1, r4}, &(0x7f0000000300))
futex(&(0x7f0000001ac0), 0x3, 0x0, &(0x7f0000000080), &(0x7f0000001c40), 0x0)

09:41:17 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:41:17 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0x300000000000000}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:17 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)="6d717565756503", 0x0, &(0x7f0000000580))

09:41:17 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  564.985493] binder: release 8011:8014 transaction 3757 out, still active
[  564.992507] binder: undelivered TRANSACTION_ERROR: 29201
09:41:17 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0x8000000}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:17 executing program 7:
r0 = socket$inet6(0xa, 0x80a, 0x1c000000000)
sync()
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='oom_score\x00')
lseek(r0, 0x0, 0x7)
write$eventfd(r1, &(0x7f0000000040)=0x3, 0x8)

[  565.080627] binder: send failed reply for transaction 3757, target dead
[  565.104652] binder: 8059:8074 got new transaction with bad transaction stack, transaction 3763 has target 8059:0
[  565.115128] binder: 8059:8074 transaction failed 29201/-71, size 0-0 line 2879
09:41:17 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0x58}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

[  565.135651] binder: undelivered TRANSACTION_ERROR: 29201
[  565.141246] binder: undelivered TRANSACTION_ERROR: 29189
09:41:17 executing program 4:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}, 0x1c)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000100), 0x0, 0x0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c)
ioctl(0xffffffffffffffff, 0x4000008912, &(0x7f0000000000)="295ee1311f16")
bind$inet6(0xffffffffffffffff, &(0x7f0000c67000)={0xa, 0x4e20}, 0x1c)
msgctl$IPC_INFO(0x0, 0x3, &(0x7f0000000280)=""/135)
r0 = msgget$private(0x0, 0x0)
msgctl$IPC_RMID(r0, 0x0)
mount(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='./file0//ile0\x00', &(0x7f0000000100)='9p\x00', 0x0, 0x0)
gettid()
lstat(&(0x7f00000005c0)='./file0\x00', &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, <r1=>0x0})
setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000380)={{{@in6=@remote, @in=@remote, 0x4e20, 0x7, 0x4e23, 0x7, 0x2, 0x80, 0x20, 0x3f, 0x0, r1}, {0x2, 0x3, 0x5, 0x28c, 0x2, 0x81, 0x9, 0x9}, {0x94, 0x1, 0x0, 0xffffffffffffffff}, 0x0, 0x6e6bbf, 0x0, 0x1, 0x1, 0x3}, {{@in6=@mcast2, 0x4d3}, 0x0, @in6=@ipv4={[], [], @multicast2}, 0x0, 0x0, 0x0, 0x7, 0x7, 0x0, 0xdf0}}, 0xe8)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000740)={{{@in=@local, @in6=@mcast2}}, {{@in=@multicast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000840)=0xe8)
truncate(&(0x7f0000000040)='./file0\x00', 0x2)
fcntl$getown(0xffffffffffffffff, 0x9)
stat(&(0x7f0000000a00)='./file0//ile0\x00', &(0x7f0000000a40))
mkdir(&(0x7f0000000200)='./file0\x00', 0x400000000)
mount(&(0x7f0000000640)='./file0//ile0\x00', &(0x7f0000000280)='./file0\x00', &(0x7f0000000340)='cgroup2\x00', 0x0, 0x0)
mkdir(&(0x7f0000000680)='./file0//ile0\x00', 0x0)

09:41:17 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0x8dffffff}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:17 executing program 7:
sync()
r0 = dup(0xffffffffffffffff)
setsockopt$inet_opts(r0, 0x0, 0x9, &(0x7f0000000140)="bf8f2a02c4647e35c72185e133f91c015cbfe607e454bdf04d117efaa98ed5f44d148ffbed38a22749c50944e1360040caa5aee90d549217d77330b75e4acb7600d010a5", 0x44)
r1 = accept4(0xffffffffffffffff, &(0x7f0000000000)=@xdp, &(0x7f0000000080)=0x80, 0x80800)
getsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r1, 0x84, 0x7, &(0x7f00000000c0), &(0x7f0000000100)=0x4)
write$binfmt_script(r0, &(0x7f00000001c0)={'#! ', './file0', [{0x20, 'keyring'}, {0x20, '+cgroupeth1/.6['}], 0xa, "97e14a92af985c691784adcaed0f1f7f306780559def3d85cf8630d47ff37292537b5c979b83ac06575be9030fe42cc524fbe40eb2b233db4de7f9cb30e8ba1e94780829897841d5388fe2893943f185b09beac45887e2ae5b678e80a227d2317e5b531a86ec94eabe593f60963788426c59c2c4b9441b27ffb244495dec8cf2a0d658ccff4beb43294e83630ef9983d497ab49c3bd6e2"}, 0xba)
tee(r1, r1, 0x400, 0x8)

[  565.263461] 9pnet_virtio: no channels available for device ./file0
[  565.432463] binder_alloc: binder_alloc_mmap_handler: 8059 20001000-20004000 already mapped failed -16
[  565.445770] binder: BINDER_SET_CONTEXT_MGR already set
[  565.451203] binder: 8059:8065 ioctl 40046207 0 returned -16
[  565.457170] binder_alloc: 8059: binder_alloc_buf, no vma
[  565.462718] binder: 8059:8074 transaction failed 29189/-3, size 24-8 line 2967
[  565.473549] binder: send failed reply for transaction 3763 to 8059:8074
[  565.483236] binder: undelivered TRANSACTION_ERROR: 29201
[  565.488755] binder: undelivered TRANSACTION_ERROR: 29189
09:41:18 executing program 1:
socketpair$inet6_tcp(0xa, 0x1, 0x0, &(0x7f0000000000))
r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000180)='/dev/qat_adf_ctl\x00', 0x2000000000001ffa, 0x0)
recvfrom(r0, &(0x7f0000000040)=""/170, 0xaa, 0x40002040, &(0x7f0000000100)=@l2={0x1f, 0x8001, {0x9aa9, 0x3, 0x3, 0x2, 0x400000000, 0x5}, 0x188, 0x2}, 0x80)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
semctl$SETALL(0x0, 0x0, 0x11, &(0x7f00000006c0))

09:41:18 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)="6d717565756502", 0x0, &(0x7f0000000580))

09:41:18 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x6800000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:41:18 executing program 6:
mkdir(&(0x7f00000001c0)='./file0\x00', 0x0)
mount(&(0x7f00000000c0)='./file0//ile0\x00', &(0x7f0000000200)='./file0\x00', &(0x7f00000002c0)='cgroup2\x00', 0x0, 0x0)
r0 = open(&(0x7f0000000380)='./file0//ile0\x00', 0x0, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000000), 0x111, 0x5}}, 0x20)
write$cgroup_pid(r1, &(0x7f0000000100), 0x12)
times(&(0x7f0000000140))

09:41:18 executing program 4:
mkdir(&(0x7f000082f000)='./control\x00', 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = getpid()
getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000400)={<r1=>0x0}, &(0x7f0000000440)=0xc)
r2 = epoll_create1(0x8fffe)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000480)='./control/file0\x00', 0x800, 0x0)
kcmp(r0, r1, 0x7, r2, r3)
timer_create(0x0, &(0x7f00000005c0)={0x0, 0x15, 0x0, @thr={&(0x7f00000004c0)="3e261012502478659083fc38547508a2ecbcf670d2ff8997dda471ff71c8d4f8bcd9ccd0d37bc479b2284cf78e5c2bc0ea7c832d364bf531a7627dd60950c9c815e117bd3be57606520e3541df81fc9bb8ffc57ff257768f99b584b4be505c1f7c3295f74357a2c0186481472f070745800f0f91a982515d9f99717e6811c0d53ad8a74325f2109c17d7c9bf64b350e5b041b1c5194c9ffce56b1ba3591c4934d089ba9ed0439fee0b47ee86d6db4ba8fd2cd51517b323009a78ea0b4c7f47dd83579e1a4ef30319443130f10dae23946e", &(0x7f00000001c0)="699b057c22c5dd70ed758bb99882b1a845ccee5ee95c27b4e2342da25905525d2ca6ba141482"}}, &(0x7f0000000600)=<r4=>0x0)
timer_gettime(r4, &(0x7f0000000640))
r5 = userfaultfd(0x0)
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r6 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0)
readlink(&(0x7f0000000280)='./control\x00', &(0x7f00000002c0)=""/149, 0x95)
write$sndseq(r6, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30)
unlink(&(0x7f00000000c0)='./control/file0\x00')
userfaultfd(0x800)
rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00')
mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000400))
open(&(0x7f0000000080)='./control\x00', 0x40, 0x0)
umount2(&(0x7f0000000200)='./file0\x00', 0x0)
readlink(&(0x7f0000000040)='./control/file0\x00', &(0x7f0000000240)=""/52, 0x34)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000086c0), 0x0, 0x0)
close(r5)

09:41:18 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:41:18 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0x3a000000}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:18 executing program 7:
pipe(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendto$inet6(r1, &(0x7f0000000140)="1500ef5ed94cb5cdfbddc28d166ae27f8ad33ba7fcf1ce0798bff7abd0c060e5f0c86f83d5764bd78600bebe3df8d54ca5f6934f92dfc90d84a61fb1dad52698bd6a113fa53fe69d29c57129b5619b71a2ed39a691f874eef1f76e06f193594832bbce3da920405e7d4c1a306a3e657cc2a263278502f205115bff37ca331523051ce924919cea34c576648a0c060abac9e75d17f04fad0d53b5a1d7ed38b7e33824cf6c0855c02e7b852783a61048a5bff715c27502", 0xb6, 0x800, &(0x7f0000000200)={0xa, 0x4e21, 0x8, @mcast2, 0x100000000}, 0x1c)
sync()
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000240)={<r2=>0xffffffffffffffff}, 0x0, 0x100f}}, 0x20)
write$RDMA_USER_CM_CMD_BIND(r0, &(0x7f00000002c0)={0x14, 0x88, 0xfa00, {r2, 0x30, 0x0, @in6={0xa, 0x4e20, 0x4b, @remote, 0x81}}}, 0x90)
write$RDMA_USER_CM_CMD_BIND_IP(r0, &(0x7f0000000380)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e20, 0x9, @dev={0xfe, 0x80, [], 0xc}, 0x5}, r2}}, 0x30)
r3 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x7, 0x8003)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={<r4=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_NOTIFY(r3, &(0x7f00000000c0)={0xf, 0x8, 0xfa00, {r4, 0xd}}, 0x10)

[  565.669698] dccp_invalid_packet: P.CsCov 3 exceeds packet length 80
09:41:18 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  565.734799] binder: 8123:8132 got new transaction with bad transaction stack, transaction 3769 has target 8123:0
[  565.745256] binder: 8123:8132 transaction failed 29201/-71, size 0-0 line 2879
09:41:18 executing program 7:
sync()
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = memfd_create(&(0x7f00000000c0)='-\x00', 0x1)
openat$cgroup_ro(r1, &(0x7f0000000140)='cpuacct.usage_percpu\x00', 0x0, 0x0)
bind(r0, &(0x7f0000000000)=@can, 0x80)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x600000, 0x0)

09:41:18 executing program 6:
r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x412000, 0x0)
ioctl$sock_SIOCBRADDBR(r0, 0x89a0, &(0x7f0000000080)='veth0\x00')
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
rseq(&(0x7f0000000340), 0x20, 0x0, 0x0)
prctl$intptr(0x29, 0x2)
clone(0x0, &(0x7f0000000240), &(0x7f00000001c0), &(0x7f0000001000), &(0x7f0000000200))
read(0xffffffffffffffff, &(0x7f0000000400)=""/100, 0x64)

[  565.779769] binder_alloc: binder_alloc_mmap_handler: 8123 20001000-20004000 already mapped failed -16
[  565.806668] binder: BINDER_SET_CONTEXT_MGR already set
09:41:18 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = accept4$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000080), 0x191db9f7da13e358)
getsockopt$inet_sctp6_SCTP_AUTOCLOSE(r1, 0x84, 0x4, &(0x7f0000000100), &(0x7f0000000140)=0x4)
sendmsg$nl_generic(r0, &(0x7f0000000000)={&(0x7f0000000040), 0xc, &(0x7f00000000c0)={&(0x7f0000000240)={0x14, 0x1d, 0x1, 0x0, 0x0, {0x1f}}, 0x14}}, 0x0)

09:41:18 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0x5800}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:18 executing program 1:
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
getresgid(&(0x7f0000000180)=<r0=>0x0, &(0x7f00000001c0)=<r1=>0x0, &(0x7f0000000200)=<r2=>0x0)
r3 = getegid()
getgroups(0x8, &(0x7f0000005240)=[<r4=>r2, r0, r1, r3, <r5=>r1, <r6=>r0, r1, <r7=>r2])
r8 = getgid()
getgroups(0x8, &(0x7f0000005280)=[r6, r7, r8, r0, r4, r5, r3, r0])
r9 = getegid()
r10 = getegid()
getgroups(0x5, &(0x7f0000001340)=[<r11=>r1, <r12=>r3, <r13=>0x0, r9, r10])
mount(&(0x7f00000012c0)='./file0\x00', &(0x7f0000001300)='./file0\x00', &(0x7f0000000100)='tmpfs\x00', 0xc8d, &(0x7f0000000080))
r14 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r14, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r15 = open$dir(&(0x7f0000000040)='./file0\x00', 0x3c, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2)
fstatfs(r15, &(0x7f00000002c0)=""/4096)
ioctl$TIOCGSID(0xffffffffffffff9c, 0x5429, &(0x7f0000000080)=<r16=>0x0)
r17 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000001380)='/dev/hwrng\x00', 0x8000, 0x0)
r18 = getuid()
r19 = getuid()
fstat(r15, &(0x7f0000002f40)={0x0, 0x0, 0x0, 0x0, <r20=>0x0})
fstat(r15, &(0x7f0000002fc0)={0x0, 0x0, 0x0, 0x0, <r21=>0x0})
r22 = openat$cgroup(0xffffffffffffffff, &(0x7f0000003040)='syz1\x00', 0x200002, 0x0)
fstat(r15, &(0x7f0000003080)={0x0, 0x0, 0x0, 0x0, <r23=>0x0})
getsockopt$sock_cred(r14, 0x1, 0x11, &(0x7f0000003100)={0x0, <r24=>0x0}, &(0x7f0000003140)=0xc)
stat(&(0x7f0000005640)='./file0\x00', &(0x7f0000005580)={0x0, 0x0, 0x0, 0x0, <r25=>0x0})
r26 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
fstat(r15, &(0x7f0000003580)={0x0, 0x0, 0x0, 0x0, <r27=>0x0})
lstat(&(0x7f0000003840)='./file0\x00', &(0x7f0000003880)={0x0, 0x0, 0x0, 0x0, <r28=>0x0})
getresuid(&(0x7f0000004ec0), &(0x7f0000004f00), &(0x7f0000004f40)=<r29=>0x0)
getsockopt$sock_cred(r14, 0x1, 0x11, &(0x7f0000004f80)={0x0, <r30=>0x0}, &(0x7f0000004fc0)=0xc)
sendmmsg$unix(r17, &(0x7f0000005080)=[{&(0x7f00000013c0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000002b00)=[{&(0x7f0000001440)="651aa7500db960b5d3e92743312c5be16861060369ff12a50d1fc830e4e3fda7f754531466e852b5850a1594ba4c430765988a73c317c89514cb765ec7161bae36417885b7d78cd317fe8fc3079d55575f7cd6342c831cfd6713d99208e2f34a61c707d7b3c947b187f65b23984e03a2facd65b0716952afd5915d10e3182ad936d463bcd191fd0f9f40044a4dc79a37530b17b26ea423fa8b7f1700709d", 0x9e}, {&(0x7f0000001500)="04f16d52d2b2a3b88fa01b355e70a9f3ee4ffb841d86016b7b7c8b52f8809d42396caff8e752ef617126fa9575891d5bbbdec925dbb6cb4b48251b1f5c1b0d45c822ba4b3a3cce6253b6806aec218997a4b876500f6a93ff15a0e599fa6a71c92dac2f3898f84994e7ef5549ffedc2258aba580e1f9882ce6e209b0336782adbfe500bd2542bebf63fdde6cf63f15d54fd2ac1c94d8c83b45cdb4890e607ba830637352c038c82c94e75c3fe1f4eb7359e552ead76b79491a80251e8761d740d0d4f1f88257f6fd298577fc78f0ca1c90bc7", 0xd2}, {&(0x7f0000001600)="a0cf5e5fa27f77d186dc16ab894dde067eac5beea7a0e22c92c77dce853bef796695a3b011be09dab2cceb3f85100fffb9d240d7b9fbd75a4cce85600ab16cc0e4b7e14a32668701896948d061b46b9c4dd0f622f8c68aad5bf19cf5369dbf22eff9c6a294e99201480c6e37f238a05b66eb9639a53e76dc300623027fd50ba701815ee8194ddf223a9ac5a92d78e5dc6d61e195cf605ef21d79c76be1389b6cc00106535fbe3b35dd3e56921e32c6e749e8098622588d253ef904065de00af7c461ed1f0d1daaad6395d185d443a706571e6f7472cdcd1e089c57501169f7860d1a563a9189f4ac4439ec1d5045a53c67d66c68", 0xf4}, {&(0x7f0000001700)="468314d2ffdc6e1353898737247df2618763ab8db3991d5edbb4dcf284e36ab814311ec9e47c4313c0a11e474170ba1efeaa43ad76b310fec0a650f268bbafa082107807234bbb5b443b82d5d0a8eb938edf3d3f18e62712891f8a2b6868418e891f508d0b439dc765dc059f7fccb455d66dc585cbd3ca9a5991b3ec0966e39934e0c8e244c14209eb0eff89e522b9bd3fe67a71d827f4ec27de5aa439ee8934823e93e48db4f928fc02636fcd5c115ab25673bbbb00d7913082beaf6278795954b1befa9a1170e857a19d153452ac3d", 0xd0}, {&(0x7f0000001800)="404c3ecc28172b443393c341d58d8796cfed2d753d4a93b771eb1e84145867c888796684fd41a28f7e56af3e29e7d3f499065e76d8a854c4d4eaa4db8916d37cfc3faefe2d7ae5a7b4732d635bd930ea5409e2b1c3de2829405fa7e1bfb249fb39d84deab37940c42da01090e67d1c1ef8fae314083eac365de58411bd0089f82eec15309adae36abbf2a768ff6a5a1debde0923ad750729eee88a0be8b8600ffc663895917bcde388618e276c978269354254500eb914c026579c1a24ec74e7adb422c9d25208a4e040619f1d90188bb4ffd1e3d960ad0c963bef6c5510350ca7dcb4ef6864c549d2", 0xe9}, {&(0x7f0000001900)="c5229c070e4710b1f29e97b31f7c8552f7620c5b9cbe2d318c4a1044be8c344fda91221aa8f0634fbea234bf2cc5927cdd8eb5afc23094965aed222601185281eee4724a85414fe447bc98ad629085aa0ffd651cb033f0987da99e909eaddd71c633163c127600460bde3771aa08a2933b800586937f268eb6f56be58048afd31aaf8dd0519790285f54aa004ddf84dba21a", 0x92}, {&(0x7f00000019c0)="6057e518335aae7b130cca4e00e104849dcb2dc98443ee646aa1df6f9aca86ce06ab9f7726828929e3", 0x29}, {&(0x7f0000001a00)="ccf4c4fcea7ed9e0e27ca9521deb2acad248456b41c517abf6644fcf6065b38e124bbba6fceceed0ffdd24178e8b79b0e84d32ab7055cbcde5f9f6627f3737fea330fade2f859ab32052b6cd41cbe95226461bf90acd9412e37c8df828660b86eb359096ec247f02ef7396351e444772560897d009941ac98a44aaca1319d1ff81051111f343a6be499083ea258a70e5af934897c8be40fd50bbd8ed1b6c12f3fe23695117daabcd020966013f2db4e1301d04ab007c5fb5cd6f220a7ca53ecce368c8089c5681ac9ccc018922566c6633e872165559cbfd1526a0f63a7ea48fc20589eecfc367b65cf0dcae734ffeb1a5d716b58180dd792bf7ff299619decf43cb73fa70230f8d513b05abb26943c3548ba60df7235627cb96f6ea164b8b3a5bb8c5628a3ac0fac0ffa3fb05be4a37a0d04c449f2ad904019ab80881497d2119e7b78dc95c34d4f1936efd8b6e20c10a8ce95aee2cecd349b1ce83b1ca2d777993dd9e623f0fe863f236a1b84ebea8a11021047d9ad8a1cbc1c69fdaff84a9127399af5cbe94ecac63a557d6a954c16bd615471e9b1f5badb1f44834f7e403abd12f50a510cef2efef538c0c98f265ea602fc4edd508dc5a4c19aabfcc6203bbc1401f54f0dfaf7370a3e2374138baa9721e78caccea17078aef288b3ba9ed54175abd9b97a8af45d2be4e59cb044f9ec06ba69f02b40034058e6c4d212d6f78d8ed53c7f78123840a2f71d49fbb710ac4d0fa8ef04a9e4346a7ea2bfa1817de0318775f8eb47f862041f738f6cf67dd7693efc3e21fd82d1aae1e0f1288983781d4d1e26a58a28944891c722229edbbe36d869374fbacfb731c97e1a8e1ecb6ce88d3d9c80ccf50f303eb6edb94ffc0bfff1f6479ea064db2c296066bddd0f45cb61ef16c6ad87ef0d8542a53af6cf6451f0905278b7ae5a3c6248f0ea8f8f266b545cdb84f3fad637f36141e490a49c7cb3a1d3923b26e7de77bf3181ede9a7af71ce86cd7f750f08238ee073fb80c539249b36fb96af31d3ab7fb0941bac0bb8311bb718a33a88a7414b2fc2158819daf227bdc94f96b1ebfdaba6cbe0272071182814acfb6099a07ce9a01025d8d7c84edcf27ac4e92a714ab16136b9ed9d2cc6c500f9de66a45d0c94197614cff511a6ed02a8ccaa526167b75dd85926c666462b32a987bc90ac9216e0dc42e704e365551bfe38499886e1f3551f26cb82ededdaaa3024de8001ecf00256b35785ddc7ff72fefd76547dd1a36fa16f0b8852189592574aa06f1aec75551a37da041a15549ca716b7336f8599da874c953aed2e9653afb7c0d53a05193afd0b284dbc1a371b98c99f17be630004196c39e27652d792d2286a5a41fa0cab1c1c0eebc7f75b6c10ea3b816905c3772b0512ca502ee07485b65ce9875116150caac91d602a2addbcc38e59cd2a90c96ffcc2ab0ee54334ace84e9beaacc72add1a962a2ccff5789262a032244c69bfc04be1fcd9bd9deaed61fbe36894ced4fce1510f84b97393b27a4705a6d5b04eb85b6645a0eb50579dad19d64747047792c2352d70d0465672acd81577616429b7c3c075ea1fe4cd3e3678ec9f943bff1c2fc3188296ccef44245948feb4aca193d4a3890d43c0eabaf75f7a63e15100661f3674c75e56b79fea2c5b40fbddadeeadaff751284bfa16cfab0fc526b7cc79530adc034665e61e6f6f02aea82fa749b86810daf9a6b7e88dc8cf467550c954156839d46caa764346f39673b260ba881b51ca5db70e221998c93906abab0e7dea6974caf081592c2400994bd051f0949bc13461ccf5afc1a7a9b64d3e7c756a14894f5ea0b8d56fc3d02d13a9de4918b6c245abfb46c2f80771b855b32cddab51012b1164f489719c93df9ee84552e098ed094090608c46fcf2ee56e1f5725430654137c8a929a7345ef5c3e2fdc067c9e2b64598e4e351e33678826101845f909b98c4c7125f921750ea37410562b8f9ccffef5797b6bdaac8b64592de12c653d9b52ffa5669b76549c0e21b4f39698ce5accaf290f04f4c7ac8fd67dca9e0c5a2936cb6443a22606831f1c88bc6e334d5f8b9edf0a60afcff70efaeaa765a913e35d8da6ca5a56ed23690e9e502286f9dca426a0ef1c0f3a60e82e9077ae2622f7befa243a538d0dc38cea086225b031546a361442110ecf93a9e650b4f0bcce98d5ea8e89e7950cf58295d3285e193f70fa236439afdda1e12171044ea6517a28a3cf76757ad2388dabe292a47d2ce1b6159f1d97a3fde761b30b4fd51fdb9a65d336b6e1d5fc546c018f7bb556f26eb74268b0d4601e5c049a29b1ddaeafde41f763b117755f2156ab4fc10d1d0419d755652a20fb19e0ac97f061602440a0941a952eb4a30f4b07f8bf5d1867e2ca97a908041e416c13b9117f692e1fbaeba668d0149039d1761f22a5181947db14b8cb341837260ab5cf7d62dc797e6b64d688f76cd34ca6435ee259c404e4afe2a4b8999c5279d04d93617f1fa4b116ed4651899119edbed5ee70a5096f628925980942bac6a74e3d0a15f767cff8555df289d094762808fefa7d2ce0c450763ddb476f550c11c321005dd7a16869b49cdcb7c4cac96d1f17081d477cacd05b6e1f0414b1980f0766c9f86692798224c32d651db5b059e3067c1fb82b581edcefe181a391b3fc4f97b93fe857d1579f8763a24ef506d09d202d3e370d43691ad33901acd0e098ec7aa7b1de1c9bc22e16caeda4aec139c557da9a1c45906ab311349d219ef323723e31751717835c6d37de14349a9f91865c70f7405c6faabee54ffff61f49ae6d38fe4533be5e135094a0043c5a11599c1959448eb807091b3a63cc0173d7aef931a7b7103bf06a214b35a35d0037c8ce6c5cb51572b53d8071b9f57a99960eb56a64c5ee6fa77cbcb25c636e865dedaed25c279eb4d50345b4e89069dbf525f7ff0df468d4466d645a9b68ed3ab062ffe78b0ffb27c4ee6390410357b4e7d8a780ff37adbf2bd3f3532d1a284f05251dcaf3b401c8b72ab4792d647a5fc6bf2977b0626f6d1b14ec74c4cb102c78480845194e1311b5eb960f81860687a5e4727f429e4286b495e343770877224ab3d07a268944839ac8a3e42c6a0b3c52bf21270ae5e9f1656b0518e46a540274ef77de40c0f0cd6d76ca257946c409fbbeee8af699a91e0a1f8900ddb3b10e94a9d0c4e44e0640db622c27e9062f5c562b3948b049a6eedd48a9af55f9fbb516e7fa0029671528a2d334b9f43da87b42a3dc877ddb1f43926f2826d9890a0bd36784d48c0add08b68290757d907ba6ad67a27d4fbf03183241681c3ce0fd3c279c6856e267b96db9f6500812350440b480b093490b2fa0d9dadca9e2cb9471a1a5ae96f1a4401d21b5f88b5c6fd5eff7546227e0ea1bd0c10d88a603fef8f088cebe24f5dc4334bd9252c8bc34211c3e3b6a09a2f1f07b7a698872c64651d0f5c5fb7a9c891bef570f0403478cba0f31521a9a728c1cbe06bf8bd149491fbb9635c59d46c3104110415be69a87fc08ffc387311e2817c2240cfd2dc7c83ccbda99df1bc92ea7ed8724f2c201898392a681247775c36aa2020979f6158eb4f1951b8214e3cd8e36589059de4d7697eed888262b76417e9985100a13cd29d8480dc8004c7fbe388eee50557726d0a854ba41a08319c0c83b1b0717307abaeb8dff4980fbc1dd780a214e7bcbe83e53d5eb21cd100ef2a2a9d7da4185ac70363c0882ed0c495e7ee4dd594c959f5d652b80570f125bdf14e899de6755efcbf632dca526bf4f7e9ef1d406c171376cdaed1680cecb185db089a121eced30aa6ed17f3d23f6189e18b46adefac9761efa38a99d45fab24a4947c24a63311e70dbc0344f1c0d4f7355d4e8ba38b935c3a9e67ac0ad76ffb5302c56fcb61fb2aab474500709a1803139ccadbb1c7fb4ce4fe1af4c1821ba0bb45b826a686aca78abce4677fb4a00b946056aa6eda56120cb06b0b6428cf9ccbff3a25ea83e49a2790cdd506766eb670fec104f3584599132d306fb53f6e529dc42ad7750322ad7de3dfd8a0584d12000a39e472f0036a91641b83992314467cc5553cbfdd1c4e3f369bde522f778231b447d0c9436c355eb78dfe40a6ae868a210540580261ea9693892052b9c1d39e7cb6b2a53e5e56b71a39a7e23757f5297d1323c22fe5135a902897fd7b033d1ca6980f22aff2235ea23522fd16c01473ff28f4688dd950b8f9cdd5733369ff2676afcbbd6c0a1f360d2149776fcf86a4416e171613bb82eb432b438e4a25342e9eebea8c57253d3c6f2b0bb10ac9270adb436352ee2c5059e45a7aac7b4abd6fb0c6b866eaff68588dd2060126dd61d774cc5f67836ef80dc613c765488500a0ecf35fd4443c645aa78cf6581868e022933f80d7dfd4d955c0c6ce5171c248d166367a03951bcae6a85be22017a473cc203ad183d458feb9aac5c3b4d75ffd39e25e5aca94b475cd1ccf2e3109839f6bda055881f615f9b9df940e031892920f79061aa7da6f6c7fd23793288455ce57502d2825bcd9fd1f970ec1b7ae453f75db91fae080b3ca50a9423578fe5a3d57ba244c177d76f5871f3a53f3c1bcb7f2c1c4cdbdc273afb360ff3ed698f16b4db01496410c68b97263c783a57c67b965b181da3e399a8921ccab38304fc0004cc8b0fab96f51dc2a44630d3b1294aab25189330ffa400bf3d47e2eda579fff41dbd56ceb78d20d245bd2c3c6d61e12cf16006fdafaefa99665721e9ec533e803665cceb1cf6ed7ab9fb80d90602b7c8cfd6ee148d31cb9c770c588506d128d9e898ced00a04ca687cb0fcb96c02348e422daa9abe9e665af14b629ec84742bec741838eebf3edc168af1c5949fcff48e2cdf08a0d78f2916fa4f494d716b20563a507b2dda87ed404fbad7fb75a665d89134902839277b612b1aa7f4cbf4c204cb0841d7fccee300ec77a454f0709be1af9aed8f83a2d5bd051d8b0aa24836e8f8122cc01fbd1a333c8151e8986c9fe7f462b9c4af631fc3ac0bb9bafd61812688e553fa235ce5194a6498a3337ceca6d4c7e3aabb82b07e5f775023fb270899eb45f1b0e95af905b1b9e1623456c665f1a782d8e598180a55954a33866cb2542d3d1683967dcaecb1b8f058b3f96286ff50e915e70c9b46d69b690859872657c050c1cf752376ae11eb71f39b2a823e5531e3d7f018952459c100e26431fabda072322d1ad1f42bb2dc1b7271851508dfc3ec8d2b238973938149edfd7fe287cdbdb6d875a0e4f9edc890cb1fba3c869cb4641049956e859c31daef9ff972861362c8747127d12626eecf7f44b92eb45325d2e68c729c0fc00aa8bde88fec65f6f81cd3a57d6cb5411310939d4457bfef02ba073f8c2cfc7adfa9e64e66c3e0052c8866aeac72a6d27db368003cd76cb883c5e4bdfdad9e6b8fdd970d70d4a6db20ef5111a119dfa8b36b11d0a329da6ea903b434990e5a04f0808a53af94768a87f89f319f0a7bd1d93ac69b4fc273e5f76b401e1faf8797f9e94028c4363b47ea1a4877c326efa9d3c68bacf44977d0f360bc1f71175b1c30b5d9939a6c6e13c22d6cba0d3cf0f72d97e6f086f100ce105d2d0cc478699dd17ad0a659988b55ae85bbfbf2cf293b9111aa197a0cdff6bf0689f53f7855bf66190ded9d58c61389b5145ce01d298567c8ab12d8dda550bd1ea26ad6d6f5dc50db53e360a592cc9c1492156889270195af387ddd0e1944ffa8f462de9466f49a60820ecd9a92006a20848f2cdc7ca742cb1f8ca43f5524a544c18e1", 0x1000}, {&(0x7f0000002a00)="dc17a628f5cd231a2650a5bb2a3a0fe8a060fd4de1799627431b8b06303e76e1eed23be1d6a078c11ec9b7923615edc4adb56d928f6f38798d9445c97f25162b6878b8438282c765b5949f19e9d0328e9ec309d2cbd156b1b032b94c5cb2831765709f7c1b2b59e24cdc2b44a070886d9050da2fa2059f06e05969b0304c207928641511e43b2eb2e3dd493f3aac7a12a129e3a3eda18e087ec4eb47cb89749a5b4a4a96b313fc1dd30b87e7bad6bdd9a313169b4286fdbbe080751b52ce21476fa964a3cdd0d967e1792da29846f0289d1e7c34cd90879756", 0xd9}], 0x9, 0x0, 0x0, 0x40080}, {&(0x7f0000002bc0)=@abs={0x0, 0x0, 0x4e22}, 0x6e, &(0x7f0000002d80)=[{&(0x7f0000002c40)="e9547c8822f9565704c4b543756747a7a29edb278ae82326b090f3a42c7ed29c5e96f30348c90f9b7387b8694d847f0e8354fa0ce94bebdbd5e040f596c5e9c55e0609cbf320dc75b51c1c77b249692b8af9e4b472a853d278fbae39cb561aafb4464f845343af394750f892edf2f2eaf8c4a918469c9d7aaad81bc464be28ca666e", 0x82}, {&(0x7f0000002d00)="a39c21bd864dc800ccdc186e8e315528bc99597f699c4c08ae5fe35dca21f3de97bc107fc6e1636c115a924b2035a5f49240bde62f310542871f6872c3fef76e3898b30466f7ab7a2d091648dfcc4b6f9daf70afd4e94cdef7025740bb269e31b94828d4ab3de0e548e74bfd6edfcc8906b4cc879a66193df23ec6505328", 0x7e}], 0x2, &(0x7f0000002dc0)=[@cred={0x20, 0x1, 0x2, r16, r18, r10}], 0x20, 0x800}, {&(0x7f0000002e00)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000002f00)=[{&(0x7f0000002e80)="7d0772d4543e6a49affd69f94acb0551c8567e4ed27de1e4320fcda1650be66b25443f73b9a6c1d444915530f2484c79159929fc618fc63c7e5552b11d57c1af299e5a4b9cbcf1008420a2339155202b9bf96ba4066a6a1fe393ae1d2408ad4a7944e97ff340005fdff0c55809dd4f3e51de7ef8", 0x74}], 0x1, &(0x7f0000003240)=[@cred={0x20, 0x1, 0x2, r16, r19, r12}, @cred={0x20, 0x1, 0x2, r16, r20}, @cred={0x20, 0x1, 0x2, r16, r21, r10}, @rights={0x28, 0x1, 0x1, [r15, r15, r15, r15, r15]}, @rights={0x30, 0x1, 0x1, [r14, r22, r14, r15, r15, r15, r15, r15]}, @cred={0x20, 0x1, 0x2, r16, r23}, @rights={0x20, 0x1, 0x1, [r14, r15, r15, r14]}, @cred={0x20, 0x1, 0x2, r16, r24, r13}, @cred={0x20, 0x1, 0x2, r16, r25}, @rights={0x30, 0x1, 0x1, [r15, r26, r15, r15, r14, r14, r14]}], 0x168, 0x4000000}, {&(0x7f00000033c0)=@abs={0x0, 0x0, 0x4e22}, 0x6e, &(0x7f0000003540)=[{&(0x7f0000003440)="7976c23133aff948682f67ab30fca3e49ddbe030", 0x14}, {&(0x7f0000003480)="dda9d2659f9f058947e3f920350bf39c6b41c56c0ae05516bd62d34a47749d0bd23375c6b9fa00959b1cf8c0a7d46fc7dce80e8ff67519f749ae017c9e8c1bbf7da880ba3683a64d20ee7346011e56de46bb4fdd83af70cf87eb2e6bf6b769504890d237fa417fcad94b1949b6312788735e7e02572d5b45f3b6070d8d32ed32e730fac8a42945b7567d8513ee330dda0ee00cc4fb563ccc25b2f89707751614f6f148", 0xa3}], 0x2, &(0x7f00000053c0)=ANY=[@ANYBLOB="20000000000000000100000002000000", @ANYRES32=r16, @ANYRES32=r27, @ANYRES32=r13, @ANYBLOB="000000001800007d3f00000001000000010000006b3c57148192177cdb0b7bb936253703978244d906a66fcbdce24cc465a2ae483fcc7de48cbab629aca0a99ecd98090e5589706e4d209245db4abaf6bdc7cd448628bf1a13f841850fd1ed2551ce7c4c26086676ec27e8e302847203607f51e75136b39f5e8a8d97a8c236558fafe21447473fb3cf2d465a0897d6751b8c1092e96a0aec154fe9649ffb360c402dfab542b161ff511b010f7c04eee65dc64ebdf1376cf5c94c00a9bc9b401f317c38650d45f4e7432c561097acf93df6f5f088cd645b438bcd749ec17c9ef416f36a46efe06d05440d14466f1b3c44e64b91cca7508320482b9b4edf", @ANYRES32=r14, @ANYRES32=r15, @ANYBLOB="18000000000000000100000001000000", @ANYRES32=r14, @ANYBLOB='\x00\x00\x00\x00'], 0x50, 0x8000}, {&(0x7f0000003680)=@abs={0x0, 0x0, 0x4e22}, 0x6e, &(0x7f0000003800)=[{&(0x7f0000003700)="7104073d588b3adbd5d8da65200779287af9a86dac8cbddc892ab5c3dbb6f51883e4cd5109185906067c985fd69e5f00d3ea3432c9fe01990aaa8fb14d1903c9b910c173ee0fe54fcad409fd62332a373af615af83b4179778f8f39a2cdf8a2b43be4b58dd116c21a101e6ebc4db1992b57e415ef5dc118683394eae358c47b391d3fa9a7f939520c2f9860ecee4e037222f768fa72f16d2564dfb9a2611a10e7fde41db995bc2cf0c6efb68a63446efe575bfc4d0c15e728352c72f6d49d681599485f8d27b", 0xc6}], 0x1, &(0x7f0000003900)=[@cred={0x20, 0x1, 0x2, r16, r28}], 0x20, 0x8000}, {&(0x7f0000003940)=@abs={0x0, 0x0, 0x4e24}, 0x6e, &(0x7f0000004c40)=[{&(0x7f00000039c0)="407766af0982a28adefd4ac747ef929aedbbea8f41c27145664abfd8c17345f3c9693a005b0a097c1859e1d19a589e4b7b3cb97e183d1cff29cdb7ebcc96165abb157735c6cf55afa6cb115828c0f41db6bdd5b5b98b33f3ac2fead64e8505bd666beb82e18885a54a6f89333d32f958f4ed5e562958c61345ebac0d6d11ee11bddb3c06b48745bd9d1d45e683c7a40cd035932714c3957c1710ca1c48ce6a983a4ffd14bf068a74eb36805b5a5815587e43f562eb55602a1668f16af35bcde610d65cc7", 0xc4}, {&(0x7f0000003ac0)="90d0dbc6551dfce545c161ae621d407e074405c0a4403a766f682d5f9f50d4d5562ae7b336e124b918470335433ac0f5ae3320d9da30be69b7a6fe73310c0f80320a902b0681625f2c74b2725f97a9d226ccd09653c74c5addc5a8c8c9ca9c05bdc881336f72d1597bbb", 0x6a}, {&(0x7f0000003b40)="602c483053970d50aa581f6003c866d926d9dd608d0ffcc9f0c0fcf9e562b60e870ff733cca8bac8e55b9f00d10f0606c3a3848eacf267a69648e4f18bcc2e6b7328db6cc3607b234aef5444ac22d3ed95cc02b516a39d70a070e823060794a2a98d0fcce14bc319b6a4bc2127a5e0bb6ac6f112c42e87c19f7c6a61d233524b107102cfecd93fbf3f7dbe8d834c927458a4e6a06df8a30f5b8c96d3e5f929cf22b4a562d7b171ddac41e1d8fed777dff0c1121d908ec73e0f5275c6bd22fa00593acf686b76ede03a44af0899506932abd3e1f00c81896ed47456cf0a", 0xdd}, {&(0x7f0000003c40)="ddb50ca56a420117fe266e2896a51c59273123686a31994f225d833596315f1e3c4dc19c177ca2777729bd9461f260b6b3cb1fe03ad26298f1f5c9599436ee87136aa4b4b9947321c724415f3dbe25d91dbd91929abdaba5048f2d4a319bbecaf0960566f6d4133c267f58bb29e55436696bce33e4e8dbba5df5e448f38f285f8c6bad0a1eb53f70545b6c06ff7ec11c0cd76f5d647c8717d571df65b03fdd62b67023512405715d7198ed02701e399f3dcef1fa88753649c9f37db0b7e67739f1ca81fcacb3b3e3501dc89e85e4a3d466d5d63ceb2074cfb6c3300886e5ce0d0a070584a799a79e925b5820e05ef872f814194059dd56ac6d3c959dc56117935f959729421a22e97bd8c8cf24b51a9c82a40677353b1ec86c1c23536d5706cbbc4572a270ae365af36297faa4ff5ebebe8c2297f2416355ae594e76ada8f596faed8c158e6df23c7222b332103a3562b91f7a24e7c4249f274886a18cb1709839b56664b9668d41f9ccdc8827f7438694ba320a24be5646ac9951b136e4f0329796b4ff877cf52c64b614454cbcf6028566480e972db20861155766eb6135d0a41ccea22a0c364ffd3011df36c045e4265af4b2fe166c18f4b97cdf8d3d4da41266a95ebde8f15a94b848c15ddab965cfbdcd37134f512484c006eca48c79467ef4e5a21d36e48d865b8052302bc68a77d0f81749d620693e0fc5b9f213b044836917e82c331c16ecebfa232112f48cec037b37973abd3245076f9cb51ddfeabe374a684ee6adfb75aefdfc5245cee6bc7d588f32fe76756946d85eb7c7f95e18f85c8a03682f4490f3095710fd122842cecf7c2110f66011e779833dd7601218c6c5e567e9db23c695701d46a80b98ca5c1dd19653b6b09e7d0173b9871680d456574986c636ce70692db2a4979ba3fdb676eed1e914e7212d0fa87c3b43096d2a1b02a20b4f792da3759525113b538d35af6960d5b23adf2a7a437af58a367a2bc0ea86115393984c75a5c4e273b70fe19a8e4799a24e4f78013b51863946d07dc8eced52c0a67ff1c6056b66a9851ded51491ea44eb9ff65c130910d8e7cfa9a221d1cbb3492012b1236d82cb2ee1375649f5e637de509699cb209984be5566e0027eb4a1e0d500da6f48159f245bf94733589c3b664bfa5b684e22053d9eec1020028d99d09d0c166b8bdb039f1733239b6675a159d812691ceb8289171bddaf7119644fa7239dab79d395773e2b61e3dfa2085b1473fe9e9de754d74c7dd3cff8d7fccada9133677a5721846d40cf6ed4a8bea1ce427bfe0db5b9a2e959189cc055cc426870ad56020e3b19dfc29e74e02c6c6aa76c2b344024795aa7408f49a69cfee16ac06bbb2a23abe7c1ff1ad36e4a9dc58ff2de9feab8ab4140b4dc3e1210a3cc5070463be4df74788bfad198b5f1a9f5b21bbd758b267a1364da1ec907b5654f44ce91045f8f1d7f2b4d7ef4c203389d4294b7d0ba07326d0c555bcd321874fbd119e512bfa8cc3fe1ba324a513773c6fa2ce56fa4a81fa9f7039a437906c6d513cc040f8e6afa9aacaaae6d84bd64843db18967b59cc6ef5bc5b8a1a65ea847001887c49b2e0acb57e7539118f4c54763f79a8766cba1842321901878ce1ce8126f53de63b244434304435cb318cf64217f0eb942f6d6b775ecd6980f1b3bb2eacd73016f1d96dc270646006ee155325376e83599df743c3b6c2eecdb5eba2ea700c33d18aaa522e74d125c530bc859fb52a072e6c29503e507549f6bcaadfabc9695b9ba243265812c2c4b2b30b1e24e735140c3a883b51f5e9c81c2d6b691888c4316c7dc4a2f4c4835155f151088fd4766453c0ed7b0e6cdf97d9d332871d6c75c023d082e7dedfa7ef4b1aba2a9d0d8aa08d7d80c60acf986b10936638e2ee94945c65b12a80bd5d8bee5535ba2750a1817189f43d25a565cd04f5070bda44072bcc54857e5c0832c02978c9676a7a6b252e524b2c920bec7660fdda6a62c64d1f9df7c5ac5e01c78d361050973241cbacc1c95c771d22f14735f40b29ff12d956a452e0a75deb91061fe84bc858afd268ffcf196bdf804a5c729c320fc55e11252192f56b267ad400e9ed3b9dea295af61146d81f1a0bb1d0b345fd6a2fb2eba2ada1856f254b46639382a6c6c4d2884936f63d71bbea9c8ec90e7831a52fbd9535f0eb26387add38cbe3f415e0db3c0833b3126e16fcb81dba25df68b5959029078e7e6a9aff19167b83b08a864a55746cae8597f22ca2881156578031a17148ed85c40885b7e823cb2a32c1599ec6ec47c306e87822aaee0744aa2a071161e77a6261e6f2fc94b2ed377fdb3426c213cb3f7b5544b2c505e1b1c8877909cb961fbb16494736309289d83a490d301d476a1ff2651c98a6fe1ea27ea1d4f281c39371720742c809ca920c3d4e0518a954b070c0d564b975ab6c096dbccae12b1c1bdf7ccfe954b95cebbef1a94e3f078892dbab379e407b5c8dcabbbdc3e0664131358a0c4f5f417d013f3b3f811f9d80d11b0cfccef3b4c754463dd5739c039f3b0f64ffe1204ba27cde619d6914b216332d33aedcfa69aaeeb785de86ec0e0d93de0640e3e8227e4e76aa7e1ddf9dbf9531dfbdba104910d226625b53f0a6f017afd4ddaab4f0543c1c757c6867b67d8275c016fe6e80055136944b491dd032690b65faacfb7300df594d39ff7d75b5a767dd7053d2946e8520bf9c47aae7e6e34d275a35eba110209cdc659403a959139f812018dfa14025f0101d38a1c579ac1c4a72227a249454545da5f17674f24d88af98aca8950dbf9a1717930c4476a936ee1dde96799e243571d73635065a6e670b0edad5ca1a5ac52854709b5ea4805788093965cdb26ddd62eefe8f8c280a8eada82f41a677710c683b525a7641d3b2c26ae75ff9d4b09f0f95844605026e557b437f2c7cbd3fafee26fc7b39d3a829995a28b1fb529829546f08e0e320536bfd204c94b8d5c34be1d93009814b601aa004080173dc9379ed272ddc3adce7542090c84743ba63b44e1bab25fdeb6d6d9cf891dca64ce8454c7426862603e67c7a7cf765192d25bec102cf8fa77c4325d178706de810f136aa46e79c1e539468e51987d874b267771d0e07054c96ded8a807d801036d6b58b16abcfe8d0d3cb304c294cc682bd9ff7e64b6535dee54af6ea195415a83453e754c3e551f0fb6258c33d0a39b5b50edbceae001cb251685b053440b6854f2940e36848ee3c9c472bca5a1df64ec54eb7e37e07f53209a7c95ef70380b3983ae5b6d54fbaf26b1948726235d0b66de1d5bd976b06220e2ea2464983889677b31583d650403ccaf5361379aa40d881d54e6174f6f211556de784d7f8d11b914ff8a62f9ce8a53676d176ff8bdc9c723d14e61c3317c75ec4c5302b013eabf98c452b82f5d3b3018a11c78f3fa8694036e24d2613593bae2edbc5d6419e467a4cf3ddfe26d4e3cad22e28c88b97ebb375491fe368d8d3603694690cd782db0cfdcf38575bd83cf0c9feea675580654a3ffa3fb888c31f718a2adb1be07cc478426387de22c080455321fc27429afe0a304dbbdf6253b035ddd7fc11e71b4bbf72c5251ee8a5bdfc598a5c933e64b8d4403b247d74a078fe60ee5df1fc574b940b29170ad5471a0a8491442970545cad39bc6ee7a9871595ca0b166bc9dfc309c4ff4920e7d0ad187eef9ff3a6253e42da485c9d9c4a98423385d9a9d68567a658042e4a6dc972ca30386a78e260582c67c3bdcbd6f105d0529d7ffcff29279673267d3a7c833ebca678fd32f2dd02a6f87eb4e336931e45ab1fb4529ef4d1fbe58de2cb34455e625df0e09f21ceea8b285a96ee863b9ae574e27eb8dfc951134247bbfdb706a758a23fa0ed7103290641df79eaa72a9f13da8987f821ca5ef99f073ca81ae8f1873931ea416d735f1064629080d89a84c2927aa90305c39a0164e4ac25a1579d06b42f6069992241b33153a5a563b2039b86d9f7eca3653b6e5f66d6e4565574442ead179ab88f14db8bf1647c30a42c65017eba983f2888b0949e804439aa8277ee8d3810957f84c1d583ad594daa2215638413d0aa2b745793cda0a57bc8e6df6e0ddff7a0154ab66e4b72264f9fc32a838f3f6df995f893122ea90d86d96c2f28d4ffb5cdb587096c30bdd830ae816d5eecc280cb8944c5bc8c451523735e138bbe996ea36776b73a4702e9bd559abc59d2d8e9704d602a83de8a33d73b6201b6fbe1fa956c3b8e282853ef057e556c1de26ab22c1d0cb54b6d526fce6a2c29259218b7a09b0a95ebec2d4ff1468720530f183bdfa3ed9c143250b765bc6566e0cb33349ae1770f5a84d8150e84b7c3ab2d2c37ec642f3f7269aaf17d90a2dd8a61415d7d18af7b689f1f5fa765d70e6f09b8f8177d07673f13df973cc0f98f870d960d332d22b8fe407de2a7f9d0504feaaf2f3be13f07870a9295fefba67b9fc0175245630fc492b83b2545f4c747bdcc0fdc5eeba955df7546577d69aa47cbd7b8afb25643325f710642949c7f362a3f30c98590bf4bf8b551a5b8edb7004cfed068b5f9dc2f1e0919d15fbbb591a965586fe40b1ddebb589160a3301fdae4b44bbb49c869d7ee31aa5134dd1bc49f36f8d113bd02beb49562d062442b0be51b155d8f3eb3f524005098f2ecbfd738e9e4a7ac7296e013cea751954fb8e511339e3a0aba2f15e6bb20e6e2f0a1ea596f8412fdfbf4c95706728f1ba5ed5a034c1aad4b156a711efc54521c1cb47d6712697317cc124e7295373a48a8fd0030595b266b669d6bc9cf94a821c1839c0a30009bc0dd3e979daa661f3a4500947fa05438418d94605b3ca0064802972d5587accab770c16f2b699c818aca38e5f4c556b86b73b7254743e186fba9cebbc6867fe7d83b06e7c0dfc54ffd17045dc3625fd6391a5294df960e9f5fdaf32a8460df8a842a516feccebe859a468b23af795cf8753ec17c1a3d8ee100765a936a24124551326b8c06974f213a90fc34a99eecc686aab66eff627d937ef3a189e8a79be0e6d3f470716915740c51004b85d258881f2339c13716a854a7200c02c7fa1d1e776ae4a2f460eef81254f258e63b5a198f398a2ce1bae5880d71120b3c6dfe36ba47cab5ee715c12bc4835ea1f7fca1a0e2251fe2a9fe53880dfc9401f58953ada58f2a1ae1a76fa64973874574d64ab8d47ec891c65cf7493e218abb1abe840ac70cd16d9f62e2da6fad0119e96d519d366ec39fe4ac943f751d8a7ffbdcd6e3562dae63916db2e57e53955b95c83a304faf405283ec27d49dd67544862819bb77811e99f723c0d9af65682faabb314ed93eee42817e3f47a518e48efaf55abe42e8490f160850c4abace166b12c3c49ba474bafd0ce9e3bda9c72673da58625745e6af244118267135f3fe88c91041dab2f312798b3a653fc1e2a9a0de324c932d01e529d8874b84b70af0c703a566e6e142d2e49ec213c53e29919fdf1c7dc681f83ec2448b57cc387d071651bb8d657e4ceec63f0a5eff7c1f7ed3f417769c950275bcd1f17a8839b4ea83bd829ff5097ed96ccef169eb067181d3eb5062977201338f9ef4db1a814c1be7dc49335616f1dc132e484a3a5b6837240809ece5e5b55ecf357501ece46219014ad428d4c2ce94b5ddbf0cefdb713385c9f85480439281bf9e5dfcb24a61e7049caad3195be86d163f7874102223bc1a97666a85bef31a5db4a97eceb347731e4657b11f9b53cbe4e2f780a61966849ceafa9c0fa28c358ac25cd70ac2079a98d3b0917cb", 0x1000}], 0x4, &(0x7f00000052c0)=ANY=[@ANYBLOB="20000000000000000100000001000000", @ANYRES32=r14, @ANYRES32=r15, @ANYRES32=r14, @ANYBLOB="0000000030000000000000000100000001000000", @ANYRES32=r15, @ANYRES32=r14, @ANYRES32=r14, @ANYRES32=r15, @ANYRES32=r14, @ANYRES32=r14, @ANYRES32=r15, @ANYBLOB="871c80f931f57ce3070a1ef197bce75bebd11bd90b1f02ef63fa4d0b82ee4267ac800a0e13bb0a6432a15aa23c3d16d1067ada05c4dfc4a1d733ae6ddffdc10335e45b285d0ab8e977ad72777ba5cdc977f96c0a826ca28e58532a06c920504895fe29f376aa1cce12ae712e4f9d9651e4339856742c249e1e11"], 0x50, 0x4000000}, {&(0x7f0000004d00)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000004e80)=[{&(0x7f0000004d80)="07ca593288cf0e7a13fe80a4b7dc255aeb232a25169eece57dbb316b00fb7a5412c8c26a9c666498c5526a8aa844c8cd4a0c", 0x32}, {&(0x7f0000004dc0)="ad9bc734a5bb713ceed6f57cd3df4efac11aef2fe7517024c2c8c8889e603038b10ccd05d7f310492604577b6fe12180f37e3effeb46df5e1a63471619685be81c7747cbf3cd81394184fd870fa75759c6cccbef77f02f1eecae62382ecdd4743d672b263445d2f6ef043b242efb149d171e8f155170890d0976b4720dbb48d13fa819ce2c0014f75ef6f2fe1108e0f96f3a7b4744d3fa6a472264ffd2a6f680", 0xa0}], 0x2, &(0x7f0000005000)=[@cred={0x20, 0x1, 0x2, r16, r29, r11}, @rights={0x18, 0x1, 0x1, [r15]}, @cred={0x20, 0x1, 0x2, r16, r30}], 0x58, 0x4000000}], 0x7, 0x10)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
move_pages(r16, 0x1, &(0x7f00000000c0)=[&(0x7f00004bd000/0x1000)=nil], 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x4)

[  565.824711] binder: 8123:8132 ioctl 40046207 0 returned -16
[  565.833815] binder_alloc: 8123: binder_alloc_buf, no vma
[  565.839418] binder: 8123:8148 transaction failed 29189/-3, size 24-8 line 2967
[  565.847451] binder: send failed reply for transaction 3769 to 8123:8132
[  565.859510] binder: undelivered TRANSACTION_ERROR: 29201
[  565.865049] binder: undelivered TRANSACTION_ERROR: 29189
09:41:18 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:41:18 executing program 7:
pipe2(&(0x7f0000000000)={<r0=>0xffffffffffffffff}, 0x80800)
ioctl$SNDRV_RAWMIDI_IOCTL_DROP(r0, 0x40045730, &(0x7f00000000c0)=0x9)
sync()

09:41:18 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x7a000000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:41:18 executing program 4:
syz_emit_ethernet(0x0, &(0x7f0000000140)=ANY=[], 0x0)
syz_emit_ethernet(0x42, &(0x7f0000000040)={@local, @dev={[], 0x18}, [{[], {0x8100, 0x9, 0x6, 0x4}}], {@arp={0x806, @generic={0x200, 0xf5, 0x6, 0xc, 0x5, @dev={[], 0x18}, "f6f04c87aee4f53b18562228", @broadcast, "315fb962f91c074a8e57fdde9ce978b8"}}}}, &(0x7f00000000c0)={0x0, 0x1, [0xfa5, 0xefd, 0x59c, 0x72f]})
recvmmsg(0xffffffffffffff9c, &(0x7f0000006600)=[{{&(0x7f0000000100)=@ipx, 0x80, &(0x7f0000000280)=[{&(0x7f0000000000)=""/51, 0x33}, {&(0x7f0000000180)=""/34, 0x22}, {&(0x7f00000001c0)=""/140, 0x8c}], 0x3, &(0x7f00000002c0)=""/17, 0x11, 0x7fff}, 0x6}, {{&(0x7f0000000300)=@nfc, 0x80, &(0x7f0000000440)=[{&(0x7f0000000380)=""/142, 0x8e}], 0x1, &(0x7f0000000480)=""/4096, 0x1000, 0x3}, 0x6}, {{&(0x7f0000001480)=@pppol2tpv3={0x18, 0x1, {0x0, <r0=>0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, 0x80, &(0x7f0000001a80)=[{&(0x7f0000001500)=""/250, 0xfa}, {&(0x7f0000001600)=""/15, 0xf}, {&(0x7f0000001640)=""/38, 0x26}, {&(0x7f0000001680)=""/194, 0xc2}, {&(0x7f0000001780)=""/135, 0x87}, {&(0x7f0000001840)=""/149, 0x95}, {&(0x7f0000001900)=""/187, 0xbb}, {&(0x7f00000019c0)=""/55, 0x37}, {&(0x7f0000001a00)=""/30, 0x1e}, {&(0x7f0000001a40)=""/51, 0x33}], 0xa, &(0x7f0000001b40)=""/14, 0xe, 0x5}, 0x4}, {{&(0x7f0000001b80)=@can, 0x80, &(0x7f0000001ec0)=[{&(0x7f0000001c00)=""/221, 0xdd}, {&(0x7f0000001d00)=""/251, 0xfb}, {&(0x7f0000001e00)=""/132, 0x84}], 0x3, 0x0, 0x0, 0x76219b25}, 0xfffffffffffffffc}, {{&(0x7f0000001f00)=@vsock={0x28, 0x0, 0x0, @my}, 0x80, &(0x7f0000003440)=[{&(0x7f0000001f80)=""/1, 0x1}, {&(0x7f0000001fc0)}, {&(0x7f0000002000)=""/246, 0xf6}, {&(0x7f0000002100)=""/4096, 0x1000}, {&(0x7f0000003100)=""/186, 0xba}, {&(0x7f00000031c0)=""/183, 0xb7}, {&(0x7f0000003280)=""/213, 0xd5}, {&(0x7f0000003380)=""/154, 0x9a}], 0x8, 0x0, 0x0, 0x8000}, 0xfb}, {{&(0x7f00000034c0)=@nfc, 0x80, &(0x7f00000037c0)=[{&(0x7f0000003540)=""/34, 0x22}, {&(0x7f0000003580)=""/8, 0x8}, {&(0x7f00000035c0)=""/28, 0x1c}, {&(0x7f0000003600)}, {&(0x7f0000003640)=""/198, 0xc6}, {&(0x7f0000003740)=""/88, 0x58}], 0x6, &(0x7f0000003840)=""/178, 0xb2, 0xfffffffffffffff9}, 0x5}, {{&(0x7f0000003900)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000003f40)=[{&(0x7f0000003980)=""/97, 0x61}, {&(0x7f0000003a00)=""/165, 0xa5}, {&(0x7f0000003ac0)=""/254, 0xfe}, {&(0x7f0000003bc0)=""/35, 0x23}, {&(0x7f0000003c00)=""/194, 0xc2}, {&(0x7f0000003d00)=""/129, 0x81}, {&(0x7f0000003dc0)=""/58, 0x3a}, {&(0x7f0000003e00)=""/149, 0x95}, {&(0x7f0000003ec0)=""/127, 0x7f}], 0x9, &(0x7f0000004000)=""/155, 0x9b, 0x2}, 0x100}, {{0x0, 0x0, &(0x7f0000005140)=[{&(0x7f00000040c0)=""/4096, 0x1000}, {&(0x7f00000050c0)=""/84, 0x54}], 0x2, &(0x7f0000005180)=""/96, 0x60, 0x10000}, 0x1}, {{&(0x7f0000005200)=@pppol2tp={0x18, 0x1, {0x0, <r1=>0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0x80, &(0x7f0000005300)=[{&(0x7f0000005280)=""/107, 0x6b}], 0x1, &(0x7f0000005340)=""/139, 0x8b, 0x6}, 0x400}, {{0x0, 0x0, &(0x7f00000055c0)=[{&(0x7f0000005400)=""/194, 0xc2}, {&(0x7f0000005500)=""/56, 0x38}, {&(0x7f0000005540)=""/92, 0x5c}], 0x3, &(0x7f0000005600)=""/4096, 0x1000, 0x1b600000000000}, 0x9}], 0xa, 0x10000, &(0x7f0000006880))
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f00000068c0)={&(0x7f0000ffe000/0x1000)=nil, 0x1000}, &(0x7f0000006900)=0x10)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r0, 0x28, 0x6, &(0x7f0000001fc0), 0x10)
chroot(&(0x7f0000006980)='./file0\x00')
r2 = creat(&(0x7f0000003600)='./file0\x00', 0x32)
ioctl$KDGETKEYCODE(r2, 0x4b4c, &(0x7f0000006940)={0x7fffffff, 0x616c})

09:41:18 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)="6d7175657565ff", 0x0, &(0x7f0000000580))

09:41:18 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0xffffffffffffffff}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:18 executing program 1:
r0 = signalfd4(0xffffffffffffffff, &(0x7f00000000c0)={0x7fffffff}, 0x8, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000240)=""/159, 0x9f}], 0x1, 0x0)
r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x200, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000000300)=[@in6={0xa, 0x4e24, 0x9, @ipv4, 0xd143}, @in={0x2, 0x4e23, @rand_addr=0x4}, @in6={0xa, 0x4e23, 0x9, @remote, 0x7}, @in={0x2, 0x4e20, @local}, @in6={0xa, 0x4e23, 0x0, @remote, 0x6}, @in={0x2, 0x4e24, @remote}], 0x84)
readv(r0, &(0x7f0000000040)=[{&(0x7f000004f000)=""/128, 0x80}], 0x266)
syz_emit_ethernet(0x67, &(0x7f0000000140)=ANY=[@ANYBLOB="aaaaaaaaaa1faaaaaaaaaabb8100d8000011feffcb6963e8a1f5e3ae5fd90dabba8b28a15f613e7bef7d9222203c70e563af373b740b7b2ad36b8541ae3e3ceef7eb97b3ac05414c8ae78dd96f7133ff4f7284572f25aff90663eaf5dc6d6659732b69019a8f5c"], &(0x7f00000001c0)={0x0, 0x3, [0x260, 0xa3b, 0x676, 0xf1c]})
timer_create(0x0, &(0x7f0000000480)={0x0, 0x16, 0x0, @thr={&(0x7f0000000340), &(0x7f0000000400)}}, &(0x7f00000004c0))
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r1, 0xc0045540, &(0x7f0000000080))
getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffff9c, 0x84, 0xa, &(0x7f0000000200)={0xda, 0x800, 0x8004, 0x9, 0xfffffffffffffffc, 0x3f, 0x0, 0x5, <r2=>0x0}, &(0x7f00000003c0)=0x20)
getsockopt$inet_sctp_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000400)={r2, 0x8}, &(0x7f0000000440)=0x8)

09:41:18 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070")
r1 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000000000000009000000000000020000000000000000200000"], 0x1c}}, 0x0)
sendmmsg$alg(r1, &(0x7f0000000140)=[{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0x492492492492805, 0x0)

[  566.092324] binder: 8180:8181 got new transaction with bad transaction stack, transaction 3775 has target 8180:0
[  566.102788] binder: 8180:8181 transaction failed 29201/-71, size 0-0 line 2879
09:41:18 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:41:18 executing program 7:
sync()
r0 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x1, 0x404800)
setsockopt$inet_mreq(r0, 0x0, 0x23, &(0x7f0000000040)={@dev={0xac, 0x14, 0x14, 0xb}, @dev={0xac, 0x14, 0x14, 0x1f}}, 0x8)

[  566.173337] Unknown ioctl -1073457856
09:41:18 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000003, 0x7e637e84)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x12)
syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047", 0x3b}], 0x1, 0x0, &(0x7f0000000080), 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000140)={0x6, 0x0, [0x12, 0x1]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

09:41:18 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0x3a}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

[  566.198863] binder_alloc: binder_alloc_mmap_handler: 8180 20001000-20004000 already mapped failed -16
[  566.221446] Unknown ioctl -1073457856
[  566.225487] binder: BINDER_SET_CONTEXT_MGR already set
[  566.245133] binder: 8180:8181 ioctl 40046207 0 returned -16
09:41:18 executing program 6:
r0 = socket$inet6(0xa, 0x1, 0x0)
getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f0000000380)=ANY=[@ANYRES32=<r1=>0x0, @ANYBLOB="fc000000d52187913ccc215b71500009919e169ff1607db4d681a411e5f5b0d36f2d7232e84ff147857ed8f95043238868634930d771e89e2c61a8d8ff985c4b7a331cfd1d112f45ecde73b6e391aa13d1a8ce46a96a3337b5556f40b790d44e97de1dc8bbdef82caaf5f015414e2d4e122c1ab5d2bdd1716d79218c6d4a1da7a931295b1be31d787c79db229a65e88f55126426dd11582e4d8ada23c7b083cfad977396f8b77e33e37a7e8e18dfebf2dc40622e5cdf2f792e3d0ca11e5ce40e40f7fe2c8d17afba7ec0402a164b9ba50b826d5e297aa66a4d74037eb0e4d745255ed28e43872cc7bce52d325d78b2c6b1eaa2b900759fd61ca52894faf62d99d086e6d9"], &(0x7f0000000000)=0x104)
setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x19, &(0x7f0000000040)={r1, 0x5}, 0x8)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
r2 = socket$inet6(0xa, 0x802, 0x0)
setsockopt$inet6_buf(r2, 0x29, 0x39, &(0x7f0000000340)="ff0204000000020500000000000000000000000000000000", 0x18)
connect(r2, &(0x7f00000000c0)=@in, 0x80)
socket$inet6(0xa, 0x80000, 0x8)
sendto$inet6(r2, &(0x7f0000000000), 0xffcb, 0x0, &(0x7f0000000300)={0xa, 0x4e21, 0x0, @mcast1}, 0x1c)

09:41:19 executing program 1:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='Nids.current\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0x1, 0x4, 0x1000, 0x1, 'syz0\x00', 0xea})
r1 = socket$inet6(0xa, 0x1, 0x0)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @dev, 0x7}, 0x1c)
getsockopt$ARPT_SO_GET_REVISION_TARGET(r0, 0x0, 0x63, &(0x7f00000000c0)={'ah\x00'}, &(0x7f0000000100)=0x1e)

09:41:19 executing program 7:
sync()
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='\\posix_acl_accessposix_acl_access!:-vmnet05em0prockeyriNgvmnet0GPLwlan1ppp1\x00', 0xffffffffffffff9c}, 0x10)
setsockopt$inet6_dccp_buf(r0, 0x21, 0xd, &(0x7f0000000100)="dc4592df5cee04ce90af1f11d0ce7e91567caf17cf4c36232549146761e5eafbef8f17a65260ec864d24f1ce36986471195c3417cc260cbbbac72218bd73d990148dc77624d7f9ab29ce7e2a4ce0d709b029dd0605f12a8648ea7e12a007d869f807ffaf2de26226672d46bcfc59f61b6c0cc45f25904cd0b3d1398cb6560789194a441e67b6a0b861a08cb419c224fea7e0dc6aa373e2435fd56440fc4127d64ea4856579dca823f14c4ea6df8601002bac6c92330fe50e8d8cd1d444d0dae66671d470c204e7368d2604686860ba85462c4b220fe791a6240c8bd5", 0xdc)
socketpair$unix(0x1, 0x6, 0x0, &(0x7f0000000280))

[  566.303767] binder_alloc: 8180: binder_alloc_buf, no vma
[  566.309755] binder: 8180:8220 transaction failed 29189/-3, size 24-8 line 2967
[  566.310188] binder: send failed reply for transaction 3775 to 8180:8181
09:41:19 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1100000000000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:41:19 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0x3a00000000000000}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

[  566.404304] binder: undelivered TRANSACTION_ERROR: 29201
[  566.409891] binder: undelivered TRANSACTION_ERROR: 29189
09:41:19 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:41:19 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0xa000000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:41:19 executing program 1:
r0 = socket$inet6_sctp(0xa, 0x20000005, 0x84)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@loopback, 0x6, 0x3, 0x20000000000002, 0x1, 0x20, 0x4, 0x200}, &(0x7f0000000040)=0xfffffffffffffd8f)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/xfrm_stat\x00')
sendfile(r1, r1, &(0x7f0000000140), 0x6)

09:41:19 executing program 7:
sync()
clock_getres(0x5, &(0x7f0000000000))

09:41:19 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0x700000000000000}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:19 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:41:19 executing program 4:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={&(0x7f0000000080), 0xc, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="2800000013000100000000000000000000000000", @ANYRES32, @ANYBLOB="00000000000000000000000000000000ced4154f8219073bcba5dc68f779ea1c2a571a9630151f22f9a03d787d136ae9471d6d20c45f6d83974162b2d6785aa533191630b9b9"], 0x28}}, 0x0)
r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2000)
ioctl$EVIOCGSND(r1, 0x8040451a, &(0x7f0000000040)=""/61)

09:41:19 executing program 6:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/vhost-vsock\x00', 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, &(0x7f0000000000))
r1 = eventfd(0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x800, 0x0)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f00000002c0)={0x0, r1})
r2 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000080)={0x10000010})
write$binfmt_elf32(r1, &(0x7f0000000380)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x58)

09:41:19 executing program 1:
r0 = socket$netlink(0x10, 0x3, 0x3)
sendmsg$nl_route(r0, &(0x7f000000dc01)={&(0x7f0000016000), 0xc, &(0x7f000000b000)={&(0x7f000000efcc)=@mpls_newroute={0x1c, 0x18, 0x21, 0x0, 0x0, {0x1c, 0x14, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x1, 0x2000}}, 0x1c}}, 0x0)
r1 = socket$inet6_sctp(0xa, 0x4000000000000001, 0x84)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x0, @remote}}}, &(0x7f0000000000)=0x44)
r2 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x600000000, 0x4000)
setsockopt$packet_fanout_data(r2, 0x107, 0x16, &(0x7f00000000c0)={0x5, &(0x7f0000000080)=[{0xffffffffffffff7f, 0x5, 0x6a9, 0x3}, {0x6, 0x1, 0x8}, {0x5, 0x501, 0x3, 0x8}, {0xffffffff, 0x8, 0x1, 0x6}, {0x1, 0x6ba, 0x2, 0x65f5}]}, 0x10)

[  566.605599] netlink: 8 bytes leftover after parsing attributes in process `syz-executor4'.
[  566.629281] binder: 8252:8263 got new transaction with bad transaction stack, transaction 3781 has target 8252:0
[  566.639845] binder: 8252:8263 transaction failed 29201/-71, size 0-0 line 2879
09:41:19 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0x7000000}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:19 executing program 7:
r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x7, 0x0)
fcntl$F_GET_FILE_RW_HINT(r0, 0x40d, &(0x7f0000000040))
sync()

09:41:19 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  566.693731] netlink: 8 bytes leftover after parsing attributes in process `syz-executor4'.
09:41:19 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070")
r1 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x7, 0x101000)
write$P9_RXATTRCREATE(r1, &(0x7f0000000040)={0x7, 0x21, 0x1}, 0x7)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'rmd320-generic\x00'}, 0x58)
r3 = accept$alg(r2, 0x0, 0x0)
getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000140)={{{@in6=@mcast1, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}}, {{@in=@rand_addr}, 0x0, @in=@dev}}, &(0x7f0000000240)=0xe8)
write$P9_RWSTAT(r1, &(0x7f0000000340)={0x7, 0x7f, 0x2}, 0x7)
r5 = add_key$keyring(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000300)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$get_persistent(0x16, r4, r5)
sendmmsg$alg(r3, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x159, &(0x7f0000000100)=[@op={0x18}], 0x24}], 0x4924924924924b1, 0x0)

09:41:19 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

[  566.761606] binder_alloc: binder_alloc_mmap_handler: 8252 20001000-20004000 already mapped failed -16
[  566.776179] binder: BINDER_SET_CONTEXT_MGR already set
[  566.781735] binder_alloc: 8252: binder_alloc_buf, no vma
[  566.787282] binder: 8252:8271 transaction failed 29189/-3, size 24-8 line 2967
[  566.798285] binder: 8252:8263 ioctl 40046207 0 returned -16
09:41:19 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0x3f00}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:19 executing program 4:
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
creat(&(0x7f0000001480)='./file0\x00', 0x0)
socket$key(0xf, 0x3, 0x2)
timer_create(0x0, &(0x7f0000000100)={0x0, 0x4, 0x0, @thr={&(0x7f0000000280)}}, &(0x7f0000000000)=<r0=>0x0)
timer_delete(r0)

[  566.806445] binder: send failed reply for transaction 3781 to 8252:8263
[  566.817283] binder: undelivered TRANSACTION_ERROR: 29201
[  566.822805] binder: undelivered TRANSACTION_ERROR: 29189
09:41:19 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c00000000000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:41:19 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x1200, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:41:19 executing program 7:
sync()
r0 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0xfffffffffffffffb, 0x0)
getsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0x8, &(0x7f0000000040)=0x5842, &(0x7f0000000080)=0x4)

09:41:19 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0xfffffffffffffffb)
getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x29, 0x41, &(0x7f00000000c0)={'security\x00'}, &(0x7f0000000100)=0x24)
ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_buf(r1, 0x0, 0x17, &(0x7f0000000000)=""/145, &(0x7f0000695ffc)=0x91)
r2 = syz_open_dev$amidi(&(0x7f0000000140)='/dev/amidi#\x00', 0x5, 0x4000)
write$P9_RSTATFS(r2, &(0x7f0000000180)={0x43, 0x9, 0x2, {0x1, 0x20, 0x9, 0x100000001, 0x5, 0x400, 0x3ff, 0x2, 0x8}}, 0x43)

09:41:19 executing program 1:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'echainiv(rfc4106(gcm(aes)))\x00'}, 0x58)

09:41:19 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0xffff000000000000}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:19 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0)
remap_file_pages(&(0x7f0000007000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer2\x00', 0x1, 0x0)
getsockopt$inet_mreqn(r1, 0x0, 0x20, &(0x7f00000001c0)={@remote, @broadcast}, &(0x7f0000000240)=0xc)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_XSAVE(r2, 0x5000aea5, &(0x7f00000002c0)={"9077c9fd7b34639fc8d7bfca65cbc328d8abaa8766416b189bca6e4b3c8957cd266190e86da6e6ca82866d659bb2d799929bbe7385e52f35eab6b83c919f9be4863d91caedc4ca1518a6c38e1e1dfd26364010683cec0cbb81ab7cc3469d450a35d6e53c9e2f5c25e425d4337213c3209c6a76f829dfc94b0b582dd1164a0d428fa2743c2a54bb01058e4ccb5c9848270a1d3e44ffe21faf413b5cfdf9ad7777887cb6c8eb63bcf64b869cf2b8e65c4b4f58e2515658be9ab91139e3a4e797e379024e09788eac4d10cc7152a066eaafb1511ebcdc7f23a830e340c0a5fc30103166099bc5901ad1260116d17694316eb2c53a9e690b9641ea4f5262afc42747fb5376ad7bd8fcb8ffe81be00dc845dc3ccf34e569ea630a92cbaea18d950456843c2165e434441d7bb8d86e25ca73cac236994f480705bf145bb50c2adb55af7fbf27225f870ec2c3705861fbd13f3dd99ccb12edbe1ada49d41135a5d11f2fcf986e31468f543d9aac369e9d6d49b1b752a01d97a78799e8c0983a554ecedf7d576263f48aa7d6778ff3bc22029a5a3baf7574a7da840b36241e2fd899b5103a8712f7f3ea669afa1767134887d3d637d658859d00b33f1052c16897954f53c53a750ca871efeffa2794d124069a6d5cd4a881238fbf46de21bd3081f17ca619be8438e1adbe0194e0e66a36e0ca770f787c29bebf31584aa41580babe329e8f7633457f5da2047257d7ec040a77893cae1b5215d9454e4024c9313e379783853a49e0632b1c3526bbaeb950688b9fc900820ae21a86e8e7ed8e5a69521283a5054dddbd35542eb0b6b54466a5e677f685d01cb442ebe638388e411bf404d0b5a3994646505ee3b2099f760069f9f7da7a1fd472b2a8f00809f87328f43a7013473b0ec37d72091f552534ed2de8607a3bcbe74824c0928c2fcc845cbee62097cc79633872ef9db2fab33d4dd6bfec504bef4ee300a5e74576daaeb08e9209ac1d13f6b4f9259864e486347b5bb5ebbe3b329eec72bcfb4727f9ab1b32492a10d010d2d5de91c5d52aec1ac9c91986c35802831b015d003cf0dedf17ae5852f3c641688d7bb67cdee697cd67160982f772c88a9e3ef85c15ac3a7cd49bedf08c8bb894e0c226561ab2776a9828e649d4a3f6255f87d44c18677b54b58179bd05d39b489bfcebace9febe05ef9ac1c448e0a3b6e854773e7d031964098dede2cb6c324cf5b1faeace54189b0961d0419fe9890331a95af0ae60aa2c0b04bf7e34fce00409b7cf24a8e1781d3d9cbffda7ac968316c83d8665d462500f43dd6820a15d2b6f57e78402e590c8569cfcc0bc63df6721524d3971c330590e6c058f84bf7c35de373e40947b14781bfa404a5c4c3aaa9d3b920e58fc1edc83493a3343209e27289348338b3be41baeb58c84d98645b7ac5aeac7eaf45ac5b37eda54"})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000100)="66b91000004066b80000000066ba000000000f30baa000eddb8f05000f89ae6a660f3a22efa80f09f00fc709f20f1ab60d0066b93608000066b80000000066ba008000000f3066b9800000c00f326635000800000f30", 0x56}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
open_by_handle_at(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x0)
pipe(&(0x7f0000000000)={<r5=>0xffffffffffffffff})
setsockopt$inet6_tcp_int(r5, 0x6, 0x10, &(0x7f0000000080)=0x8001, 0x4)

[  567.014115] binder: 8322:8326 got new transaction with bad transaction stack, transaction 3787 has target 8322:0
[  567.024844] binder: 8322:8326 transaction failed 29201/-71, size 0-0 line 2879
09:41:19 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:41:19 executing program 7:
r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x7, 0xc101)
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000000c0)={<r1=>0x0, @in6={{0xa, 0x4e21, 0x9, @mcast2, 0x8}}, 0xa5a2, 0x90, 0x80000001, 0x10001, 0xfe}, &(0x7f0000000180)=0x98)
setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={r1, 0x5, 0x9, 0x0, 0x2, 0x5}, 0x14)
sync()

09:41:19 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0x3000000}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:19 executing program 6:
r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x242, 0x0)
syslog(0x9, 0x0, 0x0)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000000c0))
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ppp\x00', 0x500, 0x0)
listen(r1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
shutdown(r1, 0x2)
ioctl$sock_SIOCOUTQNSD(r1, 0x894b, &(0x7f0000000040))

09:41:19 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:41:19 executing program 1:
r0 = socket$inet6(0xa, 0x80803, 0x30)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000280)={{{@in6=@mcast2, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}}, {{@in6=@mcast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000380)=0xe8)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f00000003c0)={{{@in6=@dev, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in6=@mcast2}, 0x0, @in6=@loopback}}, &(0x7f00000004c0)=0xe8)
setreuid(r2, r1)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
r4 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0xfffffffffffffffe, 0x2000)
ioctl$VHOST_SET_VRING_BUSYLOOP_TIMEOUT(r4, 0x4008af23, &(0x7f00000000c0)={0x2, 0x9})
bind$netlink(r3, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@local, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@multicast1, 0x0, 0x32}, 0x0, @in6, 0x0, 0x0, 0x0, 0x8464}}, 0xe8)
connect$inet6(r0, &(0x7f0000000040), 0x1c)
fcntl$getown(r4, 0x9)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000540)='IPVS\x00')
sendmsg$IPVS_CMD_ZERO(r3, &(0x7f0000000600)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, r5, 0x400, 0x70bd2c, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x10)
getsockopt$bt_BT_SECURITY(r4, 0x112, 0x4, &(0x7f0000000200), 0x2)

09:41:19 executing program 4:
r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x80, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffff9c, 0x84, 0x14, &(0x7f0000000040)=@assoc_value={<r1=>0x0}, &(0x7f0000000080)=0x8)
getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f00000000c0)={0xfffffffffffffe00, 0x10001, 0xd, 0x8, 0x2, 0x100, 0x2, 0x8, r1}, &(0x7f0000000100)=0x20)
r2 = socket$inet6(0xa, 0x1000001000002, 0x0)
ioctl(r2, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070")

[  567.187504] binder_alloc: binder_alloc_mmap_handler: 8322 20001000-20004000 already mapped failed -16
[  567.212929] binder: BINDER_SET_CONTEXT_MGR already set
[  567.224529] binder: 8322:8326 ioctl 40046207 0 returned -16
09:41:19 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0x2000000}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:19 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40030000000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:41:20 executing program 7:
r0 = openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cuse\x00', 0x100000000000082, 0x0)
ioctl$FICLONERANGE(r0, 0x4020940d, &(0x7f0000000000)={r0, 0x0, 0x200, 0x4, 0x1})
read(r0, &(0x7f0000000100)=""/182, 0xfffffe49)
setsockopt$netlink_NETLINK_CAP_ACK(r0, 0x10e, 0xa, &(0x7f0000000040)=0x10001, 0x4)
sync()
ioctl$KVM_SET_PIT2(r0, 0x4070aea0, &(0x7f00000001c0)={[{0xc4, 0x8, 0x80, 0x7, 0x7ff, 0x9c01, 0x80000000, 0x4, 0x800, 0x4a86a32a, 0x2, 0xfff, 0x6}, {0x7, 0xfffffffffffffff8, 0x0, 0x5, 0x2, 0x2, 0xffffffffffffff01, 0x100000001, 0x0, 0x0, 0xffffffff, 0x8, 0x5}, {0x9, 0x0, 0x46f, 0x61, 0x5d, 0xe1, 0x9, 0xfffffffffffffffb, 0x62b5, 0x62c, 0x100000000, 0x9, 0x60b}], 0x72})

[  567.269532] binder_alloc: 8322: binder_alloc_buf, no vma
[  567.275108] binder: 8322:8361 transaction failed 29189/-3, size 24-8 line 2967
[  567.283498] binder: send failed reply for transaction 3787 to 8322:8326
[  567.298299] binder: undelivered TRANSACTION_ERROR: 29201
[  567.303850] binder: undelivered TRANSACTION_ERROR: 29189
09:41:20 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:41:20 executing program 4:
r0 = socket$inet6(0xa, 0x802, 0x0)
r1 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x8, 0x80)
getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000080)={<r2=>0x0, 0xa944, 0x6, 0x1000, 0xfff, 0x10000}, &(0x7f00000000c0)=0x14)
setsockopt$inet_sctp_SCTP_ADD_STREAMS(r1, 0x84, 0x79, &(0x7f0000000140)={r2, 0x8, 0x8}, 0x8)
ioctl(r0, 0x100008912, &(0x7f0000000100)="025cc80700145f8f764070")
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TCFLSH(r3, 0x80045439, 0x706ffc)
r4 = getuid()
ioprio_set$uid(0x3, r4, 0x90a)

09:41:20 executing program 1:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000deb000)={0x2, 0x3, @broadcast}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000140)='bbr\x00', 0x4)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000af5000)={0x1, &(0x7f00006dc000)=[{0x6, 0x0, 0x0, 0xa1}]}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000f59000), 0x4)
sendto$inet(r0, &(0x7f0000000440), 0x0, 0x200007ff, &(0x7f0000deaff0)={0x2, 0x3, @loopback}, 0x10)
sendto$inet(r0, &(0x7f00005c8000)="c3401c344654f3c7d9fe1ba48c8e399aa4eedc3d6bd8ebd65c856a45d61154adc2b2a976fbffffffffffffff38e9dd18c58f6bd779650fc30f09000000ecf323c9f6502ceab47e58114347b289546465a5eb278de12b1989f64cc99412e36880d20c34d91051b22f6c8acc9d082b7bcdec844f667da0867d08d4154004997e317b79", 0x82, 0x81, &(0x7f0000e66000)={0x2, 0x0, @multicast2}, 0x10)
sendto$inet(r0, &(0x7f0000000300)='^', 0x1, 0x0, &(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10)
sendto$inet(r0, &(0x7f0000000040)="9042415791052c81181197932a510553fe54f0d69f4337d9e9806113cff1fdfa03fc9056009d4d894d61909df9d1", 0x2e, 0x4000000, &(0x7f0000000080)={0x2, 0x4e23, @remote}, 0x10)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snapshot\x00', 0x0, 0x0)
getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000180)={<r2=>0x0, 0x6, 0x0, 0x7, 0x9, 0xad, 0x6, 0xfffffffffffffffd, {0x0, @in6={{0xa, 0x4e22, 0x0, @mcast1, 0x2}}, 0x6, 0x6, 0x100, 0x7, 0x90}}, &(0x7f0000000240)=0xb0)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000280)={r2, 0x4000000000}, 0x8)
sendto$inet(r0, &(0x7f0000000440)="322792bd6734dd44edf52c6b1b6bd3d06437e1e682eb000607563dce8c1ea0d242ec93d19116fd4473eb0cd7fa177bb17891c0280f5cb6be7baa2d486f0a69b787279e192b671926ca10bfcdfa59c718c154739f4e3644d56bddd0f97cb88a8e3bec09d0a7216c03cc9bb5f778759032cf1a549f5df8", 0x76, 0x0, &(0x7f00000000c0)={0x2, 0x0, @multicast2}, 0x10)
read(r0, &(0x7f0000000340)=""/206, 0xce)
shutdown(r0, 0x1)
ioctl$SG_GET_NUM_WAITING(r1, 0x227d, &(0x7f00000002c0))

09:41:20 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0x7}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:20 executing program 6:
r0 = socket$inet6(0xa, 0x2000000000001, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x8, &(0x7f0000000000)=0x8, 0x4)
getsockopt$inet6_buf(r0, 0x29, 0x6, &(0x7f0000501000)=""/95, &(0x7f0000f12000)=0x5f)
getsockopt$IP6T_SO_GET_REVISION_MATCH(r0, 0x29, 0x44, &(0x7f0000000040)={'ipvs\x00'}, &(0x7f0000000080)=0x1e)
socket$inet6(0xa, 0x0, 0x10001)
setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f00000000c0)=0x7, 0x4)

09:41:20 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:41:20 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:41:20 executing program 7:
r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000080)=r0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000000)={0x3, 0x98e, 0x0, 0xffffffffffffffff, 0x6, 0x8, 0x5, 0x0, 0x7, 0x36b, 0xb3, 0x100000000})
sync()
getsockopt$IP_VS_SO_GET_INFO(r0, 0x0, 0x481, &(0x7f0000000040), &(0x7f0000000100)=0xc)
open(&(0x7f00000000c0)='./file0\x00', 0x3, 0x20)

09:41:20 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={[], 0xffff0000}, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:20 executing program 4:
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff})
ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x1)
r1 = socket$netlink(0x10, 0x3, 0xc)
r2 = socket$netlink(0x10, 0x3, 0xc)
writev(r1, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f00000002031900000007000000068100ed853b09000100010100ff3ffe58", 0x1f}], 0x1)
writev(r2, &(0x7f0000fb5ff0)=[{&(0x7f0000fb6000)="1f00000002031900000007000000e3800802bb0509000100010100493ffe58", 0x1f}], 0x1)
r3 = socket$netlink(0x10, 0x3, 0xc)
writev(r3, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000003031900030007000000068100023b0509000100010100ff1ffe58", 0x1f}], 0x1)

[  567.546835] binder: 8396:8406 got new transaction with bad transaction stack, transaction 3793 has target 8396:0
[  567.558061] binder: 8396:8406 transaction failed 29201/-71, size 0-0 line 2879
09:41:20 executing program 7:
sync()
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x100, 0x0)
setsockopt$IP_VS_SO_SET_EDIT(r0, 0x0, 0x483, &(0x7f0000000040)={0xbf, @broadcast, 0x4e21, 0x3, 'none\x00', 0x4, 0x20, 0xf}, 0x2c)
ftruncate(r0, 0x1a91a470)

09:41:20 executing program 6:
r0 = socket(0x1, 0x200000002, 0x0)
r1 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000000)=0xb4, 0x4)
openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x400000, 0x0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x33, &(0x7f0000000300)={0x200000000000000d, &(0x7f00000002c0)}, 0x10)
r2 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = gettid()
perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x81, 0x9, 0x3, 0x9, 0x0, 0x3, 0x4000, 0x4, 0x6, 0x8001, 0x4, 0x2, 0x3, 0x8466, 0x5, 0x8, 0x7, 0x3, 0x20000000000000, 0x4, 0x7, 0xfffffffffffffffd, 0x7ff, 0x2, 0x100000001, 0x101, 0xfff, 0x6, 0x1, 0xfffffffffffffffb, 0x8, 0xfa5c, 0x5, 0x8, 0x100000001, 0xcb30, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffff7, 0x7fff}, 0x10010, 0x80000000, 0x7, 0x5, 0x4, 0x8000000000000, 0x3ff}, r3, 0x10, r2, 0xa)
dup2(r0, r1)

09:41:20 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe803000000000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:41:20 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f00000000c0)="025cc83d6d345f8f762070")
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="cc", 0x1)
r2 = accept$alg(r1, 0x0, 0x0)
r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x84001, 0x0)
ioctl$PIO_FONTX(r3, 0x4b6c, &(0x7f00000001c0)="def086c4a028a7b2")
write$P9_RREMOVE(r3, &(0x7f0000000100)={0x7, 0x7b, 0x2}, 0x7)
write$binfmt_script(r2, &(0x7f0000000300)=ANY=[], 0xffffffaa)
syz_open_dev$dmmidi(&(0x7f0000000200)='/dev/dmmidi#\x00', 0x2, 0x200000)
recvmsg(r2, &(0x7f0000000480)={&(0x7f0000000140)=@nl, 0x80, &(0x7f0000000600)=[{&(0x7f0000003480)=""/4096, 0x1000}], 0x1, &(0x7f0000000680)=""/151, 0x97}, 0x0)

09:41:20 executing program 4:
r0 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$sock_attach_bpf(r0, 0x10d, 0x2, &(0x7f0000000000)=r0, 0x223)

09:41:20 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

[  567.679666] binder_alloc: binder_alloc_mmap_handler: 8396 20001000-20004000 already mapped failed -16
[  567.704137] binder: BINDER_SET_CONTEXT_MGR already set
[  567.709720] binder: 8396:8406 ioctl 40046207 0 returned -16
[  567.766954] binder_alloc: 8396: binder_alloc_buf, no vma
[  567.772565] binder: 8396:8438 transaction failed 29189/-3, size 24-8 line 2967
[  567.786592] binder: send failed reply for transaction 3793 to 8396:8406
[  567.803678] binder: undelivered TRANSACTION_ERROR: 29201
[  567.809221] binder: undelivered TRANSACTION_ERROR: 29189
09:41:20 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:41:20 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev, [], {@ipv6={0x86dd, {0xffff0000, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:20 executing program 7:
r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x4000, 0x0)
ioctl$SG_SCSI_RESET(r0, 0x2284, 0x0)
sync()
socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r0, 0x80dc5521, &(0x7f0000000040)=""/163)
setsockopt$inet_MCAST_LEAVE_GROUP(r0, 0x0, 0x2d, &(0x7f0000000100)={0x2, {{0x2, 0x4e20, @broadcast}}}, 0x88)

09:41:20 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe00]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:41:20 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_GET_STATUS64(r1, 0x4c04, &(0x7f0000000000))
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f0000000100)="0f0103f26d67f2f7320fc79b000000000f01cbc4c23dab8b0a000000f2a3381dd45266baf80cb8bcbd3f80ef66bafc0cb803000000ef0f239df20f5a5b00", 0x3e}], 0x1, 0x0, &(0x7f0000000140), 0x0)
fchdir(r0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r4, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

09:41:20 executing program 6:
bind$alg(0xffffffffffffffff, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'sm3\x00'}, 0xffffffffffffff23)
writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000000)='2', 0x1}], 0x1)
r0 = syz_open_procfs(0x0, &(0x7f0000000080)="636c6561725f72656673007edb")
writev(r0, &(0x7f00000000c0), 0x20000000000003fa)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040)={0x0, <r1=>0x0}, &(0x7f0000000140)=0xc)
ioctl$TUNSETOWNER(r0, 0x400454cc, r1)

09:41:20 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:41:20 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000001, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
socketpair$unix(0x1, 0x9, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
close(r1)
io_setup(0x8, &(0x7f0000000100)=<r2=>0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
io_getevents(r2, 0x0, 0x0, &(0x7f0000000240), &(0x7f0000000000)={0x77359400})
io_submit(r2, 0x1400, &(0x7f0000000600)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r1, &(0x7f0000000140)}])

09:41:20 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  567.958116] binder: 8465:8467 got new transaction with bad transaction stack, transaction 3799 has target 8465:0
[  567.968634] binder: 8465:8467 transaction failed 29201/-71, size 0-0 line 2879
09:41:20 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev, [], {@ipv6={0x86dd, {0x300, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:20 executing program 7:
lstat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, <r0=>0x0})
ioprio_set$uid(0x3, r0, 0xfc)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000001c0)={0x0, <r1=>0x0})
getpgid(r1)
sync()
r2 = getpgid(0x0)
syz_open_procfs(r2, &(0x7f0000000180)='net/ipx\x00')
ptrace$getregs(0xe, r2, 0xe788, &(0x7f00000000c0)=""/132)

[  568.050346] binder_alloc: binder_alloc_mmap_handler: 8461 20001000-20004000 already mapped failed -16
09:41:20 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:41:20 executing program 6:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f00000040c0), 0x1000)
write$FUSE_INIT(r0, &(0x7f0000000280)={0x50, 0x0, 0x1}, 0x50)
removexattr(&(0x7f0000000080)='./file0\x00', &(0x7f0000000340)=@known="73797374656d2e706f7369785f61636c5f616363657373ff")
read$FUSE(r0, &(0x7f0000001000), 0x1000)
getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f00000000c0)={<r1=>0x0, 0x7}, &(0x7f0000000100)=0x8)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000140)={r1, 0x8c5}, &(0x7f00000001c0)=0x8)
write$FUSE_INTERRUPT(r0, &(0x7f0000000240)={0x10, 0x0, 0x2}, 0x10)
read$FUSE(r0, &(0x7f0000002000), 0x1000)

[  568.106692] binder_alloc: binder_alloc_mmap_handler: 8465 20001000-20004000 already mapped failed -16
[  568.132810] binder: BINDER_SET_CONTEXT_MGR already set
[  568.138789] binder: 8465:8467 ioctl 40046207 0 returned -16
[  568.178939] binder_alloc: 8465: binder_alloc_buf, no vma
[  568.184550] binder: 8465:8497 transaction failed 29189/-3, size 24-8 line 2967
[  568.192782] binder: send failed reply for transaction 3799 to 8465:8467
[  568.204282] binder: undelivered TRANSACTION_ERROR: 29201
[  568.209819] binder: undelivered TRANSACTION_ERROR: 29189
09:41:21 executing program 1:
lstat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, <r0=>0x0})
ioprio_set$uid(0x3, r0, 0xfc)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000001c0)={0x0, <r1=>0x0})
getpgid(r1)
sync()
r2 = getpgid(0x0)
syz_open_procfs(r2, &(0x7f0000000180)='net/ipx\x00')
ptrace$getregs(0xe, r2, 0xe788, &(0x7f00000000c0)=""/132)

09:41:21 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev, [], {@ipv6={0x86dd, {0x2000000, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:21 executing program 4:
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x24)
setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000140)=0x3, 0x4)
io_pgetevents(0x0, 0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f00000000c0)={&(0x7f0000000000), 0x8})
r1 = semget$private(0x0, 0x3, 0xc4aee1cd7d14b178)
semctl$IPC_INFO(r1, 0x0, 0x3, &(0x7f0000000180)=""/97)
fchdir(r0)
r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x40000, 0x0)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r2, 0x28, 0x6, &(0x7f0000000080), 0x10)

09:41:21 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)="6d7175657565c7", 0x0, &(0x7f0000000580))

09:41:21 executing program 7:
r0 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x3, 0x200)
write$P9_RSETATTR(r0, &(0x7f0000000040)={0x7, 0x1b, 0x2}, 0x7)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000100)={0x4, 0x7, 0x1000}, 0x4)
sync()
getsockopt$inet_mreq(r0, 0x0, 0x24, &(0x7f0000000080)={@empty, @multicast2}, &(0x7f00000000c0)=0x8)

09:41:21 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0xa00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:41:21 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400300]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:41:21 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  568.636220] binder: 8516:8519 got new transaction with bad transaction stack, transaction 3805 has target 8516:0
[  568.646715] binder: 8516:8519 transaction failed 29201/-71, size 0-0 line 2879
09:41:21 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x8, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f0000000140)={0x6, 0x0, [0x12]})

09:41:21 executing program 7:
sync()
r0 = accept$inet6(0xffffffffffffffff, &(0x7f0000000080), &(0x7f00000000c0)=0x1c)
getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000200)={{{@in=@rand_addr, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}}, {{@in=@local}}}, &(0x7f0000000640)=0xfffffffffffffc41)
ioctl$sock_inet6_SIOCDIFADDR(r0, 0x8936, &(0x7f0000000680)={@empty, 0x75, r1})
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2c0102, 0x0)
setsockopt$bt_BT_POWER(r2, 0x112, 0x9, &(0x7f0000000040)=0x7, 0x1)

09:41:21 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev, [], {@ipv6={0x86dd, {0x3a000000, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:21 executing program 1:
seccomp(0x0, 0x0, &(0x7f0000001980)={0x0, &(0x7f0000000580)})
mkdir(&(0x7f00000001c0)='./file0\x00', 0x0)
mount(&(0x7f0000000140)='./file0//ile0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='cgroup2\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7ffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = open(&(0x7f0000000380)='./file0//ile0\x00', 0x0, 0x0)
getegid()
r1 = openat$cgroup_procs(r0, &(0x7f0000000300)='cgroup.threads\x00', 0x2, 0x0)
ioctl$LOOP_GET_STATUS(r0, 0x4c03, &(0x7f00000003c0))
read$eventfd(r1, &(0x7f00000000c0), 0x3a6)
getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000000)={<r2=>0x0, 0x1684}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000280)={r2, 0x76, "93681b65b8d927e0b86e91937fd6770577bad72056e1dd66fab83e5f545b6836750affa832569df66675dd17e32fa7897e13ed39f25acbfdb36dcb4d68208ede13f56b56378cce80a5bfe8066ad5c6ed6f6e2a4010a6db9bc1fd84b234ec165e2d9b014090823740ec55c3f2d1995c725468baebacfb"}, &(0x7f0000000100)=0x7e)

[  568.698496] binder_alloc: binder_alloc_mmap_handler: 8516 20001000-20004000 already mapped failed -16
[  568.728313] binder: BINDER_SET_CONTEXT_MGR already set
[  568.739816] binder: 8516:8519 ioctl 40046207 0 returned -16
09:41:21 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)="6d717565756502", 0x0, &(0x7f0000000580))

09:41:21 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev, [], {@ipv6={0x86dd, {0x40000000, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:21 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff0000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  568.783197] binder_alloc: 8516: binder_alloc_buf, no vma
[  568.788812] binder: 8516:8547 transaction failed 29189/-3, size 24-8 line 2967
[  568.801604] binder: send failed reply for transaction 3805 to 8516:8519
[  568.819297] binder: undelivered TRANSACTION_ERROR: 29201
[  568.824944] binder: undelivered TRANSACTION_ERROR: 29189
09:41:21 executing program 6:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070")
r1 = socket$inet6(0xa, 0x1, 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000002000))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000001000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_mreqsrc(r3, 0x0, 0x2000000000000004, &(0x7f0000013ff4)={@local, @rand_addr}, 0xc)
getsockopt$inet_mtu(r3, 0x0, 0x29, &(0x7f0000000040), &(0x7f0000000000)=0x4)
ioctl$sock_inet_SIOCGARP(r3, 0x8955, &(0x7f0000000100)={{0x2, 0x0, @loopback}, {0x0, @random="f6dff16875b2"}, 0x2c, {}, "65727370616e3000000000e8ff00"})
close(r3)
r4 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0xe401, 0x0)
ioctl$KVM_DEASSIGN_DEV_IRQ(r4, 0x4040ae75, &(0x7f00000001c0)={0x0, 0x6, 0x4, 0x7})
dup3(r1, r2, 0x0)
r5 = syz_open_dev$evdev(&(0x7f0000000080)='/dev/input/event#\x00', 0x2, 0x0)
ioctl$EVIOCGKEYCODE(r5, 0x80084504, &(0x7f00000002c0)=""/133)

09:41:21 executing program 7:
r0 = syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0xf6, 0x80080)
r1 = perf_event_open(&(0x7f00000000c0)={0x7, 0x70, 0x3, 0x6d, 0x0, 0x800, 0x0, 0x100000001, 0x20002, 0x55990ab447c761d3, 0x6, 0x3, 0x3f, 0x3343, 0x3, 0x21ca00, 0x7, 0x4000000000, 0x400, 0xdd75, 0x3, 0x2, 0x1ff, 0x3ff, 0x3ff, 0x3, 0x71, 0xfa, 0x0, 0x1, 0xc752, 0x8, 0x4, 0x4, 0x1, 0x1, 0x0, 0xbfb, 0x0, 0x2, 0x1, @perf_bp={&(0x7f0000000080), 0x8}, 0x4004, 0x8, 0x9000000000000000, 0x7, 0x8, 0xc9, 0x2}, 0xffffffffffffffff, 0xd, 0xffffffffffffff9c, 0x2)
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/autofs\x00', 0x1, 0x0)
r3 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x4, 0x20000)
r4 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f00000001c0)='./file0\x00', 0x0, 0x10}, 0x10)
socketpair$inet6_tcp(0xa, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = syz_open_dev$mice(&(0x7f0000000280)='/dev/input/mice\x00', 0x0, 0x900)
socketpair$inet6_dccp(0xa, 0x6, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ppoll(&(0x7f0000000300)=[{r0, 0x2000}, {r1, 0x8000}, {r2, 0x5000}, {r3, 0x10}, {r4, 0x40}, {r5, 0x4000}, {r6, 0x1}, {r7}], 0x8, &(0x7f0000000340)={0x77359400}, &(0x7f0000000380)={0x1}, 0x8)
sync()
getitimer(0x0, &(0x7f0000000000))

09:41:21 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0xc80b000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:41:21 executing program 4:
r0 = perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x9, 0x20000)
setsockopt$IP_VS_SO_SET_EDITDEST(r1, 0x0, 0x489, &(0x7f0000000080)={{0x0, @broadcast, 0x4e22, 0x4, 'nq\x00', 0x35, 0xffffffffffffff00, 0x6a}, {@local, 0x4e22, 0x10000, 0x0, 0x8001, 0x8000}}, 0x44)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x80011, r0, 0x0)
futex(&(0x7f0000002ec0), 0x1, 0x0, &(0x7f0000000200), &(0x7f0000000100), 0x0)

09:41:21 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev, [], {@ipv6={0x86dd, {0xffffffffffffffff, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:21 executing program 1:
mount(&(0x7f0000000000)='./file0\x00', &(0x7f0000000880)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x3, &(0x7f0000000980))
chown(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x0, 0x0)

09:41:21 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:41:21 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev, [], {@ipv6={0x86dd, {0xffffffff00000000, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

[  569.065281] binder: 8574:8582 got new transaction with bad transaction stack, transaction 3811 has target 8574:0
[  569.075757] binder: 8574:8582 transaction failed 29201/-71, size 0-0 line 2879
09:41:21 executing program 4:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00007a0000)={<r0=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000616ff8)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000000c0)={0x0, 0x17c, 0xfa00, {0x0, &(0x7f0000000080)}}, 0x8b2471cc7cffb79c)
sendmsg$unix(r2, &(0x7f0000bba000)={&(0x7f00003a2000)=@abs, 0x6e, &(0x7f00006c6ff0), 0x0, &(0x7f00009dffb8)}, 0x0)
sendmsg$unix(r1, &(0x7f0000e4ffc8)={&(0x7f0000beb000)=@abs, 0x8, &(0x7f000000d000), 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000100000001000000", @ANYRES32=r1, @ANYBLOB="00000000f31f17dcd655938731ba0bd076d5695ff2f64014a102eeea1b32036a3453fe5ce26a6eaff544527de8e6e03c6b9c311bc9325713c44be449a81634fe2cec14b0fe98044e1e51729f5f8cb33ba47d4fd28b2aa62a9ccaa869a8ff4979748836685c3146d5e41dfb389a5653"], 0x18}, 0x0)
close(r1)
close(r0)

09:41:21 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)="6d7175657565c0", 0x0, &(0x7f0000000580))

09:41:21 executing program 1:
r0 = syz_open_dev$sndseq(&(0x7f0000dcc000)='/dev/snd/seq\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000418f50)={{0x80}, "0a4ceaa05d9a00000000000000039b3fd4cec307e8ef3d13eb790ec9c65abaf90d229db692542e5b78f8b29e0a27800f0000000000000009fb42f376589701a4"})
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r0, 0x40505331, &(0x7f0000000040)={{0x0, 0x1}, {0x100000080}})
socketpair$inet(0x2, 0x3, 0x1f, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$inet_group_source_req(r1, 0x0, 0x2b, &(0x7f00000000c0)={0xfffffffffffffff7, {{0x2, 0x4e24, @local}}, {{0x2, 0x4e20, @broadcast}}}, 0x108)

[  569.111718] binder_alloc: binder_alloc_mmap_handler: 8574 20001000-20004000 already mapped failed -16
[  569.137168] binder: BINDER_SET_CONTEXT_MGR already set
09:41:21 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xeffdffff]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

[  569.159799] binder: 8574:8582 ioctl 40046207 0 returned -16
09:41:21 executing program 6:
r0 = perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7ffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$netlink(0x10, 0x3, 0x3)
r1 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x7, 0x80040)
ioctl$TIOCLINUX4(r1, 0x541c, &(0x7f0000000140))
ioctl$VT_ACTIVATE(r1, 0x5606, 0x1)
signalfd(r0, &(0x7f0000000040)={0x6}, 0x8)

[  569.207330] binder_alloc: 8574: binder_alloc_buf, no vma
[  569.212990] binder: 8574:8610 transaction failed 29189/-3, size 24-8 line 2967
[  569.227672] binder: send failed reply for transaction 3811 to 8574:8582
[  569.242284] binder: undelivered TRANSACTION_ERROR: 29201
[  569.247882] binder: undelivered TRANSACTION_ERROR: 29189
09:41:21 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_SET_MSRS(r0, 0xc008ae88, &(0x7f00000000c0)={0x1, 0x0, [{0x48a}]})
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x10000, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r1, 0x4018aee1, &(0x7f0000000080)={0x0, 0x2, 0x5, &(0x7f0000000040)})
socket$nl_netfilter(0x10, 0x3, 0xc)

09:41:21 executing program 1:
r0 = perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f0000000000), 0x4)
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x400000000000, 0x4, 0x0, 0x4, 0x0, 0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0xfffffffffffffffd, 0x0, 0x0, 0x4}, 0x0, 0x0, r0, 0x0)
dup3(r0, r1, 0x0)

09:41:21 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev, [], {@ipv6={0x86dd, {0x600000000000000, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:22 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:41:22 executing program 7:
r0 = add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f0000000140)={0x73, 0x79, 0x7a, 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
add_key(&(0x7f0000000000)='blacklist\x00', &(0x7f0000000040)={0x73, 0x79, 0x7a, 0x2}, &(0x7f0000000080)="3ed0c1685766e57bcaa0180dfe81be2c6148c4df56d15c6161820721cd9b57d151828b3e6f4ea23aab707d6dcb5f5503d8f52befdb0dff193dc5af3c40a943b5046aa7df434b4d616205d21c7029f54fe57008bf36", 0x55, r0)
sync()

09:41:22 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0xc80b0000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:41:22 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)='mqueue\x00', 0x0, &(0x7f0000000580))

09:41:22 executing program 4:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
listen(r0, 0x6e1a)
r1 = socket(0x10, 0x802, 0x0)
setsockopt$inet_sctp_SCTP_HMAC_IDENT(r1, 0x84, 0x16, &(0x7f0000000040)=ANY=[@ANYBLOB="0000000000000000004179e6d3ddda00"], 0xa)
write(r0, &(0x7f0000000080)="220000002100070700be000f090007010a0000c500008000002f04200500138010451b7cf9915607897bd4dcbd54d4c6a08ec6370abac2bb15dfa7d27b5429b8e29fdc724888bae93256738b0676177a9a23b94879820c927e0a1a8a917b9d8b4b20d6c51a48d6e9d8e60ef0811e00b04cd53cc3bd79baf2518f631d24014f6b713e72992442a2c688ddb64f32413fed0433c51995c66aa48fdaf65de2555628bb11e641cb14cb377a9a2fe1a3af2e6fa736a0473d21a64fa8ad58b9da0418", 0xfffffffffffffea5)

09:41:22 executing program 1:
r0 = open(&(0x7f0000000000)='./file0\x00', 0x40, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000001380)='/dev/fuse\x00', 0x2, 0x0)
readv(r0, &(0x7f0000000100)=[{&(0x7f0000000180)=""/114, 0x72}, {&(0x7f0000000200)=""/116, 0x74}, {&(0x7f0000000080)=""/46, 0x2e}], 0x3)
mount$fuse(0x0, &(0x7f00000013c0)='./file0\x00', &(0x7f00000000c0)='fuse\x00', 0x0, &(0x7f0000001440)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
r2 = open(&(0x7f0000000140)='./file0\x00', 0x40002, 0x0)
write$FUSE_IOCTL(r2, &(0x7f0000000040)={0x20}, 0x20)

09:41:22 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x34000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:41:22 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev, [], {@ipv6={0x86dd, {0xffffff8d, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:22 executing program 6:
syz_emit_ethernet(0x1, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd6005567900100000fe8000020000000000000000000000aafe8000000000000000000000000000aa000000000401907800d298dc007f5147b3264aefca3e464cf694b1b61e1bb6a098a29998a0fc07ffcd57e6d9f951697e36e57932b8db9811f087f72e9efa534ec64d07b2ee77dc9113b24ae4da451bb3aaf79e1a19454612d5885b1dabcffd38382fdd7bc41a7b7ddfffb2887504c2ae6da0baab034b26cb822ed14d4564e81913bafaf96597bdf0dc502424c5d01d70f283cafa2b9c98b6f8a13a20744d0ecd15796844ccd2dfa974baed0e6f50dcf043f94ecbfa90c565de37807b8bc347ed64535bf039a5"], &(0x7f0000000000)={0x1, 0x0, [0x0, 0x323, 0x21, 0x20000000000000]})
r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x210042, 0x0)
ioctl$KVM_SET_CPUID2(r0, 0x4008ae90, &(0x7f0000000080)={0x5, 0x0, [{0x80000000, 0x20, 0x4, 0xffff, 0x0, 0x69b4, 0x4}, {0x80000019, 0x2, 0x4, 0x9, 0x0, 0x0, 0x1000}, {0xd, 0x7ff, 0x2, 0x4, 0x7, 0x4dd, 0x7}, {0x80000001, 0x1, 0x7, 0x7f, 0x4, 0x10000, 0x4}, {0xc000001b, 0x4, 0x2, 0x4, 0x2, 0x1, 0x39f}]})

09:41:22 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev, [], {@ipv6={0x86dd, {0x3, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:22 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/qat_adf_ctl\x00', 0x442, 0x0)
r2 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r2, 0x8912, &(0x7f0000000080)="025cc80700145f8f764070")
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r3 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000140)={{{@in=@multicast2, @in6=@ipv4={[], [], @rand_addr}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}}, {{@in6=@dev}}}, &(0x7f0000000240)=0xe8)
getgroups(0x2, &(0x7f0000000280)=[0xee00, <r5=>0x0])
getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000002c0)={{{@in=@multicast2, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}}, {{}, 0x0, @in=@multicast1}}, &(0x7f00000003c0)=0xe8)
r7 = getgid()
getsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@remote, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0}}, {{@in6=@ipv4={[], [], @remote}}, 0x0, @in=@broadcast}}, &(0x7f0000000400)=0xe8)
getresgid(&(0x7f0000000600), &(0x7f0000000640), &(0x7f0000000680)=<r9=>0x0)
stat(&(0x7f00000006c0)='./file0\x00', &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, <r10=>0x0})
r11 = getegid()
write$FUSE_DIRENTPLUS(r1, &(0x7f00000007c0)={0x2b8, 0xfffffffffffffffe, 0x6, [{{0x6, 0x3, 0x10000, 0x362, 0x101, 0x7fffffff, {0x3, 0x800, 0xd4, 0x2, 0x6, 0xd44d, 0x6, 0x101, 0x200, 0x3d, 0x44, r4, r5, 0x1, 0x120000000}}, {0x2, 0xd667, 0x13, 0x7, 'selfvboxnet1!cgroup'}}, {{0x1, 0x2, 0x2, 0x200, 0x1, 0x5c6, {0x2, 0x6, 0x200, 0x3ff, 0x8, 0x1900659a, 0x3, 0xffff, 0x7bdd, 0x8001, 0x7, r6, r7, 0x0, 0x1}}, {0x4, 0x1, 0xf, 0x1, 'em0ppp1!vmnet0:'}}, {{0x5, 0x1, 0xbd, 0x200, 0x3f000000, 0xffffffff, {0x1, 0x1, 0x7ff, 0xaef0, 0x7, 0x61c, 0x3, 0x8c, 0xb30e, 0x2, 0xffffffffffffffe1, r8, r9, 0x100000000, 0x2932}}, {0x3, 0x4, 0x9, 0x0, '/dev/vcs\x00'}}, {{0x1, 0x3, 0x7, 0x1, 0x4, 0x4, {0x4, 0x3ff, 0xfffffffffffffff8, 0x135, 0x81, 0x8, 0x4, 0x10000, 0x5, 0x40, 0x7, r10, r11, 0x4, 0xffffffffffffffff}}, {0x1, 0x5, 0xd, 0x4, '/dev/binder#\x00'}}]}, 0x2b8)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)})
r12 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x101a00, 0x0)
faccessat(r12, &(0x7f00000000c0)='./file0\x00', 0x9, 0x400)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000005c0)={0x4c, 0x0, &(0x7f0000000440)=[@acquire, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000380), &(0x7f0000000400)}}], 0x0, 0x0, &(0x7f0000000580)})
ioctl$ASHMEM_SET_SIZE(r1, 0x40087703, 0x4)

[  569.938956] binder: 8653:8657 got new transaction with bad transaction stack, transaction 3817 has target 8653:0
[  569.949405] binder: 8653:8657 transaction failed 29201/-71, size 0-0 line 2879
09:41:22 executing program 6:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000140)=@assoc_value={0x0, 0x7fff}, 0x8)
setsockopt$IPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x41, &(0x7f0000000000)={'raw\x00', 0x2, [{}, {}]}, 0x48)

09:41:22 executing program 7:
sync()
fstat(0xffffffffffffff9c, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, <r0=>0x0})
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='\x00'}, 0x10)
ioctl$EVIOCGABS3F(r1, 0x8018457f, &(0x7f0000000100))
ioprio_get$uid(0x0, r0)

09:41:22 executing program 1:
r0 = semget$private(0x0, 0x20000000104, 0x0)
semtimedop(r0, &(0x7f0000000000)=[{0x0, 0x8}, {}], 0x2, &(0x7f0000034000)={0x77359400})
semctl$IPC_INFO(r0, 0x0, 0x3, &(0x7f0000000140)=""/230)
semctl$GETZCNT(r0, 0x0, 0xf, &(0x7f00000000c0)=""/89)

[  570.050710] binder: 8679:8680 got reply transaction with no transaction stack
[  570.058108] binder: 8679:8680 transaction failed 29201/-71, size 0-0 line 2759
09:41:22 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900000000000000]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:41:22 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev, [], {@ipv6={0x86dd, {0xffffff80, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

[  570.091454] binder_alloc: binder_alloc_mmap_handler: 8653 20001000-20004000 already mapped failed -16
[  570.095513] QAT: Invalid ioctl
[  570.108916] sctp: [Deprecated]: syz-executor6 (pid 8688) Use of struct sctp_assoc_value in delayed_ack socket option.
[  570.108916] Use struct sctp_sack_info instead
[  570.130649] binder: BINDER_SET_CONTEXT_MGR already set
09:41:22 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070")
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380))
mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000811ffa)='bdev\x00', 0x100000, &(0x7f0000000680))
mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000d78000)='.', &(0x7f0000fdb000)='ubifs\x00', 0x1003, 0x0)
mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f00005f7ffa), 0x80000, &(0x7f0000000280))
mount(&(0x7f0000377ff8)='.', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='mslos\x00', 0x5010, &(0x7f00000e7000))
mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5012, &(0x7f00000e7000))
mount(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00', &(0x7f0000000480)="b3b8155713fb18dea1325403cf49458ea055d7591982903d491d14c2e9cbc39e8bf705c21d4cc6c570ba1b1b03c6db40040c163a6dee9329d669c3a83a02ef2119957d6d4d06f79c5d29c3f97acbbbd1a0034898939712cc63020f31107f31c3a7ea6b055a3d9cd058451eefee6ebdb0357831796761e16f810e2452be7d0bbb99ee890739873f2de48187428342a5e95f625e7b49265dcb01cdb718bd2920863ed6af48bf044ad87394625a24423d5fefebc93d3a4a96d582c636a0bc3ec3fa80854deb41daa221d12ed5bdc1aeaabed9dcbb850b47a98ab25649387ab11d7b205a07b9082b736c17f97d", 0x1004, 0x0)
mount(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000000)="6d7175657565ff", 0x0, &(0x7f0000000580))

[  570.150523] binder: 8653:8657 ioctl 40046207 0 returned -16
[  570.177498] binder: BINDER_SET_CONTEXT_MGR already set
[  570.188402] binder_alloc: 8653: binder_alloc_buf, no vma
[  570.188428] binder: 8679:8698 ioctl 40046207 0 returned -16
09:41:22 executing program 7:
r0 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0xd1, 0x80000)
ioctl$KVM_X86_SET_MCE(r0, 0x4040ae9e, &(0x7f0000000040)={0x800000000000000, 0x1000, 0x7fc00, 0xa, 0x1b})
setsockopt$inet_dccp_buf(r0, 0x21, 0x0, &(0x7f0000000080)="6c9a9ec93d8aa8d97a0ebe511b2353a7cfa1c0714457f10a52113c1b955fd8b06971a207289a2228e93ad2a3e26a0f6d07e6b2d4fd1b1fe324b51ba46e047239b878036575917c3f517a4202d8600572740874728a5b1147a95ddebaa1910e99d255f9b606fc4f608ed9ccc2389343b1946a2bc972d4ffab68761e71c605c0a65f51", 0x82)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='/dev/adsp#\x00', r0}, 0x10)
getsockopt$inet_sctp6_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f0000000300), &(0x7f0000000340)=0x4)
sync()
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0x52, 0x4c, &(0x7f0000000400)="5758bf0a893a129787e5792d99722d7192bf1600eb1b07e31cffd5fd6f80ef583d7c0fa94f6bd2956ddb643e2309f65b6e97db18dbfd14356840791ad092f49c8e6c014133490542532c637f5a12ad8099bd", &(0x7f0000000240)=""/76, 0x12c0000000}, 0x28)
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7ffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$EVIOCREVOKE(0xffffffffffffffff, 0x40044591, &(0x7f00000005c0))
setrlimit(0x0, &(0x7f0000000080))
r2 = syz_open_dev$evdev(&(0x7f0000000180)='/dev/input/event#\x00', 0x0, 0x80)
ioctl$EVIOCGLED(r2, 0x80404519, &(0x7f0000000280)=""/78)
r3 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18)
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc02c5341, &(0x7f0000000380))
ioctl$EVIOCGKEYCODE_V2(r0, 0x80284504, &(0x7f00000001c0)=""/14)

[  570.193996] binder: 8653:8701 transaction failed 29189/-3, size 24-8 line 2967
[  570.209981] binder: send failed reply for transaction 3817 to 8653:8657
[  570.214239] sctp: [Deprecated]: syz-executor6 (pid 8688) Use of struct sctp_assoc_value in delayed_ack socket option.
[  570.214239] Use struct sctp_sack_info instead
[  570.233976] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  570.233976] The task syz-executor1 (8702) triggered the difference, watch for misbehavior.
[  570.251316] binder: 8679:8685 got reply transaction with no transaction stack
[  570.258769] binder: 8679:8685 transaction failed 29201/-71, size 0-0 line 2759
[  570.261568] binder: undelivered TRANSACTION_ERROR: 29201
[  570.271364] bpfilter: read fail -512
[  570.271683] binder: undelivered TRANSACTION_ERROR: 29189
invalid request 0
09:41:23 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070")
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x58, 0x0, &(0x7f0000000680)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000380)}}], 0x0, 0x0, &(0x7f00000007c0)})

09:41:23 executing program 3:
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev, [], {@ipv6={0x86dd, {0x3f00000000000000, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0xffffffffffffffff], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0xc], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3]}, @mcast2}}}}}}}, 0x0)

09:41:23 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c)
r1 = socket$inet(0x2, 0x840000000003, 0x2)
setsockopt$inet_int(r1, 0x0, 0xc8, &(0x7f00004fd000), 0x4)
sendmmsg(r0, &(0x7f0000000200)=[{{&(0x7f00000004c0)=@in={0x2, 0x4e20, @multicast1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700]}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000080)}}], 0x1, 0x0)

09:41:23 executing program 6:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000040)="025cc83d6d345f8f760070")
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@local, 0x8, 0x2, 0x0, 0xe, 0x9, 0x6, 0x1}, &(0x7f0000000280)=0x20)
r1 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x1, 0x200000)
setsockopt$inet_sctp_SCTP_INITMSG(r1, 0x84, 0x2, &(0x7f0000000080)={0x197, 0x7, 0x8, 0xb3}, 0x8)
r2 = socket$inet6(0xa, 0x10000000003, 0x6)
setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000180)={{{@in6=@local, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0xa, 0x1}}, {{@in=@loopback, 0x0, 0x3c}, 0x0, @in6=@local}}, 0xe8)
syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @broadcast, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x6, 0x0, @local, @local, {[], @tcp={{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, &(0x7f00000002c0))

09:41:23 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070")
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
stat(&(0x7f00000001c0)='./file0/file0\x00', &(0x7f0000000240))
rename(&(0x7f0000000080)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00')
read$FUSE(r1, &(0x7f0000001000), 0x1000)
write$FUSE_INIT(r1, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50)
read$FUSE(r1, &(0x7f0000001000), 0x1000)
write$FUSE_ENTRY(r1, &(0x7f0000002000)={0x90, 0x0, 0x2}, 0x90)
read$FUSE(r1, &(0x7f00000030c0), 0x1000)
write$FUSE_ENTRY(r1, &(0x7f0000003000)={0x90, 0x0, 0x3, {0x2, 0x0, 0x0, 0x0, 0x8, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}}}, 0x90)
write$FUSE_DIRENT(r1, &(0x7f0000000480)={0xe8, 0x0, 0x1, [{0x0, 0x49e7, 0xa, 0x5, '/dev/fuse\x00'}, {0x2, 0x3ff, 0x8, 0x7ff, 'rootmode'}, {0x2, 0x1, 0x1a, 0xff, '#[^selinuxwlan1#GPLwlan1\']'}, {0x2, 0x7ff, 0x8, 0x10001, '{nodev\'+'}, {0x1, 0xffffffffffffffff, 0x1a, 0xfffffffffffffff9, 'selfvmnet0)$vboxnet1system'}]}, 0xe8)

[  570.364165] binder: undelivered TRANSACTION_ERROR: 29201
[  570.388218] binder: undelivered TRANSACTION_ERROR: 29201
09:41:23 executing program 1:
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000003fe8))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000013e95), 0x4)
getsockopt$ARPT_SO_GET_REVISION_TARGET(r1, 0x0, 0x18, &(0x7f0000000000)={'IDLETIMER\x00'}, &(0x7f0000000040)=0x1e)
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x2, 0x32, 0xffffffffffffffff, 0x0)
fdatasync(r1)
close(r0)

[  570.988815] ==================================================================
[  570.996508] BUG: KASAN: use-after-free in refcount_sub_and_test+0x9a/0x350
[  571.003519] Read of size 4 at addr ffff8801b38bf1c4 by task syz-executor0/4408
[  571.010869] 
[  571.012506] CPU: 0 PID: 4408 Comm: syz-executor0 Not tainted 4.18.0-rc7+ #173
[  571.019765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  571.029100] Call Trace:
[  571.031675]  dump_stack+0x1c9/0x2b4
[  571.035289]  ? dump_stack_print_info.cold.2+0x52/0x52
[  571.040477]  ? printk+0xa7/0xcf
[  571.043749]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[  571.048491]  ? refcount_sub_and_test+0x9a/0x350
[  571.053143]  print_address_description+0x6c/0x20b
[  571.057967]  ? refcount_sub_and_test+0x9a/0x350
[  571.062631]  kasan_report.cold.7+0x242/0x2fe
[  571.067033]  check_memory_region+0x13e/0x1b0
[  571.071425]  kasan_check_read+0x11/0x20
[  571.075381]  refcount_sub_and_test+0x9a/0x350
[  571.079867]  ? refcount_inc_not_zero+0x2f0/0x2f0
[  571.084615]  ? mark_held_locks+0xc9/0x160
[  571.088757]  ? __lock_is_held+0xb5/0x140
[  571.092800]  refcount_dec_and_test+0x1a/0x20
[  571.097191]  fib6_metrics_release+0x4f/0x90
[  571.101493]  fib6_purge_rt+0x5ec/0x7f0
[  571.105371]  ? fib6_repair_tree.part.25+0x10e0/0x10e0
[  571.110560]  ? lock_release+0xa30/0xa30
[  571.114535]  ? __local_bh_enable_ip+0x161/0x230
[  571.119188]  ? __lock_is_held+0xb5/0x140
[  571.123230]  ? __local_bh_enable_ip+0x161/0x230
[  571.127882]  ? kasan_check_write+0x14/0x20
[  571.132099]  fib6_del+0xc11/0x1310
[  571.135628]  ? fib6_locate+0x150/0x150
[  571.139498]  ? trace_hardirqs_on+0x10/0x10
[  571.143729]  ? rb_erase+0x3550/0x3550
[  571.147512]  ? print_usage_bug+0xc0/0xc0
[  571.151553]  ? find_held_lock+0x36/0x1c0
[  571.155601]  ? __sanitizer_cov_trace_switch+0x53/0x90
[  571.160773]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  571.166295]  ? fib6_ifdown+0xe6/0x990
[  571.170081]  fib6_clean_node+0x3ee/0x5e0
[  571.174124]  ? fib6_del+0x1310/0x1310
[  571.177904]  ? fib6_walker_link+0x19b/0x240
[  571.182221]  fib6_walk_continue+0x4b1/0x8e0
[  571.186527]  ? fib6_ifup+0x230/0x230
[  571.190218]  fib6_walk+0x95/0xf0
[  571.193564]  fib6_clean_tree+0x1ea/0x360
[  571.197604]  ? fib6_walk+0xf0/0xf0
[  571.201126]  ? fib6_del+0x1310/0x1310
[  571.204909]  ? fib6_ifup+0x230/0x230
[  571.208603]  ? kasan_check_write+0x14/0x20
[  571.212837]  ? do_raw_spin_lock+0xc1/0x200
[  571.217661]  __fib6_clean_all+0x21c/0x420
[  571.221791]  ? fib6_ifup+0x230/0x230
[  571.225485]  ? fib6_clean_tree+0x360/0x360
[  571.229703]  ? pick_next_task_fair+0x997/0x17a0
[  571.234357]  ? fib6_ifup+0x230/0x230
[  571.238057]  fib6_clean_all+0x27/0x30
[  571.241851]  rt6_disable_ip+0x111/0x7e0
[  571.245822]  ? lock_downgrade+0x8f0/0x8f0
[  571.249952]  ? rt6_sync_down_dev+0x150/0x150
[  571.254348]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  571.259866]  ? rtnl_is_locked+0xb5/0xf0
[  571.263822]  ? rtnl_trylock+0x20/0x20
[  571.267603]  ? mark_held_locks+0xc9/0x160
[  571.271732]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  571.276299]  addrconf_ifdown+0x16f/0x1670
[  571.280437]  ? kasan_check_write+0x14/0x20
[  571.284656]  ? inet6_rtm_newaddr+0x1b50/0x1b50
[  571.289221]  ? lock_repin_lock+0x430/0x430
[  571.293438]  ? graph_lock+0x170/0x170
[  571.297222]  ? graph_lock+0x170/0x170
[  571.301003]  ? graph_lock+0x170/0x170
[  571.304802]  ? print_usage_bug+0xc0/0xc0
[  571.308858]  ? find_held_lock+0x36/0x1c0
[  571.312903]  ? __lock_is_held+0xb5/0x140
[  571.316949]  addrconf_notify+0x6e9/0x27f0
[  571.321077]  ? rcu_note_context_switch+0x730/0x730
[  571.325997]  ? check_same_owner+0x340/0x340
[  571.330306]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  571.335305]  ? nf_ct_iterate_cleanup+0x27d/0x5e0
[  571.340047]  ? inet6_ifinfo_notify+0x150/0x150
[  571.344609]  ? nf_ct_invert_tuple+0x240/0x240
[  571.349085]  ? nf_conntrack_hash_check_insert+0x1610/0x1610
[  571.354785]  ? tls_device_gc_task+0x650/0x650
[  571.359276]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  571.364799]  ? ip6mr_device_event+0x2b3/0x390
[  571.369278]  ? nf_ct_iterate_cleanup+0x5e0/0x5e0
[  571.374022]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  571.379030]  ? mif6_delete+0xc20/0xc20
[  571.382899]  ? trace_hardirqs_on+0xd/0x10
[  571.387039]  ? mutex_unlock+0xd/0x10
[  571.390733]  ? ip_vs_dst_event+0x25c/0x690
[  571.394953]  notifier_call_chain+0x180/0x390
[  571.399341]  ? inet6_ifinfo_notify+0x150/0x150
[  571.403904]  ? notifier_call_chain+0x180/0x390
[  571.408472]  ? unregister_die_notifier+0x20/0x20
[  571.413212]  ? rtmsg_ifinfo_build_skb+0xc8/0x190
[  571.417953]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  571.423469]  ? rtnl_is_locked+0xb5/0xf0
[  571.427423]  ? rtnl_trylock+0x20/0x20
[  571.431206]  raw_notifier_call_chain+0x2d/0x40
[  571.435784]  call_netdevice_notifiers_info+0x3f/0x90
[  571.440867]  dev_close_many+0x447/0x8d0
[  571.444825]  ? netdev_master_upper_dev_link+0x50/0x50
[  571.450001]  ? trace_hardirqs_on+0x10/0x10
[  571.454230]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  571.459748]  ? rtnl_is_locked+0xb5/0xf0
[  571.463705]  ? rtnl_trylock+0x20/0x20
[  571.467491]  rollback_registered_many+0x52b/0xef0
[  571.472321]  ? dev_xdp_uninstall+0x370/0x370
[  571.476713]  ? trace_hardirqs_on+0x10/0x10
[  571.480928]  ? graph_lock+0x170/0x170
[  571.484724]  ? print_usage_bug+0xc0/0xc0
[  571.488769]  ? print_usage_bug+0xc0/0xc0
[  571.492813]  rollback_registered+0x1e9/0x420
[  571.497201]  ? rollback_registered_many+0xef0/0xef0
[  571.502198]  ? mark_held_locks+0xc9/0x160
[  571.506337]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  571.511853]  ? rtnl_is_locked+0xb5/0xf0
[  571.515817]  ? rtnl_trylock+0x20/0x20
[  571.519598]  ? trace_hardirqs_on+0xd/0x10
[  571.523728]  ? queue_delayed_work_on+0x130/0x1f0
[  571.528468]  unregister_netdevice_queue+0x32f/0x660
[  571.533467]  ? rollback_registered+0x420/0x420
[  571.538038]  ? linkwatch_schedule_work+0x180/0x180
[  571.542951]  ? tun_show_owner+0x170/0x170
[  571.547081]  ? netif_set_real_num_tx_queues+0x10d/0x700
[  571.552427]  ? __tun_detach+0x6d4/0x15e0
[  571.556470]  __tun_detach+0x11d1/0x15e0
[  571.560438]  ? tun_attach+0x1780/0x1780
[  571.564395]  ? debug_object_active_state+0x2f5/0x4d0
[  571.569484]  ? rcu_report_qs_rnp+0x7a0/0x7a0
[  571.573872]  ? graph_lock+0x170/0x170
[  571.577655]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  571.583174]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  571.588698]  ? locks_remove_file+0x402/0x5c0
[  571.593093]  ? __lock_is_held+0xb5/0x140
[  571.597134]  ? __tun_detach+0x15e0/0x15e0
[  571.601262]  ? __tun_detach+0x15e0/0x15e0
[  571.605389]  ? __tun_detach+0x15e0/0x15e0
[  571.609516]  tun_chr_close+0xe3/0x180
[  571.613297]  __fput+0x355/0x8b0
[  571.616563]  ? fput+0x1a0/0x1a0
[  571.619824]  ? check_same_owner+0x340/0x340
[  571.624128]  ____fput+0x15/0x20
[  571.627392]  task_work_run+0x1ec/0x2a0
[  571.631262]  ? task_work_cancel+0x250/0x250
[  571.635564]  ? switch_task_namespaces+0xbd/0xd0
[  571.640215]  do_exit+0x1b08/0x2750
[  571.643739]  ? mm_update_next_owner+0x9a0/0x9a0
[  571.648390]  ? ktime_get_coarse_real_ts64+0x288/0x3a0
[  571.653563]  ? graph_lock+0x170/0x170
[  571.657347]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  571.662346]  ? ktime_get_coarse_real_ts64+0x243/0x3a0
[  571.667519]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  571.673042]  ? timespec64_trunc+0xea/0x180
[  571.677257]  ? inode_init_owner+0x340/0x340
[  571.681561]  ? find_held_lock+0x36/0x1c0
[  571.685617]  ? lock_downgrade+0x8f0/0x8f0
[  571.689748]  ? __lock_is_held+0xb5/0x140
[  571.693802]  ? __sb_end_write+0xac/0xe0
[  571.697759]  ? pipe_write+0xb63/0xeb0
[  571.701547]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  571.707071]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  571.712586]  ? fsnotify+0xbb4/0x14e0
[  571.716297]  ? lock_downgrade+0x8f0/0x8f0
[  571.720426]  ? fsnotify_first_mark+0x350/0x350
[  571.724989]  ? __fsnotify_parent+0xcc/0x420
[  571.729297]  ? fsnotify+0x14e0/0x14e0
[  571.733083]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  571.738601]  ? vfs_write+0x2a8/0x560
[  571.742303]  do_group_exit+0x177/0x440
[  571.746173]  ? __ia32_sys_exit+0x50/0x50
[  571.750217]  ? syscall_slow_exit_work+0x500/0x500
[  571.755045]  ? do_syscall_64+0x9a/0x820
[  571.758999]  __x64_sys_exit_group+0x3e/0x50
[  571.763312]  do_syscall_64+0x1b9/0x820
[  571.767179]  ? syscall_slow_exit_work+0x500/0x500
[  571.772018]  ? syscall_return_slowpath+0x5e0/0x5e0
[  571.776944]  ? syscall_return_slowpath+0x31d/0x5e0
[  571.781865]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[  571.787211]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  571.792043]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  571.797212] RIP: 0033:0x456a09
[  571.800377] Code: 24 00 00 00 e8 e8 4e fd ff 0f 0b e8 c1 34 00 00 e9 3c ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc 64 48 8b 0c 25 f8 ff ff ff <48> 3b 61 10 76 40 48 83 ec 28 48 89 6c 24 20 48 8d 6c 24 20 48 8b 
[  571.819549] RSP: 002b:0000000000a3f618 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  571.827246] RAX: ffffffffffffffda RBX: 00000000fffffff7 RCX: 0000000000456a09
[  571.834499] RDX: 00000000004104e0 RSI: 0000000000a44bd0 RDI: 0000000000000043
[  571.841750] RBP: 00000000004c1974 R08: 000000000000000b R09: 00000000004c153a
[  571.849012] R10: 0000000002029940 R11: 0000000000000246 R12: 0000000000000013
[  571.856267] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000707d60
[  571.863612] 
[  571.865220] Allocated by task 19511:
[  571.868923]  save_stack+0x43/0xd0
[  571.872359]  kasan_kmalloc+0xc4/0xe0
[  571.876053]  kmem_cache_alloc_trace+0x152/0x780
[  571.880704]  fib6_metric_set+0x163/0x2c0
[  571.884743]  fib6_add_rt2node+0xe36/0x27f0
[  571.888958]  fib6_add+0xaae/0x14d0
[  571.892477]  __ip6_ins_rt+0x54/0x80
[  571.896083]  ip6_route_add+0x6d/0xc0
[  571.899776]  addrconf_prefix_route.isra.48+0x51d/0x720
[  571.905037]  inet6_rtm_newaddr+0x112e/0x1b50
[  571.909426]  rtnetlink_rcv_msg+0x46e/0xc30
[  571.913644]  netlink_rcv_skb+0x172/0x440
[  571.917684]  rtnetlink_rcv+0x1c/0x20
[  571.921379]  netlink_unicast+0x5a0/0x760
[  571.925418]  netlink_sendmsg+0xa18/0xfd0
[  571.929460]  sock_sendmsg+0xd5/0x120
[  571.933153]  ___sys_sendmsg+0x7fd/0x930
[  571.937105]  __sys_sendmsg+0x11d/0x290
[  571.940970]  __x64_sys_sendmsg+0x78/0xb0
[  571.945014]  do_syscall_64+0x1b9/0x820
[  571.948888]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  571.954051] 
[  571.955659] Freed by task 4408:
[  571.958918]  save_stack+0x43/0xd0
[  571.962353]  __kasan_slab_free+0x11a/0x170
[  571.966564]  kasan_slab_free+0xe/0x10
[  571.970343]  kfree+0xd9/0x260
[  571.973429]  fib6_metrics_release+0x77/0x90
[  571.977729]  fib6_purge_rt+0x5ec/0x7f0
[  571.981593]  fib6_del+0xc11/0x1310
[  571.985111]  fib6_clean_node+0x3ee/0x5e0
[  571.989150]  fib6_walk_continue+0x4b1/0x8e0
[  571.993451]  fib6_walk+0x95/0xf0
[  571.996796]  fib6_clean_tree+0x1ea/0x360
[  572.000837]  __fib6_clean_all+0x21c/0x420
[  572.004961]  fib6_clean_all+0x27/0x30
[  572.008740]  rt6_disable_ip+0x111/0x7e0
[  572.012703]  addrconf_ifdown+0x16f/0x1670
[  572.016832]  addrconf_notify+0x6e9/0x27f0
[  572.020968]  notifier_call_chain+0x180/0x390
[  572.025357]  raw_notifier_call_chain+0x2d/0x40
[  572.029918]  call_netdevice_notifiers_info+0x3f/0x90
[  572.035001]  dev_close_many+0x447/0x8d0
[  572.038962]  rollback_registered_many+0x52b/0xef0
[  572.043782]  rollback_registered+0x1e9/0x420
[  572.048170]  unregister_netdevice_queue+0x32f/0x660
[  572.053163]  __tun_detach+0x11d1/0x15e0
[  572.057117]  tun_chr_close+0xe3/0x180
[  572.060896]  __fput+0x355/0x8b0
[  572.064154]  ____fput+0x15/0x20
[  572.067414]  task_work_run+0x1ec/0x2a0
[  572.071282]  do_exit+0x1b08/0x2750
[  572.074801]  do_group_exit+0x177/0x440
[  572.078666]  __x64_sys_exit_group+0x3e/0x50
[  572.082981]  do_syscall_64+0x1b9/0x820
[  572.086852]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  572.092018] 
[  572.093635] The buggy address belongs to the object at ffff8801b38bf180
[  572.093635]  which belongs to the cache kmalloc-96 of size 96
[  572.106096] The buggy address is located 68 bytes inside of
[  572.106096]  96-byte region [ffff8801b38bf180, ffff8801b38bf1e0)
[  572.117772] The buggy address belongs to the page:
[  572.122679] page:ffffea0006ce2fc0 count:1 mapcount:0 mapping:ffff8801dac004c0 index:0xffff8801b38bfc00
[  572.132102] flags: 0x2fffc0000000100(slab)
[  572.136317] raw: 02fffc0000000100 ffffea0006a37788 ffffea0006bcdb88 ffff8801dac004c0
[  572.144177] raw: ffff8801b38bfc00 ffff8801b38bf000 0000000100000001 0000000000000000
[  572.152035] page dumped because: kasan: bad access detected
[  572.157719] 
[  572.159325] Memory state around the buggy address:
[  572.164231]  ffff8801b38bf080: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[  572.171567]  ffff8801b38bf100: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[  572.178913] >ffff8801b38bf180: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[  572.186246]                                            ^
[  572.191685]  ffff8801b38bf200: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[  572.199030]  ffff8801b38bf280: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[  572.206373] ==================================================================
[  572.213716] Disabling lock debugging due to kernel taint
[  572.219200] Kernel panic - not syncing: panic_on_warn set ...
[  572.219200] 
[  572.226571] CPU: 0 PID: 4408 Comm: syz-executor0 Tainted: G    B             4.18.0-rc7+ #173
[  572.235219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  572.244551] Call Trace:
[  572.247120]  dump_stack+0x1c9/0x2b4
[  572.250727]  ? dump_stack_print_info.cold.2+0x52/0x52
[  572.255895]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  572.260629]  panic+0x238/0x4e7
[  572.263801]  ? add_taint.cold.5+0x16/0x16
[  572.267928]  ? do_raw_spin_unlock+0xa7/0x2f0
[  572.272316]  ? refcount_sub_and_test+0x9a/0x350
[  572.276965]  kasan_end_report+0x47/0x4f
[  572.280919]  kasan_report.cold.7+0x76/0x2fe
[  572.285220]  check_memory_region+0x13e/0x1b0
[  572.289606]  kasan_check_read+0x11/0x20
[  572.293559]  refcount_sub_and_test+0x9a/0x350
[  572.298036]  ? refcount_inc_not_zero+0x2f0/0x2f0
[  572.302773]  ? mark_held_locks+0xc9/0x160
[  572.307194]  ? __lock_is_held+0xb5/0x140
[  572.311239]  refcount_dec_and_test+0x1a/0x20
[  572.315632]  fib6_metrics_release+0x4f/0x90
[  572.319942]  fib6_purge_rt+0x5ec/0x7f0
[  572.323810]  ? fib6_repair_tree.part.25+0x10e0/0x10e0
[  572.328981]  ? lock_release+0xa30/0xa30
[  572.332934]  ? __local_bh_enable_ip+0x161/0x230
[  572.337582]  ? __lock_is_held+0xb5/0x140
[  572.341621]  ? __local_bh_enable_ip+0x161/0x230
[  572.346269]  ? kasan_check_write+0x14/0x20
[  572.350485]  fib6_del+0xc11/0x1310
[  572.354007]  ? fib6_locate+0x150/0x150
[  572.357890]  ? trace_hardirqs_on+0x10/0x10
[  572.362104]  ? rb_erase+0x3550/0x3550
[  572.365883]  ? print_usage_bug+0xc0/0xc0
[  572.369932]  ? find_held_lock+0x36/0x1c0
[  572.373974]  ? __sanitizer_cov_trace_switch+0x53/0x90
[  572.379153]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  572.384668]  ? fib6_ifdown+0xe6/0x990
[  572.388450]  fib6_clean_node+0x3ee/0x5e0
[  572.392492]  ? fib6_del+0x1310/0x1310
[  572.396280]  ? fib6_walker_link+0x19b/0x240
[  572.400584]  fib6_walk_continue+0x4b1/0x8e0
[  572.404887]  ? fib6_ifup+0x230/0x230
[  572.408580]  fib6_walk+0x95/0xf0
[  572.411923]  fib6_clean_tree+0x1ea/0x360
[  572.415960]  ? fib6_walk+0xf0/0xf0
[  572.419482]  ? fib6_del+0x1310/0x1310
[  572.423262]  ? fib6_ifup+0x230/0x230
[  572.426953]  ? kasan_check_write+0x14/0x20
[  572.431165]  ? do_raw_spin_lock+0xc1/0x200
[  572.435378]  __fib6_clean_all+0x21c/0x420
[  572.439507]  ? fib6_ifup+0x230/0x230
[  572.443201]  ? fib6_clean_tree+0x360/0x360
[  572.447417]  ? pick_next_task_fair+0x997/0x17a0
[  572.452065]  ? fib6_ifup+0x230/0x230
[  572.455756]  fib6_clean_all+0x27/0x30
[  572.459535]  rt6_disable_ip+0x111/0x7e0
[  572.463487]  ? lock_downgrade+0x8f0/0x8f0
[  572.467616]  ? rt6_sync_down_dev+0x150/0x150
[  572.472008]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  572.477544]  ? rtnl_is_locked+0xb5/0xf0
[  572.481495]  ? rtnl_trylock+0x20/0x20
[  572.485286]  ? mark_held_locks+0xc9/0x160
[  572.489424]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  572.493985]  addrconf_ifdown+0x16f/0x1670
[  572.498114]  ? kasan_check_write+0x14/0x20
[  572.502331]  ? inet6_rtm_newaddr+0x1b50/0x1b50
[  572.506891]  ? lock_repin_lock+0x430/0x430
[  572.511105]  ? graph_lock+0x170/0x170
[  572.514885]  ? graph_lock+0x170/0x170
[  572.518666]  ? graph_lock+0x170/0x170
[  572.522449]  ? print_usage_bug+0xc0/0xc0
[  572.526488]  ? find_held_lock+0x36/0x1c0
[  572.530530]  ? __lock_is_held+0xb5/0x140
[  572.534571]  addrconf_notify+0x6e9/0x27f0
[  572.538698]  ? rcu_note_context_switch+0x730/0x730
[  572.543605]  ? check_same_owner+0x340/0x340
[  572.547914]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  572.552909]  ? nf_ct_iterate_cleanup+0x27d/0x5e0
[  572.557643]  ? inet6_ifinfo_notify+0x150/0x150
[  572.562203]  ? nf_ct_invert_tuple+0x240/0x240
[  572.566691]  ? nf_conntrack_hash_check_insert+0x1610/0x1610
[  572.572378]  ? tls_device_gc_task+0x650/0x650
[  572.576854]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  572.582373]  ? ip6mr_device_event+0x2b3/0x390
[  572.586846]  ? nf_ct_iterate_cleanup+0x5e0/0x5e0
[  572.591589]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  572.596582]  ? mif6_delete+0xc20/0xc20
[  572.600450]  ? trace_hardirqs_on+0xd/0x10
[  572.604581]  ? mutex_unlock+0xd/0x10
[  572.608273]  ? ip_vs_dst_event+0x25c/0x690
[  572.612487]  notifier_call_chain+0x180/0x390
[  572.616872]  ? inet6_ifinfo_notify+0x150/0x150
[  572.621434]  ? notifier_call_chain+0x180/0x390
[  572.625997]  ? unregister_die_notifier+0x20/0x20
[  572.630738]  ? rtmsg_ifinfo_build_skb+0xc8/0x190
[  572.635477]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  572.641001]  ? rtnl_is_locked+0xb5/0xf0
[  572.644970]  ? rtnl_trylock+0x20/0x20
[  572.648750]  raw_notifier_call_chain+0x2d/0x40
[  572.653313]  call_netdevice_notifiers_info+0x3f/0x90
[  572.658397]  dev_close_many+0x447/0x8d0
[  572.662353]  ? netdev_master_upper_dev_link+0x50/0x50
[  572.667527]  ? trace_hardirqs_on+0x10/0x10
[  572.671754]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  572.677271]  ? rtnl_is_locked+0xb5/0xf0
[  572.681225]  ? rtnl_trylock+0x20/0x20
[  572.685010]  rollback_registered_many+0x52b/0xef0
[  572.689838]  ? dev_xdp_uninstall+0x370/0x370
[  572.694230]  ? trace_hardirqs_on+0x10/0x10
[  572.698444]  ? graph_lock+0x170/0x170
[  572.702228]  ? print_usage_bug+0xc0/0xc0
[  572.706272]  ? print_usage_bug+0xc0/0xc0
[  572.710313]  rollback_registered+0x1e9/0x420
[  572.714701]  ? rollback_registered_many+0xef0/0xef0
[  572.719696]  ? mark_held_locks+0xc9/0x160
[  572.723822]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  572.729336]  ? rtnl_is_locked+0xb5/0xf0
[  572.733293]  ? rtnl_trylock+0x20/0x20
[  572.737072]  ? trace_hardirqs_on+0xd/0x10
[  572.741201]  ? queue_delayed_work_on+0x130/0x1f0
[  572.745938]  unregister_netdevice_queue+0x32f/0x660
[  572.750934]  ? rollback_registered+0x420/0x420
[  572.755497]  ? linkwatch_schedule_work+0x180/0x180
[  572.760407]  ? tun_show_owner+0x170/0x170
[  572.764535]  ? netif_set_real_num_tx_queues+0x10d/0x700
[  572.769874]  ? __tun_detach+0x6d4/0x15e0
[  572.773914]  __tun_detach+0x11d1/0x15e0
[  572.777870]  ? tun_attach+0x1780/0x1780
[  572.781824]  ? debug_object_active_state+0x2f5/0x4d0
[  572.786905]  ? rcu_report_qs_rnp+0x7a0/0x7a0
[  572.791304]  ? graph_lock+0x170/0x170
[  572.795084]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  572.800598]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  572.806113]  ? locks_remove_file+0x402/0x5c0
[  572.810513]  ? __lock_is_held+0xb5/0x140
[  572.814552]  ? __tun_detach+0x15e0/0x15e0
[  572.818677]  ? __tun_detach+0x15e0/0x15e0
[  572.822802]  ? __tun_detach+0x15e0/0x15e0
[  572.826927]  tun_chr_close+0xe3/0x180
[  572.830711]  __fput+0x355/0x8b0
[  572.833968]  ? fput+0x1a0/0x1a0
[  572.837230]  ? check_same_owner+0x340/0x340
[  572.841542]  ____fput+0x15/0x20
[  572.844799]  task_work_run+0x1ec/0x2a0
[  572.848665]  ? task_work_cancel+0x250/0x250
[  572.852968]  ? switch_task_namespaces+0xbd/0xd0
[  572.857615]  do_exit+0x1b08/0x2750
[  572.861135]  ? mm_update_next_owner+0x9a0/0x9a0
[  572.865782]  ? ktime_get_coarse_real_ts64+0x288/0x3a0
[  572.870952]  ? graph_lock+0x170/0x170
[  572.874751]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  572.879745]  ? ktime_get_coarse_real_ts64+0x243/0x3a0
[  572.884913]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  572.890428]  ? timespec64_trunc+0xea/0x180
[  572.894652]  ? inode_init_owner+0x340/0x340
[  572.898954]  ? find_held_lock+0x36/0x1c0
[  572.902999]  ? lock_downgrade+0x8f0/0x8f0
[  572.907137]  ? __lock_is_held+0xb5/0x140
[  572.911181]  ? __sb_end_write+0xac/0xe0
[  572.915136]  ? pipe_write+0xb63/0xeb0
[  572.918928]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  572.924446]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  572.929961]  ? fsnotify+0xbb4/0x14e0
[  572.933663]  ? lock_downgrade+0x8f0/0x8f0
[  572.937792]  ? fsnotify_first_mark+0x350/0x350
[  572.942352]  ? __fsnotify_parent+0xcc/0x420
[  572.946662]  ? fsnotify+0x14e0/0x14e0
[  572.950456]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  572.955968]  ? vfs_write+0x2a8/0x560
[  572.959661]  do_group_exit+0x177/0x440
[  572.963527]  ? __ia32_sys_exit+0x50/0x50
[  572.967570]  ? syscall_slow_exit_work+0x500/0x500
[  572.972403]  ? do_syscall_64+0x9a/0x820
[  572.976360]  __x64_sys_exit_group+0x3e/0x50
[  572.980659]  do_syscall_64+0x1b9/0x820
[  572.984535]  ? syscall_slow_exit_work+0x500/0x500
[  572.989357]  ? syscall_return_slowpath+0x5e0/0x5e0
[  572.994268]  ? syscall_return_slowpath+0x31d/0x5e0
[  572.999181]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[  573.004526]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  573.009352]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  573.014517] RIP: 0033:0x456a09
[  573.017682] Code: 24 00 00 00 e8 e8 4e fd ff 0f 0b e8 c1 34 00 00 e9 3c ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc 64 48 8b 0c 25 f8 ff ff ff <48> 3b 61 10 76 40 48 83 ec 28 48 89 6c 24 20 48 8d 6c 24 20 48 8b 
[  573.036792] RSP: 002b:0000000000a3f618 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  573.044478] RAX: ffffffffffffffda RBX: 00000000fffffff7 RCX: 0000000000456a09
[  573.051725] RDX: 00000000004104e0 RSI: 0000000000a44bd0 RDI: 0000000000000043
[  573.058974] RBP: 00000000004c1974 R08: 000000000000000b R09: 00000000004c153a
[  573.066222] R10: 0000000002029940 R11: 0000000000000246 R12: 0000000000000013
[  573.073471] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000707d60
[  573.081110] Dumping ftrace buffer:
[  573.084634]    (ftrace buffer empty)
[  573.088325] Kernel Offset: disabled
[  573.092015] Rebooting in 86400 seconds..