4e9f5789898834d9bf2549ecbdcc0888c1b9e36ac240e33134b12c4e01e30da9d6ec883f0fc2c221d7b85dd832671dd983afd5fe85551bbababfcb1982bac55689dbf58a9d5d93212ce3686debc245e365ae090b5299405f10de4e62fc2fd94b93b7ca24023469602fbf06dd9570580c4abcd2b75318f3ce622b4a6ecde5de7355f0b604a41d2e223191a143c52dfad77b9045f010fd8c9f2183b840e3ec0268518ed874721aa5e2f69805fb911ab29bb6ee7c689d3913feabc9d78a680b401259a797cfeaaf556104cd5ec57b47b0666961d63cfef5ebdc147a0123065e76922e2db64022a7b2353bdf71ebb4145684a8c4e8b45aa08e9f339cadeca8b7ef84d0e8d4a9f7211255026421baf8263e39d24d3fd41ca79eba44543961d65c2aab263c473b5848addc1ff7fba007373ede79a95a4af1493cedbf6cbac054956b14708fb3cc21987a0496cfade5efe54ba6685315f6f711de71aad11b1bda4787ebf0b3ba081ff47dbe18b2dfc58d9250a740b9a244d27aae81a9c534bdc08b73a2afcc6acdd428e729c60d9960aa98cc68dd8b6553790e90898d5697c18d5608c05abdfa859f53bec31605ff4c4669d2ae8e220e2f84b937e724b9a7c49190fc876326d5a3f0a8b432402b6b533a981273a233a682408975306e879afb76e48ca5640e72711e6ce12220b8987002e2bfdbea55793ccbd53478c03822dae275e3fc0ed6029ae5bf6e4289d5f232cf8bef0b109762c520aa7de4ead0e35a75bf4d9cb918644b9f9b0aea8cbb01b80dd041a5505652f502ac6d1cb4301a6fcf6d9d6e75129591a61a80d73b8e52a17ef5c7bed79953367e1dad6d9d934cb1acf4a69a45bfecaf7f2beb8d96e4cdc8d7e2c05995e41e8c48f335b26f3500d1a89b3c2783d8e8a217949c7649f79d7724ee55074285caf012efd3a1e991171c1b7fff4634c305f2a11c3fbd7cf5b48383d3496e7e53c94d1eefb2cf915478eb6c2fb5766658460063fe1957963b974d34f99d373445de28ccf477265d9a8a3939091b787458484aaf6ebba6c21fdb601961bbf845aa0e937e9afc12b5e8f97c5c054b115ab2d9eb4761b83b10c623c3e595019aea7b4eafd409ae0a0c51605a3e1f9e38b2b8674d74761b82b249a66e923625b6fe8f4553318b771f649dee180674727fd30696859cb4d198ec262bde8425e246335dd6e04234b9b473e96b0b595e7aa897ac335a579062afd1bf5e44d7eb3e88d77593f9470de62fd1c0569424f28df685dd1f76c4f6df55aa5ad51818e769a5d0ee23e9fb54824be304c7e20c8002d586f651e"}, &(0x7f00000001c0)=0x1008)

[  607.862386][ T3370] binder: BINDER_SET_CONTEXT_MGR already set
[  607.877353][ T3370] binder: 3369:3370 ioctl 40046207 0 returned -16
[  607.894212][ T3373] binder: 3369:3373 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
21:33:22 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x1, 0x0, [{0x0, 0x3}]}})

21:33:22 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)
r2 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r4 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r5=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r5+30000000}}, 0x0)
readv(r3, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r2, r3, 0x0)
tkill(r4, 0x1000000000014)
getsockopt$IP6T_SO_GET_ENTRIES(r1, 0x29, 0x41, &(0x7f0000000100)={'mangle\x00', 0x70, "b6d060fdb11d0345455ea1d1e021aff11cb9606c0a8d98f005ac5bfc1778a7114806545eb62aa93c97f84e52b5c51761eaa6da2f86dcda723f3ffc16c652c123813405de1223f3321156def4a05f2888021268064780e5eda352662a265b6716a66fe8da83f9d4f93291530e0c5956a9"}, &(0x7f00000001c0)=0x94)

21:33:22 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000280)={0x0, 0x0, @ioapic={0x0, 0x0, 0x0, 0x1, 0x0, [{0x0, 0x3, 0x0, [], 0x1ff}]}})

21:33:22 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000280)='/dev/binder#\x00', 0x0, 0x20000002)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
pwrite64(r0, &(0x7f0000000100)="1c0097da9d7dbdc79fbf82e2d4c35b5f506b03198c54a5124c12369914f067840683bc4f6b2f48b3f7f1b7a07722a2e9aaf88d6c7b3e6246238846ac757462d2ea3ac22b0096a4b3c5421b3b3bdd9b04cefbb004ae32025a6ad33460cbae1e53e60b0653a959b4cdcf0aa500b24252503d9dfbce97d137804cc6e02614eaa93825fa8c9ff69eb815c15a24634b99d1384829", 0x92, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:33:22 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000580)='/dev/sg#\x00', 0x0, 0x8000)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
pwritev(r0, &(0x7f0000000340)=[{&(0x7f0000000100)="a12386bd9419c9ddb826119f67dccc6f620089d287b028fb32cdaf957c8b89c4d03af13b241a42e3d23e70b34c20561e8f3d9bbb1593ff848fd69d168b6123216a6303f9df73d6e1228a5354fe63ea3d93368e26ea48f48ece4c89ac554e21c64b1b02f3f58883bfe3567b49af25083307c594aa7d6e9a67a1a5d351d432eeb99b570f063c022bd97d7fd1de0fac6505cc54c43526ad13da1d11ef10e446821f12c35f8ccafb077439a662c3a8748698b3ffa715404d5755d80b509d4041577e7914bc1239451e872eae38864746697ee4ce8c2121322038385c4caa475b655eec8668fca047c2bcdda35a646d7c43eda6eea2", 0xf3}, {&(0x7f0000000280)="60a821dbe3923fba7f16c2785ea2918f00d24df5c40e9719b65451e30b4b4dc874efd009342c281b9e45acf08bab4cd1788d9baba421e461dbfded2ce9f36a2254607de3af326a4c14b96bbf9cc6cdd98fd653eb1ed653c0f80a07a7f8d4e7da9fcff769180916faba51a218969465cbde6ef187c05dfbef22950ba9fe8ec33cfae9998cf90fda41dc8f798b4a3ea1682807889f5bd4e7f0f172133c4047efecc35638", 0xa3}], 0x2, 0x0)
r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000380)='/dev/dsp\x00', 0x80000, 0x0)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000400)='IPVS\x00')
sendmsg$IPVS_CMD_GET_CONFIG(r1, &(0x7f0000000500)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x54, r2, 0x900, 0x70bd2a, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DAEMON={0xc, 0x3, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x5}]}, @IPVS_CMD_ATTR_SERVICE={0x34, 0x1, [@IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@multicast1}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e21}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x5, 0x24}}, @IPVS_SVC_ATTR_FWMARK={0x8}]}]}, 0x54}}, 0x90)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r3 = dup(r0)
write$FUSE_NOTIFY_STORE(r3, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)

21:33:22 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x1, 0x0, [{0x0, 0x3, 0x0, [], 0x1ff}]}})

[  608.522425][ T3388] binder: 3382:3388 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
21:33:22 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x1, 0x0, [{0x0, 0x3, 0x0, [], 0x1ff}]}})

21:33:22 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
setsockopt$inet6_int(r1, 0x29, 0x46, &(0x7f0000000100)=0x8000, 0x4)
ioctl$RTC_WIE_OFF(r1, 0x7010)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)

[  608.594281][ T3388] binder: BINDER_SET_CONTEXT_MGR already set
[  608.616380][ T3388] binder: 3382:3388 ioctl 40046207 0 returned -16
[  608.623352][ T3396] binder: 3382:3396 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
21:33:22 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440000000000e630c4000000000556f405aa916e9e02a50c2909d165efe346145b7c3d201290e220123bf0882da244799e7146ebdb994293f7471bd4fc7eeecaa83a7"], 0x0, 0x0, 0x0})
openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x4000, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="f7620c4000000000"], 0x0, 0x0, 0x0})

21:33:22 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x1, 0x0, [{0x0, 0x3, 0x0, [], 0x1ff}]}})

21:33:22 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)
ioctl$DRM_IOCTL_SET_MASTER(r1, 0x641e)

21:33:22 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)
r2 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r4 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r5=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r5+30000000}}, 0x0)
readv(r3, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r2, r3, 0x0)
tkill(r4, 0x1000000000014)

[  608.812617][ T3405] binder: 3404:3405 unknown command 1074553591
[  608.825895][ T3405] binder: 3404:3405 ioctl c0306201 20000080 returned -22
[  608.851204][ T3405] binder: BINDER_SET_CONTEXT_MGR already set
[  608.865329][ T3405] binder: 3404:3405 ioctl 40046207 0 returned -16
[  608.870354][ T3414] binder: 3404:3414 unknown command 1074553591
[  608.890419][ T3414] binder: 3404:3414 ioctl c0306201 20000080 returned -22
21:33:23 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x1, 0x0, [{0x0, 0x3, 0x0, [], 0x1ff}]}})

21:33:23 executing program 0:
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rfkill\x00', 0x1, 0x0)
ioctl$KVM_GET_MP_STATE(r0, 0x8004ae98, &(0x7f0000000180))
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})
r1 = accept4$inet6(0xffffffffffffff9c, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, &(0x7f0000000100)=0x1c, 0x80800)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000240)={0x1, {{0xa, 0x4e22, 0x154, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}, {{0xa, 0x4e24, 0x4, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x6}}}, 0x108)
ioctl$DRM_IOCTL_AGP_INFO(r0, 0x80386433, &(0x7f0000000380)=""/226)

21:33:23 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)
ioctl$TIOCSSOFTCAR(r1, 0x541a, &(0x7f0000000100)=0x7fffffff)

21:33:23 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000280)={0x0, 0x0, @ioapic={0x0, 0x0, 0x0, 0x1, 0x0, [{0x0, 0x3, 0x0, [], 0x1ff}]}})

21:33:23 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, 0x0)

21:33:23 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)
r2 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r4=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r4+30000000}}, 0x0)
readv(r3, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r2, r3, 0x0)

21:33:23 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="2b00000004002f31606ccd154760d1a0ecb8dd26b5e70000000007003e34eaff000000"], 0x151)

21:33:23 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x1, 0x0, [{0x0, 0x3, 0x0, [], 0x1ff}]}})

21:33:23 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'bpq0\x00', 0x21})
socketpair(0x0, 0x4, 0x0, 0x0)
r1 = openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(0xffffffffffffffff, 0x40505412, 0x0)
ioctl$FITRIM(r1, 0xc0185879, &(0x7f0000000000))
r2 = openat$cachefiles(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$VIDIOC_QUERY_EXT_CTRL(0xffffffffffffffff, 0xc0e85667, 0x0)
stat(0x0, &(0x7f0000000a40))
getegid()
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$vbi(&(0x7f0000001280)='/dev/vbi#\x00', 0x3, 0x2)
geteuid()
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000240)={0x0, r1}, 0xffffffffffffff03)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000040)={0x6, 0x1, 0x0, 0x7ff, 0x4}, 0x14)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, 0x0, 0x0)
r4 = memfd_create(&(0x7f0000000000)='\xac\x01\x00', 0x4)
ftruncate(r4, 0x1000000)
ioctl$UI_END_FF_ERASE(r3, 0x400c55cb, 0x0)
sendfile(r3, r4, &(0x7f00000000c0)=0xf10001, 0xeffffdef)
write$P9_RREADLINK(r2, &(0x7f0000000280)=ANY=[], 0x0)
close(r3)
r5 = dup(r2)
openat$cgroup_ro(r5, &(0x7f0000000100)='cpuset.memory_pressure\x00', 0x0, 0x0)
ioctl(0xffffffffffffffff, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8910, &(0x7f0000000080)='ip6tnl0\x00')
ioctl$FS_IOC_GETFLAGS(r1, 0x80086601, &(0x7f0000000140))
futex(&(0x7f0000000180)=0x1, 0x0, 0x2, &(0x7f00000001c0), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})

[  609.628603][ T3440] sg_write: data in/out 825163744/295 bytes for SCSI command 0x0-- guessing data in;
[  609.628603][ T3440]    program syz-executor.5 not setting count and/or reply_len properly
[  609.708826][ T3444] sg_write: data in/out 825163744/295 bytes for SCSI command 0x0-- guessing data in;
[  609.708826][ T3444]    program syz-executor.5 not setting count and/or reply_len properly
21:33:23 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
r1 = syz_open_dev$swradio(&(0x7f0000000180)='/dev/swradio#\x00', 0x1, 0x2)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r1, 0xc10c5541, &(0x7f0000000280)={0x2e, 0x2b5180000000000, 0x8001, 0x0, 0x0, [], [], [], 0x3, 0xcf})
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r2 = dup(r0)
openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x400800, 0x0)
accept4$ax25(r2, 0x0, &(0x7f0000000100), 0x800)
write$FUSE_NOTIFY_STORE(r2, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)

21:33:23 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, 0x0)

21:33:23 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0x3, 0x0, [], 0x1ff}]}})

21:33:23 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/vs/snat_reroute\x00', 0x2, 0x0)
ioctl$EVIOCGREP(r1, 0x80084503, &(0x7f0000000140)=""/145)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r2 = dup(r0)
ioctl$TIOCSSOFTCAR(r1, 0x541a, &(0x7f0000000280)=0x9)
write$FUSE_NOTIFY_STORE(r2, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)
timerfd_create(0x7, 0x800)

21:33:23 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, 0x0)

21:33:23 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x8000, 0x0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)

21:33:23 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0xee)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x86e)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)
accept4$ax25(r1, &(0x7f0000000080)={{0x3, @default}, [@netrom, @default, @remote, @bcast, @remote, @netrom, @netrom, @default]}, &(0x7f0000000180)=0x48, 0x80000)

21:33:23 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, 0x0)

[  610.456286][ T3445] binder: BINDER_SET_CONTEXT_MGR already set
[  610.462540][ T3445] binder: 3435:3445 ioctl 40046207 0 returned -16
21:33:24 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)
r2 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r4=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r4+30000000}}, 0x0)
readv(r3, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r2, r3, 0x0)

21:33:24 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a620000000000000000f1b00000000000000000000000000000000000000007e000000007fffffffffffffff9b8429160eded737efbd1b63bbe0c2019ec4"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)

21:33:24 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0x3, 0x0, [], 0x1ff}]}})

21:33:24 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0xffffffffffffffaa, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0000000000000101"], 0x0, 0x0, 0x0})

21:33:24 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, 0x0)

21:33:24 executing program 5:
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0xffff, 0x0)
ioctl$TIOCLINUX3(r0, 0x541c, &(0x7f00000001c0))
r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r1, &(0x7f0000000200)={0x60}, 0x60)
r2 = dup(r1)
ioctl$TCSETAF(r2, 0x5408, &(0x7f0000000100)={0x464, 0x800, 0x0, 0x5, 0x16, 0x0, 0x1, 0xc19, 0x1788, 0x2})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r2, 0xc00c642d, &(0x7f0000000140)={<r3=>0x0, 0x80000, r0})
ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40086409, &(0x7f0000000280)={r3})
write$FUSE_NOTIFY_STORE(r2, &(0x7f0000000040)={0x28, 0x4, 0x0, {0x0, 0x0, 0x0, 0xa0}}, 0x28)

21:33:24 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, 0x0)

[  610.621101][ T3483] binder: BINDER_SET_CONTEXT_MGR already set
[  610.643591][ T3483] binder: 3482:3483 ioctl 40046207 0 returned -16
21:33:24 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x8, 0x0, &(0x7f0000000200)=ANY=[@ANYPTR], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})
prctl$PR_GET_FPEXC(0xb, &(0x7f0000000140))
r1 = add_key(&(0x7f0000000040)='trusted\x00', &(0x7f0000000100)={'syz', 0x0}, &(0x7f0000000240)="ff24f41505bb7298237cac1ecfbcd3b9eb2685d7d83151d8c76c7fae1ec6eae959302c9e8c8b8b56907f4517631d2771ef38e64cf55a0f1495efe026921dafe2b1cccdb9582a68bbdfb8f032eae0718b9d55febed81a12ded1d0d6b3c1ac24dbb842a3aa5342c0a5297b29f60cf58c4afa3b097538116d3635bd5653b5502f3271960ea56e56084afa14824fe84d77ec13284000da572491f92ebde1fe4b42b4a2d75bdee2e719d451de4cda2a59dc61dc6c62bfc19000cef601447aef5ebb92bd4271067ce0b15afdc3a47ac74351c487feeda999d3c8eb25e77514be828d966eaefd7128991e65c4080c", 0xeb, 0xfffffffffffffffd)
keyctl$assume_authority(0x10, r1)

21:33:24 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000100)={0x75, 0x7})
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="2b0000000400000000000000000000000000000000000054d5520ba0000000000000"], 0x151)

[  610.765124][ T3495] binder: 3494:3495 unknown command 0
[  610.774916][ T3495] binder: 3494:3495 ioctl c0306201 200001c0 returned -22
[  610.799836][ T3495] binder: 3494:3495 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
21:33:24 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)
ioctl$NBD_SET_FLAGS(r1, 0xab0a, 0x100000000)

[  610.823215][ T3495] binder: BINDER_SET_CONTEXT_MGR already set
[  610.823417][ T3500] binder: 3494:3500 unknown command 0
[  610.835862][ T3500] binder: 3494:3500 ioctl c0306201 200001c0 returned -22
[  610.843621][ T3500] binder: 3494:3500 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  610.861730][ T3495] binder: 3494:3495 ioctl 40046207 0 returned -16
21:33:24 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})
r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm_plock\x00', 0x20000, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000100)={0x1, 0x0, [{0x0, 0x4, 0x0, 0x0, @sint={0x10001, 0x3}}]})

21:33:24 executing program 5:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x200400, 0x0)
openat$null(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/null\x00', 0x0, 0x0)
write$P9_RFSYNC(r0, &(0x7f0000000140)={0x7, 0x33, 0x1}, 0x7)
write$P9_RFLUSH(r0, &(0x7f0000000180)={0x7, 0x6d, 0x2}, 0x7)
r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r0, 0x80045700, &(0x7f0000000280))
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r1, &(0x7f0000000200)={0x60}, 0x60)
r2 = dup(r1)
write$FUSE_NOTIFY_STORE(r2, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x24, 0xfffffffffffffdcc, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)

[  610.964221][ T3507] binder: 3506:3507 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  610.986635][ T3507] binder: BINDER_SET_CONTEXT_MGR already set
[  610.993414][ T3508] binder: 3506:3508 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  611.019207][ T3507] binder: 3506:3507 ioctl 40046207 0 returned -16
21:33:25 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)
r2 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r4=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r4+30000000}}, 0x0)
readv(r3, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r2, r3, 0x0)

21:33:25 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:33:25 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0x3, 0x0, [], 0x1ff}]}})

21:33:25 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000e630c400000004f5e58b90055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:33:25 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="2b0000ed1600000000000000000000000000000000000000000000000000000054d5520ba00000008000003ff4a5b7fd6a5800000000000000000000002a619c8c8ea3c23413a6b37e85558cadd06ec3d8a215b4949f2e88eb5712dd35754903cf4f05b923fe8e8a763d6809"], 0x151)

21:33:25 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000280)={0x0, 0x0, @ioapic={0x0, 0x0, 0x0, 0x1, 0x0, [{0x0, 0x3, 0x0, [], 0x1ff}]}})

[  611.606717][ T3515] binder: 3513:3515 BC_REQUEST_DEATH_NOTIFICATION invalid ref 1325400064
21:33:25 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
ioctl$void(r0, 0xc0045878)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)

[  611.668385][ T3526] binder: 3513:3526 BC_CLEAR_DEATH_NOTIFICATION death notification not active
[  611.694872][ T3515] binder: BINDER_SET_CONTEXT_MGR already set
[  611.695840][ T3526] binder: 3513:3526 BC_REQUEST_DEATH_NOTIFICATION invalid ref 1325400064
21:33:25 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/vcs\x00', 0x2428c1, 0x0)
ioctl$UI_SET_MSCBIT(r1, 0x40045568, 0xa)
write$binfmt_elf32(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000020007e0000000000003a14b6048915008590e10b482c55d62fd46b2a25a5ae7b2febb0aaf289b1fee89e5d390435d23890ca9f744149bbc89d8772d7b3071186cb60bec772c67ad3bf27eb85231cd34cdf304aab703d4933bf34de34af90bd15af074ec714795796c7c7298aa07d8e8fd39e8ccc4387571a446dbaae0e63c6e45aae6589a4a2e107e70e2c994ddf207efbe84939f050756d259d7aaed6e65dd7a3b3dc3d0b5cca8b588d5709d8faaf8c2584e07e0cca390e2fd22483061691c747203ef68ef86994398a256e7aa2c150964d9aa32f47a783fa605f7d65ddc8cf8ad5f30061597b08e48312dc67c9b01f4d23fb4999846adac406fc4f544539a2471e928b9c2bf1873bca082151d0d28bdc731fe01b165e1261f8c73062309c1b0000000000000000000000000000000000000000000000005cb12b71f0a6fc2a93eebb28ea92c4b03718a1b013bdc211ced907081f550ad22d5d0c07a4d55daf558a379b3e9fd53cf4642e888e2881e73c094cd8b587bb65948225fab08e41d48a5eee85efa3f510f58d8c0c5ba7da7202e2f799e641c8c096503d53cfbcd16fa6bd9fc9ed37557d2324b634c43deb238b57d2d313328b23ebd5ef34d777b0c025d6e6c1cdb7a56ee622b6f8b1e24069118028c7a646959c3e1e0c497fb7ad26"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
ioctl$SIOCX25GDTEFACILITIES(0xffffffffffffffff, 0x89ea, &(0x7f00000001c0))
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff}, 0x117, 0x9}}, 0x20)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x40100, 0x0)
openat$capi20(0xffffffffffffff9c, &(0x7f0000000480)='/dev/capi20\x00', 0x20000, 0x0)
ioctl$FIBMAP(0xffffffffffffffff, 0x1, &(0x7f0000000080)=0x20)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(0xffffffffffffffff, &(0x7f0000000180)={0x5, 0x10, 0xfa00, {&(0x7f0000000280), r2, 0x3}}, 0x18)
write$FUSE_NOTIFY_STORE(0xffffffffffffffff, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)

[  611.729108][ T3515] binder: 3513:3515 ioctl 40046207 0 returned -16
21:33:25 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0f000c0500000000"], 0x0, 0x0, 0x0})

21:33:25 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="2b00000004000045c3000000000000000000000000000000f5ff0000"], 0x151)
ioctl$KVM_TRANSLATE(r1, 0xc018ae85, &(0x7f0000000100)={0x116000, 0x3001, 0x5, 0x9, 0x7fff})

[  611.861639][ T3538] binder: 3537:3538 unknown command 84672527
[  611.870059][ T3538] binder: 3537:3538 ioctl c0306201 20000080 returned -22
[  611.888843][ T3538] binder: BINDER_SET_CONTEXT_MGR already set
21:33:25 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0f630c4004000000"], 0x0, 0x0, 0x0})

[  611.920343][ T3538] binder: 3537:3538 ioctl 40046207 0 returned -16
[  611.938776][ T3541] sg_write: data in/out 1157627872/295 bytes for SCSI command 0x0-- guessing data in;
[  611.938776][ T3541]    program syz-executor.5 not setting count and/or reply_len properly
21:33:25 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x1, 0x0, [{0x0, 0x0, 0x0, [], 0x1ff}]}})

[  612.062313][ T3544] sg_write: data in/out 1157627872/295 bytes for SCSI command 0x0-- guessing data in;
[  612.062313][ T3544]    program syz-executor.5 not setting count and/or reply_len properly
[  612.080900][ T3543] binder: 3542:3543 BC_CLEAR_DEATH_NOTIFICATION invalid ref 4
[  612.125674][ T3543] binder: BINDER_SET_CONTEXT_MGR already set
[  612.131709][ T3543] binder: 3542:3543 ioctl 40046207 0 returned -16
21:33:26 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r4=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r4+30000000}}, 0x0)
readv(r2, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
tkill(r3, 0x1000000000014)

21:33:26 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000280)={0x0, 0x0, @ioapic={0x0, 0x0, 0x0, 0x1, 0x0, [{0x0, 0x3, 0x0, [], 0x1ff}]}})

21:33:26 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:33:26 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020012a9db70000000f1b0000000000000000000000000000000000d941af1f0000007e0000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)
rt_sigpending(&(0x7f0000000100), 0x8)

21:33:26 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='net/kcm\x00\b\x00')
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000003280)={0x0, 0x1c9c380})
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
preadv(r1, &(0x7f00000017c0), 0x3da, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
getsockopt$inet_sctp_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000040)={<r2=>0x0, 0x101, 0xfffffffffffffffe, 0x5, 0x3, 0x8}, &(0x7f0000000100)=0x14)
getsockopt$inet_sctp_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000140)={r2, 0x3, 0x1, [0x8]}, &(0x7f0000000180)=0xa)
ioctl$KDSETMODE(r1, 0x4b3a, 0xfffffffffffffe01)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:33:26 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x1, 0x0, [{0x0, 0x0, 0x0, [], 0x1ff}]}})

21:33:26 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f0000000100)={0x0, <r2=>0x0})
ioctl$DRM_IOCTL_GEM_OPEN(r1, 0xc010640b, &(0x7f0000000140)={r2, 0x0, 0x3})
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="2b000000040014a8000000000000000000000b12d7b9fe8c0e5400000000000054d5520ba0000000001e00ae08f24b36cdcbe3a25b5e3cea45f7e332a4102c32887d191feb50ac2ff9b3dafa41b8bd38b4a41bd35ffafa15275b2ef254201dbd0914d055961da6"], 0x151)
dup(r1)

21:33:26 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  612.714372][ T3559] binder: 3550:3559 ioctl 4b3a fffffffffffffe01 returned -22
[  612.751752][ T3564] binder: 3550:3564 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
21:33:26 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
r1 = socket$pptp(0x18, 0x1, 0x2)
bind(r1, &(0x7f0000000100)=@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x21}}, 0x80)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r2 = dup(r0)
write$FUSE_NOTIFY_STORE(r2, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)

21:33:26 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  612.872410][ T3559] binder: BINDER_SET_CONTEXT_MGR already set
[  612.891581][ T3559] binder: 3550:3559 ioctl 40046207 0 returned -16
[  612.894784][ T3573] binder: 3550:3573 ioctl 4b3a fffffffffffffe01 returned -22
21:33:26 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000150e630c400000000055"], 0x0, 0x0, 0x0})
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x472080, 0x0)
ioctl$VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000080)={0x8, 0xf, 0x1})

[  612.927836][ T3574] binder: 3550:3574 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  613.014063][ T3581] binder: 3580:3581 Acquire 1 refcount change on invalid ref 352321536 ret -22
[  613.035883][ T3581] binder: 3580:3581 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  613.053782][ T3581] binder: BINDER_SET_CONTEXT_MGR already set
21:33:26 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  613.060825][ T3582] binder: 3580:3582 Acquire 1 refcount change on invalid ref 352321536 ret -22
[  613.086775][ T3581] binder: 3580:3581 ioctl 40046207 0 returned -16
[  613.093332][ T3582] binder: 3580:3582 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
21:33:27 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r4=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r4+30000000}}, 0x0)
readv(r2, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
tkill(r3, 0x1000000000014)

21:33:27 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000400)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705f4a1de47508d8a76e7cac0f0b0da6c7a2d909a2a600000020000000000000000f000000000000008e39042e62036850111a602bc4e5c8ffff0000b3fe10dab979bda88d974d73ff9f031564f40875897f18ca53af0e8cc2983e7af55e7f28e6f52053c6d8f748eeccf2eb7069d402af5cede5723d0d0aa10baf4d8bd40551cc903c891c133e8940b8d21b010460810d663de78865f85dedf1d7494689826e6f66b1dd79e2d48e2ce5ce6b4c6cbc77ad52b12e3f568dc48d78b99896cdf8f73da7656e871c42b6c93ea5b5d102d0a233fbd78fa9e2c1dd266a6ba74137f1c5eaba9bc596d4c63b055bc4c89f93cd95cd2f37dcb55bcdf59aeafa10d77a5950be517bdf345504c49a336fe5ea3632a5fdc09d5edb1f9bdf96b997196636972decdedca7832ac443eeabf2ee85e5acdd0baea491b95b3fc09541c9f6fc40f92a731aa49f089cb260d9f8fe3ab9e2891d8549117f39e321e63fbeb0b0f9630a7dead125e8e32e43fef9d08de6d644cfd79220f3735c62e07c508edd84eec45213d4428bacb2e3face78"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60, 0x0, 0x0, {{0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffff7fffffff}}}, 0x60)
syz_open_dev$sndmidi(&(0x7f0000000100)='/dev/snd/midiC#D#\x00', 0x7, 0x18100)
r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-control\x00', 0x400, 0x0)
accept4$vsock_stream(r1, &(0x7f00000000c0)={0x28, 0x0, 0xffffffff, @host}, 0x10, 0x800)
r2 = dup(r0)
ioctl$BLKREPORTZONE(r2, 0xc0101282, &(0x7f0000000280)={0x1f, 0x5, 0x0, [{0x9, 0x8, 0xe4, 0x800, 0x8000, 0x564, 0x400}, {0x7fff, 0xba21, 0x8, 0x8, 0x1, 0x20, 0xab}, {0x9, 0x101, 0x5, 0xfff, 0x1f, 0x100, 0xffffffffffffffc1}, {0x7, 0x7f82, 0xffffffff7fffffff, 0x15f, 0x625, 0x3ff, 0x1}, {0x4, 0x99, 0x9a4c, 0x59b, 0x95, 0x4, 0x2008000000000}]})
write$FUSE_NOTIFY_STORE(r2, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)
r3 = msgget(0x3, 0x4)
msgsnd(r3, &(0x7f0000000140)={0x3, "dcb99bf7d69ed09075bedb4082a01e755efdc2f0916a5160aa2e95a8313616fb21ca901fb0bceb417605f30f4292811553203b94af69c4691b9c25f94ed5a63f7be9c803ecb2ab23578adf386385a65a5561493033506fc7d47c7d3403c134271777b4bf641b5aa58c4c6e394c8504"}, 0x77, 0x800)
ioctl$VIDIOC_ENUMINPUT(r1, 0xc050561a, &(0x7f00000005c0)={0xfffffffffffffff8, "e291d49be42a730bcc20bec4a6e03d2b877e1ae72bbf36200e64fd9abd3e1189", 0x1, 0x2, 0x7, 0x1700, 0x100, 0x2})

21:33:27 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x1, 0x0, [{0x0, 0x0, 0x0, [], 0x1ff}]}})

21:33:27 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000280)={0x0, 0x0, @ioapic={0x0, 0x0, 0x0, 0x1, 0x0, [{0x0, 0x3, 0x0, [], 0x1ff}]}})

21:33:27 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000e630c400000000055f61aaf68450257f372cf3a64f2b8"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

[  613.737508][ T3593] binder: 3590:3593 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 57024568af1af655 != 0000000000000000
21:33:27 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600728437fde473f4763e1ab9c30263e0e1000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
setsockopt$sock_void(r1, 0x1, 0x1b, 0x0, 0x0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)

21:33:27 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})
socketpair(0x0, 0x800, 0x81, &(0x7f0000000040))

[  613.783775][ T3593] binder: BINDER_SET_CONTEXT_MGR already set
[  613.803792][ T3593] binder: 3590:3593 ioctl 40046207 0 returned -16
21:33:27 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)=ANY=[], 0x0)
ioctl$SIOCX25SFACILITIES(r0, 0x89e3, &(0x7f0000000040)={0x6c, 0x100000001, 0x6, 0x5, 0x2, 0x81})

[  613.886227][ T3606] binder: 3605:3606 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  613.919512][ T3606] binder: BINDER_SET_CONTEXT_MGR already set
[  613.926175][ T3609] binder: 3605:3609 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  613.939199][ T3606] binder: 3605:3606 ioctl 40046207 0 returned -16
21:33:27 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:33:27 executing program 0:
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x40000, 0x0)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffff9c, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@local, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}}, {{@in6=@initdev}, 0x0, @in=@initdev}}, &(0x7f0000000240)=0xe8)
ioctl$SIOCAX25DELUID(r0, 0x89e2, &(0x7f0000000280)={0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, r1})
r2 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:33:27 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snapshot\x00', 0x0, 0x0)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000500)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_SERVICE(r1, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0x1c, r2, 0xf02, 0x70bd29, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x1}]}, 0x1c}}, 0x20000000)
r3 = dup(r0)
write$FUSE_NOTIFY_STORE(r3, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)

[  614.087846][ T3619] binder: 3616:3619 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
21:33:27 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x1, 0x0, [{0x0, 0x3}]}})

[  614.156870][ T3621] binder: BINDER_SET_CONTEXT_MGR already set
[  614.174608][ T3621] binder: 3616:3621 ioctl 40046207 0 returned -16
[  614.181750][ T3621] binder: 3616:3621 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
21:33:28 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r4=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r4+30000000}}, 0x0)
readv(r2, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
tkill(r3, 0x1000000000014)

21:33:28 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000100)=ANY=[@ANYRESHEX=r0], 0xfffffffffffffdbb)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)

21:33:28 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0x3, 0x0, [], 0x1ff}]}})

21:33:28 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440000000000e630c40000000005519ed2ca9f4ef8379ccfb905d1a1a0a80e4c97a30bf4c9cced568819f84708efd02218bc0afddc425dff51e33bce69a5aa0921779a9ed5a59ad7612eaf62d6415f65547e06b0c099d1de9e2b9bcfb5587be8d04ba64d1c1f3ff1dc820c8e2cb95fe46e18b81199ec9230b46133fc86ee8de5c3c48fcb4edf528088c0f67"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:33:28 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x1, 0x0, [{0x0, 0x3}]}})

21:33:28 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[], 0x8a5639a31be5daf2)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)

[  614.796739][ T3634] binder: 3627:3634 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 83eff4a92ced1955 != 0000000000000000
21:33:28 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:33:28 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)

[  614.857979][ T3634] binder: BINDER_SET_CONTEXT_MGR already set
[  614.870531][ T3634] binder: 3627:3634 ioctl 40046207 0 returned -16
21:33:28 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/snmp6\x00')
r2 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000280)='NET_DM\x00')
sendmsg$NET_DM_CMD_STOP(r1, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2200401}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r2, 0x100, 0x70bd26, 0x25dfdbfb, {}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x8040)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0563046000000000060a370713edaaa278"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0f630cc000ce8c00"], 0x0, 0x0, 0x0})

21:33:28 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000280)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000340)=ANY=[@ANYRES64=r0], 0x8)
rmdir(&(0x7f0000000080)='./file0\x00')
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x1, 0x10800)
write$P9_RLERRORu(r1, &(0x7f00000000c0)={0x1f, 0x7, 0x1, {{0x3, '/dev/snd/pcmC#D#p\x00'}, 0xfffffffffffffffc}}, 0x1f)
recvfrom$inet(r1, &(0x7f00000003c0)=""/4096, 0x1000, 0x10000, 0x0, 0x0)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r2 = dup(r0)
setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f00000002c0)=0x20, 0x4)
getsockopt$IPT_SO_GET_INFO(r1, 0x0, 0x40, &(0x7f0000000180)={'raw\x00'}, &(0x7f0000000300)=0x54)
write$FUSE_NOTIFY_STORE(r2, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)
write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000100)={0x29, 0x4, 0x0, {0x2, 0x8000, 0x1, 0x0, [0x0]}}, 0x29)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)={0x10000000})

21:33:28 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='cpuacct.usage_percpu_user\x00', 0x0, 0x0)
getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffff9c, 0x84, 0x77, &(0x7f0000000140)={<r2=>0x0, 0x5, 0x2, [0x2, 0x400]}, &(0x7f0000000180)=0xc)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f00000001c0)={r2, 0x401}, &(0x7f0000000280)=0x8)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r3 = dup(r0)
write$FUSE_NOTIFY_STORE(r3, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)

[  614.984256][ T3650] binder: 3649:3650 unknown command 1610900229
[  615.015319][ T3650] binder: 3649:3650 ioctl c0306201 20000000 returned -22
[  615.023487][ T3650] binder: 3649:3650 unknown command -1072930033
[  615.035355][ T3650] binder: 3649:3650 ioctl c0306201 20000080 returned -22
[  615.060656][ T3657] binder: BINDER_SET_CONTEXT_MGR already set
[  615.069930][ T3657] binder: 3649:3657 ioctl 40046207 0 returned -16
21:33:28 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100bbe37bc3b89edb000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b0000000000000000000000000000000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)

[  615.085384][ T3650] binder: 3649:3650 unknown command 1610900229
[  615.092910][ T3657] binder: 3649:3657 unknown command -1072930033
[  615.100540][ T3650] binder: 3649:3650 ioctl c0306201 20000000 returned -22
[  615.113339][ T3657] binder: 3649:3657 ioctl c0306201 20000080 returned -22
21:33:29 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)
r2 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r4 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000))
readv(r3, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r2, r3, 0x0)
tkill(r4, 0x1000000000014)

21:33:29 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x100, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:33:29 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000100)=ANY=[], 0x0)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xfffffffffffffe86, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)

21:33:29 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x1, 0x0, [{0x0, 0x3}]}})

21:33:29 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0x3, 0x0, [], 0x1ff}]}})

21:33:29 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

[  615.826129][ T3666] binder: 3662:3666 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
21:33:29 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
accept4$vsock_stream(0xffffffffffffff9c, &(0x7f0000000100)={0x28, 0x0, 0xffffffff}, 0x10, 0x800)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)

[  615.889474][ T3666] binder: BINDER_SET_CONTEXT_MGR already set
[  615.907042][ T3666] binder: 3662:3666 ioctl 40046207 0 returned -16
21:33:29 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

[  615.958471][ T3678] binder: 3662:3678 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
21:33:29 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYRES64=r0], 0xfffffffffffffe5c, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:33:29 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)
prctl$PR_SET_MM_AUXV(0x23, 0xc, &(0x7f0000000100)="d0ac9410439cd2e1bb009b9760f2a4aa0c3623898c97a8770aaef3a04f3e9b4cf82c689dc7249ff36fd4bfe05a9a0817d242578b4352a57e14eefdc8872769646b6d6ad3df9bd08d26516815d4872b286668f24f95b296f27be66a713c537d06b29a98cce01af470239399d42f4f091805677d3c1079003038ddcec4d7d4a092fa7e5e6cd509e4714e0c9cb33ebfd58e06c3c7c5072abc175c48a3e6bd0a8cdd84ffa088ae8a614661c0885398e7070a46b0b211e8b59268a75e96869aa1e0e03e51a9946b307ac0f099ef28f074d729af02", 0xd2)

21:33:29 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

[  616.087822][ T3690] binder: 3689:3690 unknown command 3
[  616.102917][ T3690] binder: 3689:3690 ioctl c0306201 20000000 returned -22
21:33:29 executing program 5:
r0 = semget$private(0x0, 0x2, 0x218)
semctl$GETZCNT(r0, 0x0, 0xf, &(0x7f00000001c0)=""/53)
r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e0034ca89b10a6c0000000000000000000000c50d070324df35b5c973a3a983a9faf2018ec28791903889db303ecec869ac846adce4b5ca879ce670957a30c88dd73bb0a66d364aa4a8597a38ab73345839f1998166d8755ad4a6dcc65f13f39eea4c72967b6f392486d01d369db729daf0637940fa1419cef1d366fa8cc967aad2215f0f0db6daa30b7a34addab53139bf2574a3680cd5d46c6e855b1ef6b5697faf5014b45dc303bcb65aa6bc34a55d3437a27bacdfa83bb597c22cde32ebff97fd4edcc846"], 0x58)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
write$FUSE_NOTIFY_DELETE(r2, &(0x7f0000000140)={0x2a, 0x6, 0x0, {0x0, 0x2, 0x1, 0x0, '-'}}, 0x2a)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0)
ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r1)
write$FUSE_STATFS(r1, &(0x7f0000000200)={0x60}, 0x60)
r4 = dup(r1)
ioctl$EXT4_IOC_GROUP_EXTEND(r3, 0x40086607, &(0x7f0000000180)=0xffffffffffffffe1)
write$FUSE_NOTIFY_STORE(r4, &(0x7f0000000280)=ANY=[@ANYBLOB="2b00000004000000000000000000000000000000000000000000000000876f0054d5520ba00000000000007d3fbed2fe810545c341e853375b1141221c87fe8cdd50b8136b5c278acca2b9f70e4b2af9f7d404dd3194ad65d42ff802e0795596329c3e75941131fcffe0153ae229c8194f9ba753a42b0b8874ae6ce3d303b3d495a9eca9d24481d6315333a1a485d6d0c7c8a95e5aa19b1edc855915004f989557bdbab9e41a9d4968d25a3448a870db3c59b8175a550b651f786150ce36e605f5206a3b28115afc730aec69d2fd2a8f86cd4c82369e0eb78ad3bb9480888407c4aef385f23dec7c0d6634580685df98594416394d30c0039ed53c8d3d2433da85f85bf0609dcfc879db550e02af523985665de2fb1255dfcebd40f4f0"], 0x151)

[  616.128062][ T3690] binder: 3689:3690 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  616.172807][ T3690] binder: BINDER_SET_CONTEXT_MGR already set
[  616.205486][ T3697] binder: 3689:3697 unknown command 4
[  616.210930][ T3697] binder: 3689:3697 ioctl c0306201 20000000 returned -22
[  616.245318][ T3690] binder: 3689:3690 ioctl 40046207 0 returned -16
21:33:32 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)
r2 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r4 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000))
readv(r3, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r2, r3, 0x0)
tkill(r4, 0x1000000000014)

21:33:32 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='net/kcm\x00\b\x00')
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000003280)={0x0, 0x1c9c380})
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
preadv(r1, &(0x7f00000017c0), 0x3da, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
getsockopt$inet_sctp_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000040)={<r2=>0x0, 0x101, 0xfffffffffffffffe, 0x5, 0x3, 0x8}, &(0x7f0000000100)=0x14)
getsockopt$inet_sctp_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000140)={r2, 0x3, 0x1, [0x8]}, &(0x7f0000000180)=0xa)
ioctl$KDSETMODE(r1, 0x4b3a, 0xfffffffffffffe01)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:33:32 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0x3, 0x0, [], 0x1ff}]}})

21:33:32 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="05ff7f40000000000e630c400000000055b708aae405ce5a93779ed212bcf19a5adec0347dc2e6006d876497f745424ac348b414b758b95cf6422703775c46068ce4225f9b611ba2a8a74e3cd3d593473d4aee8909ef22ec4531e51ee45364d5a18927"], 0x0, 0x0, 0x0})
r1 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x3, 0x2)
ioctl$CAPI_GET_MANUFACTURER(r1, 0xc0044306, &(0x7f0000000100)=0x401)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x3e7, 0x0, &(0x7f00000000c0), 0x0, 0x0, 0x0})

21:33:32 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:33:32 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xffffffb2, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)
setsockopt$RXRPC_SECURITY_KEYRING(r1, 0x110, 0x2, &(0x7f0000000180)='vmnet0bdev+@procem0cgroupeth0procvmnet1posix_acl_access/proc,\x00', 0xfffffffffffffe27)

[  618.997597][ T3707] binder: 3705:3707 unknown command 1082130181
[  619.003804][ T3707] binder: 3705:3707 ioctl c0306201 20000000 returned -22
[  619.011106][ T3714] binder: BINDER_SET_CONTEXT_MGR already set
[  619.019923][ T3707] binder: 3705:3707 unknown command 1596122252
[  619.029445][ T3714] binder: 3710:3714 ioctl 40046207 0 returned -16
[  619.045696][ T3707] binder: 3705:3707 ioctl c0306201 20000180 returned -22
21:33:32 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600002220000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140)='TIPCv2\x00')
sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1028}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)={0x214, r2, 0x228, 0x70bd26, 0x25dfdbfb, {}, [@TIPC_NLA_LINK={0x80, 0x4, [@TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffffffffffffc}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}]}, @TIPC_NLA_LINK_PROP={0x54, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}]}, @TIPC_NLA_NET={0x54, 0x7, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x1}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7}, @TIPC_NLA_NET_NODEID={0xc}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x7}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x8000}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x6}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x9}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x91f4}]}, @TIPC_NLA_NET={0x14, 0x7, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x2}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x1f}]}, @TIPC_NLA_NODE={0xc, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_MON={0x24, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x3ff}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x560}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x9}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9}]}, @TIPC_NLA_SOCK={0x14, 0x2, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x3}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xffffffff}]}, @TIPC_NLA_MEDIA={0x88, 0x5, [@TIPC_NLA_MEDIA_PROP={0x34, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x681b}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7fffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x100000001}]}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffffffffffffc}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffffffff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4348}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}]}]}, @TIPC_NLA_MON={0x4c, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xe5a2}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x2}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x84}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x800}]}]}, 0x214}, 0x1, 0x0, 0x0, 0x4081}, 0x48800)

[  619.077929][ T3718] binder: 3705:3718 unknown command 1082130181
[  619.085633][ T3707] binder: BINDER_SET_CONTEXT_MGR already set
[  619.091654][ T3707] binder: 3705:3707 ioctl 40046207 0 returned -16
[  619.102006][ T3714] binder: 3710:3714 ioctl 4b3a fffffffffffffe01 returned -22
[  619.106481][ T3718] binder: 3705:3718 ioctl c0306201 20000000 returned -22
21:33:32 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x1, 0x0, [{0x0, 0x0, 0x0, [], 0x1ff}]}})

[  619.147818][ T3714] binder: 3710:3714 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
21:33:32 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:33:32 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='net/kcm\x00\b\x00')
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000003280)={0x0, 0x1c9c380})
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
preadv(r1, &(0x7f00000017c0), 0x3da, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
getsockopt$inet_sctp_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000040)={<r2=>0x0, 0x101, 0xfffffffffffffffe, 0x5, 0x3, 0x8}, &(0x7f0000000100)=0x14)
getsockopt$inet_sctp_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000140)={r2, 0x3, 0x1, [0x8]}, &(0x7f0000000180)=0xa)
ioctl$KDSETMODE(r1, 0x4b3a, 0xfffffffffffffe01)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:33:32 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a678f14917b6905fb6b686f91000000020000000000000000f1b0000445779120000000000000000000e65bfda080e52de78497c537cb5b5980f81539076ea"], 0x58)
r1 = semget$private(0x0, 0x3, 0x402)
semctl$SETALL(r1, 0x0, 0x11, &(0x7f0000000040)=[0x400, 0x953, 0xa36a, 0x6, 0x200, 0x10001])
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r2 = dup(r0)
getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r0, 0x84, 0x74, &(0x7f0000000280)=""/143, &(0x7f00000000c0)=0x8f)
write$FUSE_NOTIFY_STORE(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="2b00000004000002000000000000000004000000000000000033eaa556089d3057d552fdff0000000100005dd7fc3e6ebc70e0"], 0x151)

21:33:32 executing program 0:
r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20ncci\x00', 0xac80, 0x0)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r0, 0x84, 0x7, &(0x7f0000000100), &(0x7f0000000140)=0x4)
r1 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
readahead(r0, 0xfffffffffffffffb, 0x1)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

[  619.313434][ T3729] binder: 3726:3729 ioctl 4b3a fffffffffffffe01 returned -22
[  619.324994][ T3733] binder: BINDER_SET_CONTEXT_MGR already set
[  619.340001][ T3733] binder: 3731:3733 ioctl 40046207 0 returned -16
[  619.350261][ T3734] sg_write: data in/out 33554400/291 bytes for SCSI command 0xff-- guessing data in;
[  619.350261][ T3734]    program syz-executor.5 not setting count and/or reply_len properly
[  619.369113][ T3733] binder: 3731:3733 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  619.381973][ T3729] binder: 3726:3729 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  619.391887][ T3733] binder: BINDER_SET_CONTEXT_MGR already set
[  619.413393][ T3733] binder: 3731:3733 ioctl 40046207 0 returned -16
[  619.433987][ T3737] binder: 3731:3737 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
21:33:35 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)
r2 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r4 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000))
readv(r3, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r2, r3, 0x0)
tkill(r4, 0x1000000000014)

21:33:35 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)

21:33:35 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:33:35 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='net/kcm\x00\b\x00')
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000003280)={0x0, 0x1c9c380})
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
preadv(r1, &(0x7f00000017c0), 0x3da, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
getsockopt$inet_sctp_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000040)={<r2=>0x0, 0x101, 0xfffffffffffffffe, 0x5, 0x3, 0x8}, &(0x7f0000000100)=0x14)
getsockopt$inet_sctp_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000140)={r2, 0x3, 0x1, [0x8]}, &(0x7f0000000180)=0xa)
ioctl$KDSETMODE(r1, 0x4b3a, 0xfffffffffffffe01)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:33:35 executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='stack\x00')
preadv(r0, &(0x7f0000000700)=[{&(0x7f0000000240)=""/218, 0xda}], 0x1, 0x0)
writev(r0, &(0x7f0000000200)=[{&(0x7f0000000180)="4afc6a60a2dea93ba183dccc642a7c1284ba4cf4aca8551a1169435205cb9e420e3cf4fa5381a1623d82099525cc08845e5efb9ea2058598e6d33d64f92cbf330485d1eb8f2aab27fbf6c3cf4503034ee068ac2b6dd0b2ae401a8347e168491d3905aaad4227", 0x66}, {&(0x7f0000000400)="a1ef89dabdec735c6b489102c9d15d0bcaa26e2e1a98405afeaa1636d7af00d5f00d58ed26232585e2ab047167d1d241336773651c196f76afb2205d23e52893289e8e93d6d2af74871ed43aaf5b7e3fd875c330c8c26e249b0ad253a5531ed5f81e7319e49a48a7eb60228449e99286357ff062d3aff2fc7da6e9e2b2bbfab989e498fabf1c9fb21867c876b21dc1ff31440cfca03d8d1858ba81dad03030c40964c4d38ae9865aa72c6387fa82f24a", 0xb0}], 0x2)
r1 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000000)={0x17, 0x0, &(0x7f0000000380)=ANY=[@ANYRESOCT=r1], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})
r2 = syz_open_dev$adsp(&(0x7f0000000500)='/dev/adsp#\x00', 0x0, 0x80000)
setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000340), 0x4)
ioctl$sock_bt_hidp_HIDPGETCONNINFO(r2, 0x800448d3, &(0x7f0000000540)={{0x8100000000000, 0x763, 0x5, 0xf4e, 0xffffffffffff0001, 0x9}, 0x400000000000, 0x8, 0x4, 0x200, 0xe2d4, "95b269fd17b31373f37507982bf182697581eb0c339b39bedf94f9bdaf6d5d54a44f32686ee8cd96bfbbca212dc8845a6bebc1621ffb5ad211bbbe3e88d13b77da61686a1aedbe76a7de29d247c371be93a8832c9810adc27a8a46228c25dae8f8d29493d339ef133eef5f696c0cf5a68f74fb15d63035517ace7a99446f0f13"})
r3 = syz_open_dev$sndpcmp(&(0x7f0000000100)='/dev/snd/pcmC#D#p\x00', 0x80000001, 0x0)
setsockopt$RXRPC_UPGRADEABLE_SERVICE(r3, 0x110, 0x5, &(0x7f0000000140)=[0x1, 0x4], 0x2)

21:33:35 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x1, 0x0, [{0x0, 0x0, 0x0, [], 0x1ff}]}})

[  622.135872][ T3743] binder: 3741:3743 unknown command 808464432
[  622.148649][ T3747] binder: BINDER_SET_CONTEXT_MGR already set
[  622.173416][ T3743] binder: 3741:3743 ioctl c0306201 20000000 returned -22
21:33:35 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = request_key(&(0x7f0000000100)='pkcs7_test\x00', &(0x7f0000000140)={'syz', 0x2}, &(0x7f0000000180)='/dev/sg#\x00', 0xffffffffffffffff)
keyctl$assume_authority(0x10, r1)
r2 = dup(r0)
socket$kcm(0x29, 0x0, 0x0)
write$FUSE_NOTIFY_STORE(r2, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)

[  622.184238][ T3747] binder: 3740:3747 ioctl 40046207 0 returned -16
[  622.217286][ T3753] binder: 3741:3753 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
21:33:35 executing program 3:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r0, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r0, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r0, 0xae80, 0x0)

[  622.264070][ T3747] binder: 3740:3747 ioctl 4b3a fffffffffffffe01 returned -22
[  622.275910][ T3753] binder: BINDER_SET_CONTEXT_MGR already set
[  622.299941][ T3753] binder: 3741:3753 ioctl 40046207 0 returned -16
21:33:35 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f00000002c0)={0x60, 0x0, 0x0, {{0x0, 0x0, 0x0, 0x80, 0x9, 0x0, 0xffffffffffffff00}}}, 0x97)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x0, 0x1)
prctl$PR_SET_TSC(0x1a, 0x1)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = socket$inet(0x2b, 0x1, 0x0)
bind$inet(r2, &(0x7f0000000280)={0x2, 0x0, @multicast2}, 0x10)
socket$vsock_dgram(0x28, 0x2, 0x0)
r3 = syz_open_dev$adsp(0x0, 0x80000001, 0x0)
ioctl$UI_SET_ABSBIT(r3, 0x40045567, 0x1)
openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x149c01, 0x0)
setsockopt$bt_hci_HCI_TIME_STAMP(r3, 0x0, 0x3, &(0x7f0000000040)=0x400, 0x4)
r4 = syz_open_procfs(0x0, &(0x7f0000000900)='net\x00')
r5 = creat(&(0x7f00000005c0)='./bus\x00', 0x0)
sendfile(r5, r4, 0x0, 0x1000)
fcntl$setstatus(r5, 0x4, 0x86100)
ioctl$FS_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000080))
sendfile(r5, r4, &(0x7f0000000180), 0x100000005)
write$P9_RMKDIR(r4, &(0x7f0000000080)={0xfffffffffffffdc4}, 0x0)
ioctl$SG_GET_LOW_DMA(r3, 0x227a, &(0x7f00000000c0))
close(r1)
socket$inet6_udplite(0xa, 0x2, 0x88)
geteuid()
openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x400200000, 0x0)
ioctl$PERF_EVENT_IOC_REFRESH(r4, 0x2402, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x200, 0x0)
ioctl$KVM_SET_IDENTITY_MAP_ADDR(0xffffffffffffffff, 0xc018aec0, &(0x7f0000000000))
r6 = dup(r0)
write$FUSE_NOTIFY_STORE(r6, &(0x7f0000000040)=ANY=[@ANYBLOB="2b0000000400000000000000000000000000000000000000000000000000000054d55205a0000000000000"], 0x151)

[  622.310162][ T3747] binder: 3740:3747 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  622.324518][ T3743] binder: 3741:3743 unknown command 808464432
[  622.348140][ T3743] binder: 3741:3743 ioctl c0306201 20000000 returned -22
21:33:36 executing program 3:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r0, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r0, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r0, 0xae80, 0x0)

[  622.368969][ T3762] binder: 3741:3762 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
21:33:36 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='net/kcm\x00\b\x00')
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000003280)={0x0, 0x1c9c380})
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
preadv(r1, &(0x7f00000017c0), 0x3da, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
getsockopt$inet_sctp_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000040)={<r2=>0x0, 0x101, 0xfffffffffffffffe, 0x5, 0x3, 0x8}, &(0x7f0000000100)=0x14)
getsockopt$inet_sctp_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000140)={r2, 0x3, 0x1, [0x8]}, &(0x7f0000000180)=0xa)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:33:36 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="00000e630c78860c96da511d20000000c090fe27000000000000000000000000000000"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_SIOCSIFBR(r1, 0x8941, &(0x7f0000000040)=@generic={0x0, 0x6, 0x1})

[  622.513810][ T3771] binder: 3770:3771 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  622.563063][ T3774] binder: BINDER_SET_CONTEXT_MGR already set
[  622.575352][ T3774] binder: 3773:3774 ioctl 40046207 0 returned -16
[  622.608735][ T3774] binder: 3773:3774 unknown command 1661861888
[  622.615051][ T3774] binder: 3773:3774 ioctl c0306201 20000000 returned -22
[  622.625039][ T3774] binder: 3773:3774 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  622.635612][ T3775] binder: 3773:3775 unknown command 1661861888
[  622.641893][ T3775] binder: 3773:3775 ioctl c0306201 20000000 returned -22
[  622.650183][ T3774] binder: 3773:3774 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
21:33:38 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)
r2 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r4 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}}, 0x0)
readv(r3, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r2, r3, 0x0)
tkill(r4, 0x1000000000014)

21:33:38 executing program 3:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r0, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r0, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r0, 0xae80, 0x0)

21:33:38 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x1, 0x0, [{0x0, 0x0, 0x0, [], 0x1ff}]}})

21:33:38 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
fadvise64(r0, 0x0, 0x5, 0x0)
r1 = openat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x0, 0x180)
ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f0000000140)={0x2, 0xffffffffffffff9c})
ioctl$LOOP_SET_BLOCK_SIZE(r1, 0x4c09, 0x400)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r2 = dup(r0)
write$FUSE_NOTIFY_STORE(r2, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)

21:33:38 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='net/kcm\x00\b\x00')
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000003280)={0x0, 0x1c9c380})
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
preadv(r1, &(0x7f00000017c0), 0x3da, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
getsockopt$inet_sctp_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000040)={0x0, 0x101, 0xfffffffffffffffe, 0x5, 0x3, 0x8}, &(0x7f0000000100)=0x14)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:33:38 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

[  625.251674][ T3781] binder: 3779:3781 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  625.262166][ T3785] binder: BINDER_SET_CONTEXT_MGR already set
[  625.288796][ T3785] binder: 3776:3785 ioctl 40046207 0 returned -16
21:33:38 executing program 3:
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r1, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r1, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r1, 0xae80, 0x0)

21:33:38 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
ioctl$VHOST_RESET_OWNER(r1, 0xaf02, 0x0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)

[  625.301658][ T3785] binder: 3776:3785 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
21:33:39 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='net/kcm\x00\b\x00')
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000003280)={0x0, 0x1c9c380})
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
preadv(r1, &(0x7f00000017c0), 0x3da, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:33:39 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0x0, 0x2)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x4080, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000100)={<r2=>0xffffffffffffffff}, 0x111, 0x1005}}, 0x20)
write$RDMA_USER_CM_CMD_BIND(r1, &(0x7f0000000240)={0x14, 0x88, 0xfa00, {r2, 0x10, 0x0, @in6={0xa, 0x4e21, 0x8, @ipv4={[], [], @multicast1}}}}, 0x90)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:33:39 executing program 3:
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r1, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r1, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r1, 0xae80, 0x0)

21:33:39 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_INVAL_INODE(r1, &(0x7f0000000100)={0x28, 0x2, 0x0, {0x1, 0xfffffffffffffffd, 0xc1bd}}, 0x28)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="2b0000000400000000000000000000000000000000000000000000000013000054d5520ba0000000008000"], 0x151)
fcntl$setsig(r1, 0xa, 0x2b)

[  625.467189][ T3799] binder: 3794:3799 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  625.506142][ T3800] binder: BINDER_SET_CONTEXT_MGR already set
[  625.522451][ T3800] binder: 3798:3800 ioctl 40046207 0 returned -16
[  625.546468][ T3800] binder: 3798:3800 Acquire 1 refcount change on invalid ref 0 ret -22
[  625.578282][ T3800] binder: 3798:3800 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  625.603681][ T3806] binder: 3798:3806 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  625.643541][ T3806] binder: 3798:3806 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
21:33:41 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)
r2 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r4 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}}, 0x0)
readv(r3, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r2, r3, 0x0)
tkill(r4, 0x1000000000014)

21:33:41 executing program 3:
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r1, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r1, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r1, 0xae80, 0x0)

21:33:41 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='net/kcm\x00\b\x00')
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000003280)={0x0, 0x1c9c380})
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
preadv(r1, &(0x7f00000017c0), 0x3da, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:33:41 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="0000000000000054d5520ba000000000000000000000000000000000"], 0x151)

21:33:41 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:33:41 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x1, 0x0, [{0x0, 0x3}]}})

[  628.394175][ T3814] binder: 3812:3814 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  628.407870][ T3818] sg_write: data in/out 1409286108/295 bytes for SCSI command 0x0-- guessing data in;
[  628.407870][ T3818]    program syz-executor.5 not setting count and/or reply_len properly
[  628.414938][ T3817] binder: 3810:3817 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
21:33:42 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  628.449570][ T3821] binder: 3812:3821 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  628.468773][ T3822] sg_write: data in/out 1409286108/295 bytes for SCSI command 0x0-- guessing data in;
[  628.468773][ T3822]    program syz-executor.5 not setting count and/or reply_len properly
21:33:42 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='net/kcm\x00\b\x00')
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000003280)={0x0, 0x1c9c380})
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
preadv(r1, &(0x7f00000017c0), 0x3da, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:33:42 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x40340, 0x0)
getsockopt$bt_BT_CHANNEL_POLICY(r1, 0x112, 0xa, &(0x7f0000000100)=0x1, &(0x7f0000000140)=0x4)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:33:42 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:33:42 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x1, 0x0, [{0x0, 0x3}]}})

21:33:42 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000140)={0x190, 0x0, 0x0, {{0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x3, 0x0, 0x2}}}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="2f000000040000000000000000000000000000c4451d07000000000000eaffff53d5520ba0000000000000"], 0x151)
syz_open_dev$sndpcmp(&(0x7f0000000100)='/dev/snd/pcmC#D#p\x00', 0x3, 0x101000)

[  628.614918][ T3827] binder: 3826:3827 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  628.712201][ T3836] binder: 3830:3836 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  628.731430][ T3836] binder: BINDER_SET_CONTEXT_MGR already set
[  628.741014][ T3836] binder: 3830:3836 ioctl 40046207 0 returned -16
21:33:45 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)
r2 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r4 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}}, 0x0)
readv(r3, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r2, r3, 0x0)
tkill(r4, 0x1000000000014)

21:33:45 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='net/kcm\x00\b\x00')
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000003280)={0x0, 0x1c9c380})
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
preadv(r1, &(0x7f00000017c0), 0x3da, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:33:45 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x15)
write$FUSE_NOTIFY_STORE(0xffffffffffffffff, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)

21:33:45 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:33:45 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='\x00\x00@U'], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:33:45 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x1, 0x0, [{0x0, 0x3}]}})

[  631.494415][ T3845] binder: 3841:3845 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  631.513210][ T3849] binder: BINDER_SET_CONTEXT_MGR already set
21:33:45 executing program 3:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r1, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r1, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r1, 0xae80, 0x0)

21:33:45 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="2b0000000400000042f6ad1300000000000000000000020000000ba0000000000000000000000000000000"], 0x151)

21:33:45 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='net/kcm\x00\b\x00')
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000003280)={0x0, 0x1c9c380})
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

[  631.537643][ T3849] binder: 3840:3849 ioctl 40046207 0 returned -16
[  631.585397][ T3852] binder: 3840:3852 unknown command 1430257664
[  631.604293][ T3849] binder: 3840:3849 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  631.620180][ T3852] binder: 3840:3852 ioctl c0306201 20000000 returned -22
21:33:45 executing program 3:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r1, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r1, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r1, 0xae80, 0x0)

[  631.640706][ T3859] binder: 3858:3859 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  631.642790][ T3849] binder: BINDER_SET_CONTEXT_MGR already set
21:33:45 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_STATFS(r1, &(0x7f0000000100)={0x60, 0xffffffffffffffda, 0x6, {{0x97, 0x3, 0x8000, 0x8, 0x400, 0x4, 0x4, 0xff}}}, 0x60)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)

21:33:45 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='net/kcm\x00\b\x00')
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000003280)={0x0, 0x1c9c380})
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

[  631.707717][ T3849] binder: 3840:3849 ioctl 40046207 0 returned -16
[  631.820800][ T3869] binder: 3867:3869 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
21:33:48 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)
r2 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r4 = gettid()
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r5=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r5+30000000}}, 0x0)
readv(r3, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r2, r3, 0x0)
tkill(r4, 0x1000000000014)

21:33:48 executing program 3:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r1, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r1, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r1, 0xae80, 0x0)

21:33:48 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0xfffffffffffffe5c, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:33:48 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000164c9ebdd80cb6012348a958b402c974552604a85323764c67d0a03033fc3ac2ad8e836fb0fe8e31a01b4b18701d74acb11a2268abf603ccbf1ccdc15b4198a9b5c443d8eedc1eec0600a1eb6b72c47ea1c5dbaf71cb8044a995d7a2fa0c8f1211c3b27da067744c3047e5c5996de610387035086f8a5fff85752a89afc8272b3b914be909b7de7e2e"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)

21:33:48 executing program 2:
r0 = syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r0, 0x408c5333, &(0x7f00000002c0)={0x0, 0x0, 0x0, 'queue0\x00'})

21:33:48 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='net/kcm\x00\b\x00')
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000003280)={0x0, 0x1c9c380})
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:33:48 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:33:48 executing program 2:
r0 = socket$unix(0x1, 0x1, 0x0)
write$P9_RLINK(0xffffffffffffffff, 0x0, 0x1a0)
r1 = socket$unix(0x1, 0x1, 0x0)
pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0)
bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
getsockopt$ARPT_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x0, 0x63, 0x0, 0x0)
listen(r1, 0x0)
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, 0x0)
r2 = accept(r1, 0x0, 0x0)
connect$unix(r0, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
accept4$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)
accept4$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
getpeername$inet(r2, 0x0, &(0x7f0000000080))

21:33:48 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000800000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)
openat$capi20(0xffffffffffffff9c, &(0x7f0000000100)='/dev/capi20\x00', 0x100, 0x0)

[  634.625962][ T3873] binder: BINDER_SET_CONTEXT_MGR already set
[  634.645337][ T3873] binder: 3871:3873 ioctl 40046207 0 returned -16
[  634.646426][ T3875] binder: 3874:3875 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
21:33:48 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='net/kcm\x00\b\x00')
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000003280)={0x0, 0x1c9c380})
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:33:48 executing program 0:
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})
recvmmsg(0xffffffffffffffff, &(0x7f0000006bc0)=[{{&(0x7f0000000100)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, 0x80, &(0x7f0000001640)=[{&(0x7f0000000400)=""/4096, 0x1000}, {&(0x7f0000000180)=""/8, 0x8}, {&(0x7f0000000240)=""/162, 0xa2}, {&(0x7f00000001c0)}, {&(0x7f0000001400)=""/199, 0xc7}, {&(0x7f0000000300)=""/48, 0x30}, {&(0x7f0000000340)=""/84, 0x54}, {&(0x7f0000001500)=""/173, 0xad}, {&(0x7f00000015c0)=""/88, 0x58}], 0x9, &(0x7f0000001700)=""/219, 0xdb}}, {{&(0x7f0000001800)=@sco, 0x80, &(0x7f0000001a80)=[{&(0x7f0000001880)=""/193, 0xc1}, {&(0x7f0000001980)=""/5, 0x5}, {&(0x7f00000019c0)=""/146, 0x92}], 0x3, &(0x7f0000001ac0)=""/149, 0x95}, 0xb171}, {{0x0, 0x0, &(0x7f0000002140)=[{&(0x7f0000001b80)=""/169, 0xa9}, {&(0x7f0000001c40)=""/102, 0x66}, {&(0x7f0000001cc0)}, {&(0x7f0000001d00)=""/94, 0x5e}, {&(0x7f0000001d80)=""/169, 0xa9}, {&(0x7f0000001e40)=""/172, 0xac}, {&(0x7f0000001f00)=""/189, 0xbd}, {&(0x7f0000001fc0)=""/21, 0x15}, {&(0x7f0000002000)=""/251, 0xfb}, {&(0x7f0000002100)=""/21, 0x15}], 0xa, &(0x7f0000002200)=""/36, 0x24}, 0x6}, {{&(0x7f0000002240)=@pppoe, 0x80, &(0x7f0000002500)=[{&(0x7f00000022c0)=""/187, 0xbb}, {&(0x7f0000002380)=""/247, 0xf7}, {&(0x7f0000002480)=""/107, 0x6b}], 0x3, &(0x7f0000002540)=""/148, 0x94}, 0x80}, {{0x0, 0x0, &(0x7f0000002ac0)=[{&(0x7f0000002600)=""/122, 0x7a}, {&(0x7f0000002680)=""/16, 0x10}, {&(0x7f00000026c0)=""/249, 0xf9}, {&(0x7f00000027c0)=""/192, 0xc0}, {&(0x7f0000002880)=""/45, 0x2d}, {&(0x7f00000028c0)=""/9, 0x9}, {&(0x7f0000002900)=""/254, 0xfe}, {&(0x7f0000002a00)=""/42, 0x2a}, {&(0x7f0000002a40)=""/93, 0x5d}], 0x9, &(0x7f0000002b80)=""/150, 0x96}, 0x9}, {{0x0, 0x0, &(0x7f00000040c0)=[{&(0x7f0000002c40)=""/4096, 0x1000}, {&(0x7f0000003c40)=""/34, 0x22}, {&(0x7f0000003c80)=""/139, 0x8b}, {&(0x7f0000003d40)=""/55, 0x37}, {&(0x7f0000003d80)=""/102, 0x66}, {&(0x7f0000003e00)=""/156, 0x9c}, {&(0x7f0000003ec0)=""/178, 0xb2}, {&(0x7f0000003f80)=""/33, 0x21}, {&(0x7f0000003fc0)=""/196, 0xc4}], 0x9}, 0x6}, {{&(0x7f0000004180)=@pppol2tp={0x18, 0x1, {0x0, <r0=>0xffffffffffffffff, {0x2, 0x0, @empty}}}, 0x80, &(0x7f0000004400)=[{&(0x7f0000004200)=""/55, 0x37}, {&(0x7f0000004240)=""/166, 0xa6}, {&(0x7f0000004300)=""/205, 0xcd}], 0x3, &(0x7f0000004440)=""/4096, 0x1000}, 0x7f}, {{0x0, 0x0, &(0x7f0000006a00)=[{&(0x7f0000005440)=""/61, 0x3d}, {&(0x7f0000005480)=""/11, 0xb}, {&(0x7f00000054c0)=""/125, 0x7d}, {&(0x7f0000005540)=""/3, 0x3}, {&(0x7f0000005580)=""/184, 0xb8}, {&(0x7f0000005640)=""/241, 0xf1}, {&(0x7f0000005740)=""/4096, 0x1000}, {&(0x7f0000006740)=""/191, 0xbf}, {&(0x7f0000006800)=""/219, 0xdb}, {&(0x7f0000006900)=""/223, 0xdf}], 0xa, &(0x7f0000006ac0)=""/202, 0xca}, 0x1}], 0x8, 0x2000, &(0x7f0000006dc0)={0x77359400})
ioctl$SIOCX25GCALLUSERDATA(r0, 0x89e4, &(0x7f0000006e00)={0x71, "47fd38b389acaad10cee6c2d4c58cb66352c35814ceca936404c391c3b8cc410f92902fad6b24f4a9b401dd3e1caa2de0f857fc7bf1f3c08ba2057045d8a5589181511814b551b9c64b6aae27cb8e6f7b7c2719a2564159c0ae6a3d48d108afe7427ff9245643ad80fd9d15008ef5cd0ed9da1350114b715efbce93675628f1e"})
setsockopt$inet6_dccp_buf(0xffffffffffffffff, 0x21, 0xe, &(0x7f0000006ec0)="2b02282c1ab7eec3a3a02baac430917ea6abf69fb31003e16a94c2f85aa9a8cbcddcf8c91b6c5eeed45497127872582b56760800658f6f9c0a1db7a7913d7c04a26dc17b2db2bc4d89446acf50bab4dedfc5d696a7c07e74479cdb7df223f3184fdda78a50be", 0x66)

21:33:48 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="2b00000004000000000000000000000000000000000000000000000000f53c6bf415cb36049c00000054d5"], 0x151)

[  634.834210][ T3896] binder: 3895:3896 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
21:33:51 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)
r2 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r4 = gettid()
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r5=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r5+30000000}}, 0x0)
readv(r3, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r2, r3, 0x0)
tkill(r4, 0x1000000000014)

21:33:51 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:33:51 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r0, &(0x7f00000001c0), 0x12)
write$cgroup_subtree(r1, &(0x7f0000000000)={[{0x0, 'memory'}]}, 0x200600)

21:33:51 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100100000003830b00cc52eceac0a705fd909a2a60000002002000000000000001b00000000000000000000000000000000e79a00007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)

21:33:51 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0xd83, 0x8000)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:33:51 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='net/kcm\x00\b\x00')
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000003280)={0x0, 0x1c9c380})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

[  637.764811][ T3912] binder: 3902:3912 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  637.778137][ T3910] binder: BINDER_SET_CONTEXT_MGR already set
[  637.792678][ T3910] binder: 3909:3910 ioctl 40046207 0 returned -16
[  637.802219][ T3912] binder: BINDER_SET_CONTEXT_MGR already set
21:33:51 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)

21:33:51 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='net/kcm\x00\b\x00')
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

[  637.819064][ T3916] binder: 3902:3916 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  637.835355][ T3912] binder: 3902:3912 ioctl 40046207 0 returned -16
[  637.841791][ T3910] binder: 3909:3910 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
21:33:51 executing program 2:
r0 = socket(0x10, 0x3, 0x0)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0xbf)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xa, 0xffffffffffffffff)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
setreuid(r1, r1)
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)

21:33:51 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:33:51 executing program 5:
r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x400001, 0x0)
ioctl$RTC_SET_TIME(r0, 0x4024700a, &(0x7f0000000140)={0x30, 0x11, 0x17, 0x1c, 0x8, 0x3ff, 0x1, 0xe8, 0xffffffffffffffff})
r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r1, &(0x7f0000000200)={0x60}, 0x60)
r2 = dup(r1)
write$FUSE_NOTIFY_STORE(r2, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)
setsockopt$l2tp_PPPOL2TP_SO_SENDSEQ(r0, 0x111, 0x3, 0x0, 0x4)

21:33:51 executing program 0:
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio\x00', 0x40000, 0x0)
ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r0, 0xc008551c, &(0x7f0000000140)=ANY=[@ANYBLOB="10000000080080000600000006000000"])
r1 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$EXT4_IOC_GROUP_EXTEND(r1, 0x40086607, &(0x7f0000000040)=0x1fb8)
mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2, 0x80010, r0, 0x28)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

[  637.923960][ T3924] binder: 3923:3924 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  638.040317][ T3934] binder: 3928:3934 ioctl 40086607 20000040 returned -22
[  638.066842][ T3934] binder: BINDER_SET_CONTEXT_MGR already set
[  638.096324][ T3937] binder: 3928:3937 ioctl 40086607 20000040 returned -22
[  638.115279][ T3934] binder: 3928:3934 ioctl 40046207 0 returned -16
21:33:54 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)
r2 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r4 = gettid()
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r5=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r5+30000000}}, 0x0)
readv(r3, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r2, r3, 0x0)
tkill(r4, 0x1000000000014)

21:33:54 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:33:54 executing program 5:
r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000100)='/dev/btrfs-control\x00', 0x8000, 0x0)
r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000180)='nbd\x00')
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/hwrng\x00', 0x100, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu_sys\x00', 0x0, 0x0)
r4 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x321200, 0x0)
sendmsg$NBD_CMD_STATUS(r0, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x80, r1, 0x200, 0x70bd28, 0x25dfdbfd, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0xa1}, @NBD_ATTR_SOCKETS={0x1c, 0x7, [{0x8, 0x1, r2}, {0x8, 0x1, r3}, {0x8, 0x1, r4}]}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x1}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x1f}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x80000001}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x400}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x80}, 0x1, 0x0, 0x0, 0x24000001}, 0x0)
r5 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
sendmsg$nl_netfilter(r4, &(0x7f0000000540)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x88000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000440)={0x84, 0x8, 0x8, 0x203, 0x70bd26, 0x25dfdbfc, {0xe, 0x0, 0xa}, [@generic="1712", @generic="bcb31b95410203a6679f48898bff2e04227b1fa13cde1e78197d26581351b33948194977d884383318cb1ea6ccf78383a343b38144c149fcf84d945a6b9ad69f6ecc9e97da9c2e04174ecba8157fce830d50bd707c80d485f17f03f0e2af29f6c66ab83cbca1f9d66f877d6483c5"]}, 0x84}}, 0x24000001)
write$binfmt_elf32(r5, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r5, &(0x7f0000000200)={0x60}, 0x60)
r6 = dup(r5)
write$FUSE_NOTIFY_STORE(r6, &(0x7f0000000580)=ANY=[@ANYBLOB="2b000000040000000000540c000000000000000000000000000000000000000054d5520ba0000000000000"], 0x1cd)
prctl$PR_CAPBSET_DROP(0x18, 0x9)

21:33:54 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:33:54 executing program 2:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xee6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0x4c, 0x0, &(0x7f00000001c0)=[@transaction_sg={0x40486311, {{0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0})

21:33:54 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
r1 = accept4(0xffffffffffffffff, &(0x7f0000000180)=@nl=@unspec, &(0x7f0000000240)=0x80, 0x800)
getpeername$tipc(r1, &(0x7f0000000280)=@id, &(0x7f00000002c0)=0x10)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0f630c40000000e8"], 0x0, 0x0, 0x0})
lsetxattr$trusted_overlay_opaque(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3)

[  640.862237][ T3948] binder: 3941:3948 got transaction to invalid handle
[  640.880536][ T3951] binder: 3944:3951 BC_CLEAR_DEATH_NOTIFICATION invalid ref -402653184
[  640.889005][ T3952] binder: BINDER_SET_CONTEXT_MGR already set
[  640.895004][ T3952] binder: 3942:3952 ioctl 40046207 0 returned -16
[  640.908625][ T3948] binder: 3941:3948 transaction failed 29201/-22, size 0-0 line 2994
[  640.922969][ T3951] binder: BINDER_SET_CONTEXT_MGR already set
[  640.933786][ T3955] binder: 3944:3955 BC_CLEAR_DEATH_NOTIFICATION invalid ref -402653184
[  640.943983][ T3958] binder: 3941:3958 got transaction to invalid handle
21:33:54 executing program 5:
r0 = syz_open_dev$cec(&(0x7f0000000100)='/dev/cec#\x00', 0x1, 0x2)
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r0, 0x28, 0x1, &(0x7f0000000180)=0x9, 0x8)
ioctl$BINDER_SET_MAX_THREADS(r0, 0x40046205, 0x9)
r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r1, &(0x7f0000000200)={0x60}, 0x60)
r2 = dup(r1)
write$FUSE_NOTIFY_STORE(r2, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)

[  640.948986][ T3952] binder: 3942:3952 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  640.975590][ T3958] binder: 3941:3958 transaction failed 29201/-22, size 0-0 line 2994
[  640.975907][ T3951] binder: 3944:3951 ioctl 40046207 0 returned -16
21:33:54 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:33:54 executing program 2:
r0 = socket$netlink(0x10, 0x3, 0x0)
clone(0x0, 0x0, 0x0, 0x0, 0x0)
getpeername$inet(r0, 0x0, 0x0)

[  641.021294][ T3622] binder: undelivered TRANSACTION_ERROR: 29201
[  641.028914][ T3622] binder: undelivered TRANSACTION_ERROR: 29201
21:33:54 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00')
sendmsg$IPVS_CMD_GET_CONFIG(r0, &(0x7f0000000400)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x14, r1, 0xb08a6a26c294f015, 0x70bd2a, 0x25dfdbff}, 0x14}}, 0x208800)
r2 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
setxattr$trusted_overlay_redirect(&(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='trusted.overlay.redirect\x00', &(0x7f00000004c0)='./file0\x00', 0x8, 0x3)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
r3 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000500)='/dev/dlm-monitor\x00', 0x80900, 0x0)
write$FUSE_NOTIFY_DELETE(r3, &(0x7f0000000540)={0x42, 0x6, 0x0, {0x0, 0x5, 0x19, 0x0, 'trusted.overlay.redirect\x00'}}, 0x42)
ioctl$sock_FIOGETOWN(0xffffffffffffff9c, 0x8903, &(0x7f0000000040)=<r4=>0x0)
get_robust_list(r4, &(0x7f0000000280)=&(0x7f0000000240)={&(0x7f0000000140)={&(0x7f0000000100)}, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)}}, &(0x7f00000002c0)=0x18)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000300)={0xee, 0x0, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0xfffffffffffffe82, 0x0, &(0x7f00000005c0)=ANY=[@ANYPTR], 0x0, 0x0, 0x0})

21:33:54 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:33:54 executing program 5:
openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x1, 0x1, 0x0, @link_local}, 0x10)
perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)
setsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, 0x0, 0x0)

[  641.158955][ T3968] binder: 3966:3968 unknown command 1398165577
[  641.178963][ T3968] binder: 3966:3968 ioctl c0306201 20000300 returned -22
[  641.185829][ T3975] binder: 3971:3975 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  641.212312][ T3968] binder: BINDER_SET_CONTEXT_MGR already set
[  641.238564][ T3968] binder: 3966:3968 ioctl 40046207 0 returned -16
[  641.238915][ T3978] binder: 3966:3978 unknown command 1398165577
[  641.292725][ T3978] binder: 3966:3978 ioctl c0306201 20000300 returned -22
21:33:57 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)
r2 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r4=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r4+30000000}}, 0x0)
readv(r3, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r2, r3, 0x0)
tkill(0x0, 0x1000000000014)

21:33:57 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:33:57 executing program 1:
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:33:57 executing program 2:

21:33:57 executing program 5:
openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x1, 0x1, 0x0, @link_local}, 0x10)
perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)
setsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, 0x0, 0x0)

21:33:57 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x1, 0x0)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140)='TIPC\x00')
sendmsg$TIPC_CMD_GET_NODES(r1, &(0x7f0000000240)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r2, 0x700, 0x70bd2d, 0x25dfdbfd, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000004}, 0x801)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:33:57 executing program 2:

21:33:57 executing program 1:
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

[  644.022345][ T3986] binder: 3982:3986 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
21:33:57 executing program 2:

[  644.105258][ T3986] binder: BINDER_SET_CONTEXT_MGR already set
[  644.142221][ T3998] binder: 3982:3998 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
21:33:57 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:33:57 executing program 1:
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

[  644.165968][ T3986] binder: 3982:3986 ioctl 40046207 0 returned -16
21:33:57 executing program 5:
openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x1, 0x1, 0x0, @link_local}, 0x10)
perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)
setsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, 0x0, 0x0)

21:33:58 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)
r2 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r4=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r4+30000000}}, 0x0)
readv(r3, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r2, r3, 0x0)
tkill(0x0, 0x1000000000014)

21:33:58 executing program 2:

21:33:58 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = socket(0x11, 0x2, 0x0)
r2 = openat$dlm_plock(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$CAPI_REGISTER(r2, 0x400c4301, 0x0)
syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x201, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$sock_inet_SIOCRTMSG(0xffffffffffffffff, 0x550b, 0x0)
ioctl$NBD_SET_SOCK(r3, 0xab00, r1)
ioctl$NBD_CLEAR_SOCK(r3, 0xab03)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
syz_open_dev$ndb(&(0x7f00000002c0)='/dev/nbd#\x00', 0x0, 0x200)
r4 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20ncci\x00', 0x200000, 0x0)
ioctl$GIO_FONTX(r4, 0x4b6b, &(0x7f0000000100)=""/168)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})
lsetxattr$security_ima(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000240)='security.ima\x00', &(0x7f0000000280)=@md5={0x1, "ff29546a02d9d22f1daad50cb29700e8"}, 0x11, 0x2)

21:33:58 executing program 1:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:33:58 executing program 5:
openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x1, 0x1, 0x0, @link_local}, 0x10)
perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)
setsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, 0x0, 0x0)

[  644.986812][ T4010] block nbd0: Device being setup by another task
21:33:58 executing program 1:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:33:58 executing program 2:

[  645.026769][ T4010] binder: 4006:4010 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  645.067516][ T4010] binder: BINDER_SET_CONTEXT_MGR already set
[  645.073559][ T4010] binder: 4006:4010 ioctl 40046207 0 returned -16
21:33:58 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:33:58 executing program 1:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:33:58 executing program 5:
openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x1, 0x1, 0x0, @link_local}, 0x10)
perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:33:58 executing program 2:

[  645.140136][ T4015] block nbd0: Device being setup by another task
[  645.176682][ T4015] binder: 4006:4015 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
21:33:58 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

[  645.363796][ T4030] binder: 4029:4030 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
21:33:59 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)
r2 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r4=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r4+30000000}}, 0x0)
readv(r3, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r2, r3, 0x0)
tkill(0x0, 0x1000000000014)

21:33:59 executing program 2:
mkdir(&(0x7f0000000200)='./file0\x00', 0x0)
open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r0 = openat$full(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/full\x00', 0x0, 0x0)
ioctl$BLKROSET(r0, 0x125d, &(0x7f0000000300))
r1 = openat$rtc(0xffffffffffffff9c, 0x0, 0x121000, 0x0)
mkdirat(0xffffffffffffffff, 0x0, 0x0)
ioctl$TCSETS(r1, 0x5402, &(0x7f0000000180)={0xfffffffffffffffb, 0x5, 0x2374, 0x6, 0xe, 0x9, 0x0, 0x2, 0x401, 0x5, 0x5, 0x1000})
gettid()
open(0x0, 0x0, 0x0)
setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000340)={0x0, 0x0}, 0x10)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x2, 0x0)
ioctl$TCSETS(r2, 0x40045431, &(0x7f00003b9fdc))
r3 = syz_open_pts(r2, 0x1)
write$binfmt_aout(r2, &(0x7f0000001000)=ANY=[@ANYRES64], 0xffffff8a)
pipe(0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sched_setaffinity(0x0, 0x19d, &(0x7f00000000c0)=0x1)
ioctl$TCSETSF(r3, 0x5412, &(0x7f0000000040)={0x17})

21:33:59 executing program 5:
openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x1, 0x1, 0x0, @link_local}, 0x10)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:33:59 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:33:59 executing program 0:
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rfkill\x00', 0x102, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000400)=@security={'security\x00', 0xe, 0x4, 0x410, 0x228, 0x138, 0x0, 0x0, 0x138, 0x378, 0x378, 0x378, 0x378, 0x378, 0x4, &(0x7f0000000100), {[{{@ip={@remote, @dev={0xac, 0x14, 0x14, 0x10}, 0xffffff00, 0xffffffff, 'team_slave_1\x00', 'ip6gretap0\x00', {}, {0xff}, 0x2, 0x3, 0x14}, 0x0, 0xd8, 0x138, 0x0, {}, [@common=@set={0x40, 'set\x00', 0x0, {{0x1d58, [0x2, 0x1, 0xf4, 0x6, 0x101, 0xab9], 0x5, 0xffffffff}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@multicast2, [0xff000000, 0xffffff00, 0xff000000, 0xffffffff], 0x4e20, 0x4e23, 0x4e22, 0x4e23, 0x8, 0xddaa, 0x4, 0x4, 0x4}}}, {{@ip={@multicast1, @broadcast, 0xffffffff, 0xffffffff, '\x00', 'sit0\x00', {}, {0xff}, 0x67, 0x2, 0x22}, 0x0, 0xb8, 0xf0, 0x0, {}, [@common=@socket0={0x20, 'socket\x00'}]}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0xfffffffffffffff8, 0x401, 0x8}, {0x400, 0x0, 0x8}, {0x8, 0x1000, 0xfffffffffffffffb}, 0x5, 0x1000}}}, {{@ip={@dev={0xac, 0x14, 0x14, 0x26}, @local, 0xffffffff, 0x0, 'sit0\x00', 'bcsh0\x00', {0xff}, {0xff}, 0x73, 0x0, 0x1}, 0x0, 0x108, 0x150, 0x0, {}, [@common=@set={0x40, 'set\x00', 0x0, {{0x4d, [0x1, 0x5, 0x9, 0x6, 0x26, 0x1ff], 0x7, 0x7}}}, @common=@ah={0x30, 'ah\x00', 0x0, {0xd92}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00', 0x0, 0x9, 0x9fe}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x470)
r1 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:33:59 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  646.116258][ T4038] binder: 4034:4038 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  646.129146][ T4039] binder: 4036:4039 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
21:33:59 executing program 5:
openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

[  646.187712][ T4038] binder: BINDER_SET_CONTEXT_MGR already set
[  646.226533][ T4038] binder: 4034:4038 ioctl 40046207 0 returned -16
21:33:59 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:33:59 executing program 5:
openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:33:59 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ubi_ctrl\x00', 0x40, 0x0)
ioctl$RTC_UIE_OFF(r1, 0x7004)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

[  646.374619][ T4052] binder: 4049:4052 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  646.398359][ T4054] binder: 4051:4054 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
21:34:00 executing program 5:
openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:34:00 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

[  646.443715][ T4054] binder: BINDER_SET_CONTEXT_MGR already set
[  646.470024][ T4054] binder: 4051:4054 ioctl 40046207 0 returned -16
[  646.538778][ T4060] binder: 4058:4060 ioctl c0306201 0 returned -14
[  646.563876][ T4060] binder: 4058:4060 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
21:34:00 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)
r2 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r4=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r4+30000000}}, 0x0)
readv(0xffffffffffffffff, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r2, 0xffffffffffffffff, 0x0)
tkill(r3, 0x1000000000014)

21:34:00 executing program 2:
r0 = syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000001000)={{0x100000001}})
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000080)={0x0, 0x5, 0x0, 0x0, 0x4000000})

21:34:00 executing program 5:
openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bind$llc(0xffffffffffffffff, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x1, 0x1, 0x0, @link_local}, 0x10)
sendmmsg(0xffffffffffffffff, &(0x7f0000001380), 0x3fffff1, 0x40)

21:34:00 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
syz_open_dev$swradio(&(0x7f0000000140)='/dev/swradio#\x00', 0x0, 0x2)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
r1 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x5, 0x0)
ioctl$IMGETCOUNT(r1, 0x80044943, &(0x7f0000000100))
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:34:00 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:34:00 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, 0x0)
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  647.162554][ T4067] binder: 4066:4067 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  647.186270][ T4071] binder: 4069:4071 ioctl c0306201 0 returned -14
[  647.205655][ T4071] binder: 4069:4071 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  647.219190][ T4067] binder: BINDER_SET_CONTEXT_MGR already set
[  647.243669][ T4067] binder: 4066:4067 ioctl 40046207 0 returned -16
21:34:00 executing program 5:
openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bind$llc(0xffffffffffffffff, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x1, 0x1, 0x0, @link_local}, 0x10)
sendmmsg(0xffffffffffffffff, &(0x7f0000001380), 0x3fffff1, 0x40)

21:34:00 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:34:00 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

[  647.256055][ T4078] binder: 4066:4078 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
21:34:00 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0563044000400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

[  647.385727][ T4084] binder: 4083:4084 ioctl c0306201 0 returned -14
[  647.396485][ T4080] *** Guest State ***
[  647.400784][ T4080] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  647.414029][ T4084] binder: 4083:4084 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  647.422094][ T4080] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
21:34:01 executing program 5:
openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bind$llc(0xffffffffffffffff, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x1, 0x1, 0x0, @link_local}, 0x10)
sendmmsg(0xffffffffffffffff, &(0x7f0000001380), 0x3fffff1, 0x40)

21:34:01 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

[  647.431958][ T4086] binder: 4085:4086 Acquire 1 refcount change on invalid ref 16384 ret -22
[  647.443481][ T4080] CR3 = 0x0000000000000000
[  647.455252][ T4080] RSP = 0x0000000000000000  RIP = 0x000000000000fff0
[  647.462785][ T4080] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  647.469938][ T4080] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  647.477964][ T4087] binder: 4085:4087 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  647.485600][ T4080] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  647.490227][ T4086] binder: 4085:4086 unknown command 5570560
[  647.494415][ T4080] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  647.515730][ T4086] binder: 4085:4086 ioctl c0306201 20000000 returned -22
[  647.536044][ T4090] binder: 4089:4090 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  647.539063][ T4087] binder: 4085:4087 Acquire 1 refcount change on invalid ref 16384 ret -22
[  647.555703][ T4080] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  647.571096][ T4086] binder: BINDER_SET_CONTEXT_MGR already set
[  647.585287][ T4080] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  647.594986][ T4086] binder: 4085:4086 ioctl 40046207 0 returned -16
[  647.613768][ T4080] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  647.622917][ T4087] binder: 4085:4087 unknown command 5570560
[  647.629277][ T4080] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  647.638087][ T4087] binder: 4085:4087 ioctl c0306201 20000000 returned -22
[  647.644299][ T4080] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  647.665341][ T4080] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  647.679064][ T4080] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  647.687946][ T4080] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  647.696840][ T4080] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  647.704564][ T4080] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  647.712996][ T4080] Interruptibility = 00000000  ActivityState = 00000000
[  647.720116][ T4080] *** Host State ***
[  647.724144][ T4080] RIP = 0xffffffff811b3470  RSP = 0xffff8880518b78e0
[  647.731216][ T4080] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  647.738687][ T4080] FSBase=00007f2034fd5700 GSBase=ffff8880ae900000 TRBase=fffffe0000033000
[  647.747346][ T4080] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[  647.754070][ T4080] CR0=0000000080050033 CR3=0000000087aff000 CR4=00000000001426e0
[  647.762043][ T4080] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87201360
[  647.769761][ T4080] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  647.778077][ T4080] *** Control State ***
[  647.782353][ T4080] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c2
[  647.789885][ T4080] EntryControls=0000d1ff ExitControls=002fefff
[  647.796195][ T4080] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  647.803946][ T4080] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  647.811484][ T4080] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  647.818922][ T4080]         reason=80000021 qualification=0000000000000000
[  647.826098][ T4080] IDTVectoring: info=00000000 errcode=00000000
[  647.832374][ T4080] TSC Offset = 0xfffffea29ac4123b
[  647.837565][ T4080] TPR Threshold = 0x00
[  647.841758][ T4080] EPT pointer = 0x000000008947001e
[  647.895460][ T4094] *** Guest State ***
[  647.899676][ T4094] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  647.925329][ T4094] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
21:34:01 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)
r2 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r4=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r4+30000000}}, 0x0)
readv(0xffffffffffffffff, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r2, 0xffffffffffffffff, 0x0)
tkill(r3, 0x1000000000014)

21:34:01 executing program 5:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x1, 0x1, 0x0, @link_local}, 0x10)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:34:01 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:34:01 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1000000, 0x8011, r0, 0x0)
syz_open_dev$rtc(&(0x7f0000000140)='/dev/rtc#\x00', 0xbb1c, 0x101000)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})
r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x101000, 0x0)
ioctl$TUNSETVNETLE(r1, 0x400454dc, &(0x7f0000000100))

[  647.959791][ T4094] CR3 = 0x0000000000000000
[  647.967198][ T4094] RSP = 0x0000000000000000  RIP = 0x000000000000fff0
[  647.996500][ T4094] RFLAGS=0x00000002         DR7 = 0x0000000000000400
21:34:01 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, 0x0)
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  648.010344][ T4098] binder: 4097:4098 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  648.022800][ T4100] binder: 4096:4100 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  648.040093][ T4094] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
21:34:01 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:34:01 executing program 5:
r0 = syz_init_net_socket$llc(0x1a, 0x0, 0x0)
bind$llc(r0, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x1, 0x1, 0x0, @link_local}, 0x10)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

[  648.065673][ T4094] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  648.088039][ T4100] binder: BINDER_SET_CONTEXT_MGR already set
[  648.096910][ T4094] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  648.116691][ T4100] binder: 4096:4100 ioctl 40046207 0 returned -16
[  648.123314][ T4094] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  648.141011][ T4104] binder: 4096:4104 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  648.164960][ T4094] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  648.190018][ T4094] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  648.224907][ T4094] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  648.249946][ T4094] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  648.267703][ T4094] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  648.281131][ T4094] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  648.292447][ T4094] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  648.305294][ T4094] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  648.312473][ T4094] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  648.326039][ T4094] Interruptibility = 00000000  ActivityState = 00000000
[  648.340483][ T4094] *** Host State ***
[  648.344593][ T4094] RIP = 0xffffffff811b3470  RSP = 0xffff888055ad78e0
[  648.354019][ T4094] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  648.368471][ T4094] FSBase=00007f2034f92700 GSBase=ffff8880ae900000 TRBase=fffffe0000033000
[  648.380627][ T4094] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[  648.390960][ T4094] CR0=0000000080050033 CR3=0000000087aff000 CR4=00000000001426e0
[  648.402590][ T4094] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87201360
[  648.413675][ T4094] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  648.424301][ T4094] *** Control State ***
[  648.432117][ T4094] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c2
[  648.444091][ T4094] EntryControls=0000d1ff ExitControls=002fefff
[  648.453860][ T4094] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  648.468840][ T4094] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  648.478866][ T4094] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  648.490889][ T4094]         reason=80000021 qualification=0000000000000000
[  648.500641][ T4094] IDTVectoring: info=00000000 errcode=00000000
[  648.511701][ T4094] TSC Offset = 0xfffffea29ac4123b
[  648.519399][ T4094] TPR Threshold = 0x00
[  648.523670][ T4094] EPT pointer = 0x000000008947001e
21:34:02 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:34:02 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:34:02 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:34:02 executing program 5:
r0 = syz_init_net_socket$llc(0x1a, 0x0, 0x0)
bind$llc(r0, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x1, 0x1, 0x0, @link_local}, 0x10)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:34:02 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

[  648.644691][ T4116] binder: 4113:4116 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  648.675948][ T4116] binder: BINDER_SET_CONTEXT_MGR already set
[  648.701040][ T4116] binder: 4113:4116 ioctl 40046207 0 returned -16
[  648.779139][ T4118] *** Guest State ***
[  648.783197][ T4118] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  648.795303][ T4118] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  648.804855][ T4118] CR3 = 0x0000000000000000
[  648.809602][ T4118] RSP = 0x0000000000000000  RIP = 0x000000000000fff0
[  648.816460][ T4118] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  648.823286][ T4118] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  648.831193][ T4118] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  648.840426][ T4118] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  648.849718][ T4118] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  648.858621][ T4118] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  648.867467][ T4118] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
21:34:02 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)
r2 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r4=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r4+30000000}}, 0x0)
readv(0xffffffffffffffff, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r2, 0xffffffffffffffff, 0x0)
tkill(r3, 0x1000000000014)

21:34:02 executing program 5:
r0 = syz_init_net_socket$llc(0x1a, 0x0, 0x0)
bind$llc(r0, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x1, 0x1, 0x0, @link_local}, 0x10)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:34:02 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:34:02 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x8, 0x101000)
ioctl$SIOCX25SCALLUSERDATA(r1, 0x89e5, &(0x7f0000000100)={0x37, "0e09d8d456a3a2eea47ff4276430b027ad2ec8f43e9b1d0ae9ccf3aa02167b45b5710030b38ee222fd21c6e869e4bb66c10ac29d4123c0de273b194cb3fcf8f6bc95b28441bc267e2e165b3036dc08ff9a14e7474089598b76dde5713ee9bc2bd48dd1e7515c8054683db0bb2d06f5829c6686534d7345f0351a9d154b97a448"})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

[  648.876373][ T4118] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  648.895445][ T4118] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  648.910134][ T4118] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
21:34:02 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, 0x0)
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:34:02 executing program 5:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(0xffffffffffffffff, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x1, 0x1, 0x0, @link_local}, 0x10)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:34:02 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

[  648.968654][ T4127] binder: BINDER_SET_CONTEXT_MGR already set
[  648.975351][ T4118] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  648.993815][ T4127] binder: 4125:4127 ioctl 40046207 0 returned -16
[  649.005298][ T4118] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  649.058090][ T4118] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  649.084481][ T4118] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  649.101261][ T4118] Interruptibility = 00000000  ActivityState = 00000000
[  649.110144][ T4118] *** Host State ***
[  649.114250][ T4118] RIP = 0xffffffff811b3470  RSP = 0xffff8880586578e0
[  649.128572][ T4118] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  649.143703][ T4118] FSBase=00007f2034fd5700 GSBase=ffff8880ae800000 TRBase=fffffe0000033000
[  649.156767][ T4118] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[  649.163540][ T4118] CR0=0000000080050033 CR3=00000000922e5000 CR4=00000000001426f0
[  649.178711][ T4118] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87201360
[  649.190598][ T4118] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  649.201177][ T4118] *** Control State ***
[  649.209335][ T4118] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c2
[  649.220485][ T4118] EntryControls=0000d1ff ExitControls=002fefff
[  649.231359][ T4118] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  649.242926][ T4118] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  649.254154][ T4118] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  649.265506][ T4118]         reason=80000021 qualification=0000000000000000
[  649.272713][ T4118] IDTVectoring: info=00000000 errcode=00000000
[  649.286029][ T4118] TSC Offset = 0xfffffea1dbeede76
[  649.291226][ T4118] TPR Threshold = 0x00
[  649.301398][ T4118] EPT pointer = 0x000000008407201e
21:34:02 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:34:02 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = dup3(r0, r0, 0x80000)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0xfffffffffffffe26, 0x0, &(0x7f0000000140)=ANY=[@ANYRES64=r0], 0x5a, 0x0, 0x0})
ioctl$FS_IOC_ENABLE_VERITY(r0, 0x6685)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00')
sendmsg$TIPC_NL_BEARER_ADD(r1, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x110}, 0xc, &(0x7f0000000100)={&(0x7f00000001c0)={0x128, r2, 0x300, 0x70bd25, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x44, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x3}, @TIPC_NLA_BEARER_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7db}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6a}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}]}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7f}]}]}, @TIPC_NLA_MEDIA={0xa0, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x100000001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1bc6a690}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80000000000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x88}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}]}]}, @TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffffffffffc4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x797}]}]}]}, 0x128}, 0x1, 0x0, 0x0, 0x4000}, 0x80)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:34:02 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:34:02 executing program 5:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(0xffffffffffffffff, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x1, 0x1, 0x0, @link_local}, 0x10)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

[  649.387405][ T4139] binder_thread_write: 5 callbacks suppressed
[  649.387418][ T4139] binder: 4138:4139 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  649.410377][ T4144] binder: 4141:4144 ioctl c0306201 20000180 returned -14
[  649.426612][ T4144] binder: 4141:4144 ioctl 6685 0 returned -22
21:34:03 executing program 5:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(0xffffffffffffffff, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x1, 0x1, 0x0, @link_local}, 0x10)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

[  649.472979][ T4144] binder: 4141:4144 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  649.498915][ T4146] binder: BINDER_SET_CONTEXT_MGR already set
[  649.520493][ T4145] *** Guest State ***
[  649.524517][ T4145] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  649.528045][ T4146] binder: 4141:4146 ioctl 40046207 0 returned -16
[  649.543620][ T4144] binder: 4141:4144 ioctl c0306201 20000180 returned -14
[  649.556117][ T4149] binder: 4141:4149 ioctl 6685 0 returned -22
[  649.562458][ T4145] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  649.573796][ T4145] CR3 = 0x0000000000000000
[  649.582623][ T4145] RSP = 0x0000000000000000  RIP = 0x000000000000fff0
[  649.596095][ T4145] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  649.608927][ T4145] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  649.622371][ T4145] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  649.632529][ T4145] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  649.641545][ T4145] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  649.650577][ T4145] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  649.660215][ T4145] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  649.669160][ T4145] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  649.678173][ T4145] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  649.687186][ T4145] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  649.696167][ T4145] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  649.705040][ T4145] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
21:34:03 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)
r2 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r4=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r4+30000000}}, 0x0)
readv(r2, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(0xffffffffffffffff, r2, 0x0)
tkill(r3, 0x1000000000014)

21:34:03 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:34:03 executing program 5:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, 0x0, 0x0)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:34:03 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x0, 0x0)
ioctl$KDGKBENT(r1, 0x4b46, &(0x7f0000000100)={0x40, 0xe4, 0x1})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

[  649.726228][ T4145] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  649.735011][ T4145] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  649.746625][ T4145] Interruptibility = 00000000  ActivityState = 00000000
[  649.772057][ T4145] *** Host State ***
[  649.778863][ T4155] binder: 4152:4155 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  649.786810][ T4145] RIP = 0xffffffff811b3470  RSP = 0xffff8880586578e0
[  649.801417][ T4157] binder_thread_write: 2 callbacks suppressed
[  649.801431][ T4157] binder: 4151:4157 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  649.808452][ T4145] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  649.862820][ T4157] binder: BINDER_SET_CONTEXT_MGR already set
[  649.879004][ T4145] FSBase=00007f2034fd5700 GSBase=ffff8880ae800000 TRBase=fffffe0000003000
[  649.881772][ T4157] binder: 4151:4157 ioctl 40046207 0 returned -16
[  649.906639][ T4145] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
21:34:03 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:34:03 executing program 5:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, 0x0, 0x0)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:34:03 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x9, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

[  649.913957][ T4145] CR0=0000000080050033 CR3=000000009447a000 CR4=00000000001426f0
[  649.948893][ T4145] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87201360
[  649.958539][ T4166] binder: 4164:4166 Acquire 1 refcount change on invalid ref 0 ret -22
[  649.970080][ T4145] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  649.977509][ T4166] binder: 4164:4166 unknown command 14
[  649.984056][ T4145] *** Control State ***
[  649.988536][ T4145] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c2
[  649.997237][ T4166] binder: 4164:4166 ioctl c0306201 20000000 returned -22
[  650.004479][ T4145] EntryControls=0000d1ff ExitControls=002fefff
[  650.011352][ T4168] binder: 4164:4168 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  650.019159][ T4145] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  650.035299][ T4145] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  650.051060][ T4145] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  650.065191][ T4145]         reason=80000021 qualification=0000000000000000
[  650.073910][ T4145] IDTVectoring: info=00000000 errcode=00000000
[  650.085913][ T4145] TSC Offset = 0xfffffea177b67aae
[  650.091107][ T4145] TPR Threshold = 0x00
[  650.095488][ T4145] EPT pointer = 0x000000008f81601e
21:34:03 executing program 5:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, 0x0, 0x0)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:34:03 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
openat$capi20(0xffffffffffffff9c, &(0x7f0000000040)='/dev/capi20\x00', 0x800, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c420004000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f00000001c0)={<r1=>0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x78, 0x0, &(0x7f00000002c0)=[@free_buffer={0x40086303, r1}, @reply={0x40406301, {0x0, 0x0, 0x1, 0x0, 0x10, 0x0, 0x0, 0x40, 0x20, &(0x7f0000000240)=[@fda={0x66646185, 0x5, 0x2, 0x21}, @fda={0x66646185, 0x0, 0x3, 0xf}], &(0x7f0000000280)=[0x48, 0x28, 0x40, 0x18]}}, @exit_looper, @acquire, @request_death={0x400c630e, 0x2, 0x2}, @dead_binder_done={0x40086310, 0x1}], 0x0, 0x0, 0x0})

21:34:03 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:34:03 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x9, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:34:03 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  650.193068][ T4173] binder: 4169:4173 unknown command 1108108046
[  650.220535][ T4176] binder: 4171:4176 unknown command 14
[  650.240193][ T4176] binder: 4171:4176 ioctl c0306201 20000000 returned -22
[  650.247312][ T4173] binder: 4169:4173 ioctl c0306201 20000000 returned -22
[  650.269908][ T4173] binder: 4169:4173 BC_FREE_BUFFER u0000000000000000 no match
[  650.283973][ T4180] binder: 4171:4180 BC_CLEAR_DEATH_NOTIFICATION death notification not active
[  650.324577][ T4173] binder: 4169:4173 got reply transaction with no transaction stack
[  650.373243][ T4173] binder: 4169:4173 transaction failed 29201/-71, size 64-32 line 2899
[  650.387609][ T4179] *** Guest State ***
[  650.397630][ T4179] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  650.417867][ T4178] binder: BINDER_SET_CONTEXT_MGR already set
[  650.424881][ T4179] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  650.444528][ T4178] binder: 4169:4178 ioctl 40046207 0 returned -16
[  650.451013][ T4179] CR3 = 0x0000000000000000
[  650.451023][ T4179] RSP = 0x0000000000000000  RIP = 0x000000000000fff0
[  650.451034][ T4179] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  650.451048][ T4179] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  650.451061][ T4179] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  650.471454][ T4173] binder: 4169:4173 unknown command 1108108046
[  650.498243][ T3481] binder: undelivered TRANSACTION_ERROR: 29201
[  650.508482][ T4173] binder: 4169:4173 ioctl c0306201 20000000 returned -22
[  650.515299][ T4179] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  650.540321][ T4179] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  650.556799][ T4179] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  650.572857][ T4179] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  650.581983][ T4179] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  650.596946][ T4179] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  650.609616][ T4179] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  650.620980][ T4179] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  650.633635][ T4179] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  650.644592][ T4179] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  650.657741][ T4179] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  650.669016][ T4179] Interruptibility = 00000000  ActivityState = 00000000
[  650.679087][ T4179] *** Host State ***
[  650.683139][ T4179] RIP = 0xffffffff811b3470  RSP = 0xffff8880516af8e0
21:34:04 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)
r2 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r4=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r4+30000000}}, 0x0)
readv(r2, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(0xffffffffffffffff, r2, 0x0)
tkill(r3, 0x1000000000014)

21:34:04 executing program 5:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f00000000c0)={0x1a, 0x0, 0x0, 0x1, 0x1, 0x0, @link_local}, 0x10)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:34:04 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:34:04 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x9, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:34:04 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x40000, 0x2)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000240)='TIPC\x00')
sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x480040}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x30, r2, 0x50a, 0x70bd25, 0x25dfdbfe, {{}, 0x0, 0x4108, 0x0, {0x14, 0x18, {0x3, @bearer=@udp='udp:syz0\x00'}}}, ["", ""]}, 0x30}}, 0x20000814)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r3 = syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0xfea9, 0x40200)
ioctl$KVM_GET_PIT(r3, 0xc048ae65, &(0x7f0000000100))
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000000000228632ea6e1b157e75ce0f59a97b6e427fe81dc0d48cb48517fd9ca5d748772b6ac400fa9e"], 0x0, 0x0, 0x0})

[  650.692947][ T4179] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  650.704107][ T4179] FSBase=00007f2034fd5700 GSBase=ffff8880ae900000 TRBase=fffffe0000033000
[  650.718961][ T4179] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[  650.762377][ T4189] binder: 4184:4189 Acquire 1 refcount change on invalid ref 0 ret -22
[  650.770651][ T4179] CR0=0000000080050033 CR3=00000000984a5000 CR4=00000000001426e0
[  650.770668][ T4179] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87201360
[  650.770680][ T4179] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  650.770685][ T4179] *** Control State ***
[  650.770694][ T4179] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c2
[  650.811223][ T4179] EntryControls=0000d1ff ExitControls=002fefff
[  650.819978][ T4188] binder: 4185:4188 unknown command 1
[  650.831060][ T4188] binder: 4185:4188 ioctl c0306201 20000080 returned -22
[  650.839827][ T4179] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  650.852635][ T4179] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
21:34:04 executing program 5:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f00000000c0)={0x1a, 0x0, 0x0, 0x1, 0x1, 0x0, @link_local}, 0x10)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

[  650.860637][ T4189] binder: 4184:4189 unknown command 14
[  650.869748][ T4194] binder: BINDER_SET_CONTEXT_MGR already set
[  650.884028][ T4179] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  650.885286][ T4192] binder: 4184:4192 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  650.894167][ T4194] binder: 4185:4194 ioctl 40046207 0 returned -16
[  650.905364][ T4179]         reason=80000021 qualification=0000000000000000
21:34:04 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  650.905373][ T4179] IDTVectoring: info=00000000 errcode=00000000
[  650.905380][ T4179] TSC Offset = 0xfffffea1005c67be
[  650.905402][ T4179] TPR Threshold = 0x00
[  650.905411][ T4179] EPT pointer = 0x00000000965ba01e
[  650.914201][ T4189] binder: 4184:4189 ioctl c0306201 20000000 returned -22
21:34:04 executing program 5:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f00000000c0)={0x1a, 0x0, 0x0, 0x1, 0x1, 0x0, @link_local}, 0x10)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:34:04 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0xd, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c4000"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

[  651.014457][ T4194] binder: 4185:4194 unknown command 1
[  651.033958][ T4194] binder: 4185:4194 ioctl c0306201 20000080 returned -22
21:34:04 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:34:04 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:34:04 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100)='TIPCv2\x00')
sendmsg$TIPC_NL_NAME_TABLE_GET(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x201021}, 0xc, &(0x7f0000000140)={&(0x7f0000000240)={0x134, r1, 0x108, 0x70bd25, 0x25dfdbfc, {}, [@TIPC_NLA_NODE={0x18, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x8001}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_NET={0x1c, 0x7, [@TIPC_NLA_NET_NODEID={0xc}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x96e}]}, @TIPC_NLA_LINK={0x4c, 0x4, [@TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x61}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x20}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffffffffffff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfd0}]}]}, @TIPC_NLA_MEDIA={0xc, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_MON={0x1c, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x90d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x20}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7}]}, @TIPC_NLA_LINK={0x78, 0x4, [@TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8000}]}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xe2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x100}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x100}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x12e7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfa}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xc7}]}]}]}, 0x134}, 0x1, 0x0, 0x0, 0x8000}, 0x40040)
r2 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

[  651.143360][ T4205] binder: 4201:4205 Acquire 1 refcount change on invalid ref 0 ret -22
[  651.179575][ T4205] binder: 4201:4205 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  651.193911][ T4208] binder: 4207:4208 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  651.215272][ T4210] binder: BINDER_SET_CONTEXT_MGR already set
[  651.215297][ T4209] binder: 4201:4209 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  651.221427][ T4210] binder: 4207:4210 ioctl 40046207 0 returned -16
[  651.250495][ T4210] binder: 4207:4210 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
21:34:05 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:34:05 executing program 5:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, @link_local}, 0x10)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:34:05 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:34:05 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)
r2 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r4=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r4+30000000}}, 0x0)
readv(r2, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(0xffffffffffffffff, r2, 0x0)
tkill(r3, 0x1000000000014)

21:34:05 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0xd, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c4000"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:34:05 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = semget$private(0x0, 0x4, 0x1)
openat$vimc2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video2\x00', 0x2, 0x0)
semctl$GETNCNT(r1, 0x1, 0xe, &(0x7f0000000100)=""/216)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

[  651.730587][ T4216] binder: 4215:4216 Acquire 1 refcount change on invalid ref 0 ret -22
[  651.746937][ T4219] binder: 4214:4219 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
21:34:05 executing program 5:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

[  651.778213][ T4216] binder: 4215:4216 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  651.799674][ T4219] binder: BINDER_SET_CONTEXT_MGR already set
[  651.815418][ T4223] binder: 4215:4223 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
21:34:05 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  651.834602][ T4226] binder: 4214:4226 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  651.836103][ T4219] binder: 4214:4219 ioctl 40046207 0 returned -16
21:34:05 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:34:05 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0xd, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c4000"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:34:05 executing program 5:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:34:05 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:34:05 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440000000000e630c400000000055ad0512cf00000e3cdeb4686258b08d390ac8530f51186df1ca0594b05eb20e5d22f0c275874098c5273abe7611516153028eeec0033c773ffdd2617006dcd244198cd750b8096fa046cccdaed68a00b72b0867ed09393934b1dfe0b7cc6efa02572e4db3d225c15bca2e99bec9428ec50c8f323d200df00a389345abaa0d7611dc1bca"], 0x0, 0x0, 0x0})
read(r0, &(0x7f00000001c0)=""/65, 0x41)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

[  652.013015][ T4237] binder: 4235:4237 Acquire 1 refcount change on invalid ref 0 ret -22
21:34:05 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:34:05 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0xf, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c40000000"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

[  652.120729][ T4242] binder: 4241:4242 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0e0000cf1205ad55 != 0000000000000000
[  652.183222][ T4242] binder: BINDER_SET_CONTEXT_MGR already set
[  652.210145][ T4242] binder: 4241:4242 ioctl 40046207 0 returned -16
[  652.211783][ T3481] binder: undelivered death notification, 0000000000000000
[  652.235020][ T4248] binder: 4241:4248 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0e0000cf1205ad55 != 0000000000000000
21:34:06 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
dup(r0)
r1 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r4=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r4+30000000}}, 0x0)
readv(r2, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r1, r2, 0x0)
tkill(r3, 0x1000000000014)

21:34:06 executing program 5:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:34:06 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:34:06 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:34:06 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0xf, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c40000000"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:34:06 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="9a9051eff403d80d070563044010001c69542ad64bf306000000731d"], 0x0, 0x0, 0x0})
r1 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x4, 0x2000)
setsockopt$packet_fanout_data(r1, 0x107, 0x16, &(0x7f0000000100)={0x7, &(0x7f00000000c0)=[{0x100, 0x57, 0x3b, 0x8}, {0x2, 0x5, 0x800, 0x34}, {0x1, 0x10000, 0x10001, 0x790}, {0x3, 0x2, 0x5, 0x80000001}, {0xbb16, 0x3, 0x40, 0x4b14e0b8}, {0x7, 0x30b, 0x1000, 0x6}, {0x3, 0x4, 0x117b4cc0, 0x4}]}, 0x10)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0), 0xae5c86373f866df2, 0x0, 0x0})
openat$fuse(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fuse\x00', 0x2, 0x0)
io_setup(0x24, &(0x7f0000000140))

[  652.694872][ T4255] binder: 4253:4255 unknown command -279867238
[  652.699739][ T3481] binder: undelivered death notification, 0000000000000000
[  652.715335][ T4255] binder: 4253:4255 ioctl c0306201 20000000 returned -22
21:34:06 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0xf, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c40000000"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:34:06 executing program 5:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, @link_local}, 0x10)
sendmmsg(0xffffffffffffffff, &(0x7f0000001380), 0x3fffff1, 0x40)

[  652.756187][ T4255] binder: 4253:4255 ioctl c0306201 20000080 returned -14
[  652.782482][ T4255] binder: BINDER_SET_CONTEXT_MGR already set
21:34:06 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

[  652.812613][ T4261] binder: 4253:4261 unknown command -279867238
[  652.837112][ T4255] binder: 4253:4255 ioctl 40046207 0 returned -16
[  652.849561][ T3622] binder: undelivered death notification, 0000000000000000
21:34:06 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:34:06 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c4000000000"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:34:06 executing program 5:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, @link_local}, 0x10)
sendmmsg(0xffffffffffffffff, &(0x7f0000001380), 0x3fffff1, 0x40)

[  652.888777][ T4269] binder: 4253:4269 ioctl c0306201 20000080 returned -14
[  652.888946][ T4261] binder: 4253:4261 ioctl c0306201 20000000 returned -22
[  652.993076][ T4277] binder: 4275:4277 Acquire 1 refcount change on invalid ref 0 ret -22
21:34:06 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r4=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r4+30000000}}, 0x0)
readv(r2, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r1, r2, 0x0)
tkill(r3, 0x1000000000014)

21:34:06 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

21:34:06 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
r1 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x7fff, 0x40000)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000100)={{{@in=@multicast2, @in6=@ipv4={[], [], @remote}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in6=@mcast1}, 0x0, @in6=@dev}}, &(0x7f0000000240)=0xe8)
bind$bt_hci(r1, &(0x7f0000000280)={0x1f, r2, 0x3}, 0xc)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:34:06 executing program 5:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, @link_local}, 0x10)
sendmmsg(0xffffffffffffffff, &(0x7f0000001380), 0x3fffff1, 0x40)

21:34:06 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c4000000000"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:34:06 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, 0xffffffffffffffff, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

[  653.275291][ T4285] binder: 4282:4285 Acquire 1 refcount change on invalid ref 0 ret -22
[  653.278294][ T4289] binder: 4281:4289 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
21:34:06 executing program 5:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, @link_local}, 0x10)
sendmmsg(r0, 0x0, 0x0, 0x40)

21:34:07 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, 0xffffffffffffffff, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

21:34:07 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c4000000000"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

[  653.354027][ T4289] binder: BINDER_SET_CONTEXT_MGR already set
[  653.365666][ T4289] binder: 4281:4289 ioctl 40046207 0 returned -16
[  653.372575][ T4294] binder: 4281:4294 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
21:34:07 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:34:07 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

21:34:07 executing program 5:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, @link_local}, 0x10)
sendmmsg(r0, 0x0, 0x0, 0x40)

[  653.514204][ T4301] binder: 4300:4301 Acquire 1 refcount change on invalid ref 0 ret -22
[  653.577979][ T4306] binder: 4302:4306 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  653.627350][ T4306] binder: BINDER_SET_CONTEXT_MGR already set
[  653.645444][ T4306] binder: 4302:4306 ioctl 40046207 0 returned -16
[  653.666087][ T4309] binder: 4302:4309 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
21:34:07 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r4=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r4+30000000}}, 0x0)
readv(r2, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r1, r2, 0x0)
tkill(r3, 0x1000000000014)

21:34:07 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, 0xffffffffffffffff, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

21:34:07 executing program 5:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, @link_local}, 0x10)
sendmmsg(r0, 0x0, 0x0, 0x40)

21:34:07 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:34:07 executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0xa, 0x4, &(0x7f0000346fc8)=ANY=[@ANYBLOB="1800000000000000000000000000000061100c8b000000009500000000000000"], 0x0}, 0x48)

21:34:07 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = socket(0x1a, 0x3, 0x6)
setsockopt$netrom_NETROM_T2(r1, 0x103, 0x2, &(0x7f0000000240)=0x3, 0x4)
r2 = syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0x100000001, 0x2200)
clock_gettime(0x0, &(0x7f0000000100)={<r3=>0x0, <r4=>0x0})
ioctl$GIO_CMAP(r2, 0x4b70, &(0x7f0000000280))
write$evdev(r2, &(0x7f0000000140)=[{{}, 0x14, 0x10000, 0x7fffffff}, {}, {{0x0, 0x2710}, 0x0, 0xa2}, {{0x77359400}, 0x4, 0x4, 0x8}, {{r3, r4/1000+10000}, 0x0, 0x6, 0x39945fab}, {{0x77359400}, 0x1f, 0x2, 0x71246892}, {{0x0, 0x7530}, 0x12, 0x6, 0x1ff}, {{0x0, 0x2710}, 0x11, 0x0, 0x400}], 0xc0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0f63044000000016"], 0x0, 0x0, 0x0})

[  654.397404][ T4315] binder: 4311:4315 Acquire 1 refcount change on invalid ref 0 ret -22
[  654.426602][ T4319] binder: 4313:4319 unknown command 1074029327
[  654.432850][ T4319] binder: 4313:4319 ioctl c0306201 20000080 returned -22
21:34:08 executing program 3:
syz_emit_ethernet(0x3e, &(0x7f0000000080)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={0xac, 0x223}, @dev}, @icmp=@parameter_prob={0x3, 0x2, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local={0xac, 0x223}, @dev}}}}}}, 0x0)

[  654.445668][ T4315] binder_thread_write: 8 callbacks suppressed
[  654.445681][ T4315] binder: 4311:4315 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
21:34:08 executing program 5:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, @link_local}, 0x10)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x0)

21:34:08 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

[  654.488057][ T4319] binder: BINDER_SET_CONTEXT_MGR already set
[  654.494092][ T4319] binder: 4313:4319 ioctl 40046207 0 returned -16
21:34:08 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})

21:34:08 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:34:08 executing program 3:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="9a9051eff403d80d070563044010001c69542ad64bf306000000731d"], 0x0, 0x0, 0x0})
r1 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x4, 0x2000)
setsockopt$packet_fanout_data(r1, 0x107, 0x16, &(0x7f0000000100)={0x7, &(0x7f00000000c0)=[{0x100, 0x57, 0x3b, 0x8}, {0x2, 0x5, 0x800, 0x34}, {0x1, 0x10000, 0x10001, 0x790}, {0x3, 0x2, 0x5, 0x80000001}, {0xbb16, 0x3, 0x40, 0x4b14e0b8}, {0x7, 0x30b, 0x1000, 0x6}, {0x3, 0x4, 0x117b4cc0, 0x4}]}, 0x10)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0), 0xae5c86373f866df2, 0x0, 0x0})
openat$fuse(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fuse\x00', 0x2, 0x0)
io_setup(0x24, &(0x7f0000000140))

[  654.623429][ T4332] binder: 4331:4332 Acquire 1 refcount change on invalid ref 0 ret -22
[  654.661218][ T4332] binder: 4331:4332 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
21:34:08 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
r1 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r4=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r4+30000000}}, 0x0)
readv(r2, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r1, r2, 0x0)
tkill(r3, 0x1000000000014)

[  654.688911][ T4337] binder: BINDER_SET_CONTEXT_MGR already set
[  654.725117][ T4337] binder: 4335:4337 ioctl 40046207 0 returned -16
21:34:08 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:34:08 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0f634cb40435558b"], 0x0, 0x0, 0x0})

21:34:08 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

[  654.747252][ T4340] binder: 4339:4340 unknown command -279867238
[  654.771695][ T4340] binder: 4339:4340 ioctl c0306201 20000000 returned -22
[  654.838385][ T4340] binder: 4339:4340 ioctl c0306201 20000080 returned -14
[  654.882306][ T4350] binder: 4345:4350 unknown command -1270062321
[  654.908901][ T4350] binder: 4345:4350 ioctl c0306201 20000080 returned -22
21:34:08 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)

21:34:08 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  654.938632][ T4350] binder: BINDER_SET_CONTEXT_MGR already set
[  654.958410][ T4350] binder: 4345:4350 ioctl 40046207 0 returned -16
21:34:08 executing program 3:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="9a9051eff403d80d070563044010001c69542ad64bf306000000731d"], 0x0, 0x0, 0x0})
r1 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x4, 0x2000)
setsockopt$packet_fanout_data(r1, 0x107, 0x16, &(0x7f0000000100)={0x7, &(0x7f00000000c0)=[{0x100, 0x57, 0x3b, 0x8}, {0x2, 0x5, 0x800, 0x34}, {0x1, 0x10000, 0x10001, 0x790}, {0x3, 0x2, 0x5, 0x80000001}, {0xbb16, 0x3, 0x40, 0x4b14e0b8}, {0x7, 0x30b, 0x1000, 0x6}, {0x3, 0x4, 0x117b4cc0, 0x4}]}, 0x10)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0), 0xae5c86373f866df2, 0x0, 0x0})
openat$fuse(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fuse\x00', 0x2, 0x0)
io_setup(0x24, &(0x7f0000000140))

[  655.004795][ T4354] binder: 4352:4354 Acquire 1 refcount change on invalid ref 0 ret -22
[  655.014505][ T4354] binder: 4352:4354 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  655.030878][ T4354] binder: 4352:4354 ioctl c0306201 0 returned -14
[  655.062844][ T4357] binder: 4355:4357 unknown command -279867238
[  655.090988][ T4357] binder: 4355:4357 ioctl c0306201 20000000 returned -22
[  655.123335][ T4357] binder: 4355:4357 ioctl c0306201 20000080 returned -14
21:34:09 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)

21:34:09 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000440)={<r1=>0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000006c0)={0x108, 0x0, &(0x7f0000000500)=[@increfs={0x40046304, 0x2}, @register_looper, @transaction={0x40406300, {0x4, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x10, &(0x7f0000000200), &(0x7f0000000340)=[0x38, 0x40]}}, @transaction={0x40406300, {0x3, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x38, &(0x7f0000000380), &(0x7f0000000400)=[0x0, 0x38, 0x30, 0x0, 0x0, 0x0, 0x78]}}, @increfs_done={0x40106308, r1, 0x3}, @dead_binder_done={0x40086310, 0x2}, @acquire={0x40046305, 0x2}, @release={0x40046306, 0x2}, @reply={0x40406301, {0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x20, &(0x7f0000000480), &(0x7f00000004c0)=[0x0, 0x38, 0x0, 0x78]}}], 0x43, 0x0, &(0x7f0000000640)="8b36055382333fb870e566cbb5df7f330c364d82b0646d9ea2be5169c2aeb8b4bf0ee820a22783750275b4cc8ed039cdb69f100ca1d0e4a302aa50693f24488cb5156b"})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0563045300005500000000000000005c202fc6eeff007e9fe3b7a5818ae600c5f16b7965190daa2390477fff2d1aa81dc4a934840439d14bc3b1f8161134dcc81630f7e64b1818704dce45088e70cf3f2b9d797dbbd8c0a3db"], 0x0, 0x0, 0x0})
r2 = dup3(r0, r0, 0x80000)
r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100)='IPVS\x00')
sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000140)={0x9c, r3, 0x4, 0x70bd2b, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DEST={0x30, 0x2, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@dev={0xfe, 0x80, [], 0x1a}}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e23}]}, @IPVS_CMD_ATTR_SERVICE={0x20, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x4}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x2, 0x4}}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e20}]}, @IPVS_CMD_ATTR_DEST={0x28, 0x2, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@local}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x5}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e20}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x100}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xbaa5}]}, 0x9c}, 0x1, 0x0, 0x0, 0x4044801}, 0x800)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:34:09 executing program 5:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, @link_local}, 0x10)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x0)

21:34:09 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r1, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r1, 0xae80, 0x0)

21:34:09 executing program 3:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="9a9051eff403d80d070563044010001c69542ad64bf306000000731d"], 0x0, 0x0, 0x0})
r1 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x4, 0x2000)
setsockopt$packet_fanout_data(r1, 0x107, 0x16, &(0x7f0000000100)={0x7, &(0x7f00000000c0)=[{0x100, 0x57, 0x3b, 0x8}, {0x2, 0x5, 0x800, 0x34}, {0x1, 0x10000, 0x10001, 0x790}, {0x3, 0x2, 0x5, 0x80000001}, {0xbb16, 0x3, 0x40, 0x4b14e0b8}, {0x7, 0x30b, 0x1000, 0x6}, {0x3, 0x4, 0x117b4cc0, 0x4}]}, 0x10)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0), 0xae5c86373f866df2, 0x0, 0x0})
openat$fuse(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fuse\x00', 0x2, 0x0)
io_setup(0x24, &(0x7f0000000140))

21:34:09 executing program 4:
syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r3=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r3+30000000}}, 0x0)
readv(r1, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

[  655.434891][ T4363] binder: 4361:4363 IncRefs 0 refcount change on invalid ref 2 ret -22
[  655.455746][ T4366] binder: BINDER_SET_CONTEXT_MGR already set
[  655.459687][ T4363] binder: 4361:4363 ERROR: BC_REGISTER_LOOPER called without request
[  655.485294][ T4363] binder: 4361:4363 got transaction to invalid handle
[  655.485443][ T4371] binder: 4361:4371 unknown command 1392796421
[  655.501674][ T4373] binder: 4364:4373 unknown command -279867238
[  655.506563][ T4366] binder: 4364:4366 ioctl 40046207 0 returned -16
[  655.508090][ T4365] binder: 4360:4365 ioctl c0306201 0 returned -14
[  655.525333][ T4373] binder: 4364:4373 ioctl c0306201 20000000 returned -22
21:34:09 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r1, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r1, 0xae80, 0x0)

[  655.537193][ T4363] binder: 4361:4363 transaction failed 29201/-22, size 0-16 line 2994
[  655.548877][ T4374] binder: 4361:4374 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  655.573103][ T4371] binder: 4361:4371 ioctl c0306201 20000000 returned -22
21:34:09 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)

[  655.603431][ T4363] binder: BINDER_SET_CONTEXT_MGR already set
[  655.612898][ T4366] binder: 4364:4366 ioctl c0306201 20000080 returned -14
[  655.624604][ T4374] binder: 4361:4374 unknown command 1392796421
21:34:09 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r3=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r3+30000000}}, 0x0)
readv(r1, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

21:34:09 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r1, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r1, 0xae80, 0x0)

[  655.647456][ T4371] binder: 4361:4371 IncRefs 0 refcount change on invalid ref 2 ret -22
21:34:09 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

[  655.675503][ T4363] binder: 4361:4363 ioctl 40046207 0 returned -16
[  655.682372][ T4378] binder: 4377:4378 ioctl c0306201 0 returned -14
[  655.683709][ T4371] binder: 4361:4371 ERROR: BC_REGISTER_LOOPER called without request
[  655.697926][ T4374] binder: 4361:4374 ioctl c0306201 20000000 returned -22
21:34:09 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:34:09 executing program 3:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0xf, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c40000000"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

[  655.760662][ T4371] binder: 4361:4371 got transaction to invalid handle
[  655.767676][ T4374] binder: 4361:4374 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  655.816383][ T3622] binder: undelivered TRANSACTION_ERROR: 29201
[  655.824475][ T4371] binder: 4361:4371 transaction failed 29201/-22, size 0-16 line 2994
[  655.862945][ T4390] binder: 4389:4390 Acquire 1 refcount change on invalid ref 0 ret -22
[  655.870328][ T3622] binder: undelivered TRANSACTION_ERROR: 29201
[  655.880209][ T4390] binder: 4389:4390 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
21:34:09 executing program 0:
r0 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x6, 0x200)
ioctl$sock_SIOCOUTQ(r0, 0x5411, &(0x7f0000000100))
r1 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

[  655.926168][ T4392] binder: 4389:4392 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  655.970224][ T4394] binder: 4393:4394 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  655.993736][ T4394] binder: BINDER_SET_CONTEXT_MGR already set
[  656.002418][ T4394] binder: 4393:4394 ioctl 40046207 0 returned -16
21:34:09 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:34:09 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

21:34:09 executing program 3:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:34:09 executing program 5:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, @link_local}, 0x10)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x0)

21:34:09 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x4000000000)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:34:09 executing program 4:
r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r3=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r3+30000000}}, 0x0)
readv(r1, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

[  656.337701][ T4402] binder: 4399:4402 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
21:34:10 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

21:34:10 executing program 3:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

[  656.381915][ T4402] binder: BINDER_SET_CONTEXT_MGR already set
[  656.404807][ T4408] binder: 4399:4408 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  656.419450][ T4402] binder: 4399:4402 ioctl 40046207 0 returned -16
21:34:10 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:34:10 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})
r1 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x40, 0x0)
ioctl$ASHMEM_GET_PIN_STATUS(r1, 0x7709, 0x0)
arch_prctl$ARCH_SET_CPUID(0x1012, 0x1)

[  656.469577][ T4411] binder: 4410:4411 Acquire 1 refcount change on invalid ref 0 ret -22
[  656.491418][ T4411] binder: 4410:4411 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
21:34:10 executing program 3:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:34:10 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0), 0x0, 0x0, 0x0})

21:34:10 executing program 2:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  656.576786][ T4418] binder: 4417:4418 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  656.619590][ T4418] binder: BINDER_SET_CONTEXT_MGR already set
[  656.642420][ T4424] binder: 4417:4424 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
21:34:10 executing program 3:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:34:10 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0), 0x0, 0x0, 0x0})

[  656.669248][ T4422] *** Guest State ***
[  656.677906][ T4422] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  656.681669][ T4418] binder: 4417:4418 ioctl 40046207 0 returned -16
[  656.710603][ T4422] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  656.741302][ T4431] binder: 4429:4431 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  656.745495][ T4422] CR3 = 0x0000000000000000
[  656.762581][ T4422] RSP = 0x0000000000000000  RIP = 0x000000000000fff0
[  656.778527][ T4422] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  656.792152][ T4422] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  656.805739][ T4422] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  656.827236][ T4422] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  656.843485][ T4422] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  656.852585][ T4422] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  656.868241][ T4422] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  656.880522][ T4422] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  656.892650][ T4422] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  656.904668][ T4422] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  656.919976][ T4422] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  656.930254][ T4422] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  656.944138][ T4422] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  656.952698][ T4422] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  656.966991][ T4422] Interruptibility = 00000000  ActivityState = 00000000
[  656.974046][ T4422] *** Host State ***
[  656.982209][ T4422] RIP = 0xffffffff811b3470  RSP = 0xffff888058e6f8e0
[  656.991280][ T4422] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  657.002743][ T4422] FSBase=00007f2034fd5700 GSBase=ffff8880ae900000 TRBase=fffffe0000003000
[  657.013772][ T4422] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  657.024803][ T4422] CR0=0000000080050033 CR3=0000000097cab000 CR4=00000000001426e0
[  657.034996][ T4422] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87201360
[  657.049017][ T4422] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  657.058919][ T4422] *** Control State ***
[  657.063232][ T4422] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c2
[  657.077756][ T4422] EntryControls=0000d1ff ExitControls=002fefff
[  657.084488][ T4422] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  657.098702][ T4422] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  657.108475][ T4422] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  657.120235][ T4422]         reason=80000021 qualification=0000000000000000
[  657.129833][ T4422] IDTVectoring: info=00000000 errcode=00000000
[  657.142595][ T4422] TSC Offset = 0xfffffe9da1abd8bc
[  657.150051][ T4422] TPR Threshold = 0x00
[  657.154290][ T4422] EPT pointer = 0x00000000a619a01e
21:34:10 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x6)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:34:10 executing program 3:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

[  657.240352][ T4435] binder: 4433:4435 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  657.296868][ T4435] binder: BINDER_SET_CONTEXT_MGR already set
[  657.308385][ T4435] binder: 4433:4435 ioctl 40046207 0 returned -16
[  657.315356][ T4437] binder: 4433:4437 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
21:34:13 executing program 4:
r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r3=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r3+30000000}}, 0x0)
readv(r1, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

21:34:13 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0), 0x0, 0x0, 0x0})

21:34:13 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:34:13 executing program 2:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:34:13 executing program 3:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:34:13 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000100)='/dev/snd/pcmC#D#p\x00', 0x1, 0x40002)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x0, 0x1140)
ioctl$SNDRV_TIMER_IOCTL_START(r1, 0x54a0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
syz_open_dev$sndseq(&(0x7f0000000140)='/dev/snd/seq\x00', 0x0, 0x801)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:34:13 executing program 3:
bind$llc(0xffffffffffffffff, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10)
sendmmsg(0xffffffffffffffff, &(0x7f0000001380), 0x3fffff1, 0x40)

[  659.508984][ T4442] binder: 4441:4442 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  659.526971][ T4440] *** Guest State ***
[  659.531193][ T4440] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  659.556643][ T4450] binder: BINDER_SET_CONTEXT_MGR already set
[  659.556964][ T4440] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  659.581711][ T4450] binder: 4441:4450 ioctl 40046207 0 returned -16
[  659.588206][ T4440] CR3 = 0x0000000000000000
[  659.588215][ T4440] RSP = 0x0000000000000000  RIP = 0x000000000000fff0
[  659.588227][ T4440] RFLAGS=0x00000002         DR7 = 0x0000000000000400
21:34:13 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  659.588242][ T4440] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  659.588262][ T4440] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
21:34:13 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dlm-monitor\x00', 0x0, 0x0)
ioctl$KDGKBTYPE(r1, 0x4b33, &(0x7f0000000180))
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x84000)
setsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x7, &(0x7f0000000100), 0x4)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:34:13 executing program 3:
bind$llc(0xffffffffffffffff, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10)
sendmmsg(0xffffffffffffffff, &(0x7f0000001380), 0x3fffff1, 0x40)

[  659.673110][ T4440] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  659.696351][ T4440] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  659.737786][ T4440] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  659.748686][ T4457] *** Guest State ***
[  659.758936][ T4457] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  659.773548][ T4440] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
21:34:13 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  659.782931][ T4457] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  659.794630][ T4440] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  659.815914][ T4461] binder: 4459:4461 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  659.829118][ T4457] CR3 = 0x0000000000000000
21:34:13 executing program 3:
bind$llc(0xffffffffffffffff, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10)
sendmmsg(0xffffffffffffffff, &(0x7f0000001380), 0x3fffff1, 0x40)

[  659.829773][ T4440] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  659.845080][ T4457] RSP = 0x0000000000000000  RIP = 0x000000000000fff0
[  659.869382][ T4457] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  659.877536][ T4440] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  659.890046][ T4457] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  659.912934][ T4457] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  659.916434][ T4440] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  659.945024][ T4457] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  659.960932][ T4461] binder: BINDER_SET_CONTEXT_MGR already set
[  659.968259][ T4440] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  659.978756][ T4461] binder: 4459:4461 ioctl 40046207 0 returned -16
[  659.985798][ T4440] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  659.993453][ T4466] binder: 4459:4466 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  660.006167][ T4440] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  660.008127][ T4457] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  660.014510][ T4440] Interruptibility = 00000000  ActivityState = 00000000
[  660.041610][ T4457] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  660.050825][ T4440] *** Host State ***
[  660.061797][ T4440] RIP = 0xffffffff811b3470  RSP = 0xffff88805af6f8e0
[  660.082897][ T4457] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  660.092313][ T4440] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  660.099590][ T4457] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  660.099603][ T4457] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  660.099621][ T4457] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  660.099633][ T4457] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  660.099651][ T4457] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  660.099662][ T4457] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  660.099673][ T4457] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  660.099682][ T4457] Interruptibility = 00000000  ActivityState = 00000000
[  660.099686][ T4457] *** Host State ***
[  660.099698][ T4457] RIP = 0xffffffff811b3470  RSP = 0xffff88805847f8e0
[  660.099729][ T4457] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  660.114325][ T4440] FSBase=00007f2034fd5700 GSBase=ffff8880ae900000 TRBase=fffffe0000003000
[  660.146284][ T4457] FSBase=00007f39ca16e700 GSBase=ffff8880ae900000 TRBase=fffffe0000033000
[  660.156781][ T4440] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  660.179117][ T4457] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[  660.190579][ T4440] CR0=0000000080050033 CR3=0000000099e38000 CR4=00000000001426e0
[  660.212500][ T4457] CR0=0000000080050033 CR3=00000000a659f000 CR4=00000000001426e0
[  660.220293][ T4440] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87201360
[  660.236651][ T4457] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87201360
[  660.244381][ T4440] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  660.251942][ T4440] *** Control State ***
[  660.258257][ T4457] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  660.265583][ T4440] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c2
[  660.273115][ T4440] EntryControls=0000d1ff ExitControls=002fefff
[  660.275202][ T4457] *** Control State ***
[  660.285680][ T4440] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  660.290719][ T4457] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c2
[  660.293636][ T4440] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  660.314400][ T4457] EntryControls=0000d1ff ExitControls=002fefff
[  660.315137][ T4440] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  660.329564][ T4457] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  660.333913][ T4440]         reason=80000021 qualification=0000000000000000
[  660.344849][ T4440] IDTVectoring: info=00000000 errcode=00000000
[  660.348471][ T4457] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  660.357436][ T4440] TSC Offset = 0xfffffe9c191d192d
[  660.363826][ T4440] TPR Threshold = 0x00
[  660.371615][ T4440] EPT pointer = 0x00000000918ae01e
[  660.371896][ T4457] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
21:34:14 executing program 4:
r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r3=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r3+30000000}}, 0x0)
readv(r1, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

21:34:14 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, &(0x7f0000000040)=0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:34:14 executing program 3:
r0 = syz_init_net_socket$llc(0x1a, 0x0, 0x0)
bind$llc(r0, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

[  660.405440][ T4457]         reason=80000021 qualification=0000000000000000
[  660.421031][ T4457] IDTVectoring: info=00000000 errcode=00000000
21:34:14 executing program 2:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:34:14 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x80, 0x0)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000cc0)=<r2=>0x0)
r3 = getuid()
getgroups(0x6, &(0x7f0000000d00)=[0xffffffffffffffff, 0xee01, 0xee01, 0x0, 0x0, <r4=>0xee01])
r5 = getpid()
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000d40)={{{@in6=@remote, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}}, {{@in=@dev}, 0x0, @in6=@empty}}, &(0x7f0000000e40)=0xe8)
getgroups(0x5, &(0x7f0000000e80)=[0xee00, <r7=>0xffffffffffffffff, 0x0, 0xee00, 0xee00])
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f00000007c0)={0x3b, @loopback, 0x4e23, 0x1, 'wlc\x00', 0x4, 0x80000000, 0x33}, 0x2c)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000ec0)=<r8=>0x0)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffff9c, 0x0, 0x10, &(0x7f0000000f00)={{{@in6=@empty, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r9=>0x0}}, {{@in=@local}, 0x0, @in6=@remote}}, &(0x7f0000001000)=0xe8)
lstat(&(0x7f0000001040)='./file0\x00', &(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, <r10=>0x0})
sendmmsg$unix(r1, &(0x7f00000029c0)=[{&(0x7f0000000100)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f00000006c0)=[{&(0x7f0000000180)="c4f98704ce7d3dad2c7ceccbc48b4dbb11ded1318d5ade7696e79c22571accefbbfb2ea5dfd16fea930a5bcd6acd92", 0x2f}, {&(0x7f0000000240)="7ff1eccb632eadfb9092d1cbf2557f4b7b1a7ba2224df3aee4954a0d5e3a9de6b33652c5af3078a0d9b94198a8b558d730c047bccc148fc38475653317aca56f2fd993fb51de9d3906cb60c9b5e6c2d61a2fe3e9a9e0d2860ec5329897b9bd6f897877689c1ec1d6bdf427316e21d9ab29e2dde100f4f56aee7a08015da74e8e048112dc", 0x84}, {&(0x7f00000001c0)="47d08a54649664fcd226b10bdf92b0cafdd57cc1406ab6d66a1d4688d8c7f0f96e3db95a453b82f92b5395febd9c96858e3c121c31", 0x35}, {&(0x7f0000000400)="274f7d705fba0e550cc24576938e2918b8b6b1aac05608e9a61f1d9fd3fea4e757dc794759b34300afb02b843470b386c6bd50659a902cf8464b0ac0f9d91d597daae75a9edf570a3531de426c434766f054b8bea26a733a4fcc7435d47643bfbe6fc4a631b88e05e2aa5ab20e38f1f4b604bf468353095ccbb9c8e8b7d6e80b3c1425819f728d90db6f3d327a91625b4b98ced5d6a8ef35577977b220505b75b6a140dedb26b0482611c114d214381d61e6d659134f5c6c63c50eefc0005610ded08579bea09aad343ce8957d4188d0057335cb8ccd18d8d702afee2dded51023d9532bd7897fd850ac01fdf0af", 0xee}, {&(0x7f0000000300)="fbfd4e48ce9c34e26f0b3aeb65d50ff3ba9776b6db255a091a2494d5ff0754bb6a4e6ce8f678acb545ca878df4448c8ab3", 0x31}, {&(0x7f0000000340)="b3e2d89781f7686c9c1ce86c3566a0018e4d", 0x12}, {&(0x7f0000000500)="a4d41d83785ba029f9f0c76eb5c754754e5c164119f9a9c573eaa49f1445fe8e0747aac1c99af871906bf172172efe56e4d8d8033a3d46c23d41e3dee40bf2ad6ee5ffc949cfc5e8921925f9e9f0f8ee11e3b5a791e43ae1f4f7f18a0698eba8d90bc414f3e7da3c8499380556ebc5e94b43a576d0a7f0d01de30028195e2cbb5ccf720db21fd097389c0943c8fd461d06a69875582e409e174246d22f5e32a9a11cad2ae7f700df06311c6b6b52dfa36279a313a1ac2b52bd3dd4b85c05e615de9a95aa6c877daa7266ea678f73", 0xce}, {&(0x7f0000000600)="3da80d3f8038d6987977aad09048832225f27c4d96593c7c2b6f172cc07d3f992f1ef1f116b33bbef06fc37ee0ad144338d223728605b3bd3f68f188bcef4628e90fa07ca3ae3527b68d5ef343036792809f482f40482735d3a4b3f4200843049bd6d3da8151aa1b50c2fa5bbd4e1cf6b8d77deb921abf0a97f426df93bb1e31a356b250108d164d2caa51f22f3b02af0abcd2010f8e", 0x96}], 0x8, &(0x7f0000002ac0)=ANY=[@ANYBLOB="180000cf41cf40a9558385d614e662f849ce2c5ac3d76b1ed99a00000000000100000001000000", @ANYRES32=r0, @ANYBLOB='\x00\x00\x00\x00'], 0x18, 0x4008000}, {&(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000c40)=[{&(0x7f00000007c0)}, {&(0x7f0000000800)="b9e9358f16b5774e9b8e2efb09866e6b076401682390debcef12a093b60e06", 0x1f}, {&(0x7f0000000840)="8194426620b7b5d4630bcd70dc1cad0f853390ceb5ddd90ca0c2cb575682caff89584e6c31986384008217a82ab1afcdc7ce6d540385b647d3f23800c7573dff1d1d50be4f5619125805cc31199f677a4c520a8f0709f888ef04c22c2dc70ef40214f00766967aee9bcf8caf1233e7eb17a4810302050d04266b2bfa80144ee4af", 0x81}, {&(0x7f0000000900)="abde92b3b8fd5d27fb677fa79debab97931dca1d5fa965d3cb918f1a60653562862e04a4d2f33f45846354f36557c781600b2542d86c625ff24f26ce0df0398707159a5f1847", 0x46}, {&(0x7f0000000980)="c54cd5ccaad5020ce032ea8f93cad112950817a67355ccfeed981cda3efb9c12f723f4277b5154f65b2d809a20a9776c6d345134c751b5a904b6d9029882c7f1bb660e66bc76365d1241bc6c4eb3a77ba130a1f65f6f1468eee22ff766ab17", 0x5f}, {&(0x7f0000000a00)="9aa67a296b4f31c07de32c3e74779dbf61ec9866a6f10dc97e441a103fa660cd952d5dbc6801962948708baf6e4dc6c94e724d3211c0247463dacfa725a5d1dbafa02d67ad443b4ed6f382e56b4aa7dd5472954ef469ed6c9d771842c23829218d65e845f6bf2388634300807f4deee3cc3ef72727c20335f6dedde9ff02e983813013a0f352f6f183848008827e5787c77a6a0b85c0c8fdadfec8b28b4801efa271bc26613e94738ea31cae370aff0e7b1615d10ad5b193260b97d6cf6ce869e299f81d711cc0e7f3d9295bf154e9750f86413b5cebeb820d14553eda1ac2208561c2de9ee25455a8083e9b31d2ad8e671df4deb2ca345b", 0xf8}, {&(0x7f0000000b00)="199fedc9adab8532f26b3a6c9a22d5afa0cb3754e62e29bd2fa0baeac0ee79ecb3acdf7f01c1ca0f284463e1206912fa2816fd23e14e", 0x36}, {&(0x7f0000000b40)="dc1fb66a8c533dfb8b8afbd54e82021be7ee9a301425a626fea76fd16407ee999845a7c04e580a2a0f1df974a522e0e952791f344090b0190a1975283eabb6a7954dd835e0680f329a1fb468301f48862f30bb8b25fba00917c610dd8596201a0789cde48c5210301ab665429e6bfc6e0d8acecd24192ac233a097e69f12d002d23fd0472b8b0043aa9f89a6ab67c1ac65289fcff3d0716aa261fc02c947ce5aa49f2064b9e7186edf55a8ddda664ec39b67112d5a7976b4302941902e759b49e5b47d", 0xc3}], 0x8, &(0x7f0000001100)=ANY=[@ANYBLOB="28000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="0000000018000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="20000000000000000100000002000000", @ANYRES32=r2, @ANYRES32=r3, @ANYRES32=r4, @ANYBLOB="0000000020000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="0000000018000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="30000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="0000000020000000000000000100000002000000", @ANYRES32=r5, @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="0000000020000040c93e78d1d9ab960f3d899bbc", @ANYRES32=r8, @ANYRES32=r9, @ANYRES32=r10, @ANYBLOB='\x00\x00\x00\x00'], 0x108, 0x800}, {&(0x7f0000001240)=@abs={0x1, 0x0, 0x4e23}, 0x6e, &(0x7f00000028c0)=[{&(0x7f00000012c0)="c1254b8858c6c2f5c8338b2c0c8091998256e5a28ee96f695e96add0ba706d8be47d33dce8c1ad9a90a3e83aef9bed37dc6f584572d3846464bf2b222c02fd3219e402ea9bfd877a270c578a9ee6d4f9059a996fe4fdcc9c26232a8240", 0x5d}, {&(0x7f0000001340)="9ed87a4c3c4c1bb03fc7629ebcc29f9d386acf", 0x13}, {&(0x7f0000001380)="fd117df47fb04dfc7fe2399932f867baa7269ec2c3619dc595c85fcc4f3de95271554a376b0cf4a6d340da6723ffa05d52ef70f49fd71c9df415e0ce33340fd114d38bf59e902f435e21ae9d257166cdeabb80acaf7383b6ede34c3534c65f443e5f950275e367a2087b363785dd983948e284b9440c1ba16d1eb906c86c4d9613060326fde3394799733639dc961d0d6af63037fbf5566505708600d0022fee139a2aa99b9b5ea6a04501b2752d29be1a2af583914ddad1377e696a1454f7ef4b7a7e1df6f96a0951527a7bdb54b4805e523188d855e5", 0xd7}, {&(0x7f0000001480)="19b8f7d2ed6e3c58c2539757ce49855ea0b0015b1c4a266c6b19f49bede2f37016672049a6e0eb3c14f9ae7b0d9c17487b13d11d12813e0e3ed76ef5657e26c073680fcd424d6f25da0db1712b98bcb34bbade4134d4e56d7435a12e1420dbc9222e86fefe90b52578e5557023d0604f5dee78ae4635ccfb3ee604c0f44f5c72f2e527413638160475a3ae43369e8851159440d46d", 0x95}, {&(0x7f0000001540)="d26cde7dc9decfc31902e577f41b0e1aadad3516c9dc9b0d2931e6f8c736611a2ba6a19462dcf475ce9777651df76dad94a9929ce416cfec7adc9c3720d81a8abcd015b319de078849dc30c6877012bf495b77341389b9d93ee71e12225532231e572c2e75e4cbe50d2faf96448b7b55be76c53441e0bd63ba64404f99af63058b4d7fa4d85fe207b4855390448bb4840218eaae0c5a6dd8ee4944090b547a", 0x9f}, {&(0x7f0000001600)="339e16fad3f4b8d35943f196e5a3ce69fa9bf762b040a47552abcbc9c7963131975058ff92c14ee429c33f00700b909eb7e1c0883479a19d7bc24b1941f4eddb841233c36d98ba2c3d5e8644464af0bd9651bd7431960b24dd8efcde5eb5c638054c09cb66e81d64d12927ded67dd73e79d2239c1faa2a3c0286d4470b7f0e4c8451b3bef17cdc5c66f5c9db0aec0fc937d0d7c0fda313f408dd3308b3ee59431d1652d1fa1b21aea2fc7c5f38b08c31b47c56215a3dc0cfbac8ffd05396798e6892d581a873e006546ba9365c35491b3a66760e58021fe9c6cca4ae82ab8dba6c1b99475043648b67703ead4a8eae27e8de4b78a5e4ba29b37c4e5fb5", 0xfd}, {&(0x7f0000001700)="66c47f43d8d742029d3bf957cef99ad6f69ea7684d4d6f94270dc34fe9172ca6bfe0fb9af8c9f89b48401907218ae9c889669add5e32724f3f450d656cdc25843aa5c3b3f94ae1c2e622a2365655ee9c5691ae4a0be9ab8b4a50dfc55384225fb3fbd0e334a5ff1bf21fdc6b0339c278aa30e4c57fb1a2fca605fd0c4b4ab3786c8df3ff6541d9b03a00178a6c846464bda822", 0x93}, {&(0x7f00000017c0)="6a540bad2a96d749d2138a2c1f3432f0883a363f15490c2991088753b4da220fb062830f7daffe0b1c6aae7d5b25e57440a646afe40eeb0043afa5316e718ed1a5c6ff1ba20a5087dcebb09c426a83279a964fe3c4125c1655205650326933cb2001c387495837065fc3db01bd5201efc1eaf03bed611fff057fc77a4e391c17bf6014c0912b7aed50c7046b82734e5a7d1e2a6c983fa5a88ef2da01c0b9feb32e39ebe2ef7c0cadd8696d62c67de512b8c6e084d1c2e96ff5103246ff318be79325cbf1761cb33553223a6d8c823ec4bc05ce3be7c56921ee1cfbab5e8123d91b51c6bde9a302346a5ac802307787cd96ccbfe5066d18dce96b592c16277807de5473861a587f5a5fe976f06b8facc87ba8b291f170e0c706696547a051ca3e1565c9321d74fed2629654911f1bc24074818baaed532dd649963dd2197ad010b0422c1bf6ef8df94dc80159f060ee6b2e0bbbc9f6acf75f5113bb875c400d971ba37382ec7700b55a7236a9222c85557ac2fd3fe68208c337134031231890c2be7cb3f00b41f7988d6e119dfbf7adfc1e13ccbdf6ed61c4098b2d7b79da756d4443eacf1b1aea3263fa0e744811fd623e96aa2a8f390bbbd5c048b8db6c61a03c6c432fe3876bf1025bd5b28ad808cee93160c44845164d0c49c0e2d6dad0ae58e412928ad1dc95c8adfcf645564b1c756392dfc50b2eecfcf4c063e08ea9fa1dd612cd4a734a3d6023101de00f715ac9c57615bc70ae6df6b67b253b77795853c5f9925744f50227ba64362bd4f6c9590785a59d20adc14a0dc739579ecd653c1b8688b6389ee04eb52431d17fbca9c1eb4343a56374f25e0a71236dfeaf59c039b8e660cef5c973db40dbbb8f3096d251e288ccf8a191bee1c5eb84453c35b7fdd17befe58d252ee6919c57088cd068052b97fef6413b4732a0800e8ac852c31d2f6ec846743eafb92770e6fd020f039327aee177314053ba4b40de7cdc1d63021df482c63f6a7eb0c2050bdc5b238a2ca7319002867170cad623eba7f0c72ffef2f2f0c332661510b4435524344dcc8351aad12f796a88a3afbdb043097a566146815cd2b906556a5686e0c5a162c1fd5be38f34e23f4d936a104e6bf6057f95b7ed3270a6018f302407a87a3c355d2200e057c066e31f2265c3b74fae111b1fc56f499f54181b1310f7b0de6b6331fb008cf6ce14874ca8e23a584a869bfe34715e9b24bdd4dbd5fbdcb31ac72a0173cbaa574095fc33d923e02c86cd45fb9b84fffdcbcb03281273e5064685b0b743a7becf1cbbd7bb6cb8aa1727183c13952022878cf08f04498b90e1fcf5f65e7fe6261bbfa6c6516b4084b0f3951db276161326e12d8bb28a636e6c64d256df614104768b8a777dbfe1e61d9b9f1a9f3d1cb272889b14df8267d11a98a40edbfbbce8df52873cf1428c2e1ecb917891b7526cc5bc62dc659617f7ceaea64810018bd5ba678d8fc79d2231f34265ddce042c3e6afb25e49b2345f4e8573ae037e05a003248beb24a5012fae17928941a70b48bb134552e911c19ab19026c2375adff8a7a778b510cdb77f0865ad9883a43c84bff400c75aa5cc5c24acaa44f60754a2ece4a92b38a56fb36542c731beffa0522ee4c43bdb6980f4eb52350274d81412220aa8c1610ef4bca83d3acc2cb3dcb5ef76dfd0a8de09d8a29d3d0d92856d8c585fb7f4e99756cf98e9055b630176546f4108919a19246fc14e18a676f95ffe30cc773eb6d7875e7b3a99a8a54b1dd31ea04b1b95d0e5b38eeaa6b071fcbd51ba9b3c3e3478003755ce3eb672b0a6a852e539037f619b2722c20da940cb86533e4f6fcb696b0d7f674abcb094b2df50e9cfad10c3f89a32e0e4f66f0097535bc41f16c96af7146319bd81f69df29d24ac365afd3c3ff93681e16c6f4176b1b86bb2b9eded140d9caef237cc285bb2f5c5d347ee1bb626258b627bc9b8695265880e2805a09156c142e41d024e417627c9e754b22e4af5ea3b09061d13df0db5de2543063df1c5bc69d63356c4712f08ac174c3a72a20e7fca8ef37ddbdcccac22c0cf449b26f1af6d5af6ece0e99b474ea43d05a2395521f1356ba5729fcc1bc878a0cbcf3c4727382e2278503f494fcaed8cb9cfde05d7c2e395951cdfb70ac4da6db6c2616b9726007e77f9d3fed5ca89a42c82cd310e47252da49e612308544d51ae2a2369e6366c13d8d0b23cb8c151181ae40fa1e445a4702ab6b8d326c9926714fcc2170c1c9ad69052e2628a744dd064c18164361ca3fe6fb659c11b19c4ba1a1154f2db133af8f58ab69d7e0421d070474e938a878956c8cc31091e9c4ebc3457fde94559a1c048b9fb2d49153a5c61b7d4f09556c682207043f1794c55d289572f7a9401cd8257c41f27b8d913883c17ff9c875c90987aa1a479d6b024dc5d083a1116e56827871208618c90339819fa5783265c079ffcf4358c883bf7cf75ab11ecba74b8671aa522e1eb009cb47c35402132796d20974074416b4a73aeedc8c49aae150dafb258e985967194bb0684cc3a1e34630e10fd57605735827e8dc3e98cc9f74c7080b604c592596cdefbb74e933b245f029ad220b06d85488fcee26b6e2d2edf4d1565d48be1d704ae0cf5e285a5f6b35b588d10341d25b08c04ecc1b8b9f44b5a71205cf2140052d8397bbc8c159d10e449c10119dbbd73ed49eb44ce0ad53449fb7bab81e2de496f803cf230ca2a4010c0e01d56e1583c03c768cc380a52e8bd20131d789dbfa7530eb94065fc756e3cd3ce75c7836b83017550258c3b79946cc0c6649a3fb9f812f8133e5fac795131dfe0647df98ab83938ab4128d61a6909de4e6a6d566f80a9edc0a10c27c38ad57ae9b2d8c0105392e27e0afc9b08bcb3f5087f7cfd7296ae219fd734553d187b7b9f2585b86730e9463d867ba7693b5fff0a98aebf0b628810c7290b8e0f52f1e31072109e1afa389e280e65cb5956c752ca1b707b4b02024facf8433100c47459e52cdf40bc34cb706e6179bba6653b452c8be5fe96c9ed0ed21ddfffdf11ffe8e24365565161f0f25ce5a2c281b0f9c50bfdc9eb2cc59ed1499d3903af456ef0a44ed24b85456e6c4253fe4d54f0e073b34297db3f38a0d548ccf254ae51586379e438826279b17463bc2b79377e63b79a6be3dbb54c0348b3e3a013b4c05d28f1df73368e662c7ae5fc73b95e49a9ebdb1dad8323e729e10d9be68f9cac898a223fe3a9bc420a011d3b350df555d2998a116ba1d3a88fbad20a82492ba137659982562d225ef3b65bb0fe29cd549f9d8400a225ec0f5ad3adc0bcc7aef92844348710daa6cae83332b3d38046666d9706025d212acf666dee4930ef3889ee17d71b76cafef9efdb143796583eb086dd437ac340e5674b504ca87fae1eb486289c8ce32b810557b0f86ee7c74c5f92a5fda7e5beb3305db830e010d721844bdbf5bc6b4f33bc94814cb7ba57d2fc5ac4d52020a9503352544ec7f9e500a0497d83e76fcd9bbb3d8da70186f6a008c278c07bf838e53aa33d30ffd1c89a2bc824c8b447a14f9285fe9d81ee7557febbd8d483b2517fede6596d26c69e096f0a89f931ff05cf27ae92bd45a6496859ccac979adda3410f40c3517337ba7c2239a11f51a4d734e51ddfd06e45fbdd9861fdca23b20015354706e4ab5d677aff348ff1f1fa3cee1537f624c696c730b8d776be91dd806b40b8a8d43eeba70b2bd15749eec27d74cdb1e478eae4499bfc7ef6974408f961ad1b8fa2489cc360ba3c15f2d9233a81cebd88e6c84fd8e97eb390b14b3bee8e09261eda03ece72a3e42a3181e35f0b8ebde75c6a6bb7a2de8e715f77637b641360c31798fe8cb2c47564fe1a460ecee2bb3b0b5b873a05a3bf5760969e5f68778ca1fab770166089ff1b4cc35c259aad63d0022d3c2538993e0c42282af7476ee73df8bc6859dbab6ff5027b6df4796de4a38ad6b741b9ee9d2cddc910d3e3e600cf75fafaa54aab0cd3680c02d301d0283b48f7cfc7f28efe9d41cf32d5a23382dd1c380820acc3ab163cd4d5a407641a03d035864abb124db1f9daf852e1417f645920b462373ba32f9a6a24b89c27541c5d4094cd0fcedc56b78b590a616048893fefb241ffad3520878ed713b585553673090725a280047b026a4ff0f39dc925b49939ffed201c2e817d215d2b9763c68d2bd84335d97c548b5753f60c01f59bccf0785f3f41c00be217e4126a0310110790fe8277ba31499caa4f54654397bf06935669264e06481f2ec85670bdf29b27e834e4db5ab35ef5ca1f48599f89e6df033aae3d7d56fd6808dd1d3211b6fb087362e589a157bc48058603f7ae9329900a75074cbe86756a53c6ea8e97bfda3f8d6a64a5d7d398db28909027ab04fb4a46145869af104a28854a47cfca926cb53b1f5d9f9881395e78f9eda3e5cab1d63c9f66e0abbbed4419cb55455b2aaa39b4844be8d3066da9474459c99034893391bc3c903368ed4bd1d8cc58b23e4590234f701a86cc12c3c3afd9670af6c38128e07ed595c9049b220d1ed2471d2b721d06ac0b7a9787189f5528123621f00a7be548f5f3eef1f3787f2a42e7203c297a34121e0730297f23a77a2c3cbc0b36915c348d1a7c91762eddf770511b262c8b91e4001287125dd3edb136031fe03b66b7a687bf85e5dfd82a2ad61686e5514abbdd8dcceeb675cb83423193d4cd9407ff15aafe0556d78e1454e5b2ea9f8417457bab0b15e60c09b32e611b39b992afa4caeea5f21f5c374e2a3e8b7c0628866c4cf2a7bb5272537c91b5b6088a281d95fb080f8e83b4cc6c735b888954888d7e59557dd898b755edaf3b452aa0a53359cef6f4a76e7aab1b4629f1cb7d810258aeca8ed0a9bd7ea67b00db905a7d9844fc34c69d09e69967b63d820ec7f907729b912347c3df9374ee6051ac774c27803de7afaa32f23c57f14f66527f319f48f516d149a67c4c82e08b8a705f2cdcbb34bf5428b7b857365c0081732f153db7feb591967efbc61fd1953a77cfbf658a7e051c41098f7e3118489acaac0b14a9ec7f0414103d33ce362cccb252d5c9a9fb1e4dd7d1cd59ddee4641a4dc5e928977cfdc47a10026e379987d72f132db816bcab2543515d55f24ec54b760a2c6947f24a203e7ea7b7fa7c9c8725b0a6334aac948a5235b5070afa36cb211fe8b031e9c5fccd6883acf6422eeb1195ffe95cb17dbf342eb7d407c47fb20692e0f98ffa5ca8d82970a3c43f22eec16c3955bc15edbd8f82e07c67545924745969df5e394b5fffc82df860b9c0733e404996e53474c118cdcaae9b94a8afce52bd1736810ed1c547a3796218184f08510eddbd8287fbf95775519db93c9d000837c4dd6bb8c66eb7b68309d67f745f558f5bc8c947e9531a108e4f118b265eaedc51196f99da459a8e4a7434e6a8ad427f05c9fe06ef60888bc5e111d4c09dccc0adcc8024e7757f474d3092b024cdb6ebac717924b6dbed0de1d54cbb3a39e7cc3c0827e52c4b108028796270b34f3c7596d1c3fa987e3c014a556be50adc3a6c540c276b7ff1beede92a142773a4618fea0ae1ca2b6a3659c8fb4170c8e3631a47940d72dc2ff4c9eaca19780b4b219d2da86a497eae9bae6357bce6e34159c2fe24d69192e4b4caa997c2c4d1d70632c98fdf32238b3c8ef53e293255cbc7183f2c3d11fe4c8e2ca5a25ff742aa21985a06a5cb85c9600957dbf124d017188689ca666f8287c141dd019b623244e98c778819c58964d84e31e6e1f75be3efdcb914eafdc4174c5", 0x1000}, {&(0x7f00000027c0)="43c42ab2116d03f845a4cf979600d5f7a9a1e9bc736fe573712a1473540b9ce99c8eac35b8883f9b1c2a0630ae2bd1d48a9e31611925b97ca828ca6984f0afb28e428362", 0x44}, {&(0x7f0000002840)="c59fbf5b5330391bd031f2b73f077046ec2154bac4178f4bd12270a2838c50c05e0f4d89cc74cccdd8e3e75498d9a275708a6444b6c94816273289fdc011b21043f3", 0x42}], 0xa, &(0x7f0000002980)=[@rights={0x18, 0x1, 0x1, [r0, r0]}], 0x18, 0x8040}], 0x3, 0x80)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})
syz_open_dev$usbmon(&(0x7f0000002a80)='/dev/usbmon#\x00', 0x9ee, 0x101001)

[  660.456382][ T4457] TSC Offset = 0xfffffe9bfc08edef
[  660.505507][ T4457] TPR Threshold = 0x00
[  660.511181][ T4457] EPT pointer = 0x00000000a34a601e
[  660.541660][ T4473] binder: 4472:4473 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
21:34:14 executing program 3:
r0 = syz_init_net_socket$llc(0x1a, 0x0, 0x0)
bind$llc(r0, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

[  660.572566][ T4475] *** Guest State ***
[  660.585238][ T4475] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  660.605271][ T4475] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
21:34:14 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  660.617296][ T4473] binder: BINDER_SET_CONTEXT_MGR already set
[  660.629022][ T4475] CR3 = 0x0000000000000000
[  660.637078][ T4473] binder: 4472:4473 ioctl 40046207 0 returned -16
[  660.646051][ T4475] RSP = 0x0000000000000000  RIP = 0x000000000000fff0
[  660.671365][ T4475] RFLAGS=0x00000002         DR7 = 0x0000000000000400
21:34:14 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:34:14 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x29871620, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:34:14 executing program 3:
r0 = syz_init_net_socket$llc(0x1a, 0x0, 0x0)
bind$llc(r0, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

[  660.694341][ T4475] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  660.719409][ T4475] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  660.743803][ T4475] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  660.768028][ T4487] binder: 4485:4487 unknown command 0
[  660.783520][ T4487] binder: 4485:4487 ioctl c0306201 20000080 returned -22
[  660.790806][ T4475] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  660.814635][ T4475] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  660.830505][ T4488] *** Guest State ***
[  660.835738][ T4487] binder: BINDER_SET_CONTEXT_MGR already set
21:34:14 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:34:14 executing program 3:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(0xffffffffffffffff, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

[  660.845360][ T4475] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  660.854116][ T4488] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  660.857497][ T4487] binder: 4485:4487 ioctl 40046207 0 returned -16
[  660.868784][ T4491] binder: 4485:4491 unknown command 0
[  660.880282][ T4475] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  660.898656][ T4475] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  660.901136][ T4488] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  660.917572][ T4475] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  660.930264][ T4491] binder: 4485:4491 ioctl c0306201 20000080 returned -22
[  660.942728][ T4488] CR3 = 0x0000000000000000
[  660.947644][ T4475] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  660.952847][ T4488] RSP = 0x0000000000000000  RIP = 0x000000000000fff0
[  660.976505][ T4475] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  660.994942][ T4488] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  661.000721][ T4475] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  661.021142][ T4488] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  661.034301][ T4475] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  661.057069][ T4475] Interruptibility = 00000000  ActivityState = 00000000
[  661.057856][ T4488] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  661.071922][ T4475] *** Host State ***
[  661.081285][ T4475] RIP = 0xffffffff811b3470  RSP = 0xffff88808fe0f8e0
[  661.088674][ T4488] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  661.096045][ T4475] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  661.108514][ T4488] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  661.115284][ T4475] FSBase=00007f2034fd5700 GSBase=ffff8880ae900000 TRBase=fffffe0000033000
[  661.121037][ T4488] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  661.129278][ T4475] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[  661.140484][ T4488] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  661.150423][ T4488] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  661.154597][ T4475] CR0=0000000080050033 CR3=00000000a8951000 CR4=00000000001426e0
[  661.166143][ T4488] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  661.179278][ T4475] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87201360
[  661.181023][ T4488] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  661.195939][ T4475] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  661.201452][ T4488] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  661.209496][ T4475] *** Control State ***
[  661.211898][ T4488] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  661.223955][ T4475] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c2
[  661.230613][ T4488] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  661.239718][ T4488] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  661.241157][ T4475] EntryControls=0000d1ff ExitControls=002fefff
[  661.253673][ T4488] Interruptibility = 00000000  ActivityState = 00000000
[  661.261834][ T4488] *** Host State ***
[  661.265290][ T4475] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  661.271827][ T4488] RIP = 0xffffffff811b3470  RSP = 0xffff88805c3af8e0
[  661.277955][ T4475] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  661.280592][ T4488] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  661.297654][ T4475] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  661.301097][ T4488] FSBase=00007f39ca16e700 GSBase=ffff8880ae800000 TRBase=fffffe0000003000
[  661.312831][ T4475]         reason=80000021 qualification=0000000000000000
[  661.314106][ T4488] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  661.330034][ T4475] IDTVectoring: info=00000000 errcode=00000000
[  661.334081][ T4488] CR0=0000000080050033 CR3=00000000a8f28000 CR4=00000000001426f0
[  661.344414][ T4488] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87201360
[  661.347638][ T4475] TSC Offset = 0xfffffe9b89a4da4c
[  661.357848][ T4488] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  661.364778][ T4475] TPR Threshold = 0x00
[  661.369652][ T4488] *** Control State ***
[  661.373946][ T4475] EPT pointer = 0x000000008db5c01e
[  661.386444][ T4488] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c2
[  661.425293][ T4488] EntryControls=0000d1ff ExitControls=002fefff
[  661.433081][ T4488] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  661.455282][ T4488] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  661.462670][ T4488] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
21:34:15 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r3=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r3+30000000}}, 0x0)
readv(r1, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

21:34:15 executing program 3:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(0xffffffffffffffff, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:34:15 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0f630cc000000000"], 0x0, 0x0, 0x0})

21:34:15 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:34:15 executing program 2:
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  661.475676][ T4488]         reason=80000021 qualification=0000000000000000
[  661.521213][ T4488] IDTVectoring: info=00000000 errcode=00000000
[  661.547967][ T4488] TSC Offset = 0xfffffe9b6898fa2f
[  661.553876][ T4504] binder: 4501:4504 unknown command -1072930033
[  661.565021][ T4503] *** Guest State ***
21:34:15 executing program 3:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(0xffffffffffffffff, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

[  661.570310][ T4504] binder: 4501:4504 ioctl c0306201 20000080 returned -22
[  661.587926][ T4503] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  661.602661][ T4488] TPR Threshold = 0x00
[  661.612183][ T4504] binder: BINDER_SET_CONTEXT_MGR already set
21:34:15 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  661.623880][ T4503] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  661.637635][ T4504] binder: 4501:4504 ioctl 40046207 0 returned -16
[  661.646686][ T4488] EPT pointer = 0x000000009002d01e
[  661.659795][ T4503] CR3 = 0x0000000000000000
[  661.673019][ T4503] RSP = 0x0000000000000000  RIP = 0x000000000000fff0
[  661.712808][ T4503] RFLAGS=0x00000002         DR7 = 0x0000000000000400
21:34:15 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:34:15 executing program 0:
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
r0 = syz_open_dev$radio(&(0x7f0000000280)='/dev/radio#\x00', 0x1, 0x2)
setsockopt$nfc_llcp_NFC_LLCP_MIUX(r0, 0x118, 0x1, &(0x7f00000002c0)=0xffe00, 0x4)
r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x2, 0x0)
ioctl$RNDADDENTROPY(r1, 0x40085203, &(0x7f0000000600)={0x3ff, 0xfde3, "87a47d4148d5f8da30c2c253a0b907bbf8221595e79de1dbd5287a84d1358e96b7dd6bda5b42eaa32a42a9b0e6ca91a9b08b3fe90a904c4ff1046f03b9934f63952a2c682e5e9cb42225771a9c1467d713635e5e7d4c6b815e7b70603347263662c4ae6ef2c4de22d4d1f82b8d3828dd1ed3f5dad6b8a7de221400f4e9319314b08b3d021d56c064c96ecce7848c9f30704f1c0780ed81e0d30fcc46c92feff97f894be879d3ceb6fae2c3da23"})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000005988c24e1100000055"], 0x0, 0x0, 0x0})
r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_STATS(r1, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r2, 0x400, 0x70bd2b, 0x25dfdbfd, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000040}, 0x4000010)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:34:15 executing program 3:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, 0x0, 0x0)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

[  661.730794][ T4503] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  661.752006][ T4503] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  661.763303][ T4503] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
21:34:15 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  661.788076][ T4503] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  661.800780][ T4515] Unknown ioctl 1074287107
[  661.810204][ T4503] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  661.820377][ T4516] Unknown ioctl 1074287107
21:34:15 executing program 3:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, 0x0, 0x0)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

[  661.853657][ T4503] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  661.893352][ T4503] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  661.923702][ T4518] *** Guest State ***
[  661.930058][ T4503] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  661.943343][ T4518] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  661.949443][ T4503] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  661.962109][ T4518] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  661.991838][ T4518] CR3 = 0x0000000000000000
[  662.005310][ T4503] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  662.015541][ T4518] RSP = 0x0000000000000000  RIP = 0x000000000000fff0
[  662.022422][ T4503] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  662.031374][ T4518] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  662.038267][ T4503] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  662.046637][ T4518] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  662.054178][ T4503] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  662.062537][ T4518] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  662.071459][ T4503] Interruptibility = 00000000  ActivityState = 00000000
[  662.078612][ T4503] *** Host State ***
[  662.082679][ T4518] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  662.091577][ T4503] RIP = 0xffffffff811b3470  RSP = 0xffff88805839f8e0
[  662.098496][ T4503] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  662.105812][ T4518] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  662.114660][ T4503] FSBase=00007f2034fd5700 GSBase=ffff8880ae900000 TRBase=fffffe0000033000
[  662.123345][ T4518] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  662.132242][ T4503] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[  662.139040][ T4518] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  662.147947][ T4503] CR0=0000000080050033 CR3=0000000091f4a000 CR4=00000000001426e0
[  662.155876][ T4503] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87201360
[  662.163423][ T4518] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  662.172489][ T4503] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  662.180254][ T4518] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  662.189128][ T4503] *** Control State ***
[  662.193451][ T4503] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c2
[  662.201015][ T4518] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  662.209882][ T4503] EntryControls=0000d1ff ExitControls=002fefff
[  662.216237][ T4503] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  662.224031][ T4518] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  662.232918][ T4503] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  662.240511][ T4518] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  662.249474][ T4503] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  662.256967][ T4518] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  662.264238][ T4503]         reason=80000021 qualification=0000000000000000
[  662.271465][ T4518] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  662.279830][ T4503] IDTVectoring: info=00000000 errcode=00000000
[  662.286189][ T4503] TSC Offset = 0xfffffe9b01e8f4a7
[  662.291369][ T4518] Interruptibility = 00000000  ActivityState = 00000000
[  662.298550][ T4503] TPR Threshold = 0x00
[  662.302784][ T4503] EPT pointer = 0x000000008373501e
[  662.308832][ T4518] *** Host State ***
[  662.312975][ T4518] RIP = 0xffffffff811b3470  RSP = 0xffff8880842b78e0
[  662.335417][ T4518] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  662.352320][ T4518] FSBase=00007f39ca16e700 GSBase=ffff8880ae800000 TRBase=fffffe0000033000
[  662.377836][ T4518] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[  662.388515][ T4518] CR0=0000000080050033 CR3=0000000098988000 CR4=00000000001426f0
[  662.396436][ T4518] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87201360
[  662.403948][ T4518] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  662.410870][ T4518] *** Control State ***
[  662.416070][ T4518] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c2
[  662.423559][ T4518] EntryControls=0000d1ff ExitControls=002fefff
[  662.429876][ T4518] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  662.438593][ T4518] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
21:34:16 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r3=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r3+30000000}}, 0x0)
readv(r1, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

21:34:16 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0f630c400000d2ebe66375a3ce35dbb30000"], 0x0, 0x0, 0x0})

21:34:16 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

21:34:16 executing program 3:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, 0x0, 0x0)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:34:16 executing program 2:
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  662.446137][ T4518] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  662.453542][ T4518]         reason=80000021 qualification=0000000000000000
[  662.460725][ T4518] IDTVectoring: info=00000000 errcode=00000000
[  662.467025][ T4518] TSC Offset = 0xfffffe9ad19ff7d0
[  662.486981][ T4524] binder: 4523:4524 BC_CLEAR_DEATH_NOTIFICATION invalid ref -338558976
[  662.511862][ T4518] TPR Threshold = 0x00
[  662.521835][ T4518] EPT pointer = 0x000000009383b01e
21:34:16 executing program 3:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f00000000c0)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

[  662.552266][ T4524] binder: BINDER_SET_CONTEXT_MGR already set
[  662.576552][ T4531] *** Guest State ***
[  662.593309][ T4531] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  662.604987][ T4534] binder: 4523:4534 BC_CLEAR_DEATH_NOTIFICATION invalid ref -338558976
[  662.607996][ T4524] binder: 4523:4524 ioctl 40046207 0 returned -16
21:34:16 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

21:34:16 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:34:16 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="fd3bbbc410b2d8eb"], 0x0, 0x0, 0x0})

[  662.643069][ T4531] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
21:34:16 executing program 3:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f00000000c0)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

[  662.690832][ T4531] CR3 = 0x0000000000000000
[  662.705839][ T4531] RSP = 0x0000000000000000  RIP = 0x000000000000fff0
[  662.727036][ T4531] RFLAGS=0x00000002         DR7 = 0x0000000000000400
21:34:16 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

[  662.767240][ T4541] binder: 4540:4541 unknown command -994362371
[  662.767948][ T4531] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  662.802034][ T4541] binder: 4540:4541 ioctl c0306201 20000080 returned -22
[  662.819455][ T4531] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  662.843517][ T4541] binder: BINDER_SET_CONTEXT_MGR already set
[  662.854621][ T4531] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
21:34:16 executing program 3:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f00000000c0)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

[  662.874568][ T4541] binder: 4540:4541 ioctl 40046207 0 returned -16
[  662.906576][ T4531] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  662.922474][ T4531] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  662.958578][ T4531] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  662.979861][ T4531] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  662.997249][ T4531] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  663.016340][ T4531] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  663.030531][ T4531] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  663.039817][ T4531] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  663.048986][ T4531] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  663.056680][ T4531] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  663.065067][ T4531] Interruptibility = 00000000  ActivityState = 00000000
[  663.072617][ T4531] *** Host State ***
[  663.077214][ T4531] RIP = 0xffffffff811b3470  RSP = 0xffff888096f7f8e0
[  663.084151][ T4531] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  663.092764][ T4531] FSBase=00007f2034fd5700 GSBase=ffff8880ae900000 TRBase=fffffe0000033000
[  663.101869][ T4531] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[  663.108997][ T4531] CR0=0000000080050033 CR3=000000009c2c7000 CR4=00000000001426e0
[  663.117277][ T4531] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87201360
[  663.124877][ T4531] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  663.132235][ T4531] *** Control State ***
[  663.137143][ T4531] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c2
[  663.144732][ T4531] EntryControls=0000d1ff ExitControls=002fefff
[  663.151499][ T4531] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  663.159659][ T4531] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  663.167582][ T4531] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  663.175126][ T4531]         reason=80000021 qualification=0000000000000000
[  663.182811][ T4531] IDTVectoring: info=00000000 errcode=00000000
[  663.189744][ T4531] TSC Offset = 0xfffffe9a784b7a92
[  663.195075][ T4531] TPR Threshold = 0x00
[  663.199687][ T4531] EPT pointer = 0x0000000096b6401e
21:34:17 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r3=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r3+30000000}}, 0x0)
readv(r1, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

21:34:17 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:34:17 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:34:17 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:34:17 executing program 3:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10)
sendmmsg(0xffffffffffffffff, &(0x7f0000001380), 0x3fffff1, 0x40)

21:34:17 executing program 2:
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  663.517115][ T4555] binder: 4554:4555 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
21:34:17 executing program 3:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10)
sendmmsg(0xffffffffffffffff, &(0x7f0000001380), 0x3fffff1, 0x40)

[  663.560501][ T4555] binder: BINDER_SET_CONTEXT_MGR already set
[  663.584491][ T4562] binder: 4554:4562 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  663.589587][ T4556] *** Guest State ***
21:34:17 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:34:17 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  663.628072][ T4556] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  663.628865][ T4555] binder: 4554:4555 ioctl 40046207 0 returned -16
[  663.654427][ T4556] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
21:34:17 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000040)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:34:17 executing program 3:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10)
sendmmsg(0xffffffffffffffff, &(0x7f0000001380), 0x3fffff1, 0x40)

[  663.715378][ T4556] CR3 = 0x0000000000000000
[  663.741636][ T4556] RSP = 0x0000000000000000  RIP = 0x000000000000fff0
[  663.770230][ T4556] RFLAGS=0x00000002         DR7 = 0x0000000000000400
21:34:17 executing program 3:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10)
sendmmsg(r0, 0x0, 0x0, 0x40)

[  663.810192][ T4556] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  663.848210][ T4556] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  663.861731][ T4574] binder_thread_write: 3 callbacks suppressed
[  663.861745][ T4574] binder: 4573:4574 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  663.883904][ T4556] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  663.915483][ T4556] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  663.935621][ T4556] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  663.949375][ T4574] binder: BINDER_SET_CONTEXT_MGR already set
[  663.965487][ T4556] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  663.970677][ T4574] binder: 4573:4574 ioctl 40046207 0 returned -16
[  663.995270][ T4556] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  664.011341][ T4556] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  664.032361][ T4556] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  664.044295][ T4556] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  664.059469][ T4556] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  664.069907][ T4556] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  664.082622][ T4556] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  664.092020][ T4556] Interruptibility = 00000000  ActivityState = 00000000
[  664.104432][ T4556] *** Host State ***
[  664.109885][ T4556] RIP = 0xffffffff811b3470  RSP = 0xffff88805c6ff8e0
[  664.122304][ T4556] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  664.130658][ T4556] FSBase=00007f2034fd5700 GSBase=ffff8880ae800000 TRBase=fffffe0000003000
[  664.144719][ T4556] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  664.152716][ T4556] CR0=0000000080050033 CR3=000000009fb30000 CR4=00000000001426f0
[  664.171989][ T4556] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87201360
[  664.183472][ T4556] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  664.193256][ T4556] *** Control State ***
[  664.201488][ T4556] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c2
[  664.211097][ T4556] EntryControls=0000d1ff ExitControls=002fefff
[  664.221954][ T4556] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  664.231833][ T4556] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  664.243711][ T4556] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  664.253275][ T4556]         reason=80000021 qualification=0000000000000000
[  664.264512][ T4556] IDTVectoring: info=00000000 errcode=00000000
[  664.273195][ T4556] TSC Offset = 0xfffffe99ed0d1851
[  664.282185][ T4556] TPR Threshold = 0x00
[  664.288901][ T4556] EPT pointer = 0x000000008f3db01e
21:34:18 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r3=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r3+30000000}}, 0x0)
readv(r1, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

21:34:18 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:34:18 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:34:18 executing program 3:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10)
sendmmsg(r0, 0x0, 0x0, 0x40)

21:34:18 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x200, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630425b8f900340841fbff0000ab7d6535e529c3"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:34:18 executing program 2:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:34:18 executing program 3:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10)
sendmmsg(r0, 0x0, 0x0, 0x40)

[  664.544410][ T4582] binder: 4581:4582 unknown command 621044485
[  664.575963][ T4582] binder: 4581:4582 ioctl c0306201 20000000 returned -22
21:34:18 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  664.606535][ T4589] binder: 4581:4589 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  664.640262][ T4586] *** Guest State ***
[  664.655294][ T4586] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  664.658702][ T4589] binder: BINDER_SET_CONTEXT_MGR already set
[  664.680861][ T4586] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
21:34:18 executing program 5:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r0, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_RUN(r0, 0xae80, 0x0)

21:34:18 executing program 3:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x0)

[  664.703722][ T4589] binder: 4581:4589 ioctl 40046207 0 returned -16
[  664.710900][ T4586] CR3 = 0x0000000000000000
[  664.726898][ T4582] binder: 4581:4582 unknown command 621044485
[  664.733267][ T4582] binder: 4581:4582 ioctl c0306201 20000000 returned -22
[  664.740175][ T4586] RSP = 0x0000000000000000  RIP = 0x000000000000fff0
21:34:18 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$dmmidi(&(0x7f0000000240)='/dev/dmmidi#\x00', 0x5, 0x80200)
mq_timedreceive(r1, &(0x7f0000000280)=""/159, 0x9f, 0x1, &(0x7f0000000340))
r2 = syz_open_dev$mice(&(0x7f00000001c0)='/dev/input/mice\x00', 0x0, 0x40000)
ioctl$ASHMEM_SET_PROT_MASK(r2, 0x40087705, &(0x7f0000000380)={0x10001, 0x3})
ioctl$FS_IOC_GETFLAGS(r2, 0x80086601, &(0x7f0000000040))
getsockopt$inet_sctp_SCTP_MAXSEG(0xffffffffffffff9c, 0x84, 0xd, &(0x7f0000000100)=@assoc_id=<r3=>0x0, &(0x7f0000000140)=0x4)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000400))
setsockopt$inet_sctp6_SCTP_ASSOCINFO(r2, 0x84, 0x1, &(0x7f0000000180)={r3, 0x1, 0x7fffffff, 0x9, 0xfffffffffffffff7, 0x5}, 0x14)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

[  664.770362][ T4586] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  664.796441][ T4586] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  664.810948][ T4586] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
21:34:18 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  664.835975][ T4586] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  664.882590][ T4603] binder: 4602:4603 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  664.882674][ T4586] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  664.914677][ T4586] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  664.924066][ T4586] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  664.936589][ T4603] binder: BINDER_SET_CONTEXT_MGR already set
[  664.940446][ T4586] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  664.942589][ T4603] binder: 4602:4603 ioctl 40046207 0 returned -16
[  664.959912][ T4603] binder: 4602:4603 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  664.964562][ T4586] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  664.989295][ T4586] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  665.001213][ T4586] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  665.018509][ T4586] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  665.040558][ T4586] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  665.052920][ T4586] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  665.064560][ T4586] Interruptibility = 00000000  ActivityState = 00000000
[  665.078556][ T4586] *** Host State ***
[  665.084069][ T4586] RIP = 0xffffffff811b3470  RSP = 0xffff888096f7f8e0
[  665.094740][ T4586] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  665.106664][ T4586] FSBase=00007f2034fd5700 GSBase=ffff8880ae800000 TRBase=fffffe0000033000
[  665.115477][ T4586] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[  665.122184][ T4586] CR0=0000000080050033 CR3=000000008833b000 CR4=00000000001426f0
[  665.130076][ T4586] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87201360
[  665.137673][ T4586] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  665.144539][ T4586] *** Control State ***
[  665.148849][ T4586] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c2
[  665.156367][ T4586] EntryControls=0000d1ff ExitControls=002fefff
[  665.162641][ T4586] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  665.170437][ T4586] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  665.177999][ T4586] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  665.185435][ T4586]         reason=80000021 qualification=0000000000000000
[  665.192786][ T4586] IDTVectoring: info=00000000 errcode=00000000
[  665.199102][ T4586] TSC Offset = 0xfffffe995c050bf9
[  665.204226][ T4586] TPR Threshold = 0x00
[  665.208454][ T4586] EPT pointer = 0x000000008a41601e
21:34:19 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r3=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r3+30000000}}, 0x0)
readv(r1, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

21:34:19 executing program 5:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r0, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_RUN(r0, 0xae80, 0x0)

21:34:19 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, 0xffffffffffffffff, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

21:34:19 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0600000000000000"], 0x0, 0x0, 0x0})

21:34:19 executing program 2:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  665.569365][ T4615] binder: 4611:4615 unknown command 6
[  665.598146][ T4613] *** Guest State ***
[  665.600230][ T4615] binder: 4611:4615 ioctl c0306201 20000080 returned -22
[  665.602171][ T4613] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
21:34:19 executing program 5:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r0, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_RUN(r0, 0xae80, 0x0)

21:34:19 executing program 3:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x0)

[  665.602187][ T4613] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  665.602193][ T4613] CR3 = 0x0000000000000000
[  665.602207][ T4613] RSP = 0x0000000000000000  RIP = 0x000000000000fff0
[  665.602218][ T4613] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  665.602244][ T4613] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
21:34:19 executing program 5:
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r1, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_RUN(r1, 0xae80, 0x0)

21:34:19 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, 0xffffffffffffffff, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

[  665.666508][ T4615] binder: BINDER_SET_CONTEXT_MGR already set
[  665.672525][ T4615] binder: 4611:4615 ioctl 40046207 0 returned -16
21:34:19 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0f63050000000000"], 0x0, 0x0, 0x0})
r1 = socket(0x1a, 0x80007, 0x402)
socket$netlink(0x10, 0x3, 0x3)
ioctl$sock_rose_SIOCADDRT(r1, 0x890b, &(0x7f0000000240)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, @bcast, @rose={'rose', 0x0}, 0x7, [@bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default]})
fcntl$getownex(r0, 0x10, &(0x7f0000000100)={0x0, <r2=>0x0})
getsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f00000001c0)={<r3=>0x0, 0x0, 0x6, 0x6, 0x7, 0xffff}, &(0x7f00000002c0)=0x14)
setsockopt$inet_sctp_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000300)={r3, 0x8, 0xc0, 0x8}, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = syz_open_dev$midi(&(0x7f0000000340)='/dev/midi#\x00', 0x8000, 0x90000)
ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r6, 0xc0a85322, &(0x7f0000002580))
sendmsg(r5, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
setsockopt$sock_attach_bpf(r4, 0x1, 0x23, &(0x7f0000000500), 0x4)
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r7, 0x1400008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
recvmsg(r4, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_netfilter(r1, &(0x7f0000000180)={&(0x7f0000000040), 0xc, &(0x7f0000000140)={&(0x7f0000000400)={0x217c, 0x1, 0x6, 0x0, 0x70bd2d, 0x25dfdbfe, {0xa, 0x0, 0x1}, [@generic="f7c75b0ac8cce17f68804529e65ee5a5eea7d1a2e865aff33d93521aeb899e9a078059fa703ebcead2d6fd865253aa743dbe0c988fc78eae8d4f02e32df314f951b5486b89a8de88b085ab6e9d8ef3f41477ac96c4400f5ad0ff0d75", @nested={0x2040, 0x94, [@generic="b41bbb36c74ff99537a4af7079df8c4a7b6cf52c4cfffe3eaa0b2011f98a50b9c7d2", @typed={0x4, 0x3}, @generic="d7285f09bae4bf6b77d95b9a7b171dc3558f13e765adc8f02e046180bcf73dceb35f75560ea36b1165f04eed3a42f30934fcaf0f58a435282b7a46e948425dd6da03908cc1a764a02ed0a8459cd9e274bdabe42ca3916124773a73539b722715a82883fa17178d7d4d7066960bf7cbdd6e1fb5d604146fd80714b3a28f130ade740ba9f93321598e94e29fdb6c607a0c66977552e8c0c18845ed7a459503bd24b95d9595211bab2579c4e93b71ce75f05162cd4347bcaa9ef020b601099da7ca681fd3505c7f98e313296288561ebf531bb1982cc679af34c68301e95ff282eed55077d2d65142cca51eb0af90caaeed8b9a6ff044b2f44225cc6c86419dc4ea67f1ef316038407d18dab117517b786577afaf2434fb4e625146083d0cc2e42b622926dc7f53df2805735ae2d4daf1e22c0b5e83493ea88005020c7ed2a9efcf3aa50be521b541126beb2e6bd7355ac11d402188e98d2608f586c8b7a86115e27a0545752a6618f0e07901eb71dc021613c3e48d2b90214b41807da45fcb8549ff1da6fd18f4118149f5744e9ed81c40da392afe23ad55cddc9adfb5d876eaf337a9dbdd82cf84a006d9c2cddde1d950d4e5c051d3cefaed701be34bb3b9c7353d044ada7b868e0695b77bc0c9d57f2732e864fd37ba643dd2bafb0571bcceb391af03b21750184a3c47ddfc5a9eaf6cc1ac4efe2429fcb60a632a493e58585c7ada9c531d38c7ee93db15d710e97b4d9bed9c5eceef2b35918f8648dc928bd23576bc249e179061185475cf2a10e499471e5fee2b78e916ccb4e3d4c160256c4e2237aa83477d528c251406082363b7a13e02017ea8b5ac25895ea08239b231e97d49db6da9f89de1512144cfc5256b718eedab23f25647f542f9bee2aeaab575891af23197a1863b8f6db7e752d4b946ae2cffa14e1d3dfb90dfbd91fbaff7446ac6eba5884d839e85df7c8fbbeaa89f1cd67e6ee3f3fbda7a2d5d3f04f6817957dfd868604c485ed7b2ee427e973654f3da4eeeeb5f961b49590ad4d3b4f332dce2981e9049f82072966866ebc9344a0701ec72d9d85d38b68c73ff18c368c956426f19cf4f757af39e9c17b449a9bf471ee410c7d6b70f4adc1e75b7b3e36c6f3df9dd67d23f5ef318dd669be6a683cea3829e4d4c57e51a3ed5c1acfebae9bef036406d448e347d63749e6f4db007bd127c5d7789a21ff8ab55a4cd0ecaa891706239bf25ce86d6a0b01cfa9e2ae099a17dd7bb0b4ae4ea8e2d06b3f18894986a6cff021a5cbb4f24cd99d391d7c0d40c6331da17a789480e4061d6210f5e52934db5e26188282afbb6f3ebbdcd3765f2af78cc90430a673c87dda49e65ade49100e487d4d475dc669e3a421a0a455ee50b688aac8ec9db7c11bac7c79653faf0f343ff6ca98b9097f8e3f0148e2d5cda0645745e269200276fde51df01dd26e484bbf679de37fa836a54d869984e8aa7153e13bdc0915d3e5156dee986ad0921996b9ece6b6f8a0ba5f4f4dfe6ccd16c75b441a5a4fa59f98a9a344e78558780bad2b697889ec21699747119bf6637bc15603c244ff15fc6a2ccf6ccc78ba31130b424661d7d34d0bc3e201aa9b745ef3f5165f4b65d0d1e7d42a7cdd4a19dbe3f95671d239f59b9b93eeb4c38a6f48696e4e819e7109e24e52dbe40dffaf87f90abae2ca4cd9d4f1663c48dc34e615312f56a8e861187cb7eefa61ca64a80415f58716a72952bab0b4d020f10f49b8fb5f33bcec9166e9b484ce5f790935f5016a20a11e71d369263648e800e4480fa9141613c68396b4d29f492e758f8f347808f92f8fdac727cb62bc9f97f1db4a45367aff254596458c26e4a5ae3ef2d620f768b5c1b98434c80cfed153d7a88581085ca35e9b5c995df79a8e811c2af698b06fe39c51690c15f756468997f5773f393ab13d03e2b3616b237dae216a8a7d5e4afb19e4290fcde5715a08b0fa98821f88adc766759534573f1048718f53ecca624a453aa76eb8518294d50a244205c8de1bf023ede2e7b653da535f7972bc70429764d657413c2557b6f479d0d74dc0835504b9c79f2f3e4718e3654bec38dd11a38155db237e7788ed0fd40ecfe181b64bc4e5c2459b2be3e8ba4a85f078fb70e9789193b3b341cdebcb864a0c382f0bab19a2f2c77f33a869edf60d8cdaf74a2e9659235214014b1601ebeeba3c04c20d60364e8fa5a5bc92fa763afb588da3b836731bf03920589549f41d439cb9a221925f614550648978468386a7b9b0ff173c1794cc178cf8d37156e9cb6aeff6425cbc53e00a0b1556546bf64db2eea0d8a4bcac1958aef1bcf286dbdbee5e9a27043fc80e253bd409c4e953143f3c0c6f64b0072ff473a52d7d158856af20e4cc99eaca40085b967a1a2d723fff31225695dc55477a2ed7efd0c6db4ac8c03287868ad2b17e0b92142faebae3d28016e52ce806c353114fe1b457b44fd15f2c6d196227c2f7a8e4563729afe2b948038885ba816dd979d0b7731982ff5ec77d0f6a8283d2169f35dbdb6b0e3306e301d5f7e387f42dab7c849ec40b3ebc31a0329fbec5db311e73058aa9fff4bfc32b6926c2e10f3475d6ad92342f364a8c4a9059ad6cd085077fd19e8ff91ebdcd5ab0a375c8978b995c8a5c9e933fcbcfd4c59ac2cc776b60bb6e63009b61d4541f761d13e42f52b6aaad483fb63b742dedd62e3b0238404d54afebf56cfcd357046bd08864901b141d27e16d6ed41c8bef5afab15955178f022649980c21070f14712df2f6e0376ea220020fa4b16929e26f5a889fb6b29dac76113b51489913bb5c7baf8aa0a6ef55aad52a374cf35b3dde4b927d3b2a8221886333bb911a33a97197b0d0d0148a3db9606b7ba5ab9763f3bc639d79243d543406fc8c4f6f915ee1e5b1c3b0076e462a55ac425c038a38169fbf82b72264c46fe9eaa0441bcde531887ae23452ca0b72d98969e186660ee05ef9088c2b286e80e82824a831cb75b331ed61101242e34b57e88c213db9787463963d37db33f34a806a1b6e2715fe7b1ece24d088a676bd4a41bac776a6518fac6b9389d50f499523832b0ec927e624493a3b3b5898d2aea3f94909b6857896bb41ddc504949c53bb681528951ba31b629f8d60e20062738d236367110d51613d71e2f0fb5cc4f69c085d57a00a02872bf691f865a45aaefced174fa7333acf8c33bdafec7af92a94283e76890fcaa29e52b271aecfbfae9dfb9a5ac1ff00336c61f0d93bbaf447e6e29b6ad6ddedf9d001bb1797fc1d250ae237550fa228e56cc87341cba98275d9009014dc1a7f54fe9682d5c8725678c79e2a81a3383afe93a03de9ed371032ac897c232989fe949ad066e2060bdfe1aa7b27736faecad035b5cf77bf582ebeb6661b93044f9f6067eb9a5ae357b8921e9b98c7afc7489e29e4a955fefbbc01574a467a8a921f88429d6ad80fabbcdbc952c9758b03b83fd1b60ab032d86a712e9d1806c701361c0c73d9595e612ef8f24e97e0e869e13dee3f16e8d19d6ec574189547cb30837e7521a135a7960a0d264243d1858dd020b22e3ee245ba4436a469e9fa96ab9f1b47f0d3c8c3f992da97f30c5af2685ac563e7b7d9f0a0f60946aa2ca169e6702e3663523847ddeb06578b93f494c94d38827fc86da544623e605c2ad068cafe9494f7791a3121545790105d937019f8caf77bc1ad67f9fac9bc733f44c54cb9c2bf748052641af080ae182f27ba8d8daaf838498b1f5a4fe6de36ca8714be80b0820975d6d5f582746af8c22f1d4c562f2feaa2cccfa7b7927ccedfa4959508c1091c28fc1ffa7e958ac12bccd099726e715b2995f07e3ca503edfafb3100c6fa2d32d62d032613c259bace55c04f7599b249bba48d51abaf531dbccef6e6d4f00c031f9f9f484ab9173ed00bee1cb03fda08bb7644f12b2d9051410cf96ba2296aed69878b1858e83fed6390700f425a6d15b5d85d605d5e32ad1b91769573cd54f15899da6324733cba013daebb47bda019544d850cd4871ea4e3340ea740693f24682e01fff36f2b779bc203a38a8ad8429755852a4be88fde86d6934abc871db9ed607d179888c546de0143c5702624b05dbc1d6852e763498305f598876dbca34fe1772c7f4ac9158bca394da3fd88f55b3170687b5b850b1d9e399ca154b5a2b06b3f26207f30a74072ecc0839c7146f60633303d1b1ef6e45556df2e1d3ed83d2f91c06fd7202b615aaa0bd0fcafecaa858521d4da38754dd2a55fafdd854c949f0c35e3ba3afbe56c964f850ee4b5590e9b4b49a2036da96a9dfd9502dd34d0cb21f1dce47069c6dc10b1ab83df75adac6ff599778557f42aa1b62b5ede466f14397c694f9cda9e03fb57d361fc6bea2a374938989bc1f1dc6e3229bcdf415f0be38f1a0ac9527668b1ded802976e06bdd8563697c91572227da2cec28bac0b6b4f27f4d3db8c39893efe00206ed583ee117310df22e1f837e7b3e3b68976f8959a087eba72f74e27cf32d109dd8510f535e96adfa6f3e5f48537d238e4f20f8c52c4c01b7bd29e8db8225798d07750185529efecf27ffc05bfa6934310f1a96a1123b0eb334e2eaed2e48a165588634c79e1a74e0deab286192acc530625b3808b07a64fc2fa945b1f0b7edfc838096436b3d860890aa07af19f009e1b0da1790909d0d4632f2a89f4106c165df6dad1395e96d0d27b5507dce7abc8b6a5a2a0c273c7e32243bdb47a275fed9889fafc65e52bbc5d599984fac057ef650c0b797282024fc77bcddff92e7203c58ac793fd0ebcaa5c1a6f7fd463f832fff0e591c6214e66853ca5f231c00d2be8418468cbac863780f71da02eb2cb6511b77f6e5135e65d89341fa6f33f7183cfedc47da26e8f8d5f563b4ccf1f9c002e45a312e52958865742c5f9981fb2aa7b8c4794b6aead5ff9f2b931c874b97552cdd7dd3ffdb2a523c0813fcb3fccc7f36ebdc6d2741b2424c64414476a4246c99569ea78f92c705399a4ebc3cd184558516733f8f6632b4ad098ddf7b05024727893388a67331917c98d9d4b753b81e51103e4b93624ffdb57748159122daafe8b266c91a935b6fc33d60f03ade45ba5613b37d2a74df058701653042a04e53a3d18f73259af56b832b63fd48fcf3c94ce1a96c4bc2405ad70d65bdd8e214f48a655e985d9f33d0422e680318fe7d7b89dad55876fa8c3ce796757a86d1edb725755bde524ec23121f0b19080214c7d0fbd1a6b789ce821f8b008dd92cec40d52ef9a80cbc6958dfd5ceed1b9712236e34f38b792bb1219bc96543ac56d24e5686e786ccab7288dc238be83fd895184ad6bbf94050dce5872c0868e3bee6563eebf457cf412e8e2b62ee135718642fcbda9a9fd3d3d8d374498e3a1395f60d3767edc9f8b911defde96e41004f5930abd280f8627a44259903df3d33eec84c839e8b25187a11683df9f65775e338732351d7905e48e73391bec9ff29c000ea7168f1b64f78f710faecdb355e82f9cd1d43915fab1aca286158bda7cee51dea3a463713a095908734d7fada7c39a48f4613778f482caac5a8693ac367dd48ae7d6b4e7fc94f42db177c2dd17ef85aa7556d43cba300e1497cbba405e95fe189d3dc655438b9c995fddd5af9bc4b20a1db9cb2e6b6b956c5634f55a35113da122453c6c9bcb782365e41bba703a982ca8fdaffb32342e3038ff9d3aaaafb3da6dfca450d2f36ae5619a6c2fb985532b634036996b64ede8dd456afad22f31892757efd7fc92c6a20163a432649d64071897efc9468a6090bd1a", @typed={0xc, 0xf, @u64=0x8}, @generic="0a6cbab41555d99239e462e721e3db1c82a02189d3c40998ac93add469a8dbc4215694be89ceabca29431e183cac2f5beb76c35b07c2bc6ee33e1f1eef6092cfa66f30b4e2ae059c5856beeb96953ec99d4930a6c8009287dd3a7098e684e714c38fe0fb8931117174f9b4b3dcf31fb73ed84e47e5486154267a97c32eb7885b89c7647ee732a005ccf7706d4393887ed9a7958218648b0a9f66af859cf872338eb92bfc1a95e29658b50bfc59964141274f511d598d4e81f65f5129b12dbaccfb30e92b170fc86fdb8bdd12a34ac2884a607d52dab76532f97be53a343cb44452686d768fa66ab7a5e05f98b8def7d2c1497086105b94feb3ee53f6d9f5b0f5ad20f82aa7ce011b2faa693fe8327595356e5b7af9914aec7a1c9b90c95654625e7e5dca33d0024625e3d845b80be23a25f4cc139a295a3de81922b4fd4cb025eef534ec6a8ee960b13cce5c12c29e7f546fa818663335a6b2dc365d500df37251d07e4d20cde521fb17555c37d921e8236aa57016ed29a1e283a8816631db4e530fac885de0f90ef7ac90239daaa5d9392c6bc8ef213cfa0e3f44f01aea5623c6cd08ccfb0ce656b7f9ed4331d27646be768fdfe4172ad7c3092ccdd97186c6ec9da6265913be5c958d2a0b6a0fc2b9e4996eb0805a9a65083b69b3c23f0e7493681a48814623fb9f50afda94694ef1e574adaae32a72e3db0bc47b52281990fe6a461f824390c32eebeef03084a463d01a1d9d7b79c16b019145d66fa2b8c9c198ae911465f638d45861068b9b8686ec85d54da22f63c8e926477c771ca946413d8bbcdde0b3bbcda634946769a84c70addd6ee879f03c58319d7296ba93a8eb0f23bd6e40c66f8b15c357412c297512735a5212296591b5a8ecbe04129e423eb7292f3fc2b852e4019be52d958cc6c5176bb44a194fdc4c16cb7f83307a4c496ae14e77f5be9551cc2adb8559b4f46cf773d0cd8e93c4902892d4c719e739d69f711911f5899ed078bc08c0f828c49e3ae58c6ebb68e4d62d5158c3f26a4b80491756e3215f665c79a8ad464bbde81b28eb32ac0d50c2614fd54bd2069ddcaa1071c83fc6c0cb98e6071e11946a40e05087a0add0c4862280159f1deb50a094ba4534ac43e89df7dfa3e920312a032a3eeb89497998f0b3ba92964240e0d8ee59fc65f40ce608a849beff5a6fef6a90b2c39c1772df67a9219c0d89175f556d69d8843cea951fe6c17186a50c4fc816468a1c4fb92d408b26a68cae968e88f46f3e8d2214708a758deda4cae74cc3360acbc35899ffa16c07b69931debb7abbf903d642347a00181b73de4222afcfbbf1834882ad9b7071872a7ae878cb06c5eb45949eb2af8fdce584c9aee8010aa47c0f88073a976b2179f9233a9c477cd44ac3426d67ca5f906650ee0369cca478ec1107781f1b6ea6a169c3979d6e84b624f4e73e936308bc4f93071e484d5c523af055df699d84d4c4b4e08f985a56de8676e1b36b2d5a144d8c7faee0a43539036ac68e47a8f1d8609366282fa6be6b44876ccf6c753840629527009031c54d9c03e08f66efc2136dc411277400eed5d7d146dfa7350d539711cd912e7b2f6f8a0653fefe5597b02c97e0285dd51161c5d89e8146f10199ed2c3128341c7a0ecabde1bc85dd59b1bc0964c1732d8e00c2c6a8a40c54cd48a09b1e03d92a2b289968ec4f3270d232b68e0a98d5ca9adedeaff288481c278535df6ca712eedd791f3d58bd03446437c8a489db4c2b3fc2cdab4e4abf8d7c6dbd5e27b9c6620c933fff0e5cbc4316765ce6d31e7eb5150e593a89fc36b56c3ad07cef1c4c91db7c2af5c175d257f4304e235a21058224fbc453014b69086efc91cc75d9b85cf891c313e49d1b50048765a54f72192c257e51594de7eead046b810dd9b1e617c2e65776347a1f2ed78816ae682d9e6ddcd6be6443a6503187a81b8cd6a591b4e03e5d777f16a42e588d68362fb8e2cf10e9b5beb296e79b4c765416b7125360ff4f4c4e21181a36a5bc2b836f71080d0bd40a2fb1eea38e86a36fbb64d4b0debd40c45ede1b8373feeee4ae2535622e9794011da5d6e5525794a33d3317e79de1e168fbffabb589a84d2cc28e02359be24db8ac606d2d8eb9f2256c6e702810614a8d9003e84961fa832357900674411e0697154142d7bd5c32ea3a28f5ce4d710792a2bd3698a627f4654b6567e75257c6c1be9374256133dab517d143221026a00a4c5a3ce2d52ae7f6b50611203530435406804c677be16bd854a9b83ebda4119059d16d035c53a6d544a5761f6acde7db3eb5c7de28eb261b1ecdb17bfac016c61444ad43d4064c5dfb1c6effe89367b53e2aeb43fe42a519e8e50f5d170913547b4df93fd974ad0abb3ee6b911cc44d6b91d8d8d52770851538300a3ce5aa7d8eabf18dd66a1f46781e3d8d49fb394120a3d865091c695ffb24053b1919e229a541ca32c7c03842b836591ecf8fea6b9077d459db722957a5debc31fb0a9ad0a9969e54a873f75fb892de19eb711231136350f3c17a99a1f415a6a309f6ab76e836574b3a9ef13c0f4d2fdc0692b4fb7842a0553bf2c5cd4d1f27856c5cc7604197b97b88a99fb7e3ef31e6e62d2f34b59961aca5e42e7461e6ecd742dc8704262633c8f7ef13d51ab73276e54ccfe4c1955082370972423c460f208fae7f7dc9db4881fd258394a763fd3339ff58469c860adb5b1d19818d2d5d4cbf87a577a99dc463b4786a84b695afe3c82955b6da2633ca74445f5bbe36c25fe7bf823ba0b333dbc64da8eb7b980216d7fa4190c1c900f49650ebd803e26758db4dd100b9221e1b4a81f2ecc2f6a2223c17b53e14deb033f79f3589ae396b9f2ec484bf4da20977c42734e19eacff3d02b85b3dcbb870d74d12aaf31605edec05bf8d681ef51b8833a058e494477bc98c8346bd5135a4ac60b3d9250f40bba9ba24a944bb62fe08efc0d591e62d42813391285236486a926727cbe68edaf1b2ed0ac60844f41e07bc4e2663fd624e20f92335f8584a53afaecb0db7779a14175df5c5ea00950eeaf4a64fd6f882c48455fc1a8b56f11d9e952ac0d511bba62e4594000d0c3044382df99c84d1fe4f609fc3ccf5efae543c11db25efcf42299bce09426b43f0f6699fbea1a39605a8c8fcb62d46270d21165a78bf5ac846afc1b2d956b2e51c9d4e450b16cb99dad265d201c934e367e64e0f74e3917b23ec83a2cd5cfcf2e472bdcb326fd13d9ca4fcbbf301f041268aee9f44ac4a19cea73c22bd25d9e9cd3657316c592301538327d73f00be0bf76a24a49d005408998294e37ebcec0f1b686c7c98f6916b686f8b39949039cc8fccd98b09188b60925f4d9bce61d1e8c4ad13065e8774896cf4dd33ff3bd97b95f7ef7255f01a899415582794aa2e3eaf859e4e9ff71d04a7762aaa12f13e2cb0ea3aedca738cf6101830d11d6c5c23107c963824e2b4c443a28c4b64c8b5967decfa2c5c7dfe6bbec5823d26c7f32c13775c1b25a040a6f1c91ee88dfe03f094733d6301f0ddf9a53638777c33f7116f8f1e4bde0d56bec589d9b11b1ff338eff7f85b6e8ca3e8e71781fd878962d2b7cb9ac66a099a271b07b4ad0874271326bee6f22a8e1e17ffec8cbc4e3ea2a384f2413c482017e22bd58f26644df792fac1dcb82d346d0578ac6e75b83fc9d02a12b4b69789d34abacbbeaca8bcc1cacf5f6ffba212a4cac6f78e4fbe53ddebc5f790f0bfeaa7286fdf61f5e70c3d9a59abea35b1519d8a6748fa9cb1575ade972e2b8fdb3a8451f56da1eb6e51fb53d35bf64217b5066dc041205f4357bca12ac9d9fbc35c59ba38a14bc2096f92a49da2d3be040b719fb6068f97017d1db9a475993842b06b60a9efbeb5732f104d7fc3162728ed27dacb191714ae680e98ff8f67d3b2e8f960ce398c3481f79ae82f0e24490cb31f1254e3cf6db1182c338d2825f1e7e36e923847b745ba7d691126e3ed65fc59c8ec50a6c5bdef63b82819904ea5a3ce2423b0c8d942e98455bfd49b4cc9eb92f86e81ed98588d273314303906e7dee8ce37d7de8e703eed2331c6782229aa28f4f7373e6e7bf995afb63d7d2a926b8340316fc3b38141be94f476a496e5ad0a0475df9bf21f2bc0e5fad0b0dd469ed462f10d9f2029ad7f635238cbc2b8902f431dd49a4110985a6116cc4fc89f48a9206edd4b8ab4ef8d143c7df444d3144eccfc09763d0a23db586751b0b932357894de84933a8ed2eaf8a3b183f7ff385d4a0f760207535f916dcfc31e01a61e45f1cf40e5b33a15ec94cf833a6d32473fdf1978ff0a9990ee2aab64c546593bc17762b4e12f343676ae9a107744726fe64f2d67ca84ee0dbd998c88830f03163cf0cab56f9f53bbf3645cab46f3509671c7c959f9304586d095c54ee2d71ac74251bde85baea3788050130c2894757482d1a55f69cc05f9a1bfdafd513e9c2334500ffeebeb66f020b8d665147f4510799b401dfc8ff1bff45219f6c7d0df05b4ec205b5ec2666d1363e0bcbd68fa7afbe9db9d6c04d869675f8d74ed726a426379fde98336e9cd5a1520662c3b7aa1ed73f7666b9b3908cd78ea341ef4f4cdcb772cdb7b7c14166165b2033be66a83d2f2fc178f2ffbe63dc98fd1dd13d339bcaf4f6d17ed75a54af5311bc950296b14b3b21061350681c29dbf896d36208ea0fa07bab4b114092392c85e38834a64ad512d69348830b14430431fb9bf8732db46f90d167ff80d2dfb195faeaa37f04e17bbd3dc743dcbca9c63ec132aa6399fe28602d62dc24d11c8c4c3633be3cde654b691b7c96fbb94b3dd4b221a8c58d31509fd16bf867362b2e6cedac73ae5fc20a0b6c4a9cadab858c266a3ca131334ad5c08f74f697605b436b53381cc720e237e1de3a75f9d90379419c39547e34933c1ba2bec43c59c99160597171c83375aa13c480f308f7d1042ad80be96fdf21ee3bb19ecdcf7adc1ff8ecaf4920ec23146c8dd8a97e4fc5c4662d082754ee6c4008b37b8dd6b498ff24ba495a3f27cda83d9be3885c00661b180d458a8d29b83810d9b262483a5ff1ba3ce305a7f4bacf38de7cee4ef618ae479076ac8c2f97be5b0a3c35b2ba9f7e1d717a8e7d47cdacd0b1479cf997afdce275154c87de21d68a187068a2a509a1f9e494571e608a95b850d7fbea077cd2d8a19cc67b5455909a7b0ec0fd65a3ec4548fa48a62a7f08cc48204cd441cef4b79cdeded77d6b6e610461865be3f14f4195a046094db0e0755394cc64a1bdaf3298c5e590ec3bc1bd9bc972fdfedb333ccbe3909cac4fe932b7621d5e58567967744234a50e347599d17bf0f61385375672cc5df1099422ce03b1b9cd149c7b8b76faa0a56faf28c959b43e7bb48ed08f3dbdb0d7138c2617c80102244bad6f4dfce0ed8177c7ab4170097f5efd536c7edbc5f0a864682e9ec98d43ee20c80232a98c30e15f678787efa0bd54655139e206f71ee9bc5e59374e0afa988e529d9beeaeae29483bc47e4f88a1f1a8ebc0987878abfed21a42dd9e69d984cc800137cd479c422d0105410361188e243301b561d5421051662b24e2ff19d5416ad4e8e0406d765b9a10da3448a11eb3f263eea23f5de2b9f928ab28483d4204a92f10744003df0776100dd730b89e802d0ae6655702c4f538a4dc3a31c42c483cafe65e73a91ecefceebb9db0ca538a86c26714e7f093681840e1e36d289b7ba0aba29214fd903cdf54b242fa491a285707cec392c1c087a7900704cead177e2ecf6cc8913ce46b4fa7c9d58d3d5bee", @typed={0x8, 0x3, @pid=r2}, @generic]}, @generic="53a3e03c975cbeca3fc1eee2f3ad1d0573d3155f991e0d1929b866ea2e4b0d56fc670cb3dce1af308d7757e549edd5f7f1785f61d7e5a257c403cede0205d4b70a2a1c9000b213e4bd3b3e1bd2ef91fcfd3ae4bef2b00ea7d27b912c0d6172a80fc2366017b1d474bf8746636ebeb544086ac121d14138cd90d4d903efc73c039084411c91ebe34ca6a314a5cc5f64699d2e61e5d31ac01a5306ab822cd2561986d220ebfa2f2acf3581f7e0a61ad49ed6c936dbe9840b227e3e5f45f2bf6effd67944436ac90c8dcbe2"]}, 0x217c}, 0x1, 0x0, 0x0, 0x40}, 0x801)

[  665.715513][ T4613] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  665.724544][ T4613] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  665.733476][ T4613] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  665.742296][ T4613] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  665.765501][ T4613] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  665.805498][ T4613] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
21:34:19 executing program 5:
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r1, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_RUN(r1, 0xae80, 0x0)

21:34:19 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, 0xffffffffffffffff, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

[  665.814334][ T4629] binder: 4628:4629 unknown command 353039
[  665.831772][ T4613] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  665.841864][ T4629] binder: 4628:4629 ioctl c0306201 20000080 returned -22
[  665.846783][ T4613] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  665.858182][ T4613] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  665.868259][ T4613] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  665.900724][ T4613] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  665.911145][ T4629] binder: BINDER_SET_CONTEXT_MGR already set
[  665.929868][ T4613] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  665.936107][ T4629] binder: 4628:4629 ioctl 40046207 0 returned -16
[  665.938837][ T4630] binder: 4628:4630 unknown command 353039
[  665.960237][ T4613] Interruptibility = 00000000  ActivityState = 00000000
[  665.975834][ T4613] *** Host State ***
[  665.982211][ T4630] binder: 4628:4630 ioctl c0306201 20000080 returned -22
[  665.989987][ T4613] RIP = 0xffffffff811b3470  RSP = 0xffff88808637f8e0
[  665.997221][ T4613] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  666.011439][ T4613] FSBase=00007f2034fd5700 GSBase=ffff8880ae800000 TRBase=fffffe0000003000
[  666.030126][ T4613] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  666.038807][ T4613] CR0=0000000080050033 CR3=000000009ef1b000 CR4=00000000001426f0
[  666.047192][ T4613] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87201360
[  666.054816][ T4613] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  666.062111][ T4613] *** Control State ***
[  666.066859][ T4613] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c2
[  666.074438][ T4613] EntryControls=0000d1ff ExitControls=002fefff
[  666.081203][ T4613] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  666.089337][ T4613] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  666.097157][ T4613] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  666.104630][ T4613]         reason=80000021 qualification=0000000000000000
[  666.112284][ T4613] IDTVectoring: info=00000000 errcode=00000000
[  666.119045][ T4613] TSC Offset = 0xfffffe98d8c1c7ed
[  666.124238][ T4613] TPR Threshold = 0x00
[  666.128809][ T4613] EPT pointer = 0x00000000a38c301e
21:34:20 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r3=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r3+30000000}}, 0x0)
readv(r1, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

21:34:20 executing program 5:
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r1, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_RUN(r1, 0xae80, 0x0)

21:34:20 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:34:20 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f0000000b00)={{{@in6=@mcast1, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}}, {{@in6=@ipv4={[], [], @local}}, 0x0, @in6=@ipv4={[], [], @multicast1}}}, &(0x7f0000000180)=0xe8)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000c00)={{{@in6=@empty, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in=@initdev}, 0x0, @in6=@dev}}, &(0x7f00000001c0)=0xe8)
fstat(r0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000d00)={0x0, <r4=>0x0}, &(0x7f0000000d40)=0xc)
syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000100)='./file0\x00', 0x2, 0x9, &(0x7f0000000a00)=[{&(0x7f0000000240)="568247b725c152292bd8ffaddf18e1bdeff7966d18e6a0259f5d95a215e8a297c90ef977fce5220f200ff646751c74cf5869fb877cd0954d9e19144ed5c6a80aeb050f78f31db99f63a1da108dc961148ec9aa4220c45d3641fc76b592016b578187617f71ae4046eabd4b10ee0a6a689ae3e1f4c1867712f44e7b5865e57509cca4c89f75bde0c6e58c0692b9129dd5d2d87869bac2cc9ae4c3a289604017479fafd4584d1b380efaed220ae0cc9f6940c0e2e78ff86a67e79130651bae265d074e5784a5a58162fe235c09fa759e8cfa444bd30b8aa0539d24740c", 0xdc, 0x8}, {&(0x7f0000000400)="37e5337f7c0bccd0d844301cea81cff603617dd970d1cfc0b4d6c8d25f70d067e0d808ec699d347864f9745ad08123e1ab21c2efb30ffff3bfc7321f8d401bc9ed879eb9c110998cbf724a6999787028cd16d2af59eb0a940268f45ad4154b286a86524ada9108e221dba0a8e94dc3225bb90f7161e57200c5e8655301a838ec583e69298906b8c822a8446b06a7dbb649b2c6309f72dda8e1c2564eec738ef799492d4122fea7a8a154cd3e661bb35c060363de8858dbf177edfeddd4be54719536e8fff96382d775254bf90d6c39b533f2cb2f681cafed4f6680a813a1138a4784", 0xe2, 0x5}, {&(0x7f0000000140)="5bdff105f0d6fac1c18b4e750cd2122fe5e165", 0x13, 0x6}, {&(0x7f0000000500)="0fcad7196b8a6beac6f0367f6c0008e67a91bd667c1000568b93df9267fdf5690393bb9492aad865f11eb11fbe01361f761014934a30c84753cb2cc3316e1290a121770c6132b3e33b860d0459ecaacc486ee11569fd541768cad1c68d9e3cc583add86713cc00ee603b73b920a1d3aed4ed6813b5b0d7987cff6b947b481c0c399d3ae41fdfdeca2342f93ea6043fdf", 0x90, 0x3f}, {&(0x7f00000005c0)="3515a152b22fd5d550af69231efd3625a7556f157469df7be03b12f67e68fdd7296c2a2c4f23bc03412933ec7f414f126c9e68979259941f40f5d9386a7691a27a95cdb926e13212192567c0dc59d1e943f782074ccdfb451fa24c202df9d0e8bdaab875707ea25234021265cb4183b7375dd0b0b35c972af38e7aa3ccca833165a00ad8b91b40f4757edf705cdd9fc0cb53c17af7f55fd1eb24ebf9ad59fec2f96d09a363a6b8817433719c45a567d34d0f78963df8b3e43e46eb186b44229070fbf03c3e202a48543bb2eeae2d7102ea9ac7caee1b1635547c981c", 0xdc, 0xffffffff}, {&(0x7f00000006c0)="a9c0187221e177af253269fe234d409d0a0cbf489c2da4e611fd57635ec22b2da2f8a09f61735ccd2873e454a53d6f6985de2ec15b436c8c12580a3bf27eda9bc7b4ba0ce91e34d21f11e624ed8f85e65f941ee8b329f9d5e59451baa48bc1d6fb821d26f8bdfbe0afe2974a554b176cec11d284f6ce488233a7bd5dd1ee1b51790f1e43c74aee75fa3737037107bf78d35d2aaa0ff48a52ca1e58758cce66e79c5b918e7566f0c817c4919d9f563dca854ba811256c2ed7dd85b261dfde08fe2920b3a2b3ecff548d4a04b3cf68cb65eff42e8e4746a182270beb2b94081262ce087ebb57b17684550a13c6f068f044259abb05bab7c2ee05", 0xf9, 0x4}, {&(0x7f00000007c0)="571fa9f1e80f43f44e86f100f0cadbd01820d02d056c113ff678fe95c255bb522dab2d3755fe6058c94d846568b7afd5f9eb6781b4cb70b0e5913eb61a32dbab2e088b06286e106c7b73947ef4121fad4a9ba1221f9fcf0b6a9c1152b969d7a2f2983258cdd308d79f08d74af94a9000b58a4b03c2549a052c8b17adeba8fe4641c26281ee1aed45b8594f13cce6638530f5f05a56bdc85672d261a32e9e56e235d69e53defc74cca1dd8af7de2461bf7bbb9c8667add0675aba3e266b587c", 0xbf, 0x7fffffff}, {&(0x7f0000000880)="a8c6c9aae3e62ad6fa6f3f55eed41af8257608af6b45d84a07412930a1ac12e205de4348fb45bb6efaf9fb0c36fa7e4108866fb4d0c8210c841a1039e42b149f8dc58458a3f7f9ba1e290bcedce1bd9df311805f0a942e82889a94039ea1b2b6a7c9c60e0e5992b40511e974226e69a47a5abd8055a4f6cfff4240a234a37a9e22e87bd87ee420", 0x87, 0x92}, {&(0x7f0000000940)="3fca44a0588d0bc96d620dc303974ef43ed39a34a0f906e1aeb2e0ce8672ba1ad5f76c360d257733f85629ad771e22c37910dfbdea5a1283246f83bec55aa7ff9ec3944191a6822a39eb01d9788a90e86859f74e32b484b57753bf527dd7d15961f2972f82a0fa5c4298e19544638e7f49f104947282c46931cf1c5c9cc0687c2f66239a98ff37a4e518b207a0dd49142f5d797ab62abeaca731ec39252cffdc015d54cf17", 0xa5}], 0x0, &(0x7f0000000d80)={[{@uid={'uid', 0x3d, r1}}, {@part={'part', 0x3d, 0x80000001}}], [{@fowner_eq={'fowner', 0x3d, r2}}, {@uid_lt={'uid<', r3}}, {@euid_eq={'euid', 0x3d, r4}}, {@subj_type={'subj_type', 0x3d, 'trusted'}}, {@context={'context', 0x3d, 'system_u'}}, {@dont_appraise='dont_appraise'}]})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:34:20 executing program 2:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:34:20 executing program 3:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f00000000c0)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x0)

21:34:20 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  666.570548][ T4645] hfsplus: part requires an argument
[  666.595236][ T4645] hfsplus: unable to parse mount options
[  666.622877][ T4652] binder: 4643:4652 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  666.648892][ T4646] *** Guest State ***
21:34:20 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  666.666818][ T4646] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  666.680429][ T4645] binder: BINDER_SET_CONTEXT_MGR already set
[  666.692356][ T4645] binder: 4643:4645 ioctl 40046207 0 returned -16
[  666.714877][ T4656] hfsplus: part requires an argument
21:34:20 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  666.714890][ T4656] hfsplus: unable to parse mount options
[  666.723170][ T4646] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  666.738967][ T4660] binder: 4643:4660 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  666.751750][ T4646] CR3 = 0x0000000000000000
[  666.757001][ T4646] RSP = 0x0000000000000000  RIP = 0x000000000000fff0
[  666.784114][ T4646] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  666.795320][ T4646] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  666.805607][ T4646] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  666.816477][ T4646] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
21:34:20 executing program 0:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x2, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000100)={<r1=>0x0})
ioctl$DRM_IOCTL_DMA(r0, 0xc0406429, &(0x7f0000000280)={r1, 0x1, &(0x7f0000000140)=[0x0], &(0x7f0000000180)=[0x7fffffff, 0x4], 0x0, 0x2, 0x8, &(0x7f00000001c0)=[0x1, 0x1], &(0x7f0000000240)=[0x4]})
r2 = syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x2)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:34:20 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  666.832253][ T4646] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  666.841435][ T4646] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  666.856269][ T4646] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  666.871656][ T4646] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  666.890489][ T4646] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  666.900804][ T4646] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  666.914825][ T4646] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  666.931082][ T4646] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
21:34:20 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  666.940081][ T4646] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  666.953971][ T4646] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  667.002123][ T4646] Interruptibility = 00000000  ActivityState = 00000000
[  667.012847][ T4666] binder: 4665:4666 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  667.024825][ T4646] *** Host State ***
[  667.029819][ T4646] RIP = 0xffffffff811b3470  RSP = 0xffff8880584cf8e0
[  667.043219][ T4646] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  667.053418][ T4646] FSBase=00007f2034fd5700 GSBase=ffff8880ae900000 TRBase=fffffe0000033000
[  667.066550][ T4669] binder: BINDER_SET_CONTEXT_MGR already set
[  667.070684][ T4646] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[  667.076347][ T4669] binder: 4665:4669 ioctl 40046207 0 returned -16
[  667.079769][ T4646] CR0=0000000080050033 CR3=00000000984a6000 CR4=00000000001426e0
[  667.098391][ T4669] binder: 4665:4669 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  667.106530][ T4646] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87201360
[  667.141237][ T4646] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  667.155318][ T4646] *** Control State ***
[  667.159626][ T4646] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c2
[  667.182787][ T4646] EntryControls=0000d1ff ExitControls=002fefff
[  667.199668][ T4646] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  667.211576][ T4646] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  667.223607][ T4646] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  667.234072][ T4646]         reason=80000021 qualification=0000000000000000
[  667.247676][ T4646] IDTVectoring: info=00000000 errcode=00000000
[  667.254030][ T4646] TSC Offset = 0xfffffe9849774483
[  667.263349][ T4646] TPR Threshold = 0x00
[  667.269976][ T4646] EPT pointer = 0x0000000088fe801e
21:34:21 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r3=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r3+30000000}}, 0x0)
readv(r1, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

21:34:21 executing program 5:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r1, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_RUN(r1, 0xae80, 0x0)

21:34:21 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x80000001, 0x80)
setsockopt$inet6_tcp_int(r1, 0x6, 0x9, &(0x7f0000000100)=0x1ff, 0x4)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:34:21 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r0, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r0, 0xae80, 0x0)

21:34:21 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x0, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:34:21 executing program 3:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x2, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000100)={<r1=>0x0})
ioctl$DRM_IOCTL_DMA(r0, 0xc0406429, &(0x7f0000000280)={r1, 0x1, &(0x7f0000000140)=[0x0], &(0x7f0000000180)=[0x7fffffff, 0x4], 0x0, 0x2, 0x8, &(0x7f00000001c0)=[0x1, 0x1], &(0x7f0000000240)=[0x4]})
r2 = syz_open_dev$binder(&(0x7f0000000300)='/dev/binder#\x00', 0xffffffffffffffff, 0x2)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

[  667.562653][ T4674] binder: BINDER_SET_CONTEXT_MGR already set
[  667.588630][ T4675] *** Guest State ***
[  667.597432][ T4679] binder: 4671:4679 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
21:34:21 executing program 5:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r1, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_RUN(r1, 0xae80, 0x0)

21:34:21 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r0, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r0, 0xae80, 0x0)

[  667.602288][ T4675] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  667.610619][ T4674] binder: 4673:4674 ioctl 40046207 0 returned -16
[  667.622389][ T4675] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  667.646702][ T4675] CR3 = 0x0000000000000000
[  667.666190][ T4679] binder: BINDER_SET_CONTEXT_MGR already set
[  667.672203][ T4679] binder: 4671:4679 ioctl 40046207 0 returned -16
[  667.673148][ T4675] RSP = 0x0000000000000000  RIP = 0x000000000000fff0
[  667.690071][ T4681] binder: 4673:4681 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
21:34:21 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0f630c4284020000"], 0x0, 0x0, 0x0})

21:34:21 executing program 5:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r1, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_RUN(r1, 0xae80, 0x0)

[  667.739253][ T4675] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  667.760517][ T4675] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
21:34:21 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r0, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r0, 0xae80, 0x0)

21:34:21 executing program 3:
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  667.787689][ T4675] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  667.802970][ T4675] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  667.813745][ T4691] binder: 4690:4691 unknown command 1108108047
[  667.844525][ T4691] binder: 4690:4691 ioctl c0306201 20000080 returned -22
[  667.860896][ T4675] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  667.878360][ T4691] binder: BINDER_SET_CONTEXT_MGR already set
[  667.888409][ T4675] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  667.908872][ T4691] binder: 4690:4691 ioctl 40046207 0 returned -16
[  667.917431][ T4675] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  667.945515][ T4675] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  667.958962][ T4697] *** Guest State ***
[  667.969377][ T4675] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  667.972881][ T4697] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
21:34:21 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r3=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r3+30000000}}, 0x0)
readv(r1, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

21:34:21 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:34:21 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = creat(&(0x7f0000000040)='./file0\x00', 0x20)
fcntl$getownex(r0, 0x10, &(0x7f0000000100)={0x0, <r2=>0x0})
write$P9_RGETLOCK(r1, &(0x7f0000000140)={0x2b, 0x37, 0x1, {0x0, 0x0, 0x6, r2, 0xd, '/dev/binder#\x00'}}, 0x2b)
prctl$PR_GET_FP_MODE(0x2e)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})
syz_open_dev$admmidi(&(0x7f0000000180)='/dev/admmidi#\x00', 0x0, 0x4a000)

21:34:21 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r1, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r1, 0xae80, 0x0)

[  667.997789][ T4697] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  668.041259][ T4675] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  668.043952][ T4697] CR3 = 0x0000000000000000
[  668.055860][ T4675] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  668.079869][ T4703] binder: 4700:4703 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  668.099981][ T4697] RSP = 0x0000000000000000  RIP = 0x000000000000fff0
[  668.114371][ T4697] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  668.115491][ T4675] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  668.130377][ T4697] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  668.150835][ T4703] binder: BINDER_SET_CONTEXT_MGR already set
[  668.166875][ T4697] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  668.179841][ T4703] binder: 4700:4703 ioctl 40046207 0 returned -16
[  668.185625][ T4675] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  668.190803][ T4697] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  668.212137][ T4697] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  668.217570][ T4675] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  668.222759][ T4697] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  668.244885][ T4697] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  668.254265][ T4697] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  668.257749][ T4675] Interruptibility = 00000000  ActivityState = 00000000
[  668.269510][ T4697] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  668.288128][ T4697] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  668.295272][ T4675] *** Host State ***
[  668.301446][ T4697] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  668.312943][ T4697] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  668.315263][ T4675] RIP = 0xffffffff811b3470  RSP = 0xffff88805ae178e0
[  668.326858][ T4697] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  668.343247][ T4697] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  668.347359][ T4675] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  668.351982][ T4697] Interruptibility = 00000000  ActivityState = 00000000
[  668.372798][ T4697] *** Host State ***
[  668.375241][ T4675] FSBase=00007f2034fd5700 GSBase=ffff8880ae900000 TRBase=fffffe0000003000
[  668.377170][ T4697] RIP = 0xffffffff811b3470  RSP = 0xffff88805229f8e0
[  668.395198][ T4675] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  668.398900][ T4697] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  668.401796][ T4675] CR0=0000000080050033 CR3=000000008e144000 CR4=00000000001426e0
[  668.401814][ T4675] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87201360
[  668.401827][ T4675] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  668.401833][ T4675] *** Control State ***
[  668.401842][ T4675] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c2
[  668.401857][ T4675] EntryControls=0000d1ff ExitControls=002fefff
[  668.411709][ T4697] FSBase=00007f3244547700 GSBase=ffff8880ae900000 TRBase=fffffe0000033000
[  668.439506][ T4675] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  668.450162][ T4697] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[  668.475293][ T4697] CR0=0000000080050033 CR3=0000000090877000 CR4=00000000001426e0
[  668.483065][ T4675] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  668.492915][ T4675] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  668.505116][ T4675]         reason=80000021 qualification=0000000000000000
[  668.508531][ T4697] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87201360
[  668.514628][ T4675] IDTVectoring: info=00000000 errcode=00000000
[  668.532662][ T4675] TSC Offset = 0xfffffe97c8cbf6b3
[  668.535284][ T4697] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  668.538076][ T4675] TPR Threshold = 0x00
[  668.555259][ T4697] *** Control State ***
[  668.555639][ T4675] EPT pointer = 0x000000009764401e
[  668.559606][ T4697] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c2
[  668.586729][ T4697] EntryControls=0000d1ff ExitControls=002fefff
21:34:22 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x0, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:34:22 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r1, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r1, 0xae80, 0x0)

21:34:22 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:34:22 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="b80f514576500ca3368b45de25dab179e58cfab35f020c81f286f2efcf9045df10beb914f1847b07edb8d39a155f7ac12ed39f10b9c73cd4ce1ead4ca9bdeb05282e7833ffe0a18468cf6f4ab6f1459906113b13c20ba2e3cbeb1e894a4ff4ed75b05217651d89a5e46abf0b97519c15dedf335d9cc284000000000000000000"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

[  668.601980][ T4697] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  668.619869][ T4697] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  668.627463][ T4697] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  668.662638][ T4714] binder: 4712:4714 unknown command 1162940344
[  668.682888][ T4697]         reason=80000021 qualification=0000000000000000
[  668.692834][ T4714] binder: 4712:4714 ioctl c0306201 20000000 returned -22
21:34:22 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r1, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r1, 0xae80, 0x0)

21:34:22 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  668.713425][ T4718] binder: 4712:4718 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  668.740992][ T4697] IDTVectoring: info=00000000 errcode=00000000
[  668.752756][ T4717] *** Guest State ***
[  668.764919][ T4697] TSC Offset = 0xfffffe97960a2dd5
[  668.770286][ T4717] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  668.778121][ T4697] TPR Threshold = 0x00
[  668.784605][ T4714] binder: BINDER_SET_CONTEXT_MGR already set
[  668.797568][ T4697] EPT pointer = 0x0000000092b0001e
[  668.800979][ T4717] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  668.808467][ T4718] binder: 4712:4718 unknown command 1162940344
[  668.825353][ T4714] binder: 4712:4714 ioctl 40046207 0 returned -16
[  668.844073][ T4717] CR3 = 0x0000000000000000
21:34:22 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  668.860042][ T4717] RSP = 0x0000000000000000  RIP = 0x000000000000fff0
[  668.876613][ T4718] binder: 4712:4718 ioctl c0306201 20000000 returned -22
[  668.878057][ T4717] RFLAGS=0x00000002         DR7 = 0x0000000000000400
21:34:22 executing program 3:
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  668.919057][ T4717] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  668.940174][ T4717] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
21:34:22 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$admmidi(&(0x7f0000000040)='/dev/admmidi#\x00', 0x3ff, 0x0)
setsockopt$netlink_NETLINK_PKTINFO(r1, 0x10e, 0x3, &(0x7f0000000100)=0x6, 0x4)
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000140)=0xa100, 0x4)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:34:22 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r3=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r3+30000000}}, 0x0)
readv(r1, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

21:34:22 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  668.991704][ T4717] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  669.005466][ T4717] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  669.014159][ T4717] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  669.066574][ T4726] *** Guest State ***
[  669.070799][ T4726] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  669.081229][ T4727] *** Guest State ***
[  669.089897][ T4727] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  669.101899][ T4726] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  669.102393][ T4733] binder_thread_write: 1 callbacks suppressed
[  669.102418][ T4733] binder: 4728:4733 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  669.111727][ T4726] CR3 = 0x0000000000000000
[  669.135044][ T4727] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  669.152302][ T4717] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
21:34:22 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  669.162660][ T4726] RSP = 0x0000000000000000  RIP = 0x000000000000fff0
[  669.177200][ T4727] CR3 = 0x0000000000000000
[  669.181745][ T4717] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  669.187535][ T4733] binder: BINDER_SET_CONTEXT_MGR already set
[  669.194265][ T4726] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  669.212051][ T4727] RSP = 0x0000000000000000  RIP = 0x000000000000fff0
[  669.220221][ T4726] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  669.224816][ T4733] binder: 4728:4733 ioctl 40046207 0 returned -16
[  669.233115][ T4726] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  669.241383][ T4737] binder: 4728:4737 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  669.254206][ T4717] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  669.265545][ T4727] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  669.282513][ T4726] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  669.293061][ T4727] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  669.307656][ T4726] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  669.316619][ T4717] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  669.325669][ T4727] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  669.335086][ T4726] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  669.348510][ T4717] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  669.357737][ T4726] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  669.377743][ T4727] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  669.386932][ T4717] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  669.389606][ T4726] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  669.407176][ T4717] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  669.415695][ T4726] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  669.424569][ T4727] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  669.430592][ T4717] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  669.433567][ T4726] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  669.452935][ T4727] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  669.461999][ T4726] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  669.470868][ T4727] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  669.477735][ T4717] Interruptibility = 00000000  ActivityState = 00000000
[  669.479784][ T4726] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  669.490230][ T4717] *** Host State ***
[  669.495508][ T4727] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  669.508360][ T4726] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  669.515721][ T4726] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  669.518154][ T4717] RIP = 0xffffffff811b3470  RSP = 0xffff8880987cf8e0
[  669.524008][ T4727] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  669.539607][ T4726] Interruptibility = 00000000  ActivityState = 00000000
[  669.546792][ T4726] *** Host State ***
[  669.550859][ T4726] RIP = 0xffffffff811b3470  RSP = 0xffff88808637f8e0
[  669.550883][ T4717] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  669.557807][ T4726] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  669.572627][ T4726] FSBase=00007f39ca16e700 GSBase=ffff8880ae800000 TRBase=fffffe0000003000
[  669.581373][ T4727] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  669.587363][ T4717] FSBase=00007f2034fd5700 GSBase=ffff8880ae900000 TRBase=fffffe0000033000
[  669.590278][ T4726] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  669.605442][ T4727] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  669.614328][ T4726] CR0=0000000080050033 CR3=0000000098e04000 CR4=00000000001426f0
[  669.617410][ T4717] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[  669.622269][ T4726] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87201360
[  669.636323][ T4727] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  669.645265][ T4726] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  669.652168][ T4727] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  669.653847][ T4717] CR0=0000000080050033 CR3=00000000606f0000 CR4=00000000001426e0
[  669.659484][ T4726] *** Control State ***
[  669.671558][ T4726] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c2
[  669.679207][ T4727] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  669.687662][ T4726] EntryControls=0000d1ff ExitControls=002fefff
[  669.692061][ T4717] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87201360
[  669.694050][ T4726] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  669.709239][ T4727] Interruptibility = 00000000  ActivityState = 00000000
[  669.716474][ T4726] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  669.717590][ T4717] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  669.724003][ T4727] *** Host State ***
[  669.734791][ T4726] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  669.742348][ T4727] RIP = 0xffffffff811b3470  RSP = 0xffff8880549878e0
[  669.749335][ T4726]         reason=80000021 qualification=0000000000000000
[  669.756668][ T4726] IDTVectoring: info=00000000 errcode=00000000
[  669.763022][ T4727] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  669.765697][ T4717] *** Control State ***
[  669.770358][ T4726] TSC Offset = 0xfffffe96fd3c9f5d
[  669.779577][ T4727] FSBase=00007f3244547700 GSBase=ffff8880ae800000 TRBase=fffffe0000003000
[  669.791445][ T4726] TPR Threshold = 0x00
[  669.791766][ T4717] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c2
[  669.795876][ T4726] EPT pointer = 0x000000008f3fa01e
[  669.810093][ T4727] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  669.817463][ T4717] EntryControls=0000d1ff ExitControls=002fefff
[  669.823628][ T4717] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  669.835498][ T4727] CR0=0000000080050033 CR3=00000000a7afd000 CR4=00000000001426f0
[  669.865377][ T4717] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  669.874798][ T4717] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  669.884683][ T4727] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87201360
[  669.896699][ T4717]         reason=80000021 qualification=0000000000000000
[  669.903904][ T4717] IDTVectoring: info=00000000 errcode=00000000
[  669.910999][ T4727] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  669.918093][ T4717] TSC Offset = 0xfffffe97295a789d
[  669.923283][ T4717] TPR Threshold = 0x00
[  669.928325][ T4727] *** Control State ***
[  669.932669][ T4717] EPT pointer = 0x000000009429f01e
[  669.938046][ T4727] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c2
[  669.969684][ T4727] EntryControls=0000d1ff ExitControls=002fefff
21:34:23 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f00001dcf48)={0x2, 0x400000000000003, 0x0, 0x0, 0x16, 0x0, 0x0, 0x0, [@sadb_lifetime={0x4, 0x3}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6}, @sadb_lifetime={0x4, 0x4}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfbffffff}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xb0}}, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f00000000c0)={{{@in=@local, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in=@dev}, 0x0, @in=@broadcast}}, &(0x7f00000001c0)=0xe8)
getgroups(0x7, &(0x7f0000000740)=[0xee00, 0xee00, 0xffffffffffffffff, 0xee01, <r3=>0x0, 0xee00, 0xee01])
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000780)={0x0, 0x0, <r4=>0x0}, &(0x7f00000007c0)=0xc)
setregid(r3, r4)
r5 = getuid()
r6 = getgid()
r7 = getegid()
lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0})
getgroups(0x2, &(0x7f0000000400)=[<r9=>0xee00, 0xffffffffffffffff])
stat(&(0x7f0000000440)='./file0\x00', &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, <r10=>0x0})
lstat(&(0x7f0000000500)='./file0\x00', &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, <r11=>0x0})
setresgid(r8, r8, r3)
r12 = dup(r0)
ioctl$SG_GET_SG_TABLESIZE(r12, 0x227f, &(0x7f0000000700))
getresgid(&(0x7f00000005c0), &(0x7f0000000600), &(0x7f0000000640)=<r13=>0x0)
r14 = getgid()
fsetxattr$system_posix_acl(r0, &(0x7f0000000040)='system.posix_acl_default\x00', &(0x7f0000000680)={{}, {0x1, 0x4}, [{0x2, 0x7, r2}, {0x2, 0x7, r5}], {0x4, 0x1}, [{0x8, 0x0, r6}, {0x8, 0x1, r7}, {0x8, 0x6, r8}, {0x8, 0x4, r9}, {0x8, 0x3, r10}, {0x8, 0x4, r11}, {0x8, 0x1, r13}, {0x8, 0x7, r14}], {0x10, 0x5}, {0x20, 0x1}}, 0x74, 0x2)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0f630340000000006a5e5b534bc70cf6883924860cd4f251cd2a5841e129022bff3ade94492e4dff0ab1aa9961b09b888388d533f92ed13f2960bb5f6c3fb718e5f8d7940700f40d5d2067257cfc57abc3b72e9de65a8b6dd8bd8d10038f6298717dccd413b7bee6d025900baa11387b37a7f5f178e112644519ca6408dec4a35d06"], 0x0, 0x0, 0x0})

21:34:23 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x0, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:34:23 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:34:23 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  669.990714][ T4727] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  670.005940][ T4727] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
21:34:23 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r3=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r3+30000000}}, 0x0)
readv(r1, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

[  670.041584][ T4727] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  670.064159][ T4746] binder: 4743:4746 ioctl 227f 20000700 returned -22
[  670.073501][ T4727]         reason=80000021 qualification=0000000000000000
[  670.076438][ T4742] *** Guest State ***
[  670.097957][ T4742] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  670.098683][ T4746] binder: 4743:4746 unknown command 1073963791
[  670.122701][ T4727] IDTVectoring: info=00000000 errcode=00000000
[  670.135952][ T4746] binder: 4743:4746 ioctl c0306201 20000080 returned -22
[  670.149944][ T4727] TSC Offset = 0xfffffe96fc767919
[  670.157941][ T4742] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  670.162324][ T4746] binder: BINDER_SET_CONTEXT_MGR already set
[  670.177135][ T4727] TPR Threshold = 0x00
[  670.178884][ T4748] *** Guest State ***
[  670.188170][ T4727] EPT pointer = 0x000000008867c01e
21:34:23 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  670.196684][ T4746] binder: 4743:4746 ioctl 40046207 0 returned -16
[  670.210388][ T4748] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  670.220415][ T4742] CR3 = 0x0000000000000000
[  670.229681][ T4752] binder: 4743:4752 ioctl 227f 20000700 returned -22
[  670.237940][ T4742] RSP = 0x0000000000000000  RIP = 0x000000000000fff0
[  670.256784][ T4748] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  670.261817][ T4752] binder: 4743:4752 unknown command 1073963791
[  670.267221][ T4742] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  670.286529][ T4748] CR3 = 0x0000000000000000
[  670.290065][ T4752] binder: 4743:4752 ioctl c0306201 20000080 returned -22
[  670.291405][ T4742] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
21:34:23 executing program 3:
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  670.326405][ T4748] RSP = 0x0000000000000000  RIP = 0x000000000000fff0
[  670.350842][ T4748] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  670.360305][ T4742] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  670.369699][ T4748] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  670.383811][ T4742] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  670.393016][ T4748] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  670.402190][ T4742] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  670.417783][ T4748] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  670.430838][ T4742] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  670.442235][ T4748] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  670.459251][ T4742] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  670.469328][ T4748] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
21:34:24 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f0000000040)={0x2, 0x4e21, @loopback}, 0x10)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:34:24 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  670.484441][ T4742] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  670.497635][ T4748] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  670.515042][ T4742] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  670.535461][ T4748] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  670.535880][ T4757] *** Guest State ***
[  670.561810][ T4742] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  670.562817][ T4759] binder_thread_write: 1 callbacks suppressed
[  670.562831][ T4759] binder: 4758:4759 Acquire 1 refcount change on invalid ref 0 ret -22
[  670.574025][ T4757] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  670.581466][ T4748] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  670.600529][ T4748] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  670.604506][ T4742] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  670.618570][ T4759] binder: 4758:4759 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  670.627594][ T4757] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  670.641415][ T4748] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  670.650514][ T4757] CR3 = 0x0000000000000000
[  670.655087][ T4742] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  670.664111][ T4748] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  670.664134][ T4762] binder: 4758:4762 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  670.687740][ T4757] RSP = 0x0000000000000000  RIP = 0x000000000000fff0
[  670.687918][ T4748] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  670.694809][ T4757] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  670.715719][ T4742] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  670.723016][ T4742] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  670.739302][ T4757] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  670.750388][ T4742] Interruptibility = 00000000  ActivityState = 00000000
[  670.761130][ T4757] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  670.769163][ T4748] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  670.773575][ T4742] *** Host State ***
[  670.782284][ T4742] RIP = 0xffffffff811b3470  RSP = 0xffff88805172f8e0
21:34:24 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x4, 0x10000)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f0000000240)={<r2=>0x0, @in6={{0xa, 0x4e24, 0x5902, @loopback, 0x8}}, 0x8}, &(0x7f00000001c0)=0x90)
getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000300)={r2, 0xfffffffffffeffff}, &(0x7f0000000340)=0x8)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffff9c, 0xc0086420, &(0x7f0000000100)={<r3=>0x0})
ioctl$TUNGETFEATURES(r1, 0x800454cf, &(0x7f0000000180))
ioctl$DRM_IOCTL_RM_CTX(r1, 0xc0086421, &(0x7f0000000140)={r3, 0x2})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0563044040802b549124f9513f9c009d0055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:34:24 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  670.789293][ T4748] Interruptibility = 00000000  ActivityState = 00000000
[  670.803659][ T4742] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  670.813463][ T4757] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  670.835665][ T4748] *** Host State ***
[  670.847333][ T4742] FSBase=00007f39ca16e700 GSBase=ffff8880ae900000 TRBase=fffffe0000033000
[  670.857050][ T4767] binder: 4764:4767 Acquire 1 refcount change on invalid ref 1412137024 ret -22
[  670.862494][ T4748] RIP = 0xffffffff811b3470  RSP = 0xffff8880834af8e0
[  670.877619][ T4767] binder: 4764:4767 unknown command 1375282321
[  670.892074][ T4767] binder: 4764:4767 ioctl c0306201 20000000 returned -22
[  670.894008][ T4748] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  670.906736][ T4757] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  670.908051][ T4768] binder: 4764:4768 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  670.915773][ T4742] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[  670.935326][ T4748] FSBase=00007f2034fd5700 GSBase=ffff8880ae900000 TRBase=fffffe0000003000
[  670.936352][ T4757] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  670.952967][ T4742] CR0=0000000080050033 CR3=00000000a5036000 CR4=00000000001426e0
[  670.956347][ T4748] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  670.967272][ T4742] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87201360
[  670.975046][ T4757] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  670.984414][ T4767] binder: BINDER_SET_CONTEXT_MGR already set
[  670.990863][ T4742] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  670.998222][ T4748] CR0=0000000080050033 CR3=00000000843ea000 CR4=00000000001426e0
[  671.004234][ T4767] binder: 4764:4767 ioctl 40046207 0 returned -16
[  671.012435][ T4742] *** Control State ***
[  671.017011][ T4757] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  671.018367][ T4748] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87201360
[  671.033466][ T4742] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c2
[  671.037857][ T4770] binder: 4764:4770 Acquire 1 refcount change on invalid ref 1412137024 ret -22
[  671.047337][ T4748] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  671.064766][ T4757] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  671.064772][ T4742] EntryControls=0000d1ff ExitControls=002fefff
[  671.064792][ T4742] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  671.079830][ T4748] *** Control State ***
[  671.079841][ T4748] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c2
[  671.079849][ T4748] EntryControls=0000d1ff ExitControls=002fefff
[  671.079863][ T4748] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  671.079879][ T4748] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  671.087818][ T4770] binder: 4764:4770 unknown command 1375282321
[  671.110725][ T4748] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  671.118864][ T4770] binder: 4764:4770 ioctl c0306201 20000000 returned -22
21:34:24 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  671.123451][ T4757] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  671.132057][ T4742] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  671.145444][ T4757] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  671.165215][ T4767] binder: 4764:4767 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  671.175289][ T4748]         reason=80000021 qualification=0000000000000000
[  671.190094][ T4748] IDTVectoring: info=00000000 errcode=00000000
21:34:24 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(0x0, 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r3=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r3+30000000}}, 0x0)
readv(r1, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

[  671.200720][ T4748] TSC Offset = 0xfffffe966575e892
[  671.221877][ T4742] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  671.226719][ T4748] TPR Threshold = 0x00
[  671.240033][ T4748] EPT pointer = 0x000000008a46a01e
[  671.249338][ T4757] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  671.260959][ T4757] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  671.268368][ T4757] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  671.276886][ T4742]         reason=80000021 qualification=0000000000000000
[  671.284151][ T4757] Interruptibility = 00000000  ActivityState = 00000000
[  671.291427][ T4757] *** Host State ***
[  671.304758][ T4742] IDTVectoring: info=00000000 errcode=00000000
[  671.315608][ T4757] RIP = 0xffffffff811b3470  RSP = 0xffff8880563a78e0
21:34:24 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:34:24 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x202200, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(r1, 0xc008240a, &(0x7f0000000100)={0x3, 0x0, [0x0, 0x0, 0x0]})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

[  671.337648][ T4757] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  671.346742][ T4742] TSC Offset = 0xfffffe967453f9ee
[  671.360316][ T4757] FSBase=00007f3244547700 GSBase=ffff8880ae900000 TRBase=fffffe0000003000
[  671.384893][ T4776] binder: 4775:4776 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  671.386101][ T4742] TPR Threshold = 0x00
[  671.402532][ T4757] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  671.409679][ T4757] CR0=0000000080050033 CR3=000000008b412000 CR4=00000000001426e0
[  671.417958][ T4742] EPT pointer = 0x000000008b3e901e
[  671.423323][ T4757] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87201360
[  671.444730][ T4776] binder: BINDER_SET_CONTEXT_MGR already set
[  671.445451][ T4757] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  671.461575][ T4776] binder: 4775:4776 ioctl 40046207 0 returned -16
[  671.475298][ T4757] *** Control State ***
[  671.477571][ T4778] *** Guest State ***
[  671.481798][ T4757] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c2
21:34:25 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:34:25 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  671.483604][ T4778] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  671.504727][ T4779] binder: 4775:4779 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  671.518587][ T4778] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  671.534022][ T4757] EntryControls=0000d1ff ExitControls=002fefff
[  671.538067][ T4778] CR3 = 0x0000000000000000
[  671.553975][ T4778] RSP = 0x0000000000000000  RIP = 0x000000000000fff0
[  671.568968][ T4778] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  671.591176][ T4778] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
21:34:25 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
ioctl$sock_SIOCGIFBR(r1, 0x8940, &(0x7f0000000040)=@generic={0x3, 0x1, 0x3})
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$sock_inet_SIOCSIFBRDADDR(r1, 0x891a, &(0x7f0000000100)={'nr0\x00', {0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2b}}})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

[  671.595761][ T4757] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  671.607908][ T4778] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  671.639032][ T4778] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  671.661471][ T4757] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  671.676351][ T4778] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  671.688577][ T4757] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  671.703141][ T4786] binder: 4785:4786 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  671.706931][ T4784] *** Guest State ***
[  671.721087][ T4778] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  671.730020][ T4784] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  671.731568][ T4757]         reason=80000021 qualification=0000000000000000
[  671.739856][ T4778] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  671.756052][ T4784] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  671.767155][ T4778] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  671.771903][ T4757] IDTVectoring: info=00000000 errcode=00000000
[  671.777196][ T4787] binder: BINDER_SET_CONTEXT_MGR already set
[  671.788367][ T4784] CR3 = 0x0000000000000000
[  671.793045][ T4778] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  671.795705][ T4757] TSC Offset = 0xfffffe963655a95e
[  671.801994][ T4784] RSP = 0x0000000000000000  RIP = 0x000000000000fff0
[  671.813867][ T4788] binder: 4785:4788 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  671.826744][ T4784] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  671.833774][ T4784] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  671.841519][ T4784] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  671.845276][ T4757] TPR Threshold = 0x00
[  671.850553][ T4787] binder: 4785:4787 ioctl 40046207 0 returned -16
[  671.861112][ T4784] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  671.870153][ T4757] EPT pointer = 0x00000000a404201e
[  671.870214][ T4784] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  671.888328][ T4784] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  671.890975][ T4778] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  671.906683][ T4784] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  671.923500][ T4784] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  671.932605][ T4784] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  671.941773][ T4778] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  671.951943][ T4784] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
21:34:25 executing program 3:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = dup3(r0, r0, 0x80000)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0xfffffffffffffe26, 0x0, &(0x7f0000000140)=ANY=[@ANYRES64=r0], 0x5a, 0x0, 0x0})
ioctl$FS_IOC_ENABLE_VERITY(r0, 0x6685)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00')
sendmsg$TIPC_NL_BEARER_ADD(r1, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x110}, 0xc, &(0x7f0000000100)={&(0x7f00000001c0)={0x128, r2, 0x300, 0x70bd25, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x44, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x3}, @TIPC_NLA_BEARER_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7db}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6a}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}]}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7f}]}]}, @TIPC_NLA_MEDIA={0xa0, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x100000001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1bc6a690}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80000000000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x88}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}]}]}, @TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffffffffffc4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x797}]}]}]}, 0x128}, 0x1, 0x0, 0x0, 0x4000}, 0x80)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:34:25 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:34:25 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000240)='?proc/sy4/vs/sloppy_scvp\x00\xcf;\xc7\x9ff\x88\xe0\xf5\b\x00\x00\x00\xc3\xb6\xf9\xee\xa7\xe9\xaf\xa0\x1bVO\xdc\x92\xe7\xa0\xf9\x14\x9c\r\x8cX\x7fp=\f,\xf42?\x1c\x83\xe2dC\v\x8e\xee\xdb\x90\'\xa2\x9c\x86V\xfc\xc9\x94\xcb\x9d\xe1\xe0^\xd7\xcb\xda%\x11+\xe5\xf5\xe2~\xad\xb2\x10M\xd6', 0x2, 0x0)
setsockopt$RXRPC_SECURITY_KEY(r1, 0x110, 0x1, &(0x7f0000000100)='keyring\x00', 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})
getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000040)=@assoc_value={<r2=>0x0}, &(0x7f0000000140)=0x8)
setsockopt$inet_sctp_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000180)={r2, 0xffff}, 0x8)

[  671.961050][ T4778] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  671.970032][ T4784] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  671.978986][ T4778] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  671.986437][ T4784] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  672.012579][ T4778] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  672.024872][ T4784] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  672.032905][ T4778] Interruptibility = 00000000  ActivityState = 00000000
[  672.033622][ T4791] binder: 4789:4791 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  672.055054][ T4784] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  672.063565][ T4778] *** Host State ***
[  672.067850][ T4778] RIP = 0xffffffff811b3470  RSP = 0xffff8880542af8e0
[  672.074854][ T4784] Interruptibility = 00000000  ActivityState = 00000000
[  672.081714][ T4794] binder: BINDER_SET_CONTEXT_MGR already set
[  672.088054][ T4778] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  672.095532][ T4784] *** Host State ***
[  672.100255][ T4778] FSBase=00007f2034fd5700 GSBase=ffff8880ae800000 TRBase=fffffe0000003000
[  672.101444][ T4794] binder: 4793:4794 ioctl 40046207 0 returned -16
[  672.115522][ T4784] RIP = 0xffffffff811b3470  RSP = 0xffff8880514f78e0
[  672.135589][ T4784] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  672.143087][ T4778] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  672.146154][ T4797] binder: 4793:4797 ioctl c0306201 20000180 returned -14
21:34:25 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

[  672.158155][ T4784] FSBase=00007f39ca16e700 GSBase=ffff8880ae800000 TRBase=fffffe0000003000
[  672.165429][ T4791] binder: BINDER_SET_CONTEXT_MGR already set
[  672.168937][ T4778] CR0=0000000080050033 CR3=00000000843ea000 CR4=00000000001426f0
[  672.181700][ T4791] binder: 4789:4791 ioctl 40046207 0 returned -16
[  672.190678][ T4784] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  672.202171][ T4778] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87201360
[  672.210134][ T4798] binder: 4789:4798 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  672.235268][ T4794] binder: 4793:4794 ioctl 6685 0 returned -22
[  672.241797][ T4784] CR0=0000000080050033 CR3=00000000a0e16000 CR4=00000000001426f0
[  672.256130][ T4778] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
21:34:25 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(0x0, 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r3=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r3+30000000}}, 0x0)
readv(r1, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

[  672.263524][ T4784] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87201360
[  672.275701][ T4794] binder: 4793:4794 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  672.281422][ T4778] *** Control State ***
[  672.287743][ T4784] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  672.294768][ T4778] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c2
[  672.302519][ T4784] *** Control State ***
21:34:25 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="ffdb9b836bd971c54f97be4f2a1b6ea9344a0de318053ea7847cd821b4ea76e5110b10bef46ec9a907806098c3ddb95aedd06ad31265377542bd891615f96d07a14f6c737e5ac1174269e6aa47626c1be5a2b5f6a056026e2e8770700595669f648597f92a81bb907ac61f2f1c5d9471a88e8efdda5221136f030c0cab4d437d756255ad6e7ec3aab2036ee16e13ddabc0c9ca93fbcaf786258cba8092912413b577c3"], 0x0, 0x0, 0x0})

[  672.311388][ T4778] EntryControls=0000d1ff ExitControls=002fefff
[  672.317887][ T4784] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c2
[  672.339827][ T4778] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  672.349027][ T4784] EntryControls=0000d1ff ExitControls=002fefff
21:34:26 executing program 3:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = dup3(r0, r0, 0x80000)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0xfffffffffffffe26, 0x0, &(0x7f0000000140)=ANY=[@ANYRES64=r0], 0x5a, 0x0, 0x0})
ioctl$FS_IOC_ENABLE_VERITY(r0, 0x6685)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00')
sendmsg$TIPC_NL_BEARER_ADD(r1, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x110}, 0xc, &(0x7f0000000100)={&(0x7f00000001c0)={0x128, r2, 0x300, 0x70bd25, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x44, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x3}, @TIPC_NLA_BEARER_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7db}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6a}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}]}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7f}]}]}, @TIPC_NLA_MEDIA={0xa0, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x100000001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1bc6a690}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80000000000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x88}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}]}]}, @TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffffffffffc4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x797}]}]}]}, 0x128}, 0x1, 0x0, 0x0, 0x4000}, 0x80)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

[  672.363821][ T4778] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  672.371650][ T4784] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  672.388754][ T4778] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  672.403096][ T4784] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  672.415516][ T4778]         reason=80000021 qualification=0000000000000000
[  672.418373][ T4805] binder: 4804:4805 unknown command -2086937601
[  672.422547][ T4778] IDTVectoring: info=00000000 errcode=00000000
[  672.422555][ T4778] TSC Offset = 0xfffffe95b3580c56
[  672.422562][ T4778] TPR Threshold = 0x00
[  672.422573][ T4778] EPT pointer = 0x00000000a9a5a01e
[  672.454417][ T4784] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  672.475273][ T4784]         reason=80000021 qualification=0000000000000000
[  672.486778][ T4807] binder: BINDER_SET_CONTEXT_MGR already set
[  672.492958][ T4784] IDTVectoring: info=00000000 errcode=00000000
[  672.499391][ T4807] binder: 4806:4807 ioctl 40046207 0 returned -16
[  672.506420][ T4784] TSC Offset = 0xfffffe9593aabd2f
[  672.513989][ T4805] binder: 4804:4805 ioctl c0306201 20000080 returned -22
[  672.521288][ T4784] TPR Threshold = 0x00
[  672.526577][ T4807] binder: 4806:4807 ioctl c0306201 20000180 returned -14
[  672.533816][ T4784] EPT pointer = 0x00000000a44fa01e
[  672.545323][ T4805] binder: BINDER_SET_CONTEXT_MGR already set
[  672.551768][ T4807] binder: 4806:4807 ioctl 6685 0 returned -22
[  672.559775][ T4805] binder: 4804:4805 ioctl 40046207 0 returned -16
[  672.569613][ T4807] binder: 4806:4807 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
21:34:26 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:34:26 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

21:34:26 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:34:26 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000020000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0f630c4000000000f8e87ce9f30d254af25d37fc2bc2043638f39933ef1d3e4107000000000000cdcfde5559d117d4e7898f2ad0f669ac40b08d3bc07c04a9e0fdaaecbcdf290a3bcce4673832a81c908bda4f97631b7ca0dd09e2c4f67515c85b98340c2c0c808ed59fff67b0b5141b54a1474edc48f5138922e112446868b71a94a198475173b758b0d451cdce5fbcb702b72e083632672d4f4321f08fc93476304bdcc68d8a65e88a64e63e58b1735b5cb3a1d00ec124fe00ac2c7b455822b0eb4d07a19413dc3cce0a535e9a7f87d874128f8abb59308b9c956ddc102fdb872d78ac9fd12c890e6374268545d8f5405e11c291720970fb4a"], 0x0, 0x0, 0x0})
r1 = socket$unix(0x1, 0x1, 0x0)
accept$unix(r1, &(0x7f0000000240), &(0x7f0000000040)=0x6e)

21:34:26 executing program 3:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = dup3(r0, r0, 0x80000)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0xfffffffffffffe26, 0x0, &(0x7f0000000140)=ANY=[@ANYRES64=r0], 0x5a, 0x0, 0x0})
ioctl$FS_IOC_ENABLE_VERITY(r0, 0x6685)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00')
sendmsg$TIPC_NL_BEARER_ADD(r1, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x110}, 0xc, &(0x7f0000000100)={&(0x7f00000001c0)={0x128, r2, 0x300, 0x70bd25, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x44, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x3}, @TIPC_NLA_BEARER_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7db}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6a}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}]}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7f}]}]}, @TIPC_NLA_MEDIA={0xa0, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x100000001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1bc6a690}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80000000000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x88}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}]}]}, @TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffffffffffc4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x797}]}]}]}, 0x128}, 0x1, 0x0, 0x0, 0x4000}, 0x80)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:34:26 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000600)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

[  672.730483][ T4812] *** Guest State ***
[  672.744117][ T4816] binder: 4814:4816 Acquire 1 refcount change on invalid ref 2097152 ret -22
[  672.753122][ T4812] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  672.769437][ T4816] binder: 4814:4816 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
21:34:26 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  672.785904][ T4812] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  672.791961][ T4819] binder: BINDER_SET_CONTEXT_MGR already set
[  672.803127][ T4821] binder: 4814:4821 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  672.805562][ T4812] CR3 = 0x0000000000000000
[  672.834067][ T4819] binder: 4817:4819 ioctl 40046207 0 returned -16
[  672.840564][ T4812] RSP = 0x0000000000000000  RIP = 0x000000000000fff0
[  672.840578][ T4812] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  672.840601][ T4812] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  672.840625][ T4812] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  672.873374][ T4821] binder: 4814:4821 Acquire 1 refcount change on invalid ref 2097152 ret -22
[  672.873378][ T4816] binder: BINDER_SET_CONTEXT_MGR already set
[  672.873415][ T4816] binder: 4814:4816 ioctl 40046207 0 returned -16
[  672.888057][ T4822] binder: 4817:4822 ioctl c0306201 20000180 returned -14
[  672.902720][ T4812] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  672.912762][ T4812] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
21:34:26 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c46000000de000000000000001000000000000038000000000100000000003830b00cc52eceac0a705fd909a2a600000020000000000000000f1b00000000000000000000000000000000000000007e000000000000"], 0x58)
write$FUSE_STATFS(r0, &(0x7f0000000200)={0x60}, 0x60)
r1 = dup(r0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000040)={0x2b, 0x4, 0x0, {0x0, 0x0, 0xb52d554, 0xa0, [0x0, 0x0, 0x0]}}, 0x151)
r2 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r4=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r4+30000000}}, 0x0)
readv(r3, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r2, r3, 0x0)
tkill(0x0, 0x1000000000014)

[  672.932831][ T4821] binder: 4814:4821 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  672.952325][ T4812] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
21:34:26 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  672.981425][ T4812] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  672.988510][ T4819] binder: 4817:4819 ioctl 6685 0 returned -22
[  673.037667][ T4812] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  673.054648][ T4812] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  673.072697][ T4812] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  673.098904][ T4812] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  673.126886][ T4812] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  673.136179][ T4812] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  673.143490][ T4812] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  673.152304][ T4812] Interruptibility = 00000000  ActivityState = 00000000
[  673.160457][ T4812] *** Host State ***
[  673.164582][ T4812] RIP = 0xffffffff811b3470  RSP = 0xffff888056fe78e0
[  673.171981][ T4812] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  673.179640][ T4812] FSBase=00007f2034fd5700 GSBase=ffff8880ae900000 TRBase=fffffe0000003000
[  673.188897][ T4812] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  673.196046][ T4812] CR0=0000000080050033 CR3=0000000095d43000 CR4=00000000001426e0
[  673.203944][ T4812] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87201360
[  673.211968][ T4812] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  673.219132][ T4812] *** Control State ***
[  673.223486][ T4812] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c2
[  673.231300][ T4812] EntryControls=0000d1ff ExitControls=002fefff
[  673.237904][ T4812] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  673.245996][ T4812] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  673.253640][ T4812] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  673.261817][ T4812]         reason=80000021 qualification=0000000000000000
[  673.269351][ T4812] IDTVectoring: info=00000000 errcode=00000000
[  673.276118][ T4812] TSC Offset = 0xfffffe9506f18282
[  673.281363][ T4812] TPR Threshold = 0x00
[  673.285923][ T4812] EPT pointer = 0x000000008c24e01e
21:34:29 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(0x0, 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r3=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r3+30000000}}, 0x0)
readv(r1, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

21:34:29 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})
r1 = syz_open_dev$cec(&(0x7f0000000180)='/dev/cec#\x00', 0x3, 0x2)
recvmsg(0xffffffffffffff9c, &(0x7f0000001980)={&(0x7f00000007c0)=@xdp={0x2c, 0x0, <r2=>0x0}, 0x80, &(0x7f0000000940)=[{&(0x7f0000000840)=""/193, 0xc1}], 0x1, &(0x7f0000000980)=""/4096, 0x1000}, 0x40)
r3 = geteuid()
setsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f00000019c0)={{{@in6=@loopback, @in=@rand_addr=0x5, 0x4e23, 0x0, 0x4e24, 0x2, 0xa, 0x20, 0x20, 0x6f, r2, r3}, {0x7, 0xffff, 0x20, 0x0, 0x4, 0x0, 0x2, 0x2}, {0x2, 0x8, 0x800, 0x401}, 0x4, 0x6e6bb5, 0x2, 0x0, 0x1, 0x3}, {{@in6=@mcast2, 0x4d3, 0xff}, 0x2, @in6=@local, 0x34ff, 0x3, 0x3, 0x1f, 0x1, 0x401, 0x100}}, 0xe8)
r4 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x1, 0x0)
getdents64(r4, &(0x7f00000004c0)=""/184, 0xfffffffffffffec9)
ioctl$VIDIOC_S_EXT_CTRLS(r4, 0xc0205648, &(0x7f0000000140)={0x9c0000, 0x5, 0x40, [], &(0x7f0000000100)={0xa30904, 0x1, [], @value64=0x2}})
fsync(r0)
close(r0)

21:34:29 executing program 3:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = dup3(r0, r0, 0x80000)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0xfffffffffffffe26, 0x0, &(0x7f0000000140)=ANY=[@ANYRES64=r0], 0x5a, 0x0, 0x0})
ioctl$FS_IOC_ENABLE_VERITY(r0, 0x6685)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00')
sendmsg$TIPC_NL_BEARER_ADD(r1, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x110}, 0xc, &(0x7f0000000100)={&(0x7f00000001c0)={0x128, r2, 0x300, 0x70bd25, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x44, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x3}, @TIPC_NLA_BEARER_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7db}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6a}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}]}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7f}]}]}, @TIPC_NLA_MEDIA={0xa0, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x100000001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1bc6a690}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80000000000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x88}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}]}]}, @TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffffffffffc4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x797}]}]}]}, 0x128}, 0x1, 0x0, 0x0, 0x4000}, 0x80)

21:34:29 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r1, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r1, 0xae80, 0x0)

21:34:29 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:34:29 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = socket(0x11, 0x2, 0x0)
r2 = openat$dlm_plock(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$CAPI_REGISTER(r2, 0x400c4301, 0x0)
syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x201, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$sock_inet_SIOCRTMSG(0xffffffffffffffff, 0x550b, 0x0)
ioctl$NBD_SET_SOCK(r3, 0xab00, r1)
ioctl$NBD_CLEAR_SOCK(r3, 0xab03)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
syz_open_dev$ndb(&(0x7f00000002c0)='/dev/nbd#\x00', 0x0, 0x200)
r4 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20ncci\x00', 0x200000, 0x0)
ioctl$GIO_FONTX(r4, 0x4b6b, &(0x7f0000000100)=""/168)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})
lsetxattr$security_ima(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000240)='security.ima\x00', &(0x7f0000000280)=@md5={0x1, "ff29546a02d9d22f1daad50cb29700e8"}, 0x11, 0x2)

[  675.433351][ T4834] binder: 4832:4834 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  675.467733][ T4841] binder: BINDER_SET_CONTEXT_MGR already set
[  675.482058][ T4842] binder: BINDER_SET_CONTEXT_MGR already set
[  675.488238][ T4841] binder: 4833:4841 ioctl 40046207 0 returned -16
[  675.503248][ T4841] binder: 4833:4841 ioctl c0306201 20000180 returned -14
[  675.512850][ T4842] binder: 4837:4842 ioctl 40046207 0 returned -16
21:34:29 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r1, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r1, 0xae80, 0x0)

[  675.522184][ T4844] binder: 4832:4844 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  675.525651][ T4841] binder: 4833:4841 ioctl 6685 0 returned -22
[  675.561246][ T4840] *** Guest State ***
[  675.573427][ T4840] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
21:34:29 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r1, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r1, 0xae80, 0x0)

[  675.588551][ T4842] block nbd0: Device being setup by another task
[  675.591508][ T4840] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  675.614165][ T4842] binder: 4837:4842 Acquire 1 refcount change on invalid ref 0 ret -22
21:34:29 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})
mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, 0x1010, r0, 0x2)

21:34:29 executing program 3:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
dup3(r0, r0, 0x80000)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0xfffffffffffffe26, 0x0, &(0x7f0000000140)=ANY=[@ANYRES64=r0], 0x5a, 0x0, 0x0})
ioctl$FS_IOC_ENABLE_VERITY(r0, 0x6685)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00')

21:34:29 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, 0x0, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r3=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r3+30000000}}, 0x0)
readv(r1, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

[  675.646584][ T4842] binder_thread_write: 1 callbacks suppressed
[  675.646599][ T4842] binder: 4837:4842 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  675.668043][ T4840] CR3 = 0x0000000000000000
[  675.683738][ T4840] RSP = 0x0000000000000000  RIP = 0x000000000000fff0
[  675.717280][ T4845] binder: 4837:4845 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  675.720098][ T4840] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  675.747408][ T4855] binder: 4852:4855 ioctl c0306201 20000180 returned -14
[  675.759242][ T4857] binder: BINDER_SET_CONTEXT_MGR already set
[  675.762935][ T4840] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  675.782992][ T4840] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  675.783511][ T4855] binder: 4852:4855 ioctl 6685 0 returned -22
[  675.799264][ T4857] binder: 4854:4857 ioctl 40046207 0 returned -16
[  675.801064][ T4840] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
21:34:29 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  675.817933][ T4857] binder: 4854:4857 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  675.825313][ T4840] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  675.849164][ T4840] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  675.859966][ T4859] binder: 4854:4859 Acquire 1 refcount change on invalid ref 0 ret -22
[  675.862319][ T4840] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  675.885032][ T4840] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  675.892709][ T4859] binder: 4854:4859 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
21:34:29 executing program 3:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
dup3(r0, r0, 0x80000)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0xfffffffffffffe26, 0x0, &(0x7f0000000140)=ANY=[@ANYRES64=r0], 0x5a, 0x0, 0x0})
ioctl$FS_IOC_ENABLE_VERITY(r0, 0x6685)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00')

21:34:29 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = socket(0x11, 0x2, 0x0)
r2 = openat$dlm_plock(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$CAPI_REGISTER(r2, 0x400c4301, 0x0)
syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x201, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$sock_inet_SIOCRTMSG(0xffffffffffffffff, 0x550b, 0x0)
ioctl$NBD_SET_SOCK(r3, 0xab00, r1)
ioctl$NBD_CLEAR_SOCK(r3, 0xab03)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
syz_open_dev$ndb(&(0x7f00000002c0)='/dev/nbd#\x00', 0x0, 0x200)
r4 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20ncci\x00', 0x200000, 0x0)
ioctl$GIO_FONTX(r4, 0x4b6b, &(0x7f0000000100)=""/168)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})
lsetxattr$security_ima(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000240)='security.ima\x00', &(0x7f0000000280)=@md5={0x1, "ff29546a02d9d22f1daad50cb29700e8"}, 0x11, 0x2)

[  675.919370][ T4857] binder: 4854:4857 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  675.923606][ T4840] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  675.969730][ T4840] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  675.988221][ T4868] binder: 4865:4868 ioctl c0306201 20000180 returned -14
[  676.000214][ T4867] binder: BINDER_SET_CONTEXT_MGR already set
[  676.008751][ T4840] IDTR:                           limit=0x00000000, base=0x0000000000000000
21:34:29 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})

[  676.022203][ T4867] binder: 4866:4867 ioctl 40046207 0 returned -16
[  676.032126][ T4868] binder: 4865:4868 ioctl 6685 0 returned -22
[  676.036295][ T4840] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
21:34:29 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  676.073696][ T4871] binder: BINDER_SET_CONTEXT_MGR already set
[  676.079994][ T4840] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  676.093259][ T4867] block nbd0: Device being setup by another task
[  676.110107][ T4871] binder: 4870:4871 ioctl 40046207 0 returned -16
[  676.111312][ T4840] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  676.137854][ T4867] binder: 4866:4867 Acquire 1 refcount change on invalid ref 0 ret -22
[  676.146826][ T4840] Interruptibility = 00000000  ActivityState = 00000000
[  676.161725][ T4840] *** Host State ***
[  676.168439][ T4867] binder: 4866:4867 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  676.179838][ T4840] RIP = 0xffffffff811b3470  RSP = 0xffff888089cf78e0
[  676.192231][ T4869] binder: 4866:4869 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  676.202257][ T4840] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  676.218557][ T4840] FSBase=00007f2034fd5700 GSBase=ffff8880ae900000 TRBase=fffffe0000033000
[  676.242498][ T4840] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[  676.252334][ T4840] CR0=0000000080050033 CR3=000000009bedd000 CR4=00000000001426e0
[  676.269137][ T4840] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87201360
[  676.283506][ T4840] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  676.292492][ T4840] *** Control State ***
[  676.303258][ T4840] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c2
[  676.312382][ T4840] EntryControls=0000d1ff ExitControls=002fefff
[  676.324409][ T4840] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  676.341814][ T4840] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  676.356146][ T4840] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  676.363556][ T4840]         reason=80000021 qualification=0000000000000000
[  676.377670][ T4840] IDTVectoring: info=00000000 errcode=00000000
[  676.384156][ T4840] TSC Offset = 0xfffffe9384175fb4
[  676.393056][ T4840] TPR Threshold = 0x00
[  676.402027][ T4840] EPT pointer = 0x00000000a5a3501e
21:34:30 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040))
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:34:30 executing program 3:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
dup3(r0, r0, 0x80000)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0xfffffffffffffe26, 0x0, &(0x7f0000000140)=ANY=[@ANYRES64=r0], 0x5a, 0x0, 0x0})
ioctl$FS_IOC_ENABLE_VERITY(r0, 0x6685)

21:34:30 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x2, 0x0, 0x0, 0x0, 0x3d}}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195}, 0x48)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:34:30 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:34:30 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00')
sendmsg$IPVS_CMD_GET_CONFIG(r0, &(0x7f0000000400)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x14, r1, 0xb08a6a26c294f015, 0x70bd2a, 0x25dfdbff}, 0x14}}, 0x208800)
r2 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
setxattr$trusted_overlay_redirect(&(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='trusted.overlay.redirect\x00', &(0x7f00000004c0)='./file0\x00', 0x8, 0x3)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
r3 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000500)='/dev/dlm-monitor\x00', 0x80900, 0x0)
write$FUSE_NOTIFY_DELETE(r3, &(0x7f0000000540)={0x42, 0x6, 0x0, {0x0, 0x5, 0x19, 0x0, 'trusted.overlay.redirect\x00'}}, 0x42)
ioctl$sock_FIOGETOWN(0xffffffffffffff9c, 0x8903, &(0x7f0000000040)=<r4=>0x0)
get_robust_list(r4, &(0x7f0000000280)=&(0x7f0000000240)={&(0x7f0000000140)={&(0x7f0000000100)}, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)}}, &(0x7f00000002c0)=0x18)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000300)={0xee, 0x0, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0xfffffffffffffe82, 0x0, &(0x7f00000005c0)=ANY=[@ANYPTR], 0x0, 0x0, 0x0})

[  676.496525][ T4878] binder: 4875:4878 ioctl c0306201 20000180 returned -14
[  676.520233][ T4884] binder: BINDER_SET_CONTEXT_MGR already set
[  676.531469][ T4878] binder: 4875:4878 ioctl 6685 0 returned -22
[  676.538899][ T4880] binder: BINDER_SET_CONTEXT_MGR already set
[  676.545008][ T4884] binder: 4877:4884 ioctl 40046207 0 returned -16
[  676.569154][ T4885] binder: 4879:4885 unknown command 1398165577
[  676.575946][ T4880] binder: 4879:4880 ioctl 40046207 0 returned -16
[  676.584040][ T4884] binder: 4877:4884 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  676.594846][ T4885] binder: 4879:4885 ioctl c0306201 20000300 returned -22
[  676.607757][ T4882] *** Guest State ***
21:34:30 executing program 3:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
dup3(r0, r0, 0x80000)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0xfffffffffffffe26, 0x0, &(0x7f0000000140)=ANY=[@ANYRES64=r0], 0x5a, 0x0, 0x0})

[  676.611756][ T4882] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  676.626347][ T4886] binder: 4877:4886 Acquire 1 refcount change on invalid ref 0 ret -22
[  676.655584][ T4886] binder: 4877:4886 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  676.673635][ T4887] binder: 4877:4887 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  676.682319][ T4882] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  676.712379][ T4882] CR3 = 0x0000000000000000
[  676.721091][ T4889] binder: 4888:4889 ioctl c0306201 20000180 returned -14
[  676.724563][ T4882] RSP = 0x0000000000000000  RIP = 0x000000000000fff0
[  676.742994][ T4882] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  676.750746][ T4882] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  676.770335][ T4882] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  676.788423][ T4882] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  676.798001][ T4882] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  676.806940][ T4882] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  676.815971][ T4882] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  676.824794][ T4882] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  676.833682][ T4882] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  676.842697][ T4882] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  676.851599][ T4882] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  676.860596][ T4882] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  676.869528][ T4882] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  676.876810][ T4882] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  676.885039][ T4882] Interruptibility = 00000000  ActivityState = 00000000
[  676.892097][ T4882] *** Host State ***
[  676.896159][ T4882] RIP = 0xffffffff811b3470  RSP = 0xffff88808b44f8e0
[  676.902956][ T4882] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  676.910212][ T4882] FSBase=00007f2034fd5700 GSBase=ffff8880ae800000 TRBase=fffffe0000003000
[  676.918853][ T4882] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  676.925572][ T4882] CR0=0000000080050033 CR3=000000009bedd000 CR4=00000000001426f0
[  676.933458][ T4882] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87201360
[  676.940980][ T4882] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  676.947853][ T4882] *** Control State ***
[  676.952105][ T4882] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c2
[  676.959773][ T4882] EntryControls=0000d1ff ExitControls=002fefff
[  676.966268][ T4882] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  676.974075][ T4882] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  676.981732][ T4882] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  676.989238][ T4882]         reason=80000021 qualification=0000000000000000
[  676.996498][ T4882] IDTVectoring: info=00000000 errcode=00000000
[  677.002850][ T4882] TSC Offset = 0xfffffe92f62f05d2
[  677.008105][ T4882] TPR Threshold = 0x00
[  677.012349][ T4882] EPT pointer = 0x000000008482101e
21:34:32 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, 0x0, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r3=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r3+30000000}}, 0x0)
readv(r1, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

21:34:32 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:34:32 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:34:32 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00')
sendmsg$IPVS_CMD_GET_CONFIG(r0, &(0x7f0000000400)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x14, r1, 0xb08a6a26c294f015, 0x70bd2a, 0x25dfdbff}, 0x14}}, 0x208800)
r2 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
setxattr$trusted_overlay_redirect(&(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='trusted.overlay.redirect\x00', &(0x7f00000004c0)='./file0\x00', 0x8, 0x3)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
r3 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000500)='/dev/dlm-monitor\x00', 0x80900, 0x0)
write$FUSE_NOTIFY_DELETE(r3, &(0x7f0000000540)={0x42, 0x6, 0x0, {0x0, 0x5, 0x19, 0x0, 'trusted.overlay.redirect\x00'}}, 0x42)
ioctl$sock_FIOGETOWN(0xffffffffffffff9c, 0x8903, &(0x7f0000000040)=<r4=>0x0)
get_robust_list(r4, &(0x7f0000000280)=&(0x7f0000000240)={&(0x7f0000000140)={&(0x7f0000000100)}, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)}}, &(0x7f00000002c0)=0x18)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000300)={0xee, 0x0, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0xfffffffffffffe82, 0x0, &(0x7f00000005c0)=ANY=[@ANYPTR], 0x0, 0x0, 0x0})

21:34:32 executing program 3:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
dup3(r0, r0, 0x80000)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0xfffffffffffffe26, 0x0, &(0x7f0000000140)=ANY=[@ANYRES64=r0], 0x5a, 0x0, 0x0})

21:34:32 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040))
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  678.878177][ T4894] binder: 4890:4894 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  678.893472][ T4895] binder: BINDER_SET_CONTEXT_MGR already set
[  678.900135][ T4900] binder: 4892:4900 ioctl c0306201 20000180 returned -14
21:34:32 executing program 3:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
dup3(r0, r0, 0x80000)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0xfffffffffffffe26, 0x0, &(0x7f0000000140)=ANY=[@ANYRES64=r0], 0x5a, 0x0, 0x0})

[  678.935522][ T4895] binder: 4891:4895 ioctl 40046207 0 returned -16
[  678.946667][ T4894] binder: BINDER_SET_CONTEXT_MGR already set
[  678.963718][ T4903] binder: 4890:4903 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  678.975438][ T4895] binder: 4891:4895 unknown command 1398165577
21:34:32 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  678.982381][ T4895] binder: 4891:4895 ioctl c0306201 20000300 returned -22
[  678.989571][ T4894] binder: 4890:4894 ioctl 40046207 0 returned -16
21:34:32 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
dup3(r0, r0, 0x80000)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0xfffffffffffffe26, 0x0, &(0x7f0000000140)=ANY=[@ANYRES64=r0], 0x5a, 0x0, 0x0})

21:34:32 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040))
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:34:32 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x800, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='/dev/binder#\x00', r1}, 0x10)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

[  679.059883][ T4907] binder: 4906:4907 ioctl c0306201 20000180 returned -14
21:34:32 executing program 3:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0xfffffffffffffe26, 0x0, &(0x7f0000000140)=ANY=[@ANYRES64=r0], 0x5a, 0x0, 0x0})

[  679.166718][ T4913] binder: 4910:4913 ioctl c0306201 20000180 returned -14
[  679.180633][ T4915] binder: 4911:4915 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000055 != 0000000000000000
[  679.235672][ T4915] binder: BINDER_SET_CONTEXT_MGR already set
[  679.247307][ T4919] binder: 4917:4919 ioctl c0306201 20000180 returned -14
[  679.257535][ T4915] binder: 4911:4915 ioctl 40046207 0 returned -16
21:34:35 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, 0x0, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r3=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r3+30000000}}, 0x0)
readv(r1, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

21:34:35 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:34:35 executing program 5:
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio\x00', 0x40000, 0x0)
ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r0, 0xc008551c, &(0x7f0000000140)=ANY=[@ANYBLOB="10000000080080000600000006000000"])
r1 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$EXT4_IOC_GROUP_EXTEND(r1, 0x40086607, &(0x7f0000000040)=0x1fb8)
mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2, 0x80010, r0, 0x28)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

21:34:35 executing program 3:
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0xfffffffffffffe26, 0x0, &(0x7f0000000140)=ANY=[@ANYRES64], 0x5a, 0x0, 0x0})

21:34:35 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000340)='/dev/binder#\x00', 0x0, 0x2)
r1 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vfio/vfio\x00', 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x7, @loopback, 0x9}], 0x1c)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r2 = syz_open_dev$adsp(&(0x7f0000000140)='/dev/adsp#\x00', 0x400, 0x1)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(r2, 0x84, 0x1c, &(0x7f0000000240), &(0x7f00000001c0)=0x4)
nanosleep(&(0x7f0000000300)={0x0, 0x1c9c380}, &(0x7f0000000380))
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0963047acb6857b4c84006"], 0x0, 0x0, 0x0})
syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x40, 0x0)
ioctl$TUNDETACHFILTER(r2, 0x401054d6, 0x0)
write$FUSE_NOTIFY_POLL(r2, &(0x7f0000000100)={0xfdaf, 0x1, 0x0, {0x634}}, 0xffffffffffffffa5)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:34:35 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c12")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:34:35 executing program 3:
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0xfffffffffffffe26, 0x0, &(0x7f0000000140)=ANY=[@ANYRES64], 0x5a, 0x0, 0x0})

[  682.015994][ T4927] binder: BINDER_SET_CONTEXT_MGR already set
[  682.039053][ T4928] binder: 4923:4928 unknown command 2047107849
[  682.047094][ T4927] binder: 4921:4927 ioctl 40046207 0 returned -16
[  682.058090][ T4928] binder: 4923:4928 ioctl c0306201 20000000 returned -22
21:34:35 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  682.084390][ T4926] *** Guest State ***
[  682.090767][ T4928] binder: 4923:4928 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  682.098435][ T4926] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  682.120718][ T4927] binder: 4921:4927 ioctl 40086607 20000040 returned -22
[  682.126311][ T4934] binder: BINDER_SET_CONTEXT_MGR already set
[  682.141562][ T4926] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  682.175294][ T4934] binder: 4923:4934 ioctl 40046207 0 returned -16
[  682.181822][ T4926] CR3 = 0x0000000000000000
21:34:35 executing program 5:
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio\x00', 0x40000, 0x0)
ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r0, 0xc008551c, &(0x7f0000000140)=ANY=[@ANYBLOB="10000000080080000600000006000000"])
r1 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$EXT4_IOC_GROUP_EXTEND(r1, 0x40086607, &(0x7f0000000040)=0x1fb8)
mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2, 0x80010, r0, 0x28)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

21:34:35 executing program 3:
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0xfffffffffffffe26, 0x0, &(0x7f0000000140)=ANY=[@ANYRES64], 0x5a, 0x0, 0x0})

[  682.186579][ T4926] RSP = 0x0000000000000000  RIP = 0x000000000000fff0
[  682.205276][ T4926] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  682.205827][ T4928] binder: 4923:4928 unknown command 2047107849
[  682.213095][ T4942] binder: 4923:4942 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
21:34:35 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c12")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  682.232865][ T4926] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  682.232880][ T4926] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  682.232900][ T4926] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  682.232918][ T4926] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  682.232934][ T4926] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  682.232952][ T4926] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  682.232969][ T4926] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
21:34:36 executing program 5:
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio\x00', 0x40000, 0x0)
ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r0, 0xc008551c, &(0x7f0000000140)=ANY=[@ANYBLOB="10000000080080000600000006000000"])
r1 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$EXT4_IOC_GROUP_EXTEND(r1, 0x40086607, &(0x7f0000000040)=0x1fb8)
mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2, 0x80010, r0, 0x28)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

[  682.232982][ T4926] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  682.233001][ T4926] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  682.233015][ T4926] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  682.233033][ T4926] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  682.233044][ T4926] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  682.233056][ T4926] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  682.233065][ T4926] Interruptibility = 00000000  ActivityState = 00000000
[  682.233070][ T4926] *** Host State ***
[  682.233082][ T4926] RIP = 0xffffffff811b3470  RSP = 0xffff8880584978e0
[  682.233104][ T4926] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  682.233115][ T4926] FSBase=00007f2034fd5700 GSBase=ffff8880ae800000 TRBase=fffffe0000003000
[  682.233125][ T4926] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  682.233139][ T4926] CR0=0000000080050033 CR3=000000009181a000 CR4=00000000001426f0
[  682.233154][ T4926] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87201360
[  682.233166][ T4926] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  682.233171][ T4926] *** Control State ***
[  682.233179][ T4926] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c2
[  682.233187][ T4926] EntryControls=0000d1ff ExitControls=002fefff
[  682.233199][ T4926] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  682.233206][ T4926] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  682.233214][ T4926] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  682.233220][ T4926]         reason=80000021 qualification=0000000000000000
[  682.233227][ T4926] IDTVectoring: info=00000000 errcode=00000000
[  682.233233][ T4926] TSC Offset = 0xfffffe9009843cbe
[  682.233238][ T4926] TPR Threshold = 0x00
[  682.233246][ T4926] EPT pointer = 0x0000000091a2c01e
[  682.273526][ T4928] binder: 4923:4928 ioctl c0306201 20000000 returned -22
[  682.284261][ T4945] binder: 4944:4945 ioctl 40086607 20000040 returned -22
[  682.442008][ T4950] binder: 4949:4950 ioctl 40086607 20000040 returned -22
21:34:38 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080), &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r3=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r3+30000000}}, 0x0)
readv(r1, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

21:34:38 executing program 5:
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio\x00', 0x40000, 0x0)
ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r0, 0xc008551c, &(0x7f0000000140)=ANY=[@ANYBLOB="10000000080080000600000006000000"])
r1 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$EXT4_IOC_GROUP_EXTEND(r1, 0x40086607, &(0x7f0000000040)=0x1fb8)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

21:34:38 executing program 3:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0xfffffffffffffe26, 0x0, &(0x7f0000000140)=ANY=[@ANYRES64=r0], 0x5a, 0x0, 0x0})

21:34:38 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0xfffffffffffffe5c, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:34:38 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:34:38 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c12")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  685.117241][ T4960] binder: BINDER_SET_CONTEXT_MGR already set
[  685.134861][ T4960] binder: 4958:4960 ioctl 40046207 0 returned -16
21:34:38 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0xfffffffffffffe5c, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:34:38 executing program 3:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0xfffffffffffffe26, 0x0, &(0x7f0000000140)=ANY=[@ANYRES64=r0], 0x5a, 0x0, 0x0})

[  685.161804][ T4960] binder: 4958:4960 Acquire 1 refcount change on invalid ref 0 ret -22
[  685.190959][ T4960] binder: 4958:4960 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  685.227180][ T4962] *** Guest State ***
[  685.229040][ T4966] binder: 4958:4966 ioctl 40086607 20000040 returned -22
[  685.231212][ T4962] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  685.231246][ T4962] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  685.231253][ T4962] CR3 = 0x0000000000000000
[  685.231267][ T4962] RSP = 0x0000000000000000  RIP = 0x000000000000fff0
[  685.231299][ T4962] RFLAGS=0x00000002         DR7 = 0x0000000000000400
21:34:38 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:34:38 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0xfffffffffffffe5c, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

[  685.281383][ T4960] binder: 4958:4960 IncRefs 0 refcount change on invalid ref 0 ret -22
21:34:38 executing program 3:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0xfffffffffffffe26, 0x0, &(0x7f0000000140)=ANY=[@ANYRES64=r0], 0x5a, 0x0, 0x0})

21:34:39 executing program 5:
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio\x00', 0x40000, 0x0)
ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r0, 0xc008551c, &(0x7f0000000140)=ANY=[@ANYBLOB="10000000080080000600000006000000"])
r1 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$EXT4_IOC_GROUP_EXTEND(r1, 0x40086607, &(0x7f0000000040)=0x1fb8)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

[  685.450378][ T4962] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  685.479630][ T4962] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  685.496037][ T4977] binder: 4976:4977 ioctl 40086607 20000040 returned -22
[  685.510974][ T4962] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  685.545284][ T4962] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  685.554025][ T4962] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  685.563862][ T4962] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  685.572992][ T4962] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  685.582034][ T4962] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  685.591170][ T4962] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  685.600283][ T4962] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  685.609342][ T4962] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  685.618370][ T4962] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  685.625996][ T4962] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  685.634308][ T4962] Interruptibility = 00000000  ActivityState = 00000000
[  685.641771][ T4962] *** Host State ***
[  685.646268][ T4962] RIP = 0xffffffff811b3470  RSP = 0xffff888052bd78e0
[  685.653095][ T4962] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  685.660861][ T4962] FSBase=00007f2034fd5700 GSBase=ffff8880ae800000 TRBase=fffffe0000003000
[  685.669782][ T4962] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  685.676795][ T4962] CR0=0000000080050033 CR3=00000000a5bd4000 CR4=00000000001426f0
[  685.684645][ T4962] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87201360
[  685.692534][ T4962] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  685.699711][ T4962] *** Control State ***
[  685.703994][ T4962] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c2
[  685.711833][ T4962] EntryControls=0000d1ff ExitControls=002fefff
[  685.718459][ T4962] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  685.726496][ T4962] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  685.734003][ T4962] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  685.741758][ T4962]         reason=80000021 qualification=0000000000000000
[  685.749176][ T4962] IDTVectoring: info=00000000 errcode=00000000
[  685.755753][ T4962] TSC Offset = 0xfffffe8e5bcb49a3
[  685.760907][ T4962] TPR Threshold = 0x00
[  685.765099][ T4962] EPT pointer = 0x00000000a95b101e
21:34:41 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080), &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r3=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r3+30000000}}, 0x0)
readv(r1, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

21:34:41 executing program 3:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0xfffffffffffffe26, 0x0, &(0x7f0000000140)=ANY=[@ANYRES64=r0], 0x5a, 0x0, 0x0})

21:34:41 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})

21:34:41 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x10, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:34:41 executing program 5:
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio\x00', 0x40000, 0x0)
ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r0, 0xc008551c, &(0x7f0000000140)=ANY=[@ANYBLOB="10000000080080000600000006000000"])
r1 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

21:34:41 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:34:41 executing program 5:
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio\x00', 0x40000, 0x0)
ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r0, 0xc008551c, &(0x7f0000000140)=ANY=[@ANYBLOB="10000000080080000600000006000000"])
r1 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

21:34:41 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})

21:34:41 executing program 3:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0xfffffffffffffe26, 0x0, &(0x7f0000000140)=ANY=[@ANYRES64=r0], 0x5a, 0x0, 0x0})

[  688.306786][ T4987] *** Guest State ***
[  688.324103][ T4987] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
21:34:41 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x10, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  688.369749][ T4987] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  688.392768][ T4994] binder: 4992:4994 Acquire 1 refcount change on invalid ref 0 ret -22
[  688.401523][ T4987] CR3 = 0x0000000000000000
[  688.406375][ T4994] binder: 4992:4994 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
21:34:42 executing program 5:
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio\x00', 0x40000, 0x0)
ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r0, 0xc008551c, &(0x7f0000000140)=ANY=[@ANYBLOB="10000000080080000600000006000000"])
r1 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

[  688.427655][ T4987] RSP = 0x0000000000000000  RIP = 0x000000000000fff0
[  688.441658][ T4987] RFLAGS=0x00000002         DR7 = 0x0000000000000400
21:34:42 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})

[  688.472623][ T4987] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  688.502913][ T4987] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  688.528956][ T4987] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  688.545424][ T5001] binder: 5000:5001 Acquire 1 refcount change on invalid ref 0 ret -22
[  688.553867][ T4987] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  688.563749][ T5001] binder: 5000:5001 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  688.572163][ T4987] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  688.612125][ T4987] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  688.643016][ T4987] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  688.657603][ T4987] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  688.667818][ T4987] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  688.681671][ T4987] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  688.691535][ T4987] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  688.700439][ T4987] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  688.700452][ T4987] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  688.700463][ T4987] Interruptibility = 00000000  ActivityState = 00000000
[  688.700467][ T4987] *** Host State ***
[  688.700480][ T4987] RIP = 0xffffffff811b3470  RSP = 0xffff8880858878e0
[  688.700504][ T4987] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  688.700522][ T4987] FSBase=00007f2034fd5700 GSBase=ffff8880ae900000 TRBase=fffffe0000033000
[  688.722976][ T4987] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[  688.741125][ T4987] CR0=0000000080050033 CR3=000000009f1ac000 CR4=00000000001426e0
[  688.763893][ T4987] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87201360
[  688.771493][ T4987] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  688.778497][ T4987] *** Control State ***
[  688.782790][ T4987] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c2
[  688.790327][ T4987] EntryControls=0000d1ff ExitControls=002fefff
[  688.796686][ T4987] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  688.804448][ T4987] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  688.811992][ T4987] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  688.820388][ T4987]         reason=80000021 qualification=0000000000000000
[  688.827599][ T4987] IDTVectoring: info=00000000 errcode=00000000
[  688.833881][ T4987] TSC Offset = 0xfffffe8cafab7c07
[  688.839089][ T4987] TPR Threshold = 0x00
[  688.843274][ T4987] EPT pointer = 0x000000008cb3101e
21:34:44 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})

21:34:44 executing program 3:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0xfffffffffffffe26, 0x0, &(0x7f0000000140)=ANY=[@ANYRES64=r0], 0x5a, 0x0, 0x0})

21:34:44 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x10, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:34:44 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080), &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r3=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r3+30000000}}, 0x0)
readv(r1, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

21:34:44 executing program 5:
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio\x00', 0x40000, 0x0)
ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r0, 0xc008551c, &(0x7f0000000140)=ANY=[@ANYBLOB="10000000080080000600000006000000"])
r1 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

21:34:44 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:34:45 executing program 0:
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})

[  691.370931][ T5009] *** Guest State ***
[  691.386585][ T5009] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
21:34:45 executing program 3:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)

21:34:45 executing program 5:
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio\x00', 0x40000, 0x0)
ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r0, 0xc008551c, &(0x7f0000000140)=ANY=[@ANYBLOB="10000000080080000600000006000000"])
r1 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

21:34:45 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, 0xffffffffffffffff, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  691.425663][ T5009] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  691.453934][ T5009] CR3 = 0x0000000000000000
[  691.478961][ T5009] RSP = 0x0000000000000000  RIP = 0x000000000000fff0
[  691.494115][ T5018] binder: 5017:5018 ioctl c0306201 0 returned -14
[  691.506478][ T5009] RFLAGS=0x00000002         DR7 = 0x0000000000000400
21:34:45 executing program 0:
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})

21:34:45 executing program 3:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)

[  691.533212][ T5009] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  691.563083][ T5009] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
21:34:45 executing program 5:
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio\x00', 0x40000, 0x0)
ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r0, 0xc008551c, &(0x7f0000000140)=ANY=[@ANYBLOB="10000000080080000600000006000000"])
r1 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

[  691.599175][ T5009] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  691.615563][ T5009] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
21:34:45 executing program 0:
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})

21:34:45 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, 0xffffffffffffffff, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  691.667332][ T5009] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  691.686749][ T5028] binder: 5026:5028 ioctl c0306201 0 returned -14
[  691.700804][ T5009] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  691.731481][ T5009] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  691.746081][ T5031] binder: 5027:5031 Acquire 1 refcount change on invalid ref 0 ret -22
[  691.761395][ T5009] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  691.771129][ T5031] binder: 5027:5031 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  691.788007][ T5009] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  691.801913][ T5034] binder: 5027:5034 IncRefs 0 refcount change on invalid ref 0 ret -22
[  691.810675][ T5009] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  691.831904][ T5009] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  691.853357][ T5009] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  691.870943][ T5009] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  691.885433][ T5009] Interruptibility = 00000000  ActivityState = 00000000
[  691.911703][ T5009] *** Host State ***
[  691.925633][ T5009] RIP = 0xffffffff811b3470  RSP = 0xffff88805171f8e0
[  691.945742][ T5009] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  691.953721][ T5009] FSBase=00007f2034fd5700 GSBase=ffff8880ae900000 TRBase=fffffe0000033000
[  691.968989][ T5009] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[  691.977915][ T5009] CR0=0000000080050033 CR3=000000008fc68000 CR4=00000000001426e0
[  691.990242][ T5009] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87201360
[  691.999791][ T5009] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  692.010956][ T5009] *** Control State ***
[  692.015277][ T5009] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c2
[  692.022842][ T5009] EntryControls=0000d1ff ExitControls=002fefff
[  692.035826][ T5009] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  692.043463][ T5009] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  692.058504][ T5009] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  692.069616][ T5009]         reason=80000021 qualification=0000000000000000
[  692.079975][ T5009] IDTVectoring: info=00000000 errcode=00000000
[  692.089633][ T5009] TSC Offset = 0xfffffe8b0c61ec81
[  692.094666][ T5009] TPR Threshold = 0x00
[  692.101983][ T5009] EPT pointer = 0x00000000872f301e
21:34:48 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, 0x0)
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r3=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r3+30000000}}, 0x0)
readv(r1, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

21:34:48 executing program 3:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)

21:34:48 executing program 0:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})

21:34:48 executing program 5:
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio\x00', 0x40000, 0x0)
ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r0, 0xc008551c, &(0x7f0000000140)=ANY=[@ANYBLOB="10000000080080000600000006000000"])
r1 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

21:34:48 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, 0xffffffffffffffff, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:34:48 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  694.456687][ T5041] binder: 5040:5041 ioctl c0306201 0 returned -14
[  694.460134][ T5046] binder: 5038:5046 Acquire 1 refcount change on invalid ref 0 ret -22
21:34:48 executing program 0:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})

[  694.520875][ T5046] binder: 5038:5046 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  694.523739][ T5043] *** Guest State ***
[  694.542501][ T5049] binder: 5038:5049 IncRefs 0 refcount change on invalid ref 0 ret -22
[  694.556897][ T5043] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
21:34:48 executing program 3:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

[  694.577353][ T5043] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  694.594594][ T5043] CR3 = 0x0000000000000000
21:34:48 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  694.626082][ T5043] RSP = 0x0000000000000000  RIP = 0x000000000000fff0
[  694.648560][ T5043] RFLAGS=0x00000002         DR7 = 0x0000000000000400
21:34:48 executing program 5:
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio\x00', 0x40000, 0x0)
ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r0, 0xc008551c, &(0x7f0000000140)=ANY=[@ANYBLOB="10000000080080000600000006000000"])
r1 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

21:34:48 executing program 0:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})

21:34:48 executing program 3:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

[  694.671013][ T5043] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  694.691259][ T5043] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  694.728360][ T5043] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  694.753731][ T5061] binder: 5060:5061 Acquire 1 refcount change on invalid ref 0 ret -22
[  694.768169][ T5043] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  694.786849][ T5061] binder: 5060:5061 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  694.794678][ T5043] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  694.810437][ T5043] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  694.822821][ T5062] binder: 5060:5062 IncRefs 0 refcount change on invalid ref 0 ret -22
[  694.839052][ T5043] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  694.851770][ T5043] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  694.881687][ T5043] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  694.904884][ T5043] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  694.925652][ T5043] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  694.934566][ T5043] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  694.949014][ T5043] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  694.960500][ T5043] Interruptibility = 00000000  ActivityState = 00000000
[  694.972227][ T5043] *** Host State ***
[  694.979875][ T5043] RIP = 0xffffffff811b3470  RSP = 0xffff8880598878e0
[  694.990300][ T5043] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  695.001231][ T5043] FSBase=00007f2034fd5700 GSBase=ffff8880ae900000 TRBase=fffffe0000033000
[  695.013710][ T5043] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[  695.024237][ T5043] CR0=0000000080050033 CR3=000000009cff5000 CR4=00000000001426e0
[  695.035803][ T5043] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87201360
[  695.043356][ T5043] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  695.057444][ T5043] *** Control State ***
[  695.061801][ T5043] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c2
[  695.074038][ T5043] EntryControls=0000d1ff ExitControls=002fefff
[  695.082863][ T5043] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  695.098804][ T5043] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  695.110238][ T5043] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  695.120365][ T5043]         reason=80000021 qualification=0000000000000000
[  695.132422][ T5043] IDTVectoring: info=00000000 errcode=00000000
[  695.141359][ T5043] TSC Offset = 0xfffffe895be28d1e
[  695.151219][ T5043] TPR Threshold = 0x00
[  695.158036][ T5043] EPT pointer = 0x000000009d9f101e
21:34:51 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})

21:34:51 executing program 3:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

21:34:51 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:34:51 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, 0x0)
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r3=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r3+30000000}}, 0x0)
readv(r1, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

21:34:51 executing program 5:
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio\x00', 0x40000, 0x0)
ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r0, 0xc008551c, &(0x7f0000000140)=ANY=[@ANYBLOB="10000000080080000600000006000000"])
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

21:34:51 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b0")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  697.625746][ T5070] binder: 5067:5070 Acquire 1 refcount change on invalid ref 0 ret -22
21:34:51 executing program 3:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)=ANY=[], 0x0, 0x0, 0x0})

21:34:51 executing program 5:
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio\x00', 0x40000, 0x0)
ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r0, 0xc008551c, &(0x7f0000000140)=ANY=[@ANYBLOB="10000000080080000600000006000000"])
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

[  697.666607][ T5072] *** Guest State ***
[  697.670884][ T5070] binder: 5067:5070 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  697.675243][ T5072] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
21:34:51 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  697.730193][ T5072] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  697.764019][ T5072] CR3 = 0x0000000000000000
21:34:51 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})

[  697.782439][ T5072] RSP = 0x0000000000000000  RIP = 0x000000000000fff0
[  697.809983][ T5072] RFLAGS=0x00000002         DR7 = 0x0000000000000400
21:34:51 executing program 3:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)=ANY=[], 0x0, 0x0, 0x0})

[  697.830506][ T5072] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
21:34:51 executing program 5:
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio\x00', 0x40000, 0x0)
ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r0, 0xc008551c, &(0x7f0000000140)=ANY=[@ANYBLOB="10000000080080000600000006000000"])
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

[  697.857999][ T5072] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  697.858201][ T5083] binder: 5082:5083 Acquire 1 refcount change on invalid ref 0 ret -22
[  697.898461][ T5072] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  697.900233][ T5083] binder: 5082:5083 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  697.932176][ T5072] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
21:34:51 executing program 3:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)=ANY=[], 0x0, 0x0, 0x0})

21:34:51 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})

[  697.959008][ T5072] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  697.986634][ T5072] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
21:34:51 executing program 5:
openat$audio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio\x00', 0x40000, 0x0)
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

[  698.020470][ T5072] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  698.034885][ T5092] binder: 5090:5092 Acquire 1 refcount change on invalid ref 0 ret -22
[  698.054144][ T5092] binder: 5090:5092 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  698.073260][ T5072] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  698.096110][ T5072] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  698.120525][ T5072] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  698.138231][ T5072] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  698.165035][ T5072] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  698.173145][ T5072] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  698.181673][ T5072] Interruptibility = 00000000  ActivityState = 00000000
[  698.188806][ T5072] *** Host State ***
[  698.192849][ T5072] RIP = 0xffffffff811b3470  RSP = 0xffff88808c86f8e0
[  698.200072][ T5072] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  698.207394][ T5072] FSBase=00007f2034fd5700 GSBase=ffff8880ae900000 TRBase=fffffe0000003000
[  698.216057][ T5072] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  698.222785][ T5072] CR0=0000000080050033 CR3=000000009a3f4000 CR4=00000000001426e0
[  698.230701][ T5072] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87201360
[  698.238267][ T5072] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  698.245116][ T5072] *** Control State ***
[  698.249449][ T5072] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c2
[  698.257014][ T5072] EntryControls=0000d1ff ExitControls=002fefff
[  698.263271][ T5072] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  698.271049][ T5072] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  698.278572][ T5072] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  698.286018][ T5072]         reason=80000021 qualification=0000000000000000
[  698.293147][ T5072] IDTVectoring: info=00000000 errcode=00000000
[  698.299847][ T5072] TSC Offset = 0xfffffe87ac8a1757
[  698.305067][ T5072] TPR Threshold = 0x00
[  698.309458][ T5072] EPT pointer = 0x000000009728e01e
21:34:54 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, 0x0)
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r3=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r3+30000000}}, 0x0)
readv(r1, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

21:34:54 executing program 3:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0xfffffffffffffe26, 0x0, &(0x7f0000000140)=ANY=[@ANYRES64], 0x5a, 0x0, 0x0})

21:34:54 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[], 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:34:54 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})

21:34:54 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

21:34:54 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b0")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  700.710903][ T5101] binder: BINDER_SET_CONTEXT_MGR already set
[  700.724511][ T5106] binder: 5100:5106 ioctl c0306201 20000180 returned -14
[  700.755386][ T5101] binder: 5099:5101 ioctl 40046207 0 returned -16
[  700.768487][ T5103] *** Guest State ***
[  700.785245][ T5103] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
21:34:54 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})

21:34:54 executing program 3:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0xfffffffffffffe26, 0x0, &(0x7f0000000140)=ANY=[@ANYRES64], 0x5a, 0x0, 0x0})

[  700.799436][ T5108] binder: 5099:5108 Acquire 1 refcount change on invalid ref 0 ret -22
[  700.807964][ T5103] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  700.807980][ T5103] CR3 = 0x0000000000000000
[  700.835370][ T5103] RSP = 0x0000000000000000  RIP = 0x000000000000fff0
[  700.842275][ T5103] RFLAGS=0x00000002         DR7 = 0x0000000000000400
21:34:54 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[], 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  700.849721][ T5101] binder: 5099:5101 IncRefs 0 refcount change on invalid ref 0 ret -22
[  700.865409][ T5103] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  700.880758][ T5103] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
21:34:54 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

[  700.899833][ T5103] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  700.909064][ T5108] binder: 5099:5108 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  700.935355][ T5103] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  700.975529][ T5103] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  700.995285][ T5103] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  701.004148][ T5103] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  701.025268][ T5103] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  701.055390][ T5103] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  701.104441][ T5103] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  701.119633][ T5117] binder: 5111:5117 ioctl c0306201 20000180 returned -14
21:34:54 executing program 5:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

21:34:54 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000), 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
capset(0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
wait4(0x0, 0x0, 0x0, 0x0)

[  701.164235][ T5103] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  701.215323][ T5103] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  701.235356][ T5103] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  701.255999][ T5103] Interruptibility = 00000000  ActivityState = 00000000
[  701.285289][ T5103] *** Host State ***
[  701.289332][ T5103] RIP = 0xffffffff811b3470  RSP = 0xffff88805171f8e0
[  701.305570][ T5103] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  701.316951][ T5103] FSBase=00007f2034fd5700 GSBase=ffff8880ae800000 TRBase=fffffe0000033000
[  701.337118][ T5103] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[  701.343905][ T5103] CR0=0000000080050033 CR3=000000009a3f4000 CR4=00000000001426f0
[  701.358206][ T5103] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87201360
[  701.369992][ T5103] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  701.381509][ T5103] *** Control State ***
[  701.389501][ T5103] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c2
[  701.400855][ T5103] EntryControls=0000d1ff ExitControls=002fefff
[  701.410939][ T5103] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  701.422740][ T5103] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  701.443581][ T5103] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  701.455030][ T5103]         reason=80000021 qualification=0000000000000000
[  701.469470][ T5103] IDTVectoring: info=00000000 errcode=00000000
[  701.478394][ T5103] TSC Offset = 0xfffffe860351f52c
[  701.483562][ T5103] TPR Threshold = 0x00
[  701.492831][ T5103] EPT pointer = 0x000000008c1d201e
21:34:57 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}}, 0x0)
readv(r1, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

21:34:57 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})

21:34:57 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[], 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:34:57 executing program 5:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

21:34:57 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000), 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
capset(0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
wait4(0x0, 0x0, 0x0, 0x0)

21:34:57 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b0")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:34:57 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)

21:34:57 executing program 5:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

[  703.928709][ T5128] *** Guest State ***
[  703.954402][ T5128] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  703.977396][ T5140] binder: 5138:5140 ioctl c0306201 0 returned -14
[  703.994615][ T5128] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
21:34:57 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB], 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  704.009355][ T5128] CR3 = 0x0000000000000000
[  704.016714][ T5128] RSP = 0x0000000000000000  RIP = 0x000000000000fff0
21:34:57 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)

21:34:57 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

21:34:57 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000), 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
capset(0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
wait4(0x0, 0x0, 0x0, 0x0)

[  704.055440][ T5128] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  704.073800][ T5128] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  704.098359][ T5128] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  704.138446][ T5128] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  704.148078][ T5148] binder: 5145:5148 ioctl c0306201 0 returned -14
[  704.158965][ T5128] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  704.168793][ T5147] binder: 5146:5147 Acquire 1 refcount change on invalid ref 0 ret -22
[  704.196050][ T5128] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  704.213279][ T5147] binder: 5146:5147 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  704.231696][ T5128] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  704.255719][ T5128] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  704.273128][ T5152] binder: 5146:5152 IncRefs 0 refcount change on invalid ref 0 ret -22
[  704.282229][ T5128] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  704.291378][ T5128] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  704.314800][ T5128] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  704.341018][ T5128] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  704.361875][ T5128] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  704.378224][ T5128] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  704.393199][ T5128] Interruptibility = 00000000  ActivityState = 00000000
[  704.400226][ T5128] *** Host State ***
[  704.404316][ T5128] RIP = 0xffffffff811b3470  RSP = 0xffff88805be6f8e0
[  704.418502][ T5128] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  704.429008][ T5128] FSBase=00007f2034fd5700 GSBase=ffff8880ae900000 TRBase=fffffe0000033000
[  704.441910][ T5128] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[  704.452029][ T5128] CR0=0000000080050033 CR3=000000008cdcb000 CR4=00000000001426e0
[  704.463214][ T5128] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87201360
[  704.474104][ T5128] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  704.484805][ T5128] *** Control State ***
[  704.492769][ T5128] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c2
[  704.504028][ T5128] EntryControls=0000d1ff ExitControls=002fefff
[  704.513693][ T5128] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  704.524830][ T5128] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  704.535949][ T5128] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  704.543244][ T5128]         reason=80000021 qualification=0000000000000000
[  704.557085][ T5128] IDTVectoring: info=00000000 errcode=00000000
[  704.563249][ T5128] TSC Offset = 0xfffffe84533636ab
[  704.577124][ T5128] TPR Threshold = 0x00
[  704.581217][ T5128] EPT pointer = 0x00000000a945101e
21:35:00 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}}, 0x0)
readv(r1, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

21:35:00 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)

21:35:00 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB], 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:35:00 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

21:35:00 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000), 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
capset(0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
wait4(0x0, 0x0, 0x0, 0x0)

21:35:00 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:35:00 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  706.979284][ T5157] binder: 5153:5157 ioctl c0306201 0 returned -14
21:35:00 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

21:35:00 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:35:00 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

21:35:00 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB], 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:35:00 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000), 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
capset(0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

[  707.200392][ T5174] binder: 5169:5174 IncRefs 0 refcount change on invalid ref 0 ret -22
21:35:03 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}}, 0x0)
readv(r1, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

21:35:03 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:35:03 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

21:35:03 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

21:35:03 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000), 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
capset(0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

21:35:03 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b800000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x35)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  710.124294][ T5188] binder: 5179:5188 IncRefs 0 refcount change on invalid ref 0 ret -22
21:35:03 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:35:03 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

21:35:03 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

21:35:03 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b800000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x35)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:35:03 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000), 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
capset(0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180))

21:35:03 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0})

[  710.353144][ T5200] binder: 5199:5200 IncRefs 0 refcount change on invalid ref 0 ret -22
21:35:06 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, 0x0, 0x0)
readv(r1, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

21:35:06 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:35:06 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

21:35:06 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b800000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x35)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:35:06 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0})

21:35:06 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000), 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
capset(0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180))

21:35:06 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:35:06 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0})

[  713.287049][ T5212] binder: 5205:5212 ioctl c0306201 0 returned -14
[  713.311237][ T5212] binder: 5205:5212 IncRefs 0 refcount change on invalid ref 0 ret -22
21:35:07 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

21:35:07 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000), 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
capset(0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180))

21:35:07 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b8000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x4f)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:35:07 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0})

[  713.523582][ T5225] binder: 5224:5225 ioctl c0306201 0 returned -14
[  713.558250][ T5225] binder: 5224:5225 IncRefs 0 refcount change on invalid ref 0 ret -22
21:35:09 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, 0x0, 0x0)
readv(r1, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

21:35:09 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:35:09 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0})

21:35:09 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

21:35:09 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b8000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x4f)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:35:09 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000), 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
capset(0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)

[  716.420909][ T5242] binder: 5233:5242 ioctl c0306201 0 returned -14
21:35:10 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0})

[  716.465932][ T5242] binder: 5233:5242 IncRefs 0 refcount change on invalid ref 0 ret -22
21:35:10 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b8000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x4f)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:35:10 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

21:35:10 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:35:10 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x9, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e"], 0x0, 0x0, 0x0})

21:35:10 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000), 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
capset(0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)

[  716.634047][ T5254] binder: 5251:5254 IncRefs 0 refcount change on invalid ref 0 ret -22
[  716.693418][ T5257] binder: 5255:5257 unknown command 14
[  716.716641][ T5257] binder: 5255:5257 ioctl c0306201 20000000 returned -22
21:35:13 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, 0x0, 0x0)
readv(r1, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

21:35:13 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:35:13 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

21:35:13 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b800000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000"], 0x5c)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:35:13 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x9, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e"], 0x0, 0x0, 0x0})

21:35:13 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000), 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
capset(0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)

[  719.547918][ T5266] binder: 5262:5266 unknown command 14
[  719.576968][ T5266] binder: 5262:5266 ioctl c0306201 20000000 returned -22
21:35:13 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

21:35:13 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x9, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e"], 0x0, 0x0, 0x0})

21:35:13 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:35:13 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000), 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

21:35:13 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b800000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000"], 0x5c)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  719.676706][ T5275] binder: 5274:5275 IncRefs 0 refcount change on invalid ref 0 ret -22
21:35:13 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

[  719.806037][ T5283] binder: 5279:5283 unknown command 14
[  719.827268][ T5283] binder: 5279:5283 ioctl c0306201 20000000 returned -22
[  719.926048][ T5286] binder: 5285:5286 IncRefs 0 refcount change on invalid ref 0 ret -22
21:35:16 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x0}}, 0x0)
readv(r1, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

21:35:16 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:35:16 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b800000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000"], 0x5c)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:35:16 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0xd, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c4000"], 0x0, 0x0, 0x0})

21:35:16 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000), 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

21:35:16 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

[  722.725375][ T5294] binder: 5291:5294 IncRefs 0 refcount change on invalid ref 0 ret -22
21:35:16 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:35:16 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x9, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e"], 0x0, 0x0, 0x0})

21:35:16 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

21:35:16 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000"], 0x63)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  722.845790][ T5303] binder: 5302:5303 unknown command 14
[  722.862785][ T5303] binder: 5302:5303 ioctl c0306201 20000000 returned -22
21:35:16 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000), 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

21:35:16 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x9, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e"], 0x0, 0x0, 0x0})

[  722.917151][ T5307] binder: 5304:5307 IncRefs 0 refcount change on invalid ref 0 ret -22
[  723.056607][ T5312] binder: 5311:5312 unknown command 14
[  723.070681][ T5312] binder: 5311:5312 ioctl c0306201 20000000 returned -22
21:35:19 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x0}}, 0x0)
readv(r1, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

21:35:19 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

21:35:19 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:35:19 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000"], 0x63)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:35:19 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x9, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e"], 0x0, 0x0, 0x0})

21:35:19 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000), 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

[  725.786704][ T5322] binder: 5318:5322 IncRefs 0 refcount change on invalid ref 0 ret -22
21:35:19 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

21:35:19 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:35:19 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0xb, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c"], 0x0, 0x0, 0x0})

21:35:19 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000), 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

21:35:19 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000"], 0x63)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  725.976358][ T5332] binder: 5331:5332 IncRefs 0 refcount change on invalid ref 0 ret -22
[  725.984886][ T5334] binder: 5333:5334 unknown command 811790
[  726.007284][ T5334] binder: 5333:5334 ioctl c0306201 20000000 returned -22
21:35:19 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

[  726.140336][ T5342] binder: 5341:5342 IncRefs 0 refcount change on invalid ref 0 ret -22
21:35:22 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x0}}, 0x0)
readv(r1, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

21:35:22 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x10, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:35:22 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0xb, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c"], 0x0, 0x0, 0x0})

21:35:22 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x9, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

21:35:22 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000"], 0x66)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:35:22 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000), 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  728.895936][ T5345] binder: 5344:5345 unknown command 811790
[  728.927643][ T5351] binder: 5349:5351 unknown command 14
21:35:22 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000), 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

21:35:22 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x10, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  728.965273][ T5345] binder: 5344:5345 ioctl c0306201 20000000 returned -22
[  728.970683][ T5351] binder: 5349:5351 ioctl c0306201 20000000 returned -22
21:35:22 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0xb, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c"], 0x0, 0x0, 0x0})

21:35:22 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000"], 0x66)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:35:22 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x9, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

21:35:22 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000), 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  729.117156][ T5361] binder: 5357:5361 unknown command 811790
[  729.141365][ T5361] binder: 5357:5361 ioctl c0306201 20000000 returned -22
[  729.226381][ T5367] binder: 5365:5367 Acquire 1 refcount change on invalid ref 0 ret -22
[  729.244308][ T5367] binder: 5365:5367 unknown command 14
[  729.250069][ T5367] binder: 5365:5367 ioctl c0306201 20000000 returned -22
[  729.266909][ T5367] binder: 5365:5367 IncRefs 0 refcount change on invalid ref 0 ret -22
21:35:25 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r3=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r3+30000000}}, 0x0)
readv(0xffffffffffffffff, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

21:35:25 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0xc, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c40"], 0x0, 0x0, 0x0})

21:35:25 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x10, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:35:25 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000"], 0x66)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:35:25 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

21:35:25 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x9, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

[  732.066853][ T5377] binder: 5373:5377 Acquire 1 refcount change on invalid ref 0 ret -22
21:35:25 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0xc, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c40"], 0x0, 0x0, 0x0})

21:35:25 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, 0xffffffffffffffff, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  732.109283][ T5377] binder: 5373:5377 unknown command 14
[  732.133785][ T5377] binder: 5373:5377 ioctl c0306201 20000000 returned -22
21:35:25 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

21:35:25 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b800000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000"], 0x68)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  732.158063][ T5380] binder: 5373:5380 IncRefs 0 refcount change on invalid ref 0 ret -22
21:35:25 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0xd, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c4000"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

21:35:25 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0xb, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c"], 0x0, 0x0, 0x0})

[  732.299647][ T5391] binder: 5390:5391 Acquire 1 refcount change on invalid ref 0 ret -22
[  732.329205][ T5391] binder: 5390:5391 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  732.366126][ T5393] binder: 5392:5393 unknown command 811790
[  732.375634][ T5393] binder: 5392:5393 ioctl c0306201 20000000 returned -22
21:35:26 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r3=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r3+30000000}}, 0x0)
readv(0xffffffffffffffff, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

21:35:26 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

21:35:26 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, 0xffffffffffffffff, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:35:26 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b800000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000"], 0x68)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:35:26 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0xd, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c4000"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

21:35:26 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0xb, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c"], 0x0, 0x0, 0x0})

21:35:26 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000), 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

21:35:26 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0xd, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c4000"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

[  732.903093][ T5400] binder: 5397:5400 unknown command 811790
[  732.926292][ T5400] binder: 5397:5400 ioctl c0306201 20000000 returned -22
21:35:26 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0xb, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c"], 0x0, 0x0, 0x0})

21:35:26 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000), 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

[  733.040818][ T5411] binder: 5410:5411 Acquire 1 refcount change on invalid ref 0 ret -22
21:35:26 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, 0xffffffffffffffff, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:35:26 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b800000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000"], 0x68)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  733.089576][ T5411] binder: 5410:5411 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  733.101460][ T5413] binder: 5412:5413 unknown command 811790
[  733.113927][ T5413] binder: 5412:5413 ioctl c0306201 20000000 returned -22
21:35:27 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r3=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r3+30000000}}, 0x0)
readv(0xffffffffffffffff, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

21:35:27 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0xf, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c40000000"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

21:35:27 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000), 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

21:35:27 executing program 0:

21:35:27 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

21:35:27 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:35:27 executing program 0:

[  733.673611][ T5430] binder: 5425:5430 Acquire 1 refcount change on invalid ref 0 ret -22
21:35:27 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000ff8000), 0x0)
r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  733.720755][ T5431] binder: 5425:5431 IncRefs 0 refcount change on invalid ref 0 ret -22
[  733.729199][ T5430] binder: 5425:5430 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
21:35:27 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:35:27 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000ff8000), 0x0)
r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

21:35:27 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

21:35:27 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0xf, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c40000000"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

[  733.894308][ T5442] binder: 5441:5442 Acquire 1 refcount change on invalid ref 0 ret -22
[  733.948269][ T5442] binder: 5441:5442 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  733.956237][ T5445] binder: 5441:5445 IncRefs 0 refcount change on invalid ref 0 ret -22
21:35:27 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000ff8000), 0x0)
r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

21:35:27 executing program 0:

21:35:27 executing program 1:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

21:35:27 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r3=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r3+30000000}}, 0x0)
readv(r1, 0x0, 0x0)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

21:35:27 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:35:27 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0xf, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c40000000"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

[  734.245489][ T5449] binder: 5448:5449 Acquire 1 refcount change on invalid ref 0 ret -22
[  734.283103][ T5449] binder: 5448:5449 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
21:35:27 executing program 0:

[  734.291467][ T5456] binder: 5448:5456 IncRefs 0 refcount change on invalid ref 0 ret -22
21:35:27 executing program 3:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000), 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

21:35:28 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[], 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:35:28 executing program 0:

21:35:28 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c4000000000"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

21:35:28 executing program 1:

21:35:28 executing program 1:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, @link_local}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

[  734.547022][ T5469] binder: 5467:5469 Acquire 1 refcount change on invalid ref 0 ret -22
21:35:28 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000b86000)={0x0, 0x0}, 0x8)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='numa_maps\x00')
mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0)
sendfile(r0, r0, &(0x7f0000b58000)=0x200010, 0xffff)

21:35:28 executing program 3:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000), 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

[  734.593745][ T5470] binder: 5467:5470 IncRefs 0 refcount change on invalid ref 0 ret -22
[  734.614646][ T5469] binder: 5467:5469 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
21:35:28 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r3=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r3+30000000}}, 0x0)
readv(r1, 0x0, 0x0)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

21:35:28 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[], 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:35:28 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c4000000000"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

21:35:28 executing program 0:
syz_execute_func(&(0x7f00000002c0)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f")
clone(0x200, 0x0, 0x0, 0x0, 0x0)
mknod(&(0x7f0000000100)='./file0\x00', 0x1040, 0x0)
symlink(&(0x7f0000000000)='./file1\x00', &(0x7f0000000140)='./file1\x00')
execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000640)='/dev/ptmx\x00', 0x0, 0x0)
read(r0, &(0x7f00000002c0)=""/11, 0xb)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200))
r1 = creat(&(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x109)
ioctl$VT_DISALLOCATE(0xffffffffffffffff, 0x5608)
r2 = dup2(r0, r1)
execve(&(0x7f00000009c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0)
open$dir(&(0x7f00000003c0)='./file0\x00', 0x841, 0x0)
clone(0x3102101ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
execve(&(0x7f00000000c0)='./file1\x00', 0x0, 0x0)
ioctl$TUNDETACHFILTER(r2, 0x401054d6, 0x0)

21:35:28 executing program 3:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000), 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

21:35:28 executing program 1:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, @link_local}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

[  735.348385][ T5482] binder: 5481:5482 Acquire 1 refcount change on invalid ref 0 ret -22
[  735.393523][ T5482] binder: 5481:5482 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  735.422658][ T5493] binder: 5481:5493 IncRefs 0 refcount change on invalid ref 0 ret -22
21:35:29 executing program 1:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, @link_local}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:29 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000), 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

21:35:29 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[], 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:35:29 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c4000000000"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

21:35:29 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r3=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r3+30000000}}, 0x0)
readv(r1, 0x0, 0x0)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

[  735.604640][ T5505] binder: 5501:5505 Acquire 1 refcount change on invalid ref 0 ret -22
21:35:29 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000), 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

[  735.660791][ T5505] binder: 5501:5505 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
21:35:29 executing program 1:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, @link_local}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:29 executing program 0:
r0 = dup3(0xffffffffffffffff, 0xffffffffffffff9c, 0x80000)
socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$bt_sco_SCO_OPTIONS(0xffffffffffffffff, 0x11, 0x1, &(0x7f00000001c0)=""/44, 0x0)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, 0x0)
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee67, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = open(0x0, 0x101081, 0x10)
ioctl$UI_SET_RELBIT(r3, 0x40045566, 0x3)
socket$alg(0x26, 0x5, 0x0)
flock(r1, 0x0)
fsetxattr$security_smack_entry(r1, &(0x7f00000002c0)='security.SMACK64\x00', &(0x7f0000000440)='md5sum$/nodev#\x00', 0xf, 0x2)
r4 = creat(&(0x7f0000000700)='./bus\x00', 0x0)
syncfs(r4)
write(r2, &(0x7f0000000000)='[', 0x1)
msgget$private(0x0, 0x0)
write$FUSE_OPEN(r4, &(0x7f0000000280)={0x20, 0x0, 0x5, {0x0, 0x1}}, 0x20)
msgctl$IPC_STAT(0x0, 0x2, 0x0)
ioctl$RTC_EPOCH_READ(r3, 0x8008700d, 0x0)
ioctl$EVIOCGABS0(r0, 0x80184540, &(0x7f0000000180)=""/25)
ioctl$EVIOCGNAME(r3, 0x80404506, &(0x7f0000000b00)=""/4096)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x10000)
timerfd_gettime(r0, &(0x7f0000000200))
r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$inet6_tcp_buf(r5, 0x6, 0x0, 0x0, 0x0)
link(&(0x7f00000000c0)='./bus\x00', &(0x7f0000000100)='./bus\x00')
openat$uhid(0xffffffffffffff9c, 0x0, 0x2, 0x0)
read$eventfd(r3, &(0x7f0000000240), 0x8)

21:35:29 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB], 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  735.711024][ T5509] binder: 5501:5509 IncRefs 0 refcount change on invalid ref 0 ret -22
21:35:29 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

21:35:29 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000), 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

[  735.925833][ T5525] binder: 5522:5525 Acquire 1 refcount change on invalid ref 0 ret -22
[  735.934131][ T5525] binder: 5522:5525 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
21:35:29 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000), 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

21:35:29 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB], 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:35:29 executing program 1:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, @link_local}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200))
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:29 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

21:35:29 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000), 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

[  736.141395][ T5535] binder: 5534:5535 Acquire 1 refcount change on invalid ref 0 ret -22
21:35:29 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r3=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r3+30000000}}, 0x0)
readv(r1, &(0x7f000058c000), 0x0)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

21:35:29 executing program 0:
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000300)='net/arp\x00')
sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=ANY=[]}, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1fe, 0x0)

21:35:29 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB], 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:35:29 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000), 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

[  736.206145][ T5535] binder: 5534:5535 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
21:35:29 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

21:35:29 executing program 1:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, @link_local}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200))
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:29 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b800000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x35)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:35:29 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000ff8000), 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

21:35:30 executing program 0:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r3=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r3+30000000}}, 0x0)
readv(0xffffffffffffffff, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

21:35:30 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)

21:35:30 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000ff8000), 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

21:35:30 executing program 1:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, @link_local}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200))
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

[  736.523175][ T5562] binder: 5561:5562 ioctl c0306201 0 returned -14
21:35:30 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r3=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r3+30000000}}, 0x0)
readv(r1, &(0x7f000058c000), 0x0)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

21:35:30 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b800000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x35)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:35:30 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)

21:35:30 executing program 0:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r3=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r3+30000000}}, 0x0)
readv(0xffffffffffffffff, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

21:35:30 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000ff8000), 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

21:35:30 executing program 1:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, @link_local}, 0x10)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:30 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

[  737.325837][ T5576] binder: 5575:5576 ioctl c0306201 0 returned -14
21:35:31 executing program 1:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, @link_local}, 0x10)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:31 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)

21:35:31 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b800000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x35)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:35:31 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept$alg(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

[  737.484257][ T5588] binder_thread_write: 3 callbacks suppressed
[  737.484269][ T5588] binder: 5587:5588 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  737.508147][ T5588] binder: 5587:5588 ioctl c0306201 0 returned -14
21:35:31 executing program 1:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, @link_local}, 0x10)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:34 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r3=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r3+30000000}}, 0x0)
readv(r1, &(0x7f000058c000), 0x0)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

21:35:34 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

21:35:34 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b8000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x4f)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:35:34 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept$alg(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

21:35:34 executing program 1:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:34 executing program 0:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r3=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r3+30000000}}, 0x0)
readv(0xffffffffffffffff, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

[  740.473821][ T5605] binder_thread_write: 4 callbacks suppressed
[  740.473837][ T5605] binder: 5599:5605 Acquire 1 refcount change on invalid ref 0 ret -22
21:35:34 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept$alg(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

21:35:34 executing program 1:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:34 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

[  740.522121][ T5605] binder: 5599:5605 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
21:35:34 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b8000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x4f)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  740.614942][ T5615] binder: 5612:5615 Acquire 1 refcount change on invalid ref 0 ret -22
21:35:34 executing program 0:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r2=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r2+30000000}}, 0x0)
readv(0xffffffffffffffff, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, r1, 0x0)

21:35:34 executing program 1:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:34 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r3=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r3+30000000}}, 0x0)
readv(r1, &(0x7f000058c000)=[{0x0}], 0x1)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

21:35:34 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
accept$alg(r0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  740.665707][ T5615] binder: 5612:5615 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
21:35:34 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

21:35:34 executing program 1:
bind$llc(0xffffffffffffffff, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, @link_local}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
sendmmsg(0xffffffffffffffff, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:34 executing program 0:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r2=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r2+30000000}}, 0x0)
readv(0xffffffffffffffff, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, r1, 0x0)

[  740.821355][ T5627] binder: 5625:5627 Acquire 1 refcount change on invalid ref 0 ret -22
21:35:34 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b8000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x4f)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  740.865519][ T5627] binder: 5625:5627 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
21:35:34 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
accept$alg(r0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

21:35:34 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180), 0x0, 0x0, 0x0})

21:35:34 executing program 1:
bind$llc(0xffffffffffffffff, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, @link_local}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
sendmmsg(0xffffffffffffffff, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:34 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
accept$alg(r0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  741.009335][ T5641] binder: 5640:5641 Acquire 1 refcount change on invalid ref 0 ret -22
21:35:34 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b800000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000"], 0x5c)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:35:34 executing program 0:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r2=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r2+30000000}}, 0x0)
dup3(r0, r1, 0x0)

[  741.052760][ T5641] binder: 5640:5641 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
21:35:34 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r3=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r3+30000000}}, 0x0)
readv(r1, &(0x7f000058c000)=[{0x0}], 0x1)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

21:35:34 executing program 1:
bind$llc(0xffffffffffffffff, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, @link_local}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
sendmmsg(0xffffffffffffffff, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:34 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

21:35:34 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180), 0x0, 0x0, 0x0})

21:35:34 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b800000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000"], 0x5c)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:35:34 executing program 0:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000))
dup3(r0, r1, 0x0)

21:35:34 executing program 1:
r0 = syz_init_net_socket$llc(0x1a, 0x0, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, @link_local}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:34 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

[  741.270854][ T5653] binder: 5652:5653 Acquire 1 refcount change on invalid ref 0 ret -22
[  741.307331][ T5653] binder: 5652:5653 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
21:35:35 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x11, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e630c400000000055"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180), 0x0, 0x0, 0x0})

21:35:35 executing program 1:
r0 = syz_init_net_socket$llc(0x1a, 0x0, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, @link_local}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:35 executing program 0:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
dup3(r0, r1, 0x0)

21:35:35 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b800000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000"], 0x5c)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  741.448807][ T5667] binder: 5666:5667 Acquire 1 refcount change on invalid ref 0 ret -22
[  741.474480][ T5667] binder: 5666:5667 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
21:35:35 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r3=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r3+30000000}}, 0x0)
readv(r1, &(0x7f000058c000)=[{0x0}], 0x1)
dup3(r0, r1, 0x0)
tkill(r2, 0x1000000000014)

21:35:35 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

21:35:35 executing program 5:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

21:35:35 executing program 1:
r0 = syz_init_net_socket$llc(0x1a, 0x0, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, @link_local}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:35 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000"], 0x63)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:35:35 executing program 0:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
gettid()
dup3(r0, r1, 0x0)

21:35:36 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x9, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

21:35:36 executing program 1:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(0xffffffffffffffff, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, @link_local}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:36 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280), 0x0, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

21:35:36 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000"], 0x63)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:35:36 executing program 0:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
dup3(r0, r1, 0x0)

[  742.524553][ T5688] binder: 5686:5688 Acquire 1 refcount change on invalid ref 0 ret -22
21:35:36 executing program 1:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(0xffffffffffffffff, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, @link_local}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

[  742.575457][ T5688] binder: 5686:5688 unknown command 14
[  742.585883][ T5693] binder: 5686:5693 IncRefs 0 refcount change on invalid ref 0 ret -22
[  742.594097][ T5688] binder: 5686:5688 ioctl c0306201 20000000 returned -22
21:35:36 executing program 4:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r2=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r2+30000000}}, 0x0)
readv(r0, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(0xffffffffffffffff, r0, 0x0)
tkill(r1, 0x1000000000014)

21:35:36 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280), 0x0, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

21:35:36 executing program 1:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(0xffffffffffffffff, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, @link_local}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:36 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x9, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440000000000e"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

21:35:36 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000"], 0x63)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:35:36 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280), 0x0, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

21:35:36 executing program 0:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
dup3(r0, 0xffffffffffffffff, 0x0)

21:35:36 executing program 1:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

[  742.843458][ T5708] binder: 5707:5708 Acquire 1 refcount change on invalid ref 0 ret -22
[  742.865338][ T5708] binder: 5707:5708 unknown command 14
[  742.892365][ T5715] binder: 5707:5715 IncRefs 0 refcount change on invalid ref 0 ret -22
[  742.900959][ T5708] binder: 5707:5708 ioctl c0306201 20000000 returned -22
21:35:36 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{0x0, 0x0, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x1, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

21:35:36 executing program 0:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
dup3(r0, 0xffffffffffffffff, 0x0)

21:35:36 executing program 1:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:36 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000"], 0x66)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:35:37 executing program 4:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r2=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r2+30000000}}, 0x0)
readv(r0, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(0xffffffffffffffff, r0, 0x0)
tkill(r1, 0x1000000000014)

21:35:37 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{0x0, 0x0, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x1, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

21:35:37 executing program 5:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b800000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000"], 0x5c)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:35:37 executing program 0:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
dup3(r0, 0xffffffffffffffff, 0x0)

21:35:37 executing program 1:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:37 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000"], 0x66)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:35:37 executing program 1:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0x0, 0x0, 0x4, 0x0, 0x0, @link_local}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:37 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{0x0, 0x0, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x1, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

21:35:37 executing program 0:
r0 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
dup3(0xffffffffffffffff, r0, 0x0)

21:35:37 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000"], 0x66)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:35:37 executing program 1:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0x0, 0x0, 0x4, 0x0, 0x0, @link_local}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:37 executing program 5:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b0")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  744.110146][ T5752] *** Guest State ***
[  744.120152][ T5752] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  744.133273][ T5752] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  744.151004][ T5752] CR3 = 0x0000000000000000
[  744.157278][ T5752] RSP = 0x0000000000000000  RIP = 0x000000000000fff0
[  744.164223][ T5752] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  744.183163][ T5752] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  744.192003][ T5752] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  744.207620][ T5752] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  744.222908][ T5752] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  744.233229][ T5752] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  744.249857][ T5752] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  744.262205][ T5752] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  744.274658][ T5752] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  744.290325][ T5752] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  744.300405][ T5752] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  744.314909][ T5752] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  744.330839][ T5752] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  744.339391][ T5752] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  744.353178][ T5752] Interruptibility = 00000000  ActivityState = 00000000
[  744.361518][ T5752] *** Host State ***
[  744.371080][ T5752] RIP = 0xffffffff811b3470  RSP = 0xffff88805b67f8e0
[  744.379136][ T5752] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  744.391985][ T5752] FSBase=00007fb94ed53700 GSBase=ffff8880ae800000 TRBase=fffffe0000003000
[  744.401905][ T5752] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  744.415003][ T5752] CR0=0000000080050033 CR3=000000008c0ae000 CR4=00000000001426f0
[  744.424097][ T5752] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87201360
[  744.438762][ T5752] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  744.449466][ T5752] *** Control State ***
[  744.453847][ T5752] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c2
[  744.465049][ T5752] EntryControls=0000d1ff ExitControls=002fefff
[  744.474896][ T5752] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  744.489798][ T5752] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  744.499803][ T5752] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  744.511055][ T5752]         reason=80000021 qualification=0000000000000000
[  744.522037][ T5752] IDTVectoring: info=00000000 errcode=00000000
[  744.532343][ T5752] TSC Offset = 0xfffffe6ece8dca30
[  744.541170][ T5752] TPR Threshold = 0x00
[  744.548822][ T5752] EPT pointer = 0x00000000a10f601e
21:35:38 executing program 4:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r2=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r2+30000000}}, 0x0)
readv(r0, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(0xffffffffffffffff, r0, 0x0)
tkill(r1, 0x1000000000014)

21:35:38 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x80, 0x0, 0x0, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

21:35:38 executing program 0:
r0 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
dup3(0xffffffffffffffff, r0, 0x0)

21:35:38 executing program 1:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0x0, 0x0, 0x4, 0x0, 0x0, @link_local}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:38 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b800000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000"], 0x68)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:35:38 executing program 5:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r2, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21:35:38 executing program 1:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:38 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b800000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000"], 0x68)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:35:38 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x80, 0x0, 0x0, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

21:35:38 executing program 0:
r0 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
dup3(0xffffffffffffffff, r0, 0x0)

21:35:38 executing program 1:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:38 executing program 5:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:39 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r3=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r3+30000000}}, 0x0)
readv(r1, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, 0xffffffffffffffff, 0x0)
tkill(r2, 0x1000000000014)

21:35:39 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x80, 0x0, 0x0, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

21:35:39 executing program 0:
r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
dup3(r0, r1, 0x0)

21:35:39 executing program 5:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:39 executing program 1:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:39 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b800000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000"], 0x68)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21:35:39 executing program 1:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, @link_local}, 0x10)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:39 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x80, &(0x7f0000001180), 0x0, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

21:35:39 executing program 5:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:39 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

21:35:39 executing program 0:
r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
dup3(r0, r1, 0x0)

21:35:39 executing program 5:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200))
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:40 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r3=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r3+30000000}}, 0x0)
readv(r1, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, 0xffffffffffffffff, 0x0)
tkill(r2, 0x1000000000014)

21:35:40 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x80, &(0x7f0000001180), 0x0, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

21:35:40 executing program 1:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, @link_local}, 0x10)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:40 executing program 0:
r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
dup3(r0, r1, 0x0)

21:35:40 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

21:35:40 executing program 5:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200))
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:40 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x80, &(0x7f0000001180), 0x0, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

21:35:40 executing program 5:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200))
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:40 executing program 0:
r0 = perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
dup3(r0, r1, 0x0)

21:35:40 executing program 1:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, @link_local}, 0x10)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:40 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r3, 0x0)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000010c0)=ANY=[@ANYBLOB="b80000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000002"], 0x69)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

21:35:40 executing program 5:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:41 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r3=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r3+30000000}}, 0x0)
readv(r1, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, 0xffffffffffffffff, 0x0)
tkill(r2, 0x1000000000014)

21:35:41 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x80, &(0x7f0000001180)=[{0x0}], 0x1, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

21:35:41 executing program 1:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, @link_local}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:41 executing program 2:
r0 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='net/kcm\x00\b\x00')
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000003280)={0x0, 0x1c9c380})
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
preadv(r1, &(0x7f00000017c0), 0x3da, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, 0x0})

21:35:41 executing program 0:
r0 = perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
dup3(r0, r1, 0x0)

21:35:41 executing program 5:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

[  747.968819][ T5835] binder: 5834:5835 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
21:35:41 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x80, &(0x7f0000001180)=[{0x0}], 0x1, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

21:35:41 executing program 0:
r0 = perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
dup3(r0, r1, 0x0)

21:35:41 executing program 5:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:41 executing program 1:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, @link_local}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:41 executing program 2:
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x0, 0x0)
ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000100)=""/246)
ioctl$EVIOCGREP(r0, 0x8010743f, &(0x7f0000d1df52)=""/174)

21:35:41 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x80, &(0x7f0000001180)=[{0x0}], 0x1, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

21:35:42 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r2=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r2+30000000}}, 0x0)
readv(r1, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, r1, 0x0)
tkill(0x0, 0x1000000000014)

21:35:42 executing program 5:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:42 executing program 1:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, @link_local}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:42 executing program 0:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
dup3(r0, r1, 0x0)

21:35:42 executing program 2:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000480)=ANY=[@ANYPTR=&(0x7f0000000000)=ANY=[@ANYBLOB="00e4"]], 0x0, 0x0, 0x0})

21:35:42 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x80, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x1}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

[  748.989849][ T5866] binder: 5859:5866 unknown command 536870912
[  749.015517][ T5866] binder: 5859:5866 ioctl c0306201 20000180 returned -22
21:35:42 executing program 1:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, @link_local}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200))
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:42 executing program 5:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:42 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x80, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x1}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

21:35:42 executing program 0:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
dup3(r0, r1, 0x0)

[  749.049794][ T5868] binder_alloc: binder_alloc_mmap_handler: 5859 20001000-20004000 already mapped failed -16
[  749.083136][ T5866] binder: BINDER_SET_CONTEXT_MGR already set
[  749.114489][ T5866] binder: 5859:5866 ioctl 40046207 0 returned -16
[  749.137322][ T5876] binder: 5859:5876 unknown command 536870912
21:35:42 executing program 5:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:42 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x80, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x1}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

[  749.175290][ T5876] binder: 5859:5876 ioctl c0306201 20000180 returned -22
21:35:43 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r2=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r2+30000000}}, 0x0)
readv(r1, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, r1, 0x0)
tkill(0x0, 0x1000000000014)

21:35:43 executing program 0:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
dup3(r0, r1, 0x0)

21:35:43 executing program 2:
setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f00000003c0)={0x3, {{0x2, 0x0, @multicast1}}}, 0x88)
perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$vhci(0xffffffffffffff9c, 0x0, 0x10000)
sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, 0x0, 0x8000)
setsockopt$inet6_MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, 0x0, 0x0)
ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000140)={0x7, &(0x7f0000000100)=[{}, {}, {}, {}, {}, {<r0=>0x0}, {}]})
ioctl$DRM_IOCTL_NEW_CTX(0xffffffffffffffff, 0x40086425, &(0x7f0000000180)={r0, 0x3})
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0x801c581f, &(0x7f0000000000)={0x4, 0x0, 0xa91a, 0x6, 0x9})
connect$inet(r1, &(0x7f0000000240)={0x2, 0x4e21, @loopback}, 0x10)
sendmmsg(r1, &(0x7f0000007fc0), 0x4000000000001a8, 0x200096dc)

21:35:43 executing program 1:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, @link_local}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200))
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:43 executing program 5:
bind$llc(0xffffffffffffffff, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
sendmmsg(0xffffffffffffffff, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:43 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x80, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x1, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

21:35:43 executing program 1:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, @link_local}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200))
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:43 executing program 0:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
dup3(r0, r1, 0x0)

21:35:43 executing program 5:
bind$llc(0xffffffffffffffff, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
sendmmsg(0xffffffffffffffff, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:43 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x80, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x1, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

21:35:43 executing program 5:
bind$llc(0xffffffffffffffff, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
sendmmsg(0xffffffffffffffff, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:43 executing program 2:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu\x00', 0x200002, 0x0)
fchdir(r0)
preadv(0xffffffffffffffff, &(0x7f0000001380), 0x0, 0x0)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
syncfs(r1)
setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000300)=0x72, 0x4)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e22, @multicast1}, 0x10)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = socket(0x1f, 0x80, 0x10000000005)
r3 = open(&(0x7f0000000500)='./bus\x00', 0x141042, 0x0)
r4 = syz_open_dev$sndtimer(&(0x7f0000000000)='/dev/snd/timer\x00', 0x0, 0x0)
connect$unix(r2, &(0x7f0000000580)=@file={0x1, './bus\x00'}, 0xfffffffffffffd31)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r4, 0xc0f85403, &(0x7f0000000340)={{0xffffffffffffffff, 0x2, 0x0, 0x1, 0x1}})
close(r3)
r5 = syz_open_dev$loop(&(0x7f0000000680)='/dev/loop#\x00', 0x8000000000000800, 0x105082)
r6 = memfd_create(&(0x7f00000004c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0)
pwritev(r6, &(0x7f0000000440)=[{&(0x7f0000000480)="a8", 0x1}], 0x1, 0x81003)
ioctl$LOOP_CHANGE_FD(r5, 0x4c00, r6)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r3, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x1)
ppoll(0x0, 0x0, 0x0, 0x0, 0x360)
fcntl$setstatus(r1, 0x4, 0x0)
pipe(&(0x7f0000000040)={<r7=>0xffffffffffffffff})
stat(&(0x7f0000000140)='./bus\x00', &(0x7f0000000380))
fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f00000000c0)='system.posix_acl_access\x00', &(0x7f00000006c0)=ANY=[@ANYBLOB="579c5ad27386793c124beb507c29bb198750d8f1dfd0d1ae0956dcf2e31cfca0ff3832c46bf482eb6e7aa0512e5b57c9ec6a2c426238f87dd1d7ac24dcbeb57b12eef99b9d315b22633f741f84c61943d60ba0428ab1c242009528568edf9da487fd2ecd364a39495232eeb8b9f0f64aa872cca118b8e8d7f04b5d74ef885913faffffff8c37b5ae0238f57e96c2316f63de0d0dcdb9b5f964c48e5c0834c2666d35e988df22f8f2a2c09da869a97f73464741d568635eaec9f72b0bf67da1de1024e63b762407fe54814c502a42a28fe5d623be047a506940a63e4e376f072d92a275c827629dbfe4bd6d146979d920d83026d68c73418f2aed0366f03b2efcc736187390dfd9dbb7a126f8d9fe18bc883f9a1cd66e482f9b92e122c4efe89fb1316cb45a6768058c4faab06b85f222cfbee6f64a040696e6648a363985fa8656619b4e6fc21e6dd71fc178a0a58c8ba3c23d55218b2fdebac5a44908bf9a91762ccebfaf68d0a11fc324577964ded9703b240cf8d425a773c89b62f336d51b9df49d3a7ebc5460919ec810c438b33e40c12e239c8355da3a876a5f9bd4f21505b5f36350784eee04ee62358629f63e0783a3ac4da8b514f42e0c0331c04767895769a7af71de4fd30b299fc4a88c887f3377f35ffe1acff5c9c828bd3e2d87ccdc307f48a3e52c2e45467a9153227d2b05f8dc1aca1fdd8b650a2ed0e2f4cd590deed2b752130477c7dc473b8323b9e98ba33116f43965ac71896e51b650d5541950e9e9a75d6bd57388d446458e2d52164652c68e6fc6ad4f23cf97a979783aaf48bcee592b993e89beb0e70ec785d83c98831dccb88004b5de09834a519e22709f9ad6fd05812bc7408c4a89c6b8359f8fb279f46954f342d1fc0eea1ad7974fb4d6d30df5b3ea89ae6089d8e08b4e6acefa9c9d34529abf355eb95826b60f970926311867a2591c5972c9d7588f1c4cd0703f7fd27a8ba2bf5f21a9f645bbb5b34d37d6dab2b58a7515429e5bc7101dcb05ddafbdc30091189ab8e516b08450578787ea07a9dbd2df832977a418a28702a42fd66ed62bd04aafd5ec9887387bd0895906ac750f28e99b70d1a0db79bbe638b614ffe91a8c6e050b82e0d5ead3b83b56dc197381fbcad02aef55d78ce971af0425a6a51f201572453c"], 0x1, 0x2)
read(r7, &(0x7f0000000200)=""/250, 0x50c7e3e3)
sendfile(r5, r6, 0x0, 0x80003)

[  750.318944][ T5912] BUG: Bad page state in process syz-executor.2  pfn:79dba
[  750.326398][ T5912] page:ffffea0001e76e80 count:0 mapcount:0 mapping:ffff8880a61a8d80 index:0x0
[  750.335323][ T5912] shmem_aops 
[  750.335341][ T5912] name:"memfd:" 
[  750.338643][ T5912] flags: 0x1fffc000008000c(uptodate|dirty|swapbacked)
[  750.349064][ T5912] raw: 01fffc000008000c dead000000000100 dead000000000200 ffff8880a61a8d80
[  750.357709][ T5912] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  750.366396][ T5912] page dumped because: non-NULL mapping
[  750.371957][ T5912] Modules linked in:
[  750.375916][ T5912] CPU: 1 PID: 5912 Comm: syz-executor.2 Not tainted 5.0.0-rc8-next-20190226 #43
[  750.384938][ T5912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  750.394997][ T5912] Call Trace:
[  750.398298][ T5912]  dump_stack+0x172/0x1f0
[  750.402651][ T5912]  bad_page.cold+0xda/0xff
[  750.407073][ T5912]  ? si_mem_available+0x320/0x320
[  750.412104][ T5912]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  750.418347][ T5912]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  750.424597][ T5912]  free_pages_check_bad+0x142/0x1a0
[  750.429799][ T5912]  free_unref_page+0x3c6/0x600
[  750.434640][ T5912]  __put_page+0x8d/0xd0
[  750.438811][ T5912]  page_cache_pipe_buf_release+0x12b/0x180
[  750.444626][ T5912]  iter_file_splice_write+0x7d1/0xbe0
[  750.450005][ T5912]  ? atime_needs_update+0x5f0/0x5f0
[  750.455219][ T5912]  ? page_cache_pipe_buf_confirm+0x2b0/0x2b0
[  750.461230][ T5912]  ? rw_verify_area+0x118/0x360
[  750.466084][ T5912]  ? page_cache_pipe_buf_confirm+0x2b0/0x2b0
[  750.472070][ T5912]  direct_splice_actor+0x126/0x1a0
[  750.477191][ T5912]  splice_direct_to_actor+0x369/0x970
[  750.482572][ T5912]  ? generic_pipe_buf_nosteal+0x10/0x10
[  750.488126][ T5912]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  750.494370][ T5912]  ? do_splice_to+0x190/0x190
[  750.499061][ T5912]  ? rw_verify_area+0x118/0x360
[  750.503919][ T5912]  do_splice_direct+0x1da/0x2a0
[  750.508782][ T5912]  ? splice_direct_to_actor+0x970/0x970
[  750.514346][ T5912]  ? rw_verify_area+0x118/0x360
[  750.519203][ T5912]  do_sendfile+0x597/0xd00
[  750.523638][ T5912]  ? do_compat_pwritev64+0x1c0/0x1c0
[  750.528926][ T5912]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  750.535237][ T5912]  ? put_timespec64+0xda/0x140
[  750.540028][ T5912]  __x64_sys_sendfile64+0x1dd/0x220
[  750.545236][ T5912]  ? __ia32_sys_sendfile+0x230/0x230
[  750.550528][ T5912]  ? do_syscall_64+0x26/0x610
[  750.555212][ T5912]  ? lockdep_hardirqs_on+0x418/0x5d0
[  750.560506][ T5912]  ? trace_hardirqs_on+0x67/0x230
[  750.565544][ T5912]  do_syscall_64+0x103/0x610
[  750.570142][ T5912]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  750.576032][ T5912] RIP: 0033:0x457e29
[  750.579931][ T5912] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  750.599545][ T5912] RSP: 002b:00007f2034fb3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  750.608056][ T5912] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457e29
[  750.616024][ T5912] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006
[  750.623998][ T5912] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000
[  750.631975][ T5912] R10: 0000000000080003 R11: 0000000000000246 R12: 00007f2034fb46d4
[  750.639955][ T5912] R13: 00000000004c4dce R14: 00000000004d8af8 R15: 00000000ffffffff
[  750.649402][ T5912] Disabling lock debugging due to kernel taint
[  750.655674][ T5912] BUG: Bad page state in process syz-executor.2  pfn:82a41
[  750.662939][ T5912] page:ffffea00020a9040 count:0 mapcount:0 mapping:ffff8880a61a8d80 index:0x1
[  750.671891][ T5912] shmem_aops 
[  750.671896][ T5912] name:"memfd:" 
[  750.675265][ T5912] flags: 0x1fffc000008000c(uptodate|dirty|swapbacked)
[  750.685668][ T5912] raw: 01fffc000008000c dead000000000100 dead000000000200 ffff8880a61a8d80
[  750.694329][ T5912] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[  750.703001][ T5912] page dumped because: non-NULL mapping
[  750.708624][ T5912] Modules linked in:
[  750.712602][ T5912] CPU: 1 PID: 5912 Comm: syz-executor.2 Tainted: G    B             5.0.0-rc8-next-20190226 #43
[  750.723009][ T5912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  750.733060][ T5912] Call Trace:
[  750.736357][ T5912]  dump_stack+0x172/0x1f0
[  750.740699][ T5912]  bad_page.cold+0xda/0xff
[  750.745116][ T5912]  ? si_mem_available+0x320/0x320
[  750.750142][ T5912]  ? trace_hardirqs_on+0x67/0x230
[  750.755165][ T5912]  ? kasan_check_read+0x11/0x20
[  750.760020][ T5912]  free_pages_check_bad+0x142/0x1a0
[  750.765220][ T5912]  free_unref_page+0x3c6/0x600
[  750.769995][ T5912]  __put_page+0x8d/0xd0
[  750.774155][ T5912]  page_cache_pipe_buf_release+0x12b/0x180
[  750.779973][ T5912]  iter_file_splice_write+0x7d1/0xbe0
[  750.785346][ T5912]  ? atime_needs_update+0x5f0/0x5f0
[  750.790551][ T5912]  ? page_cache_pipe_buf_confirm+0x2b0/0x2b0
[  750.796544][ T5912]  ? rw_verify_area+0x118/0x360
[  750.801391][ T5912]  ? page_cache_pipe_buf_confirm+0x2b0/0x2b0
[  750.807372][ T5912]  direct_splice_actor+0x126/0x1a0
[  750.812486][ T5912]  splice_direct_to_actor+0x369/0x970
[  750.817856][ T5912]  ? generic_pipe_buf_nosteal+0x10/0x10
[  750.823404][ T5912]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  750.829648][ T5912]  ? do_splice_to+0x190/0x190
[  750.834330][ T5912]  ? rw_verify_area+0x118/0x360
[  750.839180][ T5912]  do_splice_direct+0x1da/0x2a0
[  750.844032][ T5912]  ? splice_direct_to_actor+0x970/0x970
[  750.849589][ T5912]  ? rw_verify_area+0x118/0x360
[  750.854449][ T5912]  do_sendfile+0x597/0xd00
[  750.858878][ T5912]  ? do_compat_pwritev64+0x1c0/0x1c0
[  750.864533][ T5912]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  750.870774][ T5912]  ? put_timespec64+0xda/0x140
[  750.875548][ T5912]  __x64_sys_sendfile64+0x1dd/0x220
[  750.880749][ T5912]  ? __ia32_sys_sendfile+0x230/0x230
[  750.886036][ T5912]  ? do_syscall_64+0x26/0x610
[  750.890715][ T5912]  ? lockdep_hardirqs_on+0x418/0x5d0
[  750.896003][ T5912]  ? trace_hardirqs_on+0x67/0x230
[  750.901030][ T5912]  do_syscall_64+0x103/0x610
[  750.905623][ T5912]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  750.911510][ T5912] RIP: 0033:0x457e29
[  750.915400][ T5912] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  750.935000][ T5912] RSP: 002b:00007f2034fb3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  750.943408][ T5912] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457e29
[  750.951383][ T5912] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006
[  750.959349][ T5912] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000
[  750.967317][ T5912] R10: 0000000000080003 R11: 0000000000000246 R12: 00007f2034fb46d4
[  750.975284][ T5912] R13: 00000000004c4dce R14: 00000000004d8af8 R15: 00000000ffffffff
[  750.984623][ T5912] BUG: Bad page state in process syz-executor.2  pfn:681ab
[  750.992007][ T5912] page:ffffea0001a06ac0 count:0 mapcount:0 mapping:ffff8880a61a8d80 index:0x2
[  751.000937][ T5912] shmem_aops 
[  751.000943][ T5912] name:"memfd:" 
[  751.004283][ T5912] flags: 0x1fffc000008000c(uptodate|dirty|swapbacked)
[  751.015080][ T5912] raw: 01fffc000008000c dead000000000100 dead000000000200 ffff8880a61a8d80
[  751.024158][ T5912] raw: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[  751.032830][ T5912] page dumped because: non-NULL mapping
[  751.038477][ T5912] Modules linked in:
[  751.042433][ T5912] CPU: 1 PID: 5912 Comm: syz-executor.2 Tainted: G    B             5.0.0-rc8-next-20190226 #43
[  751.052842][ T5912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  751.062889][ T5912] Call Trace:
[  751.066187][ T5912]  dump_stack+0x172/0x1f0
[  751.070521][ T5912]  bad_page.cold+0xda/0xff
[  751.074961][ T5912]  ? si_mem_available+0x320/0x320
[  751.080015][ T5912]  ? trace_hardirqs_on+0x67/0x230
[  751.085037][ T5912]  ? kasan_check_read+0x11/0x20
[  751.089891][ T5912]  free_pages_check_bad+0x142/0x1a0
[  751.095088][ T5912]  free_unref_page+0x3c6/0x600
[  751.099858][ T5912]  __put_page+0x8d/0xd0
[  751.104018][ T5912]  page_cache_pipe_buf_release+0x12b/0x180
[  751.109826][ T5912]  iter_file_splice_write+0x7d1/0xbe0
[  751.115195][ T5912]  ? atime_needs_update+0x5f0/0x5f0
[  751.120397][ T5912]  ? page_cache_pipe_buf_confirm+0x2b0/0x2b0
[  751.126384][ T5912]  ? rw_verify_area+0x118/0x360
[  751.131256][ T5912]  ? page_cache_pipe_buf_confirm+0x2b0/0x2b0
[  751.137246][ T5912]  direct_splice_actor+0x126/0x1a0
[  751.142359][ T5912]  splice_direct_to_actor+0x369/0x970
[  751.147728][ T5912]  ? generic_pipe_buf_nosteal+0x10/0x10
[  751.153276][ T5912]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  751.159515][ T5912]  ? do_splice_to+0x190/0x190
[  751.164193][ T5912]  ? rw_verify_area+0x118/0x360
[  751.169045][ T5912]  do_splice_direct+0x1da/0x2a0
[  751.173897][ T5912]  ? splice_direct_to_actor+0x970/0x970
[  751.179460][ T5912]  ? rw_verify_area+0x118/0x360
[  751.184309][ T5912]  do_sendfile+0x597/0xd00
[  751.188924][ T5912]  ? do_compat_pwritev64+0x1c0/0x1c0
[  751.194216][ T5912]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  751.200462][ T5912]  ? put_timespec64+0xda/0x140
[  751.205237][ T5912]  __x64_sys_sendfile64+0x1dd/0x220
[  751.210436][ T5912]  ? __ia32_sys_sendfile+0x230/0x230
[  751.215733][ T5912]  ? do_syscall_64+0x26/0x610
[  751.220407][ T5912]  ? lockdep_hardirqs_on+0x418/0x5d0
[  751.225702][ T5912]  ? trace_hardirqs_on+0x67/0x230
[  751.230727][ T5912]  do_syscall_64+0x103/0x610
[  751.235322][ T5912]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  751.241206][ T5912] RIP: 0033:0x457e29
[  751.245098][ T5912] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  751.264701][ T5912] RSP: 002b:00007f2034fb3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  751.273109][ T5912] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457e29
[  751.281073][ T5912] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006
[  751.289038][ T5912] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000
[  751.297006][ T5912] R10: 0000000000080003 R11: 0000000000000246 R12: 00007f2034fb46d4
[  751.304978][ T5912] R13: 00000000004c4dce R14: 00000000004d8af8 R15: 00000000ffffffff
[  751.317483][ T5912] BUG: Bad page state in process syz-executor.2  pfn:7b662
[  751.324993][ T5912] page:ffffea0001ed9880 count:0 mapcount:0 mapping:ffff8880a61a8d80 index:0x3
[  751.335269][ T5912] shmem_aops 
[  751.335274][ T5912] name:"memfd:" 
[  751.338569][ T5912] flags: 0x1fffc000008000c(uptodate|dirty|swapbacked)
[  751.348919][ T5912] raw: 01fffc000008000c dead000000000100 dead000000000200 ffff8880a61a8d80
[  751.357853][ T5912] raw: 0000000000000003 0000000000000000 00000000ffffffff 0000000000000000
[  751.367061][ T5912] page dumped because: non-NULL mapping
21:35:44 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r2=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, r2+30000000}}, 0x0)
readv(r1, &(0x7f000058c000)=[{&(0x7f0000000240)=""/151, 0x282}], 0x10000000000001f4)
dup3(r0, r1, 0x0)
tkill(0x0, 0x1000000000014)

21:35:44 executing program 1:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, @link_local}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:44 executing program 0:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
dup3(r0, r1, 0x0)

21:35:44 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x80, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x1, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

21:35:44 executing program 5:
r0 = syz_init_net_socket$llc(0x1a, 0x0, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

[  751.372602][ T5912] Modules linked in:
[  751.376563][ T5912] CPU: 1 PID: 5912 Comm: syz-executor.2 Tainted: G    B             5.0.0-rc8-next-20190226 #43
[  751.386987][ T5912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  751.397036][ T5912] Call Trace:
[  751.397060][ T5912]  dump_stack+0x172/0x1f0
[  751.397080][ T5912]  bad_page.cold+0xda/0xff
[  751.397094][ T5912]  ? si_mem_available+0x320/0x320
[  751.397110][ T5912]  ? trace_hardirqs_on+0x67/0x230
[  751.397132][ T5912]  ? kasan_check_read+0x11/0x20
[  751.404724][ T5912]  free_pages_check_bad+0x142/0x1a0
[  751.404745][ T5912]  free_unref_page+0x3c6/0x600
[  751.433912][ T5912]  __put_page+0x8d/0xd0
[  751.438072][ T5912]  page_cache_pipe_buf_release+0x12b/0x180
[  751.443876][ T5912]  iter_file_splice_write+0x7d1/0xbe0
[  751.449246][ T5912]  ? atime_needs_update+0x5f0/0x5f0
[  751.454463][ T5912]  ? page_cache_pipe_buf_confirm+0x2b0/0x2b0
[  751.460469][ T5912]  ? rw_verify_area+0x118/0x360
[  751.465323][ T5912]  ? page_cache_pipe_buf_confirm+0x2b0/0x2b0
[  751.471301][ T5912]  direct_splice_actor+0x126/0x1a0
[  751.476416][ T5912]  splice_direct_to_actor+0x369/0x970
[  751.481794][ T5912]  ? generic_pipe_buf_nosteal+0x10/0x10
[  751.487344][ T5912]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  751.493586][ T5912]  ? do_splice_to+0x190/0x190
[  751.498268][ T5912]  ? rw_verify_area+0x118/0x360
[  751.503118][ T5912]  do_splice_direct+0x1da/0x2a0
[  751.507971][ T5912]  ? splice_direct_to_actor+0x970/0x970
[  751.513525][ T5912]  ? rw_verify_area+0x118/0x360
[  751.518383][ T5912]  do_sendfile+0x597/0xd00
[  751.522806][ T5912]  ? do_compat_pwritev64+0x1c0/0x1c0
[  751.528086][ T5912]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  751.534324][ T5912]  ? put_timespec64+0xda/0x140
[  751.539096][ T5912]  __x64_sys_sendfile64+0x1dd/0x220
[  751.544295][ T5912]  ? __ia32_sys_sendfile+0x230/0x230
[  751.549575][ T5912]  ? do_syscall_64+0x26/0x610
[  751.554250][ T5912]  ? lockdep_hardirqs_on+0x418/0x5d0
[  751.559530][ T5912]  ? trace_hardirqs_on+0x67/0x230
[  751.564558][ T5912]  do_syscall_64+0x103/0x610
[  751.569153][ T5912]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  751.575035][ T5912] RIP: 0033:0x457e29
[  751.578928][ T5912] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  751.598534][ T5912] RSP: 002b:00007f2034fb3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  751.606957][ T5912] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457e29
[  751.614930][ T5912] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006
[  751.622908][ T5912] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000
[  751.630896][ T5912] R10: 0000000000080003 R11: 0000000000000246 R12: 00007f2034fb46d4
[  751.638865][ T5912] R13: 00000000004c4dce R14: 00000000004d8af8 R15: 00000000ffffffff
21:35:45 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

21:35:45 executing program 1:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, @link_local}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:45 executing program 5:
r0 = syz_init_net_socket$llc(0x1a, 0x0, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:45 executing program 3:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400})
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

21:35:45 executing program 1:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, @link_local}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

21:35:45 executing program 5:
r0 = syz_init_net_socket$llc(0x1a, 0x0, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmmsg(r0, &(0x7f0000001380), 0x3fffff1, 0x40)

[  751.885699][ T5912] BUG: Bad page state in process syz-executor.2  pfn:7b4f4
[  751.894623][ T5912] page:ffffea0001ed3d00 count:0 mapcount:0 mapping:ffff8880a61a8d80 index:0x4
[  751.930842][ T5912] shmem_aops 
[  751.930848][ T5912] name:"memfd:" 
[  751.934821][ T5912] flags: 0x1fffc000008000c(uptodate|dirty|swapbacked)
[  751.938928][ T5912] raw: 01fffc000008000c dead000000000100 dead000000000200 ffff8880a61a8d80
[  751.953989][ T5912] raw: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[  751.963076][ T5912] page dumped because: non-NULL mapping
[  751.969566][ T5912] Modules linked in:
[  751.973552][ T5912] CPU: 1 PID: 5912 Comm: syz-executor.2 Tainted: G    B             5.0.0-rc8-next-20190226 #43
[  751.983956][ T5912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  751.994003][ T5912] Call Trace:
[  751.997294][ T5912]  dump_stack+0x172/0x1f0
[  752.001627][ T5912]  bad_page.cold+0xda/0xff
[  752.006038][ T5912]  ? si_mem_available+0x320/0x320
[  752.011061][ T5912]  ? trace_hardirqs_on+0x67/0x230
[  752.016080][ T5912]  ? kasan_check_read+0x11/0x20
[  752.020929][ T5912]  free_pages_check_bad+0x142/0x1a0
[  752.026130][ T5912]  free_unref_page+0x3c6/0x600
[  752.030891][ T5912]  __put_page+0x8d/0xd0
[  752.035043][ T5912]  page_cache_pipe_buf_release+0x12b/0x180
[  752.040847][ T5912]  iter_file_splice_write+0x7d1/0xbe0
[  752.046217][ T5912]  ? atime_needs_update+0x5f0/0x5f0
[  752.051416][ T5912]  ? page_cache_pipe_buf_confirm+0x2b0/0x2b0
[  752.057411][ T5912]  ? rw_verify_area+0x118/0x360
[  752.062265][ T5912]  ? page_cache_pipe_buf_confirm+0x2b0/0x2b0
[  752.068242][ T5912]  direct_splice_actor+0x126/0x1a0
[  752.073449][ T5912]  splice_direct_to_actor+0x369/0x970
[  752.078817][ T5912]  ? generic_pipe_buf_nosteal+0x10/0x10
[  752.084364][ T5912]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  752.090599][ T5912]  ? do_splice_to+0x190/0x190
[  752.095274][ T5912]  ? rw_verify_area+0x118/0x360
[  752.100121][ T5912]  do_splice_direct+0x1da/0x2a0
[  752.104974][ T5912]  ? splice_direct_to_actor+0x970/0x970
[  752.110528][ T5912]  ? rw_verify_area+0x118/0x360
[  752.115378][ T5912]  do_sendfile+0x597/0xd00
[  752.119797][ T5912]  ? do_compat_pwritev64+0x1c0/0x1c0
[  752.125077][ T5912]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  752.131312][ T5912]  ? put_timespec64+0xda/0x140
[  752.136084][ T5912]  __x64_sys_sendfile64+0x1dd/0x220
[  752.141281][ T5912]  ? __ia32_sys_sendfile+0x230/0x230
[  752.146561][ T5912]  ? do_syscall_64+0x26/0x610
[  752.151240][ T5912]  ? lockdep_hardirqs_on+0x418/0x5d0
[  752.156521][ T5912]  ? trace_hardirqs_on+0x67/0x230
[  752.161552][ T5912]  do_syscall_64+0x103/0x610
[  752.166148][ T5912]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  752.172035][ T5912] RIP: 0033:0x457e29
[  752.176015][ T5912] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  752.195623][ T5912] RSP: 002b:00007f2034fb3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  752.204036][ T5912] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457e29
[  752.212009][ T5912] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006
[  752.219978][ T5912] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000
[  752.227944][ T5912] R10: 0000000000080003 R11: 0000000000000246 R12: 00007f2034fb46d4
[  752.235916][ T5912] R13: 00000000004c4dce R14: 00000000004d8af8 R15: 00000000ffffffff
[  752.244638][ T5912] BUG: Bad page state in process syz-executor.2  pfn:80ea1
[  752.252070][ T5912] page:ffffea000203a840 count:0 mapcount:0 mapping:ffff8880a61a8d80 index:0x5
[  752.261146][ T5912] shmem_aops 
[  752.261153][ T5912] name:"memfd:" 
[  752.264553][ T5912] flags: 0x1fffc000008000c(uptodate|dirty|swapbacked)
[  752.275241][ T5912] raw: 01fffc000008000c dead000000000100 dead000000000200 ffff8880a61a8d80
[  752.294978][ T5912] raw: 0000000000000005 0000000000000000 00000000ffffffff 0000000000000000
[  752.307625][ T5912] page dumped because: non-NULL mapping
[  752.313226][ T5912] Modules linked in:
[  752.317234][ T5912] CPU: 1 PID: 5912 Comm: syz-executor.2 Tainted: G    B             5.0.0-rc8-next-20190226 #43
[  752.328162][ T5912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  752.338603][ T5912] Call Trace:
[  752.341897][ T5912]  dump_stack+0x172/0x1f0
[  752.346234][ T5912]  bad_page.cold+0xda/0xff
[  752.350651][ T5912]  ? si_mem_available+0x320/0x320
[  752.355678][ T5912]  ? trace_hardirqs_on+0x67/0x230
[  752.360700][ T5912]  ? kasan_check_read+0x11/0x20
[  752.365549][ T5912]  free_pages_check_bad+0x142/0x1a0
[  752.370742][ T5912]  free_unref_page+0x3c6/0x600
[  752.375508][ T5912]  __put_page+0x8d/0xd0
[  752.379664][ T5912]  page_cache_pipe_buf_release+0x12b/0x180
[  752.385479][ T5912]  iter_file_splice_write+0x7d1/0xbe0
[  752.391197][ T5912]  ? atime_needs_update+0x5f0/0x5f0
[  752.396402][ T5912]  ? page_cache_pipe_buf_confirm+0x2b0/0x2b0
[  752.402391][ T5912]  ? rw_verify_area+0x118/0x360
[  752.407238][ T5912]  ? page_cache_pipe_buf_confirm+0x2b0/0x2b0
[  752.413215][ T5912]  direct_splice_actor+0x126/0x1a0
[  752.418328][ T5912]  splice_direct_to_actor+0x369/0x970
[  752.423698][ T5912]  ? generic_pipe_buf_nosteal+0x10/0x10
[  752.429242][ T5912]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  752.435482][ T5912]  ? do_splice_to+0x190/0x190
[  752.440156][ T5912]  ? rw_verify_area+0x118/0x360
[  752.445007][ T5912]  do_splice_direct+0x1da/0x2a0
[  752.449856][ T5912]  ? splice_direct_to_actor+0x970/0x970
[  752.455408][ T5912]  ? rw_verify_area+0x118/0x360
[  752.460263][ T5912]  do_sendfile+0x597/0xd00
[  752.464688][ T5912]  ? do_compat_pwritev64+0x1c0/0x1c0
[  752.469973][ T5912]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  752.476213][ T5912]  ? put_timespec64+0xda/0x140
[  752.480982][ T5912]  __x64_sys_sendfile64+0x1dd/0x220
[  752.486183][ T5912]  ? __ia32_sys_sendfile+0x230/0x230
[  752.491468][ T5912]  ? do_syscall_64+0x26/0x610
[  752.496143][ T5912]  ? lockdep_hardirqs_on+0x418/0x5d0
[  752.501423][ T5912]  ? trace_hardirqs_on+0x67/0x230
[  752.506465][ T5912]  do_syscall_64+0x103/0x610
[  752.511055][ T5912]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  752.516939][ T5912] RIP: 0033:0x457e29
[  752.520831][ T5912] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  752.540426][ T5912] RSP: 002b:00007f2034fb3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  752.548840][ T5912] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457e29
[  752.556836][ T5912] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006
[  752.564798][ T5912] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000
[  752.572764][ T5912] R10: 0000000000080003 R11: 0000000000000246 R12: 00007f2034fb46d4
[  752.580727][ T5912] R13: 00000000004c4dce R14: 00000000004d8af8 R15: 00000000ffffffff
[  752.589431][ T5912] BUG: Bad page state in process syz-executor.2  pfn:73fff
[  752.596905][ T5912] page:ffffea0001cfffc0 count:0 mapcount:0 mapping:ffff8880a61a8d80 index:0x6
[  752.605853][ T5912] shmem_aops 
[  752.605859][ T5912] name:"memfd:" 
[  752.609198][ T5912] flags: 0x1fffc000008000c(uptodate|dirty|swapbacked)
[  752.619614][ T5912] raw: 01fffc000008000c dead000000000100 dead000000000200 ffff8880a61a8d80
[  752.628286][ T5912] raw: 0000000000000006 0000000000000000 00000000ffffffff 0000000000000000
[  752.636977][ T5912] page dumped because: non-NULL mapping
[  752.642568][ T5912] Modules linked in:
[  752.646566][ T5912] CPU: 1 PID: 5912 Comm: syz-executor.2 Tainted: G    B             5.0.0-rc8-next-20190226 #43
[  752.656968][ T5912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  752.667015][ T5912] Call Trace:
[  752.670335][ T5912]  dump_stack+0x172/0x1f0
[  752.674665][ T5912]  bad_page.cold+0xda/0xff
[  752.679077][ T5912]  ? si_mem_available+0x320/0x320
[  752.684099][ T5912]  ? trace_hardirqs_on+0x67/0x230
[  752.689122][ T5912]  ? kasan_check_read+0x11/0x20
[  752.693977][ T5912]  free_pages_check_bad+0x142/0x1a0
[  752.699190][ T5912]  free_unref_page+0x3c6/0x600
[  752.703967][ T5912]  __put_page+0x8d/0xd0
[  752.708134][ T5912]  page_cache_pipe_buf_release+0x12b/0x180
[  752.713971][ T5912]  iter_file_splice_write+0x7d1/0xbe0
[  752.719352][ T5912]  ? atime_needs_update+0x5f0/0x5f0
[  752.724552][ T5912]  ? page_cache_pipe_buf_confirm+0x2b0/0x2b0
[  752.730538][ T5912]  ? rw_verify_area+0x118/0x360
[  752.735387][ T5912]  ? page_cache_pipe_buf_confirm+0x2b0/0x2b0
[  752.741374][ T5912]  direct_splice_actor+0x126/0x1a0
[  752.746501][ T5912]  splice_direct_to_actor+0x369/0x970
[  752.751868][ T5912]  ? generic_pipe_buf_nosteal+0x10/0x10
[  752.757411][ T5912]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  752.763654][ T5912]  ? do_splice_to+0x190/0x190
[  752.768329][ T5912]  ? rw_verify_area+0x118/0x360
[  752.773175][ T5912]  do_splice_direct+0x1da/0x2a0
[  752.778022][ T5912]  ? splice_direct_to_actor+0x970/0x970
[  752.783569][ T5912]  ? rw_verify_area+0x118/0x360
[  752.788418][ T5912]  do_sendfile+0x597/0xd00
[  752.792844][ T5912]  ? do_compat_pwritev64+0x1c0/0x1c0
[  752.798127][ T5912]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  752.804361][ T5912]  ? put_timespec64+0xda/0x140
[  752.809129][ T5912]  __x64_sys_sendfile64+0x1dd/0x220
[  752.814324][ T5912]  ? __ia32_sys_sendfile+0x230/0x230
[  752.819608][ T5912]  ? do_syscall_64+0x26/0x610
[  752.824286][ T5912]  ? lockdep_hardirqs_on+0x418/0x5d0
[  752.829570][ T5912]  ? trace_hardirqs_on+0x67/0x230
[  752.834594][ T5912]  do_syscall_64+0x103/0x610
[  752.839183][ T5912]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  752.845064][ T5912] RIP: 0033:0x457e29
[  752.848959][ T5912] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  752.868561][ T5912] RSP: 002b:00007f2034fb3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  752.876977][ T5912] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457e29
[  752.884942][ T5912] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006
[  752.892911][ T5912] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000
[  752.900880][ T5912] R10: 0000000000080003 R11: 0000000000000246 R12: 00007f2034fb46d4
[  752.908843][ T5912] R13: 00000000004c4dce R14: 00000000004d8af8 R15: 00000000ffffffff
[  752.917612][ T5912] BUG: Bad page state in process syz-executor.2  pfn:7b7d5
[  752.924872][ T5912] page:ffffea0001edf540 count:0 mapcount:0 mapping:ffff8880a61a8d80 index:0x7
[  752.933801][ T5912] shmem_aops 
[  752.933808][ T5912] name:"memfd:" 
[  752.937160][ T5912] flags: 0x1fffc000008000c(uptodate|dirty|swapbacked)
[  752.947548][ T5912] raw: 01fffc000008000c dead000000000100 dead000000000200 ffff8880a61a8d80
[  752.956205][ T5912] raw: 0000000000000007 0000000000000000 00000000ffffffff 0000000000000000
[  752.964833][ T5912] page dumped because: non-NULL mapping
[  752.970465][ T5912] Modules linked in:
[  752.974416][ T5912] CPU: 1 PID: 5912 Comm: syz-executor.2 Tainted: G    B             5.0.0-rc8-next-20190226 #43
[  752.984824][ T5912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  752.994873][ T5912] Call Trace:
[  752.998168][ T5912]  dump_stack+0x172/0x1f0
[  753.002502][ T5912]  bad_page.cold+0xda/0xff
[  753.006918][ T5912]  ? si_mem_available+0x320/0x320
[  753.011946][ T5912]  ? trace_hardirqs_on+0x67/0x230
[  753.016977][ T5912]  ? kasan_check_read+0x11/0x20
[  753.021827][ T5912]  free_pages_check_bad+0x142/0x1a0
[  753.027037][ T5912]  free_unref_page+0x3c6/0x600
[  753.031799][ T5912]  __put_page+0x8d/0xd0
[  753.035958][ T5912]  page_cache_pipe_buf_release+0x12b/0x180
[  753.041765][ T5912]  iter_file_splice_write+0x7d1/0xbe0
[  753.047131][ T5912]  ? atime_needs_update+0x5f0/0x5f0
[  753.052334][ T5912]  ? page_cache_pipe_buf_confirm+0x2b0/0x2b0
[  753.058325][ T5912]  ? rw_verify_area+0x118/0x360
[  753.063169][ T5912]  ? page_cache_pipe_buf_confirm+0x2b0/0x2b0
[  753.069143][ T5912]  direct_splice_actor+0x126/0x1a0
[  753.074254][ T5912]  splice_direct_to_actor+0x369/0x970
[  753.079623][ T5912]  ? generic_pipe_buf_nosteal+0x10/0x10
[  753.085171][ T5912]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  753.091411][ T5912]  ? do_splice_to+0x190/0x190
[  753.096096][ T5912]  ? rw_verify_area+0x118/0x360
[  753.100945][ T5912]  do_splice_direct+0x1da/0x2a0
[  753.105799][ T5912]  ? splice_direct_to_actor+0x970/0x970
[  753.111349][ T5912]  ? rw_verify_area+0x118/0x360
[  753.116197][ T5912]  do_sendfile+0x597/0xd00
[  753.120615][ T5912]  ? do_compat_pwritev64+0x1c0/0x1c0
[  753.125895][ T5912]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  753.132132][ T5912]  ? put_timespec64+0xda/0x140
[  753.136899][ T5912]  __x64_sys_sendfile64+0x1dd/0x220
[  753.142097][ T5912]  ? __ia32_sys_sendfile+0x230/0x230
[  753.147384][ T5912]  ? do_syscall_64+0x26/0x610
[  753.152055][ T5912]  ? lockdep_hardirqs_on+0x418/0x5d0
[  753.157336][ T5912]  ? trace_hardirqs_on+0x67/0x230
[  753.162358][ T5912]  do_syscall_64+0x103/0x610
[  753.166958][ T5912]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  753.172844][ T5912] RIP: 0033:0x457e29
[  753.176736][ T5912] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  753.196599][ T5912] RSP: 002b:00007f2034fb3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  753.205003][ T5912] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457e29
[  753.212969][ T5912] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006
[  753.220935][ T5912] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000
[  753.228908][ T5912] R10: 0000000000080003 R11: 0000000000000246 R12: 00007f2034fb46d4
[  753.236872][ T5912] R13: 00000000004c4dce R14: 00000000004d8af8 R15: 00000000ffffffff
[  753.248815][ T5912] BUG: Bad page state in process syz-executor.2  pfn:77dd4
[  753.256135][ T5912] page:ffffea0001df7500 count:0 mapcount:0 mapping:ffff8880a61a8d80 index:0x8
[  753.265101][ T5912] shmem_aops 
[  753.265106][ T5912] name:"memfd:" 
[  753.270849][ T5912] flags: 0x1fffc000008000c(uptodate|dirty|swapbacked)
[  753.281374][ T5912] raw: 01fffc000008000c dead000000000100 dead000000000200 ffff8880a61a8d80
[  753.292541][ T5912] raw: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  753.301201][ T5912] page dumped because: non-NULL mapping
[  753.309176][ T5912] Modules linked in:
[  753.313128][ T5912] CPU: 1 PID: 5912 Comm: syz-executor.2 Tainted: G    B             5.0.0-rc8-next-20190226 #43
[  753.323528][ T5912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  753.333579][ T5912] Call Trace:
[  753.336879][ T5912]  dump_stack+0x172/0x1f0
[  753.341214][ T5912]  bad_page.cold+0xda/0xff
[  753.345632][ T5912]  ? si_mem_available+0x320/0x320
[  753.350652][ T5912]  ? trace_hardirqs_on+0x67/0x230
[  753.355671][ T5912]  ? kasan_check_read+0x11/0x20
[  753.360526][ T5912]  free_pages_check_bad+0x142/0x1a0
[  753.365726][ T5912]  free_unref_page+0x3c6/0x600
[  753.370494][ T5912]  __put_page+0x8d/0xd0
[  753.374647][ T5912]  page_cache_pipe_buf_release+0x12b/0x180
[  753.380461][ T5912]  iter_file_splice_write+0x7d1/0xbe0
[  753.385833][ T5912]  ? atime_needs_update+0x5f0/0x5f0
[  753.391036][ T5912]  ? page_cache_pipe_buf_confirm+0x2b0/0x2b0
[  753.397023][ T5912]  ? rw_verify_area+0x118/0x360
[  753.401873][ T5912]  ? page_cache_pipe_buf_confirm+0x2b0/0x2b0
[  753.407852][ T5912]  direct_splice_actor+0x126/0x1a0
[  753.412965][ T5912]  splice_direct_to_actor+0x369/0x970
[  753.418333][ T5912]  ? generic_pipe_buf_nosteal+0x10/0x10
[  753.423876][ T5912]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  753.430109][ T5912]  ? do_splice_to+0x190/0x190
[  753.434787][ T5912]  ? rw_verify_area+0x118/0x360
[  753.439632][ T5912]  do_splice_direct+0x1da/0x2a0
[  753.444480][ T5912]  ? splice_direct_to_actor+0x970/0x970
[  753.450028][ T5912]  ? rw_verify_area+0x118/0x360
[  753.454874][ T5912]  do_sendfile+0x597/0xd00
[  753.459297][ T5912]  ? do_compat_pwritev64+0x1c0/0x1c0
[  753.464579][ T5912]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  753.470816][ T5912]  ? put_timespec64+0xda/0x140
[  753.475587][ T5912]  __x64_sys_sendfile64+0x1dd/0x220
[  753.480784][ T5912]  ? __ia32_sys_sendfile+0x230/0x230
[  753.486069][ T5912]  ? do_syscall_64+0x26/0x610
[  753.490742][ T5912]  ? lockdep_hardirqs_on+0x418/0x5d0
[  753.496025][ T5912]  ? trace_hardirqs_on+0x67/0x230
[  753.501049][ T5912]  do_syscall_64+0x103/0x610
[  753.505642][ T5912]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  753.511527][ T5912] RIP: 0033:0x457e29
[  753.515422][ T5912] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  753.535031][ T5912] RSP: 002b:00007f2034fb3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  753.543447][ T5912] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457e29
[  753.551413][ T5912] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006
[  753.559390][ T5912] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000
[  753.567352][ T5912] R10: 0000000000080003 R11: 0000000000000246 R12: 00007f2034fb46d4
[  753.575316][ T5912] R13: 00000000004c4dce R14: 00000000004d8af8 R15: 00000000ffffffff
[  753.589384][ T5912] BUG: Bad page state in process syz-executor.2  pfn:81728
[  753.596665][ T5912] page:ffffea000205ca00 count:0 mapcount:0 mapping:ffff8880a61a8d80 index:0x9
[  753.607967][ T5912] shmem_aops 
[  753.607973][ T5912] name:"memfd:" 
[  753.611306][ T5912] flags: 0x1fffc000008000c(uptodate|dirty|swapbacked)
[  753.621678][ T5912] raw: 01fffc000008000c dead000000000100 dead000000000200 ffff8880a61a8d80
[  753.632975][ T5912] raw: 0000000000000009 0000000000000000 00000000ffffffff 0000000000000000
[  753.641620][ T5912] page dumped because: non-NULL mapping
[  753.649681][ T5912] Modules linked in:
[  753.653634][ T5912] CPU: 1 PID: 5912 Comm: syz-executor.2 Tainted: G    B             5.0.0-rc8-next-20190226 #43
[  753.664031][ T5912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  753.674074][ T5912] Call Trace:
[  753.677369][ T5912]  dump_stack+0x172/0x1f0
[  753.681712][ T5912]  bad_page.cold+0xda/0xff
[  753.686123][ T5912]  ? si_mem_available+0x320/0x320
[  753.691151][ T5912]  ? trace_hardirqs_on+0x67/0x230
[  753.696178][ T5912]  ? kasan_check_read+0x11/0x20
[  753.701033][ T5912]  free_pages_check_bad+0x142/0x1a0
[  753.706229][ T5912]  free_unref_page+0x3c6/0x600
[  753.711002][ T5912]  __put_page+0x8d/0xd0
[  753.715163][ T5912]  page_cache_pipe_buf_release+0x12b/0x180
[  753.720975][ T5912]  iter_file_splice_write+0x7d1/0xbe0
[  753.726341][ T5912]  ? atime_needs_update+0x5f0/0x5f0
[  753.731540][ T5912]  ? page_cache_pipe_buf_confirm+0x2b0/0x2b0
[  753.737526][ T5912]  ? rw_verify_area+0x118/0x360
[  753.742369][ T5912]  ? page_cache_pipe_buf_confirm+0x2b0/0x2b0
[  753.748341][ T5912]  direct_splice_actor+0x126/0x1a0
[  753.753459][ T5912]  splice_direct_to_actor+0x369/0x970
[  753.758827][ T5912]  ? generic_pipe_buf_nosteal+0x10/0x10
[  753.764369][ T5912]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  753.770603][ T5912]  ? do_splice_to+0x190/0x190
[  753.775279][ T5912]  ? rw_verify_area+0x118/0x360
[  753.780126][ T5912]  do_splice_direct+0x1da/0x2a0
[  753.784981][ T5912]  ? splice_direct_to_actor+0x970/0x970
[  753.790527][ T5912]  ? rw_verify_area+0x118/0x360
[  753.795379][ T5912]  do_sendfile+0x597/0xd00
[  753.799796][ T5912]  ? do_compat_pwritev64+0x1c0/0x1c0
[  753.805075][ T5912]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  753.811331][ T5912]  ? put_timespec64+0xda/0x140
[  753.816099][ T5912]  __x64_sys_sendfile64+0x1dd/0x220
[  753.821295][ T5912]  ? __ia32_sys_sendfile+0x230/0x230
[  753.826576][ T5912]  ? do_syscall_64+0x26/0x610
[  753.831248][ T5912]  ? lockdep_hardirqs_on+0x418/0x5d0
[  753.836532][ T5912]  ? trace_hardirqs_on+0x67/0x230
[  753.841556][ T5912]  do_syscall_64+0x103/0x610
[  753.846144][ T5912]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  753.852026][ T5912] RIP: 0033:0x457e29
[  753.855914][ T5912] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  753.875514][ T5912] RSP: 002b:00007f2034fb3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  753.883921][ T5912] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457e29
[  753.891892][ T5912] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006
[  753.899860][ T5912] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000
[  753.907829][ T5912] R10: 0000000000080003 R11: 0000000000000246 R12: 00007f2034fb46d4
[  753.915792][ T5912] R13: 00000000004c4dce R14: 00000000004d8af8 R15: 00000000ffffffff
[  753.928790][ T5912] BUG: Bad page state in process syz-executor.2  pfn:75620
[  753.936248][ T5912] page:ffffea0001d58800 count:0 mapcount:0 mapping:ffff8880a61a8d80 index:0xa
[  753.945224][ T5912] shmem_aops 
[  753.945230][ T5912] name:"memfd:" 
[  753.948568][ T5912] flags: 0x1fffc000008000c(uptodate|dirty|swapbacked)
[  753.961310][ T5912] raw: 01fffc000008000c dead000000000100 dead000000000200 ffff8880a61a8d80
[  753.969999][ T5912] raw: 000000000000000a 0000000000000000 00000000ffffffff 0000000000000000
[  753.981015][ T5912] page dumped because: non-NULL mapping
[  753.986770][ T5912] Modules linked in:
[  753.990722][ T5912] CPU: 1 PID: 5912 Comm: syz-executor.2 Tainted: G    B             5.0.0-rc8-next-20190226 #43
[  754.001123][ T5912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  754.011168][ T5912] Call Trace:
[  754.014466][ T5912]  dump_stack+0x172/0x1f0
[  754.018799][ T5912]  bad_page.cold+0xda/0xff
[  754.023212][ T5912]  ? si_mem_available+0x320/0x320
[  754.028234][ T5912]  ? trace_hardirqs_on+0x67/0x230
[  754.033258][ T5912]  ? kasan_check_read+0x11/0x20
[  754.038109][ T5912]  free_pages_check_bad+0x142/0x1a0
[  754.043304][ T5912]  free_unref_page+0x3c6/0x600
[  754.048069][ T5912]  __put_page+0x8d/0xd0
[  754.052498][ T5912]  page_cache_pipe_buf_release+0x12b/0x180
[  754.058304][ T5912]  iter_file_splice_write+0x7d1/0xbe0
[  754.063673][ T5912]  ? atime_needs_update+0x5f0/0x5f0
[  754.068873][ T5912]  ? page_cache_pipe_buf_confirm+0x2b0/0x2b0
[  754.074860][ T5912]  ? rw_verify_area+0x118/0x360
[  754.079706][ T5912]  ? page_cache_pipe_buf_confirm+0x2b0/0x2b0
[  754.085685][ T5912]  direct_splice_actor+0x126/0x1a0
[  754.090798][ T5912]  splice_direct_to_actor+0x369/0x970
[  754.096167][ T5912]  ? generic_pipe_buf_nosteal+0x10/0x10
[  754.101709][ T5912]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  754.107944][ T5912]  ? do_splice_to+0x190/0x190
[  754.112626][ T5912]  ? rw_verify_area+0x118/0x360
[  754.117478][ T5912]  do_splice_direct+0x1da/0x2a0
[  754.122332][ T5912]  ? splice_direct_to_actor+0x970/0x970
[  754.127877][ T5912]  ? rw_verify_area+0x118/0x360
[  754.132723][ T5912]  do_sendfile+0x597/0xd00
[  754.137147][ T5912]  ? do_compat_pwritev64+0x1c0/0x1c0
[  754.142429][ T5912]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  754.148678][ T5912]  ? put_timespec64+0xda/0x140
[  754.153454][ T5912]  __x64_sys_sendfile64+0x1dd/0x220
[  754.158687][ T5912]  ? __ia32_sys_sendfile+0x230/0x230
[  754.163972][ T5912]  ? do_syscall_64+0x26/0x610
[  754.168652][ T5912]  ? lockdep_hardirqs_on+0x418/0x5d0
[  754.173936][ T5912]  ? trace_hardirqs_on+0x67/0x230
[  754.178973][ T5912]  do_syscall_64+0x103/0x610
[  754.183567][ T5912]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  754.189457][ T5912] RIP: 0033:0x457e29
[  754.193348][ T5912] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  754.212947][ T5912] RSP: 002b:00007f2034fb3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  754.221362][ T5912] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457e29
[  754.229329][ T5912] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006
[  754.237302][ T5912] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000
[  754.245283][ T5912] R10: 0000000000080003 R11: 0000000000000246 R12: 00007f2034fb46d4
[  754.253627][ T5912] R13: 00000000004c4dce R14: 00000000004d8af8 R15: 00000000ffffffff
[  754.268209][ T5912] BUG: Bad page state in process syz-executor.2  pfn:681ca
[  754.275507][ T5912] page:ffffea0001a07280 count:0 mapcount:0 mapping:ffff8880a61a8d80 index:0xb
[  754.284413][ T5912] shmem_aops 
[  754.284419][ T5912] name:"memfd:" 
[  754.290079][ T5912] flags: 0x1fffc000008000c(uptodate|dirty|swapbacked)
[  754.300481][ T5912] raw: 01fffc000008000c dead000000000100 dead000000000200 ffff8880a61a8d80
[  754.311493][ T5912] raw: 000000000000000b 0000000000000000 00000000ffffffff 0000000000000000
[  754.320616][ T5912] page dumped because: non-NULL mapping
[  754.328705][ T5912] Modules linked in:
[  754.332658][ T5912] CPU: 1 PID: 5912 Comm: syz-executor.2 Tainted: G    B             5.0.0-rc8-next-20190226 #43
[  754.343057][ T5912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  754.353299][ T5912] Call Trace:
[  754.356596][ T5912]  dump_stack+0x172/0x1f0
[  754.360926][ T5912]  bad_page.cold+0xda/0xff
[  754.365344][ T5912]  ? si_mem_available+0x320/0x320
[  754.370364][ T5912]  ? trace_hardirqs_on+0x67/0x230
[  754.375386][ T5912]  ? kasan_check_read+0x11/0x20
[  754.380241][ T5912]  free_pages_check_bad+0x142/0x1a0
[  754.385439][ T5912]  free_unref_page+0x3c6/0x600
[  754.390215][ T5912]  __put_page+0x8d/0xd0
[  754.394372][ T5912]  page_cache_pipe_buf_release+0x12b/0x180
[  754.400176][ T5912]  iter_file_splice_write+0x7d1/0xbe0
[  754.405548][ T5912]  ? atime_needs_update+0x5f0/0x5f0
[  754.410754][ T5912]  ? page_cache_pipe_buf_confirm+0x2b0/0x2b0
[  754.416741][ T5912]  ? rw_verify_area+0x118/0x360
[  754.421591][ T5912]  ? page_cache_pipe_buf_confirm+0x2b0/0x2b0
[  754.427571][ T5912]  direct_splice_actor+0x126/0x1a0
[  754.432679][ T5912]  splice_direct_to_actor+0x369/0x970
[  754.438501][ T5912]  ? generic_pipe_buf_nosteal+0x10/0x10
[  754.444047][ T5912]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  754.450283][ T5912]  ? do_splice_to+0x190/0x190
[  754.454964][ T5912]  ? rw_verify_area+0x118/0x360
[  754.459812][ T5912]  do_splice_direct+0x1da/0x2a0
[  754.464662][ T5912]  ? splice_direct_to_actor+0x970/0x970
[  754.470215][ T5912]  ? rw_verify_area+0x118/0x360
[  754.475065][ T5912]  do_sendfile+0x597/0xd00
[  754.479493][ T5912]  ? do_compat_pwritev64+0x1c0/0x1c0
[  754.484782][ T5912]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  754.491017][ T5912]  ? put_timespec64+0xda/0x140
[  754.495783][ T5912]  __x64_sys_sendfile64+0x1dd/0x220
[  754.500986][ T5912]  ? __ia32_sys_sendfile+0x230/0x230
[  754.506265][ T5912]  ? do_syscall_64+0x26/0x610
[  754.510938][ T5912]  ? lockdep_hardirqs_on+0x418/0x5d0
[  754.516222][ T5912]  ? trace_hardirqs_on+0x67/0x230
[  754.521248][ T5912]  do_syscall_64+0x103/0x610
[  754.525843][ T5912]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  754.531728][ T5912] RIP: 0033:0x457e29
[  754.535619][ T5912] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  754.555216][ T5912] RSP: 002b:00007f2034fb3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  754.563623][ T5912] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457e29
[  754.571586][ T5912] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006
[  754.579554][ T5912] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000
[  754.587517][ T5912] R10: 0000000000080003 R11: 0000000000000246 R12: 00007f2034fb46d4
[  754.595480][ T5912] R13: 00000000004c4dce R14: 00000000004d8af8 R15: 00000000ffffffff
[  754.606785][ T5912] BUG: Bad page state in process syz-executor.2  pfn:6d957
[  754.614055][ T5912] page:ffffea0001b655c0 count:0 mapcount:0 mapping:ffff8880a61a8d80 index:0xc
[  754.624428][ T5912] shmem_aops 
[  754.624452][ T5912] name:"memfd:" 
[  754.629218][ T5912] flags: 0x1fffc000008000c(uptodate|dirty|swapbacked)
[  754.640922][ T5912] raw: 01fffc000008000c dead000000000100 dead000000000200 ffff8880a61a8d80
[  754.651472][ T5912] raw: 000000000000000c 0000000000000000 00000000ffffffff 0000000000000000
[  754.661434][ T5912] page dumped because: non-NULL mapping
[  754.668286][ T5912] Modules linked in:
[  754.672237][ T5912] CPU: 1 PID: 5912 Comm: syz-executor.2 Tainted: G    B             5.0.0-rc8-next-20190226 #43
[  754.682647][ T5912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  754.692711][ T5912] Call Trace:
[  754.696021][ T5912]  dump_stack+0x172/0x1f0
[  754.700353][ T5912]  bad_page.cold+0xda/0xff
[  754.704769][ T5912]  ? si_mem_available+0x320/0x320
[  754.709790][ T5912]  ? trace_hardirqs_on+0x67/0x230
[  754.714831][ T5912]  ? kasan_check_read+0x11/0x20
[  754.719685][ T5912]  free_pages_check_bad+0x142/0x1a0
[  754.724882][ T5912]  free_unref_page+0x3c6/0x600
[  754.729643][ T5912]  __put_page+0x8d/0xd0
[  754.733794][ T5912]  page_cache_pipe_buf_release+0x12b/0x180
[  754.739599][ T5912]  iter_file_splice_write+0x7d1/0xbe0
[  754.744978][ T5912]  ? atime_needs_update+0x5f0/0x5f0
[  754.750178][ T5912]  ? page_cache_pipe_buf_confirm+0x2b0/0x2b0
[  754.756163][ T5912]  ? rw_verify_area+0x118/0x360
[  754.761013][ T5912]  ? page_cache_pipe_buf_confirm+0x2b0/0x2b0
[  754.766991][ T5912]  direct_splice_actor+0x126/0x1a0
[  754.772112][ T5912]  splice_direct_to_actor+0x369/0x970
[  754.777502][ T5912]  ? generic_pipe_buf_nosteal+0x10/0x10
[  754.783045][ T5912]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  754.789284][ T5912]  ? do_splice_to+0x190/0x190
[  754.793966][ T5912]  ? rw_verify_area+0x118/0x360
[  754.798828][ T5912]  do_splice_direct+0x1da/0x2a0
[  754.803679][ T5912]  ? splice_direct_to_actor+0x970/0x970
[  754.809230][ T5912]  ? rw_verify_area+0x118/0x360
[  754.814076][ T5912]  do_sendfile+0x597/0xd00
[  754.818500][ T5912]  ? do_compat_pwritev64+0x1c0/0x1c0
[  754.823781][ T5912]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  754.830016][ T5912]  ? put_timespec64+0xda/0x140
[  754.834787][ T5912]  __x64_sys_sendfile64+0x1dd/0x220
[  754.839987][ T5912]  ? __ia32_sys_sendfile+0x230/0x230
[  754.845269][ T5912]  ? do_syscall_64+0x26/0x610
[  754.849943][ T5912]  ? lockdep_hardirqs_on+0x418/0x5d0
[  754.855230][ T5912]  ? trace_hardirqs_on+0x67/0x230
[  754.860258][ T5912]  do_syscall_64+0x103/0x610
[  754.864847][ T5912]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  754.870731][ T5912] RIP: 0033:0x457e29
[  754.874624][ T5912] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  754.894223][ T5912] RSP: 002b:00007f2034fb3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  754.902631][ T5912] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457e29
[  754.910597][ T5912] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006
[  754.918566][ T5912] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000
[  754.926531][ T5912] R10: 0000000000080003 R11: 0000000000000246 R12: 00007f2034fb46d4
[  754.934498][ T5912] R13: 00000000004c4dce R14: 00000000004d8af8 R15: 00000000ffffffff
[  754.946860][ T5912] BUG: Bad page state in process syz-executor.2  pfn:82155
[  754.954115][ T5912] page:ffffea0002085540 count:0 mapcount:0 mapping:ffff8880a61a8d80 index:0xd
[  754.966451][ T5912] shmem_aops 
[  754.966457][ T5912] name:"memfd:" 
[  754.969800][ T5912] flags: 0x1fffc000008000c(uptodate|dirty|swapbacked)
[  754.981613][ T5912] raw: 01fffc000008000c dead000000000100 dead000000000200 ffff8880a61a8d80
[  754.991760][ T5912] raw: 000000000000000d 0000000000000000 00000000ffffffff 0000000000000000
[  755.001984][ T5912] page dumped because: non-NULL mapping
[  755.009066][ T5912] Modules linked in:
[  755.013021][ T5912] CPU: 1 PID: 5912 Comm: syz-executor.2 Tainted: G    B             5.0.0-rc8-next-20190226 #43
[  755.023438][ T5912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  755.033542][ T5912] Call Trace:
[  755.036868][ T5912]  dump_stack+0x172/0x1f0
[  755.041208][ T5912]  bad_page.cold+0xda/0xff
[  755.045641][ T5912]  ? si_mem_available+0x320/0x320
[  755.050659][ T5912]  ? trace_hardirqs_on+0x67/0x230
[  755.055681][ T5912]  ? kasan_check_read+0x11/0x20
[  755.060544][ T5912]  free_pages_check_bad+0x142/0x1a0
[  755.065748][ T5912]  free_unref_page+0x3c6/0x600
[  755.070513][ T5912]  __put_page+0x8d/0xd0
[  755.074667][ T5912]  page_cache_pipe_buf_release+0x12b/0x180
[  755.080471][ T5912]  iter_file_splice_write+0x7d1/0xbe0
[  755.085839][ T5912]  ? atime_needs_update+0x5f0/0x5f0
[  755.091037][ T5912]  ? page_cache_pipe_buf_confirm+0x2b0/0x2b0
[  755.097029][ T5912]  ? rw_verify_area+0x118/0x360
[  755.101878][ T5912]  ? page_cache_pipe_buf_confirm+0x2b0/0x2b0
[  755.107856][ T5912]  direct_splice_actor+0x126/0x1a0
[  755.112971][ T5912]  splice_direct_to_actor+0x369/0x970
[  755.118341][ T5912]  ? generic_pipe_buf_nosteal+0x10/0x10
[  755.123887][ T5912]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  755.130120][ T5912]  ? do_splice_to+0x190/0x190
[  755.134798][ T5912]  ? rw_verify_area+0x118/0x360
[  755.139675][ T5912]  do_splice_direct+0x1da/0x2a0
[  755.144525][ T5912]  ? splice_direct_to_actor+0x970/0x970
[  755.150073][ T5912]  ? rw_verify_area+0x118/0x360
[  755.154924][ T5912]  do_sendfile+0x597/0xd00
[  755.159347][ T5912]  ? do_compat_pwritev64+0x1c0/0x1c0
[  755.164628][ T5912]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  755.170869][ T5912]  ? put_timespec64+0xda/0x140
[  755.175640][ T5912]  __x64_sys_sendfile64+0x1dd/0x220
[  755.180838][ T5912]  ? __ia32_sys_sendfile+0x230/0x230
[  755.186223][ T5912]  ? do_syscall_64+0x26/0x610
[  755.190896][ T5912]  ? lockdep_hardirqs_on+0x418/0x5d0
[  755.196176][ T5912]  ? trace_hardirqs_on+0x67/0x230
[  755.201201][ T5912]  do_syscall_64+0x103/0x610
[  755.205790][ T5912]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  755.211758][ T5912] RIP: 0033:0x457e29
[  755.215652][ T5912] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  755.235255][ T5912] RSP: 002b:00007f2034fb3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  755.243665][ T5912] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457e29
[  755.251631][ T5912] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006
[  755.259599][ T5912] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000
[  755.267570][ T5912] R10: 0000000000080003 R11: 0000000000000246 R12: 00007f2034fb46d4
[  755.275538][ T5912] R13: 00000000004c4dce R14: 00000000004d8af8 R15: 00000000ffffffff
[  755.291735][ T5912] BUG: Bad page state in process syz-executor.2  pfn:7ad13
[  755.299474][ T5912] page:ffffea0001eb44c0 count:0 mapcount:0 mapping:ffff8880a61a8d80 index:0xe
[  755.310721][ T5912] shmem_aops 
[  755.310727][ T5912] name:"memfd:" 
[  755.314064][ T5912] flags: 0x1fffc000008000c(uptodate|dirty|swapbacked)
[  755.324932][ T5912] raw: 01fffc000008000c dead000000000100 dead000000000200 ffff8880a61a8d80
[  755.336191][ T5912] raw: 000000000000000e 0000000000000000 00000000ffffffff 0000000000000000
[  755.344847][ T5912] page dumped because: non-NULL mapping
[  755.352538][ T5912] Modules linked in:
[  755.357550][ T5912] CPU: 1 PID: 5912 Comm: syz-executor.2 Tainted: G    B             5.0.0-rc8-next-20190226 #43
[  755.368134][ T5912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  755.378205][ T5912] Call Trace:
[  755.381501][ T5912]  dump_stack+0x172/0x1f0
[  755.385839][ T5912]  bad_page.cold+0xda/0xff
[  755.390262][ T5912]  ? si_mem_available+0x320/0x320
[  755.395290][ T5912]  ? trace_hardirqs_on+0x67/0x230
[  755.400315][ T5912]  ? kasan_check_read+0x11/0x20
[  755.405165][ T5912]  free_pages_check_bad+0x142/0x1a0
[  755.410369][ T5912]  free_unref_page+0x3c6/0x600
[  755.415132][ T5912]  __put_page+0x8d/0xd0
[  755.419294][ T5912]  page_cache_pipe_buf_release+0x12b/0x180
[  755.425097][ T5912]  iter_file_splice_write+0x7d1/0xbe0
[  755.430471][ T5912]  ? atime_needs_update+0x5f0/0x5f0
[  755.435676][ T5912]  ? page_cache_pipe_buf_confirm+0x2b0/0x2b0
[  755.441671][ T5912]  ? rw_verify_area+0x118/0x360
[  755.446516][ T5912]  ? page_cache_pipe_buf_confirm+0x2b0/0x2b0
[  755.452498][ T5912]  direct_splice_actor+0x126/0x1a0
[  755.457618][ T5912]  splice_direct_to_actor+0x369/0x970
[  755.462995][ T5912]  ? generic_pipe_buf_nosteal+0x10/0x10
[  755.468548][ T5912]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  755.474792][ T5912]  ? do_splice_to+0x190/0x190
[  755.479494][ T5912]  ? rw_verify_area+0x118/0x360
[  755.484350][ T5912]  do_splice_direct+0x1da/0x2a0
[  755.489413][ T5912]  ? splice_direct_to_actor+0x970/0x970
[  755.494975][ T5912]  ? rw_verify_area+0x118/0x360
[  755.499825][ T5912]  do_sendfile+0x597/0xd00
[  755.504246][ T5912]  ? do_compat_pwritev64+0x1c0/0x1c0
[  755.509535][ T5912]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  755.515779][ T5912]  ? put_timespec64+0xda/0x140
[  755.520554][ T5912]  __x64_sys_sendfile64+0x1dd/0x220
[  755.525760][ T5912]  ? __ia32_sys_sendfile+0x230/0x230
[  755.531043][ T5912]  ? do_syscall_64+0x26/0x610
[  755.535715][ T5912]  ? lockdep_hardirqs_on+0x418/0x5d0
[  755.541002][ T5912]  ? trace_hardirqs_on+0x67/0x230
[  755.546024][ T5912]  do_syscall_64+0x103/0x610
[  755.550619][ T5912]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  755.556506][ T5912] RIP: 0033:0x457e29
[  755.560396][ T5912] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  755.579997][ T5912] RSP: 002b:00007f2034fb3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  755.588404][ T5912] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457e29
[  755.596368][ T5912] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006
[  755.604330][ T5912] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000
[  755.612292][ T5912] R10: 0000000000080003 R11: 0000000000000246 R12: 00007f2034fb46d4
[  755.620308][ T5912] R13: 00000000004c4dce R14: 00000000004d8af8 R15: 00000000ffffffff
[  755.628504][ T5912] BUG: Bad page state in process syz-executor.2  pfn:76cc7
[  755.635750][ T5912] page:ffffea0001db31c0 count:0 mapcount:0 mapping:ffff8880a61a8d80 index:0xf
[  755.644594][ T5912] shmem_aops 
[  755.644600][ T5912] name:"memfd:" 
[  755.647934][ T5912] flags: 0x1fffc000008000c(uptodate|dirty|swapbacked)
[  755.658304][ T5912] raw: 01fffc000008000c dead000000000100 dead000000000200 ffff8880a61a8d80
[  755.667269][ T5912] raw: 000000000000000f 0000000000000000 00000000ffffffff 0000000000000000
[  755.676068][ T5912] page dumped because: non-NULL mapping
[  755.681615][ T5912] Modules linked in:
[  755.685735][ T5912] CPU: 0 PID: 5912 Comm: syz-executor.2 Tainted: G    B             5.0.0-rc8-next-20190226 #43
[  755.696228][ T5912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  755.706275][ T5912] Call Trace:
[  755.709598][ T5912]  dump_stack+0x172/0x1f0
[  755.713943][ T5912]  bad_page.cold+0xda/0xff
[  755.718382][ T5912]  ? si_mem_available+0x320/0x320
[  755.723462][ T5912]  ? trace_hardirqs_on+0x67/0x230
[  755.728493][ T5912]  ? kasan_check_read+0x11/0x20
[  755.733348][ T5912]  free_pages_check_bad+0x142/0x1a0
[  755.738556][ T5912]  free_unref_page+0x3c6/0x600
[  755.743317][ T5912]  __put_page+0x8d/0xd0
[  755.747492][ T5912]  page_cache_pipe_buf_release+0x12b/0x180
[  755.753295][ T5912]  iter_file_splice_write+0x7d1/0xbe0
[  755.758668][ T5912]  ? atime_needs_update+0x5f0/0x5f0
[  755.763874][ T5912]  ? page_cache_pipe_buf_confirm+0x2b0/0x2b0
[  755.769861][ T5912]  ? rw_verify_area+0x118/0x360
[  755.774709][ T5912]  ? page_cache_pipe_buf_confirm+0x2b0/0x2b0
[  755.780683][ T5912]  direct_splice_actor+0x126/0x1a0
[  755.785831][ T5912]  splice_direct_to_actor+0x369/0x970
[  755.791200][ T5912]  ? generic_pipe_buf_nosteal+0x10/0x10
[  755.796748][ T5912]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  755.803078][ T5912]  ? do_splice_to+0x190/0x190
[  755.807767][ T5912]  ? rw_verify_area+0x118/0x360
[  755.812620][ T5912]  do_splice_direct+0x1da/0x2a0
[  755.817487][ T5912]  ? splice_direct_to_actor+0x970/0x970
[  755.823040][ T5912]  ? rw_verify_area+0x118/0x360
[  755.827895][ T5912]  do_sendfile+0x597/0xd00
[  755.832323][ T5912]  ? do_compat_pwritev64+0x1c0/0x1c0
[  755.837608][ T5912]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  755.843841][ T5912]  ? put_timespec64+0xda/0x140
[  755.848633][ T5912]  __x64_sys_sendfile64+0x1dd/0x220
[  755.853830][ T5912]  ? __ia32_sys_sendfile+0x230/0x230
[  755.859114][ T5912]  ? do_syscall_64+0x26/0x610
[  755.863784][ T5912]  ? lockdep_hardirqs_on+0x418/0x5d0
[  755.869064][ T5912]  ? trace_hardirqs_on+0x67/0x230
[  755.874086][ T5912]  do_syscall_64+0x103/0x610
[  755.878675][ T5912]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  755.884568][ T5912] RIP: 0033:0x457e29
[  755.888469][ T5912] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  755.908076][ T5912] RSP: 002b:00007f2034fb3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  755.916494][ T5912] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457e29
[  755.924474][ T5912] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006
[  755.932437][ T5912] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000
[  755.940422][ T5912] R10: 0000000000080003 R11: 0000000000000246 R12: 00007f2034fb46d4
[  755.948413][ T5912] R13: 00000000004c4dce R14: 00000000004d8af8 R15: 00000000ffffffff