2CAP_OPTIONS(r1, 0x6, 0x1, &(0x7f0000000340)={0x7ff, 0x3f, 0x3, 0x8, 0x81, 0xc5, 0x30000000}, 0xc)
setsockopt$inet_mreqn(r1, 0x0, 0x0, &(0x7f0000000100)={@remote, @broadcast, r2}, 0xc)
r3 = open(&(0x7f0000000300)='./bus\x00', 0x40, 0x101)
ioctl$FS_IOC_SETFSLABEL(r0, 0x41009432, &(0x7f0000000940)="38913ff9000a0f9eb69ba2c5dfcb7c424a4271831a22bc677d31469403742823717134d30f4dd362619f1489c442f07a4abdce70e599b2c7f7362d18dfd534bf848f25176c50a9054ccd0f185c8546cd00c4f6f0a18693a2f86ea2274f45652bc3624bb86b03b4a37ea00702d9dd20a495b14ae79a6d9bd40c2ce4c7b96fbcc88106aa2e3da5b0d6481be8516947b977b9d059fe0e41470304e7bfc8482e0f2b7112cc3e7cd78a8ab42e1c92dbd333f0cdc5d52678c8a2b77d8f3a28c13692146c7fa5931382ab10922e435a2b604bd39e8b42c1bcaeed1af8c7f1cba36e3a4835c1418fa90d6ad61a8df1e9ddad0531fd5df7158a03c910e42e10faf500")
bind$inet6(r0, &(0x7f0000000600)={0xa, 0x4e20, 0x0, @loopback, 0x4}, 0x1c)
clock_gettime(0x0, &(0x7f0000000280)={<r4=>0x0, <r5=>0x0})
utimensat(r3, &(0x7f0000000180)='./bus\x00', &(0x7f00000002c0)={{r4, r5/1000+30000}, {0x0, 0x2710}}, 0x100)
sendto$inet6(r0, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
setsockopt$inet6_icmp_ICMP_FILTER(r1, 0x1, 0x1, &(0x7f0000000240), 0x4)
fgetxattr(r0, &(0x7f0000000400)=ANY=[@ANYBLOB="73010000006974792e5b235c243b47747275737465647d42645e766d6e65743170726f63656d30009039e7c62819d92f33c32c92bbd3f04a1295fa4b49cb93e99fb8ca12ce4f95387e4c335e0586093977512aa342e25ef41bf9bc168bde642bc44c00589d9099f3bf71472fbcf026262d38f65a176924ea80099250c64428b4e8f39edc966fc7d24296fb51c696f915b1e96a89f8993f2e22c04bf8e082ab45a61f2173f275287cacf333a01ee6b394a031cdb2b7f3493dc034ff"], 0x0, 0x0)
ioctl$TUNSETTXFILTER(r1, 0x400454d1, &(0x7f00000004c0)=ANY=[@ANYBLOB="01000500ffffffffffffaaaa02f89f41e345a3692fc98b8b4edfb4a0aa7daaaab0aaaa"])
setsockopt$inet_tcp_int(r1, 0x6, 0x13, &(0x7f0000000080)=0x1, 0x4)
setsockopt$inet_tcp_int(r1, 0x6, 0x18, &(0x7f00000001c0), 0x4)
bind$unix(r3, 0x0, 0xffffffffffffff5c)
ftruncate(0xffffffffffffffff, 0x0)
syz_open_dev$adsp(&(0x7f0000000380)='/dev/adsp#\x00', 0x6, 0x0)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x0)
r6 = open(&(0x7f00000034c0)='./bus\x00', 0x100000141042, 0x0)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0)
ftruncate(r6, 0x10099b7)
ioctl$PPPIOCSNPMODE(r3, 0x4008744b, &(0x7f00000003c0)={0xfb, 0x2})
getsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000000c0), 0x4)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000200)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x0, 0x5}]}, 0x10)
sendfile(r0, r6, 0x0, 0x8000fffffffe)
seccomp(0x0, 0x0, 0x0)
connect$unix(r1, &(0x7f0000006780)=@file={0x0, './bus\x00'}, 0x6e)

[  294.765801] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based  firewall rule not found. Use the iptables CT target to attach helpers instead.
[  294.791854] audit: type=1804 audit(1551451879.442:36): pid=12862 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir898792526/syzkaller.05P1rV/191/bus" dev="sda1" ino=16801 res=1
[  294.888189] protocol 88fb is buggy, dev hsr_slave_0
[  294.893304] protocol 88fb is buggy, dev hsr_slave_1
[  294.902271] audit: type=1326 audit(1551451879.552:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=12860 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45ac8a code=0x0
[  295.368151] protocol 88fb is buggy, dev hsr_slave_0
[  295.373268] protocol 88fb is buggy, dev hsr_slave_1
[  295.550237] audit: type=1804 audit(1551451880.202:38): pid=12862 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir898792526/syzkaller.05P1rV/191/bus" dev="sda1" ino=16801 res=1
[  295.574108] audit: type=1804 audit(1551451880.202:39): pid=12862 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir898792526/syzkaller.05P1rV/191/bus" dev="sda1" ino=16801 res=1
[  295.611190] audit: type=1326 audit(1551451880.262:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=12860 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45ac8a code=0x0
14:51:22 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, 0x0, 0x0)
tkill(r1, 0x1000000000015)

14:51:22 executing program 2:
write$FUSE_NOTIFY_POLL(0xffffffffffffffff, &(0x7f0000000680)={0x18, 0x1, 0x0, {0x81}}, 0x18)
socket$alg(0x26, 0x5, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$rds(0x15, 0x5, 0x0)
shmctl$IPC_INFO(0x0, 0x3, 0x0)
getsockopt$bt_rfcomm_RFCOMM_CONNINFO(0xffffffffffffffff, 0x12, 0x2, 0x0, 0x0)
bind$rds(r0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = pkey_alloc(0x0, 0x1)
pkey_free(r1)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0xfec0)
sendmsg$rds(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f00000002c0)=[@mask_cswp={0x58, 0x114, 0x9, {{}, &(0x7f0000000e80), &(0x7f0000000ec0), 0x0, 0x0, 0x0, 0x0, 0xffffff7f}}], 0x58}, 0x0)
r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101000, 0x0)
connect$bt_l2cap(r2, &(0x7f0000000140)={0x1f, 0x1ff, {0x4, 0x8, 0x0, 0x1, 0x9}, 0x1, 0x1}, 0xe)
openat$ashmem(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ashmem\x00', 0x200, 0x0)
r3 = syz_open_dev$radio(0x0, 0xffffffffffffffff, 0x2)
prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x2)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000200)='/dev/rfkill\x00', 0x80000, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f0000000500)={0x0, 0x2b, "8f17298313d168afeb05136f15d1a51283d054e2b0cf4241f1997d56617c6db766e340551cf122942df1f2"}, 0x0)
io_setup(0x407, &(0x7f0000000280))
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000ac0)='/proc/self/net/pfkey\x00', 0x82, 0x0)
ioctl$KVM_PPC_GET_PVINFO(r3, 0x4080aea1, &(0x7f0000000f00)=""/4096)
io_submit(0x0, 0x0, 0x0)

14:51:22 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r1}, {r1}], 0x2, 0x0, 0x0, 0x500000000000000)

14:51:22 executing program 0:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
lstat(&(0x7f0000000140)='./file0\x00', 0x0)
shmget(0x1, 0x2000, 0x0, &(0x7f0000ffd000/0x2000)=nil)
r0 = syz_open_dev$midi(0x0, 0x0, 0x200000)
getpgid(0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r0, 0xc0a85352, &(0x7f0000000000)={{0x4d, 0x8}, 'port0\x00', 0x80, 0x0, 0x6, 0x58, 0x41, 0xffff, 0x73d, 0x0, 0x7, 0x81})

14:51:22 executing program 3:
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f00000001c0)={0x18, 0x0, {0x4, @dev, 'lo\x00'}}, 0x1e)
ioctl$PPPIOCGCHAN(r0, 0x80047437, &(0x7f0000000080))
r1 = accept$inet6(0xffffffffffffff9c, &(0x7f0000000000), &(0x7f0000000040)=0x1c)
getsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f00000000c0)={<r2=>0x0, 0x9, 0x994f, 0xd55}, &(0x7f0000000100)=0x10)
socket$pppoe(0x18, 0x1, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f0000000200)={r2, 0xa0, "50b4a1b9dd7a69611010a36d622096ca45ed33634072df0b1a2d5ecc08afc4e453a68ad54ce5aa1697841b490bc8f4894acc982ab5d5b94757f9bcffbbd86556b9fdde890268b429247d8ad52a26a5343be02b184362758d0b0582e6fc4058845e1df9c0efd357ad12b0cc2fa1dde3772cad53cccf97d4e3bc9accf7ada0a796a2021edfae1f10a3c1d62aca65a9158e83ab8a9f3c5c736347acf53e36f2db0d"}, &(0x7f0000000140)=0xa8)
recvmmsg(r0, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

14:51:22 executing program 5:
r0 = openat$smack_task_current(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/attr/current\x00', 0x2, 0x0)
ioctl$FS_IOC_MEASURE_VERITY(r0, 0xc0046686, &(0x7f0000001480)=ANY=[@ANYBLOB="0300001070a564a780e5437dcb525e6bf1d26e42a112280d444864695808dff76bb965a561dfbc3f7567a7d6f8d6ac79e77265dc7c4151192b0d5b8581e0f667bb7b83ab433bfb738b637684bf682f710ce9621df3c3bed756c428cf60bddf2abedad9b14c443fbb8b848651ee0ae9ceb63352e2518aa31e387918a5b5b6faf7037858f59d08e673be25318de4645df6fdbcb99a91cb7ee5682e7efbead8230ba31c0630ee47ebd22eeb4e43d3047cb34346f7e1c30b319a4076cb807de9d02b3b4b850ec6cbeee7a40f0a305e441146cd0b5d3d722c7ef6ecc48031efc29740c11e43b62542ea1d9277d084f6ae5659b7ed5b18380f5b2e7e41678ab0cc1fb8c800a8e032a4a6ac5e81944002d1475e49a9b61cfaeb0c856360aa69f67be7eea54e2db1dcaa2cb7960f4047e3ffa181ef899b672df414cbdd223a52f424fa4b81edd7109febf9f6851efb4c2be0f95906b3ebb5d24d0f07cb90eb9495a16f2be083980ff4568d0d37b2a1b6dfa796ca213495f85b138013889ea87dd9e2a25c5a59b7da65e67551a8a820fec239bfd0dd66c4f1b2f6c455870b7ec3d97ccee4c732223ffce9d1f06e57cc980888ffd4bac23cd816566ae01e35056c5854d28c7ef97b6c40c75b247da18bb49aa685a53af28fe94a2b4341dd90d223c6b4a4eb3e4e91d103cdb9406dcc153a52c552d8d8b0b766909b8c8634f258aef4548cc835b36e46030000000000000064e3dfc29dec3852526830d2923092e71e6684e6a64ca2555ede30b0ee932935f4445b9c8e4304e68d49615066849d8020efaa4dfb74ecb72c473922c45cb178bb89ff7d58c2bb623d699e06313ca297df56abdc3281865b5a36f48fed0f0db7e6f30d61fe4ec53a221c63d2559b1bfabfbf9f018486daf7d71852f67b3074a053865c8acfc036341bb7ffa05e042ea2dfb8a07a4c6112082cae6950b8fe8f3e2b09eedacd29501603bbc028b597262c55e7b3bdae9474881d5512f564a586f476422389bfd1dccdf7e3e5939d9547416b949e881e93e72cf2319e02670e1eb68824aaa2a7f7e9239c82b3216eebc8001375d1f5f5dee1a6ae7c6ebb7283352bb27008d00e2d9432516ab57a9c197236b7350e1a0d22fbfe1e4050d5e19c60f02b2fad51f203891482dcd51d756fc419f78c851cbad2fa2a287766f4c73608942e7749623a578c25c68875b8642ce76144da41c87d01a3ee07e415fd88c67ca56926b5f585e89e804666bb58ef97780332cee2b2af2cffa2e44ed4f9e296e2fff960418e8b1fed07ecece33019b58369c44ed1dd77a6d0d61f15ad84bf5a505a82d812a62e3716e5553bb635e0a49224e09b35ce5e6539446c91c9f8da564d06d4ecb2d4f1448ccf9c9e699b940d225fd6199f7ee377ab42b36c358e3cbe940a7a2a657cefe3849a23b786250de6d1f833560872d4ca37e50c6e7222793a84d088124a8cb732b7f8fd185d8cf078ef8e8085fd86ca8999d5f9ad8e331c28ce0ddd3cda490c9d0c452a62812d66b3c026a5d01aeba083d58de23b1c42e98ba916df4a655ecd72388ac6b5fe9be61fe5fde9bb407f16a99dc53f00aec4ab1dfa4b44239ddeb5b653f55638b6a82d1aad9b0bee0c5b41273dfc5f7716aaeb19cc6d488e6a70f6b4128ceb469e3a7e801603efa4ad3c0277d71a4f250fa78dcb2d3ff2c4cb29a033090e3fbe1bdfc161f22fb12eb44527b493701c4acba344ed5b7918edfc341d23a05b61cf641f93f6510dc673ee365bcb3b64e7ee95e4cb09ad75e533a46e3e19abc7f9b20c94926a6073c31aa5b1de01ebb0488c073f249c24fd022131d69c25e03ba1cd9628b9a067d9b83bd0f9202bbad54e0f0ec231766c66d1a40fbd58a75691b8de402cc8636939a27bc5f9dcf4cafe77c964e83b846a484a5072c2e389a6710f965d8b2eb28bbd8cb03f5b3daf19e6073471701e1c4b986ef18c4eacabdbef30f573a69da354b180533daa01b0b57236a60d97448d0bd9cbb93ffe5ecb3cc0d934948c19b033c4facdab2542f0de3b04523a66718614457b3806e8948f9d9da2c4de74d4742c7219348d482a432111f355bba3a53d065b5666233a2dc535d9d7d7a2bafa9fac601cc584aa35c946b576f54a6d0702795648d32750cb1fae994f7271c4b6101b150fefcbdca637cbeee3c5e24bd5c0d3e9f4e740ebffc2e7e3b6c1049837f08f3cd56a4dcd6ac5717f07a73bc66b10c13dacfb5773b7aaa2cf54d643807022f23404e909fdee6c7dea5c6ee36407f7b4dc608fedb6feef71cf0c7d9d9e53c2478d1b6fb3e082b8d7c6b28214d0d63cf78df4a716fe65c161e90eaacc1d6b7857d84680d49dbf289673ac2c31ee5b9c4a470df6e0d4b7d4734b05b4b1aae6a5df8233581efbf6777e17c3c7120e5f2b79977a7ba4f103ed21865684fd01bbb71d913255dc9e51898a92cec07196b61342ff7e397849a9fde9be53d9124962c164626bc29451ee828ed4072b381cb26a966073a9b1ca497048c6cc7ae4ee1b4405f12d63224d6073ac79c78e65368fe0b04f1f1e2f8af886f82de0137611001ae8877c65038bb7a207d43e30d9f2956c0db2dc31cb1d31895967d0146dafb5a26b8d7910e346089c76ab7ccabb7724df610be0cce2bc0a82ffe84ad031fe09b9d5b6c811d77abd3d130df30a7fbfd02a5f6d6e56108077aa72772d8c3b50a0cf5d2348caf6260c27f3d855747c702d28d0fe2fd739b2ddebf0fadde6ceacb354793e110c6da938a00ff8b64dfe021da8896928a568b45981a530a38153c34eba6828b06183d962730c3dd1eef2ee8e0a64c96d2286d2189c67a8e68040c4d46115f2b5f06f1f57414277ca2da4cb896120309e2b9bc8e67a9c3e07cc2606c7d7ad873fafae0404afe2cedb12f51df504d9948ecb05e72cd44721a639a899c3d70bf471311184469c2c36333c69dc353b48aebc563ddb2d72ddc5c5cb78d49241cc2a7860db01e6783fcf5d1a8275b12ef8b461a161ae65b735c51dee8e728740f570fbaba889f3d670e3ad2d1c06bedda2ca9d08fdd73ca420cacff8a2b7b05f6634d7bb247b46e829791e6953a661620d091e9f3dadd1aff647ae99f5ec921f5dd5e738d5271e5ad54d68c04ad6a46830dacdfec27998a96f1c7554ec52c46436a4d8db86eb6d304758b3b8512a0045475dd0c7608af9d929882dfb05e89ac45c1ae89d0c5d66e5e2ab4941bf45faaf1013d4176e9c611ea822e995c426f3cb8d472b7bd78a7169e35488bc279140649260051ada8531406f2802e4a0b1f125353852d813b1d512960bea6b695770b66715e118cf5ead05d7892de97bbb822f5a800f4686cc9d9a9db37051a72b5dbb46e5f1fee82a3f28a140d42a2b25722f3f0b4941089dbab620261783efc2211231fc5382241d53388f158f2a36a10fec0351f7233e1c21a6651f30a093b47944795efaa9ea3723bd124365a3d856049f4ffa8e8c180848ccef861a01e50fd34d794649475a73116a1019ccf32b3da1caf5dfaa1e43201e99be538f791ef8eba5787fa9abb76326f513bc7c23d1a4fbe95cfd95dfa875e5ee08f2fa5d688f27c6ed6d0f8e9cb28f640e398637e4118283f49d30ebaaedfaa2c422f0db5cba2f563efdc703c343952a7df433fad20bf9f1718013e69535e159dd29409a691f8986bd0325fd63072745c6a1bb39db032e703d82f3d85e4d9522dda3c0c2f88c7a9c09d2fcc5a624adb412102dbeca3bdf0b1a8ea6fafa4eb11705b002ecafe0ef822e30d454fd1a1d3f5ffda2934baff11d6b1b966833d836fb1ce8f55e2c0046a0ae7c3d3c22378e60ff7458695421756d7bc12657093e2a727d7c78efe78ba341a4bfce446eac141001c937408151287caf4bfe7f0d78619fdd9859c26426e84a53e8b51b01f04d3aa07d313244bc01e87cb524c975865cc9acc41be258a95f1f64a2e5bf59c6de38956a540867862f6574bf1c06d54b4c8451a059e30ccc4a58ab12f8063913ad4479688a21b52ab9f2c3d7a6371f3997817c4259699fabe780dcdeb15b3e49ee3384de6e88f73ae7ea6e58c782184ba534a22d879ee42545edb5383203ec336504be3fc169e5e1223fc3fc9e890cd2a0843e8379111253f7069d5af2385a00688c9c36f17115b2c48f3420550a8d50f331f03410389f351b5b74dbd2fe7e14f0055ac9edcce85aeac25b31ac97bc327d152d9d0ef51dc5731d98d97d6d3cfa3d129dbca51a2fbbb6cf6716ee0e4fb8ee1cadbb80576798d4173ed15d2f7b61fb86bd30d1e8d8f4511eeb63d5b86cf8138c57c2249651745d959cf6f99d28702f4600cf812e25be4c3875694135b9e752f740dd36448f828814acbe07777ae7b55d9e1e948420ae963f3755303b2657ad6c9808e1a91aa0d032726c825e9b452eab3df9662a0e9a94447d72be59d02438f7257f3cd6171f01d4577ee66435a7b0b36d28656caf67a9398ae623dcf1e6d62927af1a1e231538603c8bff61cda2fc1e79727e4b1d0c446987b040886e3b5a46b5ddd15a919e3982935a1eb911b496bad3ac6dec3bcda659dd68b3314b1437cda81b8ce65963f6f39458f652bc69e68f255b5bd830fcd18dab3ed377bbed1242c29fa955fb1f3ee4ff3b6bec296df74e1a4f4fcb0759b63f33d5399107b15d176eb28ffee91f95009b299ff7effa591300af2c79b8c7e1d957c24d03dc52e2adc379be69b9c900f0f844adb0e1cef754c0781eb896b7fef5f7e0f9aa09f8ea28ed70322b74914eeac93b25651c884ce79636f8e4f70eda6f58dcbfd46ebaf9e662321720af5ccd617a87a35d478575947485bcaf812c0154c60b7139fabf554b82ec5cf09f2a4f91b1d1cf49dd07fb37e3c21f9b64237960d2dc1df7048c2147380b7fd15c6ede252365c9957889a7da5adc3604b6e939e75b4a521281ba5c910f6ca064b018f50d6a8471c77ba2baf032e103255dee25129e6c6d2b28026ee79e772d77247aaf79b411be07c0af73055546f83d1c9fe8822a88ee0123b42a1b05d3b7a5f8b7b8e15c7f7858d3e1f03147c15b296d1086b00ea4493e2be479b2d43089fd196580696893ee256f992679b52a26c53d70bd9ba2b9d06707e653fd68d0eba50f41cf85516ace3c09bdd9b976ea6244c4c6e0b8eefb28e44dfda6dd2a3f00e810c80d424aa59bd7a8e50e5f8c99c2b22542e1345e68143d0fa9f187027d20a630622897ecfe72a69dab98bf1725e55c31339bebffa465deca1fe94b2c1fcf3af7aa7cbe13b39d0bc257735bec70190f7a67ba415e65ca106072c7fdeab88b4909930692dca30a54945e61fa7de8964de026c1be12deb46a57614dc7fababbba4543b4ec5d863ad93fa52789a88600dcde450e2e4926217b689791ea89797091891f2826e569d16b2f8c4a0ea25d404242cd230e57add3d67295f017c4bba87c9293cf371eccdcc660d36d42d8db4fc67549279a7dc410fc35e10be7d4460fb890b8864beb770f5b281f13bd8f0e635498a372d37c6a601e05f55f0cd7df07aa0111424ee16bd302d1f753c5cad883fbc30decd596d8835201973c8817547b9b09e88fe410b04bc10189685a40cb7d109e7510d979baf6c76715c95055ce241dbbdb70b0dadb2bf8d4c200e2f63518b962e41bafe98744ebf68c9399c009f866f7119db2265574a480b94e86d15872852f6cc61db38b00d8b50ee60558c46e0be154ab7e6e930ab6be1d6dbe00f4791006c83010dcfcb08a6bf176f6d3858efc14c1080f3013c89bdc3a73aee18e0691d9c22aa7f842d7b09053f113a31ae6e81d"])
lsetxattr$trusted_overlay_nlink(&(0x7f0000000340)='./file0\x00', &(0x7f0000000300)='trusted.overlay.nlink\x00', &(0x7f00000002c0)={'U+', 0x2e65}, 0x28, 0x1)
r1 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000800)='/dev/snapshot\x00', 0x800, 0x0)
sendto$ax25(r2, &(0x7f0000000840)="0f8dc37fad7b50d83a27d4550f0578c0b06a765b79d5c1bf245cd09579fb58e435b6fb1e93a185bf326c368ae2a3b42ed74b181a7775d805c420d8df9d384877512721c285b70f4857ae8ef5ece6b9c325739383821d5ac614dbd5ac61064d1400e836620a756b31afc782f5ccc99430960a0cd8a203c35c2225ef8ad2253b164d32a69367541c6e621f69aadd1cb3aede672ffe15c738b1aad8bc5484475cb8df5889f92ac0d8a7ebc0ae4d88c00fb55ab27eda4c6a898dee", 0xb9, 0x20004080, 0x0, 0x0)
fsetxattr$trusted_overlay_nlink(r1, &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f00000001c0)={'U-', 0x5b4}, 0x28, 0x3)
r3 = syz_open_dev$media(&(0x7f0000000600)='/dev/media#\x00', 0xffff, 0x0)
ioctl$RTC_UIE_OFF(r3, 0x7004)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000080)={&(0x7f0000000040)='./file0\x00', 0x0, 0x18}, 0x10)
ioctl$VIDIOC_G_FREQUENCY(r3, 0xc02c5638, &(0x7f00000007c0)={0x3, 0xd0dbe76fdc9ddd94, 0x1})
r4 = syz_open_dev$sndpcmp(&(0x7f0000000200)='/dev/snd/pcmC#D#p\x00', 0x5, 0x80)
getsockopt$inet_sctp6_SCTP_STATUS(r3, 0x84, 0xe, &(0x7f0000000640)={0x0, 0x2, 0x2, 0x0, 0x3, 0x3, 0x1, 0x6, {<r5=>0x0, @in6={{0xa, 0x4e22, 0x7, @ipv4={[], [], @loopback}, 0x1}}, 0x0, 0x3, 0xd6, 0x2, 0x9}}, &(0x7f0000000700)=0xb0)
getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r4, 0x84, 0x76, &(0x7f0000000740)={r5, 0x3}, &(0x7f0000000780)=0x8)
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f00000000c0)={<r6=>0x0, @in={{0x2, 0x4e22, @multicast1}}, 0xfffffffffffffff9, 0x7fff, 0xb, 0x8000, 0x24}, &(0x7f0000000380)=0x98)
getsockopt$inet_sctp6_SCTP_RTOINFO(r4, 0x84, 0x0, &(0x7f00000003c0)={r6, 0x81, 0x6, 0xfffffffffffffc00}, &(0x7f0000000ec0)=0x10)
ioctl$sock_inet6_udp_SIOCOUTQ(r4, 0x5411, &(0x7f0000000280))
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000480)={0x0, <r7=>0x0}, &(0x7f00000004c0)=0xc)
quotactl(0x101, &(0x7f0000000440)='./file0\x00', r7, &(0x7f0000000500)="b8c2da30a65864bb71b886ac3cdedd7d0a4ac71b2bd83b7523ba677f9b00be5446ada26ea41e519e7ec13228ff290f4c3281671b23e00673c713adc4409a9c3fe468b0825531da53e0c3bf8ae2398f5a512cf391f2e0d00b9954356103ec95aa90297dfb645efd9c644e6cee1623ad2efcb57cda5f7f9e182ec4e95e9949f221e4530a84c65c64809ec31654de7476a967fee7b1880abc97e5601a42f2625258141afd6b1221bc2c6811c28ad78f9eb60c3c083947ebcfba51ed6153fdc2ab30c856dc")
getsockname$ax25(r4, &(0x7f0000000f00)={{0x3, @null}, [@remote, @netrom, @null, @rose, @rose, @bcast, @default, @rose]}, &(0x7f0000000f80)=0x48)
write$binfmt_elf32(r0, &(0x7f0000003000)=ANY=[@ANYBLOB="7f454c4607010007090000000000000002003e00010000004800000038000000d001000006000000a300200001004000ffff09000000000006000000b90a0000370f0000800000000400000007000000b9570000050000006811606d9153ee2009f35620d15d7c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d6c460b70ad1ab990000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000076000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000900000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006896c86f4e56f5440b743c338eee15efb09c4ed70f4faef12f4bbfd471877ea26816defa9990ef0958b0ef833320b4aa0361e379a5e2a5c9b1ff5394d291fc0c2a1b5c9eab376dbe713f308634f476eacf6b0aad2a68d446a0f18f3d89bb7a879f4a5e1ab86a6fbfb867a6176d944a781507b6a5e701995490fe43842543f461062c38dc48f469de9b0ea0f8b7edc35b5256ffa73c057769474c8cbd7c1ac478a11191e50a5fcb3d8b8d179f1b7b83afebc2b13171ff4e7675a1057f"], 0xa67)
ioctl$sock_SIOCSIFBR(r4, 0x8941, &(0x7f0000000240)=@generic={0x3, 0xa2, 0x3})

14:51:22 executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x13, 0x10, 0x3}, 0x2c)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r0}, 0x10)
fsetxattr$trusted_overlay_upper(r0, &(0x7f00000000c0)='trusted.overlay.upper\x00', &(0x7f0000000100)={0x0, 0xfb, 0x10f, 0x0, 0x4, "3125ae44244b119c0cb7cf637c9ded27", "b50d7f27502a6a8333e06161c6e4ec96e836ab806c073121dfce609dc6965f3b6af9497991b841e3583c06831519496564637d6e0c09c76e8bbebb0f3a24e0888050eca01b713e80ccd12a6348696a2eb623955dc2da8810334121f44ec4f59cce0f84fae2d45f94f24287494b8035cd274085f6529c963f46f9b161aaf0c3d9178dca016c874246b834e206aa1881a94689d37fca8f678712ef007d53c8c4c7806d3d1a229d3f9b1770b727453b07f0b2b34942e74de406718dd6a28b425f1e5f8aedc004e1d5fe1857563f107c3d8316764e5c1d3d543c7704efdd84085edbeeff716992b70efd7a39f34bca9fe84969ef9abdcbbcff6debb9"}, 0x10f, 0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x11, 0x101, 0x80000000, 0x1b, 0x0, r0, 0xefc4}, 0x2c)

14:51:22 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r1}, {r1}], 0x2, 0x0, 0x0, 0x600000000000000)

[  297.601647] binder: 12873:12876 ioctl c0306201 0 returned -14
14:51:22 executing program 0:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000003c0)=ANY=[@ANYBLOB="0180c200000071f6f598b11f86dd60a1d8f20010020003000000000000000000000000000000ff0200000000c46e60e513a00000000000000000000100080000000000000000000000000000"], 0x0)
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x193800, 0x0)
timerfd_create(0xe, 0x800)
prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f0000000040)={0x4, &(0x7f0000000000)=[{0x7, 0x4, 0x1, 0x3}, {0x23e, 0xfff, 0x2, 0x7}, {0x1, 0xa7, 0x9, 0x80}, {0x100000000, 0x7, 0xfffffffffffffffb, 0x9}]})
write$UHID_CREATE(r0, &(0x7f0000000200)={0x0, 'syz1\x00', 'syz0\x00', 'syz0\x00', &(0x7f00000000c0)=""/186, 0xba, 0x7f, 0x6, 0x3, 0x9, 0xfffffffffffffc00}, 0x120)

14:51:22 executing program 3:
r0 = accept$ax25(0xffffffffffffff9c, &(0x7f0000000140)={{0x3, @bcast}, [@remote, @netrom, @rose, @bcast, @null, @null, @remote, @bcast]}, &(0x7f00000001c0)=0x48)
sendto$ax25(r0, &(0x7f0000000200)="6a36409d2a427d7ecee8bb90041919fc4cf9e3dfb12790fbe4cb9be3f683fe464a91c6eb50b6b8a7ed1797888691a6acd8d3ce9659c975f078c6", 0x3a, 0x4, &(0x7f0000000240)={{0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x1}, [@null, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast]}, 0x48)
getpgid(0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
r2 = open(&(0x7f0000000340)='./file0\x00', 0x10000, 0x100)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000003c0)='TIPC\x00')
sendmsg$TIPC_CMD_GET_NETID(r2, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x420}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x1c, r3, 0x10, 0x70bd28, 0x25dfdbfd, {}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x8001)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x38)
ptrace$cont(0x18, r1, 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0xa5})
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)
r4 = accept$inet(0xffffffffffffff9c, &(0x7f0000000000)={0x2, 0x0, @broadcast}, &(0x7f0000000040)=0x10)
ioctl$sock_inet_SIOCSIFFLAGS(r4, 0x8914, &(0x7f0000000080)={'eql\x00', 0x5601})
pipe(&(0x7f00000002c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$rds(r5, &(0x7f0000000300)={0x2, 0x4e22, @multicast2}, 0x10)

[  297.652339] binder: 12873:12876 ioctl c0306201 0 returned -14
14:51:22 executing program 5:
r0 = openat$smack_task_current(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/attr/current\x00', 0x2, 0x0)
ioctl$FS_IOC_MEASURE_VERITY(r0, 0xc0046686, &(0x7f0000001480)=ANY=[@ANYBLOB="0300001070a564a780e5437dcb525e6bf1d26e42a112280d444864695808dff76bb965a561dfbc3f7567a7d6f8d6ac79e77265dc7c4151192b0d5b8581e0f667bb7b83ab433bfb738b637684bf682f710ce9621df3c3bed756c428cf60bddf2abedad9b14c443fbb8b848651ee0ae9ceb63352e2518aa31e387918a5b5b6faf7037858f59d08e673be25318de4645df6fdbcb99a91cb7ee5682e7efbead8230ba31c0630ee47ebd22eeb4e43d3047cb34346f7e1c30b319a4076cb807de9d02b3b4b850ec6cbeee7a40f0a305e441146cd0b5d3d722c7ef6ecc48031efc29740c11e43b62542ea1d9277d084f6ae5659b7ed5b18380f5b2e7e41678ab0cc1fb8c800a8e032a4a6ac5e81944002d1475e49a9b61cfaeb0c856360aa69f67be7eea54e2db1dcaa2cb7960f4047e3ffa181ef899b672df414cbdd223a52f424fa4b81edd7109febf9f6851efb4c2be0f95906b3ebb5d24d0f07cb90eb9495a16f2be083980ff4568d0d37b2a1b6dfa796ca213495f85b138013889ea87dd9e2a25c5a59b7da65e67551a8a820fec239bfd0dd66c4f1b2f6c455870b7ec3d97ccee4c732223ffce9d1f06e57cc980888ffd4bac23cd816566ae01e35056c5854d28c7ef97b6c40c75b247da18bb49aa685a53af28fe94a2b4341dd90d223c6b4a4eb3e4e91d103cdb9406dcc153a52c552d8d8b0b766909b8c8634f258aef4548cc835b36e46030000000000000064e3dfc29dec3852526830d2923092e71e6684e6a64ca2555ede30b0ee932935f4445b9c8e4304e68d49615066849d8020efaa4dfb74ecb72c473922c45cb178bb89ff7d58c2bb623d699e06313ca297df56abdc3281865b5a36f48fed0f0db7e6f30d61fe4ec53a221c63d2559b1bfabfbf9f018486daf7d71852f67b3074a053865c8acfc036341bb7ffa05e042ea2dfb8a07a4c6112082cae6950b8fe8f3e2b09eedacd29501603bbc028b597262c55e7b3bdae9474881d5512f564a586f476422389bfd1dccdf7e3e5939d9547416b949e881e93e72cf2319e02670e1eb68824aaa2a7f7e9239c82b3216eebc8001375d1f5f5dee1a6ae7c6ebb7283352bb27008d00e2d9432516ab57a9c197236b7350e1a0d22fbfe1e4050d5e19c60f02b2fad51f203891482dcd51d756fc419f78c851cbad2fa2a287766f4c73608942e7749623a578c25c68875b8642ce76144da41c87d01a3ee07e415fd88c67ca56926b5f585e89e804666bb58ef97780332cee2b2af2cffa2e44ed4f9e296e2fff960418e8b1fed07ecece33019b58369c44ed1dd77a6d0d61f15ad84bf5a505a82d812a62e3716e5553bb635e0a49224e09b35ce5e6539446c91c9f8da564d06d4ecb2d4f1448ccf9c9e699b940d225fd6199f7ee377ab42b36c358e3cbe940a7a2a657cefe3849a23b786250de6d1f833560872d4ca37e50c6e7222793a84d088124a8cb732b7f8fd185d8cf078ef8e8085fd86ca8999d5f9ad8e331c28ce0ddd3cda490c9d0c452a62812d66b3c026a5d01aeba083d58de23b1c42e98ba916df4a655ecd72388ac6b5fe9be61fe5fde9bb407f16a99dc53f00aec4ab1dfa4b44239ddeb5b653f55638b6a82d1aad9b0bee0c5b41273dfc5f7716aaeb19cc6d488e6a70f6b4128ceb469e3a7e801603efa4ad3c0277d71a4f250fa78dcb2d3ff2c4cb29a033090e3fbe1bdfc161f22fb12eb44527b493701c4acba344ed5b7918edfc341d23a05b61cf641f93f6510dc673ee365bcb3b64e7ee95e4cb09ad75e533a46e3e19abc7f9b20c94926a6073c31aa5b1de01ebb0488c073f249c24fd022131d69c25e03ba1cd9628b9a067d9b83bd0f9202bbad54e0f0ec231766c66d1a40fbd58a75691b8de402cc8636939a27bc5f9dcf4cafe77c964e83b846a484a5072c2e389a6710f965d8b2eb28bbd8cb03f5b3daf19e6073471701e1c4b986ef18c4eacabdbef30f573a69da354b180533daa01b0b57236a60d97448d0bd9cbb93ffe5ecb3cc0d934948c19b033c4facdab2542f0de3b04523a66718614457b3806e8948f9d9da2c4de74d4742c7219348d482a432111f355bba3a53d065b5666233a2dc535d9d7d7a2bafa9fac601cc584aa35c946b576f54a6d0702795648d32750cb1fae994f7271c4b6101b150fefcbdca637cbeee3c5e24bd5c0d3e9f4e740ebffc2e7e3b6c1049837f08f3cd56a4dcd6ac5717f07a73bc66b10c13dacfb5773b7aaa2cf54d643807022f23404e909fdee6c7dea5c6ee36407f7b4dc608fedb6feef71cf0c7d9d9e53c2478d1b6fb3e082b8d7c6b28214d0d63cf78df4a716fe65c161e90eaacc1d6b7857d84680d49dbf289673ac2c31ee5b9c4a470df6e0d4b7d4734b05b4b1aae6a5df8233581efbf6777e17c3c7120e5f2b79977a7ba4f103ed21865684fd01bbb71d913255dc9e51898a92cec07196b61342ff7e397849a9fde9be53d9124962c164626bc29451ee828ed4072b381cb26a966073a9b1ca497048c6cc7ae4ee1b4405f12d63224d6073ac79c78e65368fe0b04f1f1e2f8af886f82de0137611001ae8877c65038bb7a207d43e30d9f2956c0db2dc31cb1d31895967d0146dafb5a26b8d7910e346089c76ab7ccabb7724df610be0cce2bc0a82ffe84ad031fe09b9d5b6c811d77abd3d130df30a7fbfd02a5f6d6e56108077aa72772d8c3b50a0cf5d2348caf6260c27f3d855747c702d28d0fe2fd739b2ddebf0fadde6ceacb354793e110c6da938a00ff8b64dfe021da8896928a568b45981a530a38153c34eba6828b06183d962730c3dd1eef2ee8e0a64c96d2286d2189c67a8e68040c4d46115f2b5f06f1f57414277ca2da4cb896120309e2b9bc8e67a9c3e07cc2606c7d7ad873fafae0404afe2cedb12f51df504d9948ecb05e72cd44721a639a899c3d70bf471311184469c2c36333c69dc353b48aebc563ddb2d72ddc5c5cb78d49241cc2a7860db01e6783fcf5d1a8275b12ef8b461a161ae65b735c51dee8e728740f570fbaba889f3d670e3ad2d1c06bedda2ca9d08fdd73ca420cacff8a2b7b05f6634d7bb247b46e829791e6953a661620d091e9f3dadd1aff647ae99f5ec921f5dd5e738d5271e5ad54d68c04ad6a46830dacdfec27998a96f1c7554ec52c46436a4d8db86eb6d304758b3b8512a0045475dd0c7608af9d929882dfb05e89ac45c1ae89d0c5d66e5e2ab4941bf45faaf1013d4176e9c611ea822e995c426f3cb8d472b7bd78a7169e35488bc279140649260051ada8531406f2802e4a0b1f125353852d813b1d512960bea6b695770b66715e118cf5ead05d7892de97bbb822f5a800f4686cc9d9a9db37051a72b5dbb46e5f1fee82a3f28a140d42a2b25722f3f0b4941089dbab620261783efc2211231fc5382241d53388f158f2a36a10fec0351f7233e1c21a6651f30a093b47944795efaa9ea3723bd124365a3d856049f4ffa8e8c180848ccef861a01e50fd34d794649475a73116a1019ccf32b3da1caf5dfaa1e43201e99be538f791ef8eba5787fa9abb76326f513bc7c23d1a4fbe95cfd95dfa875e5ee08f2fa5d688f27c6ed6d0f8e9cb28f640e398637e4118283f49d30ebaaedfaa2c422f0db5cba2f563efdc703c343952a7df433fad20bf9f1718013e69535e159dd29409a691f8986bd0325fd63072745c6a1bb39db032e703d82f3d85e4d9522dda3c0c2f88c7a9c09d2fcc5a624adb412102dbeca3bdf0b1a8ea6fafa4eb11705b002ecafe0ef822e30d454fd1a1d3f5ffda2934baff11d6b1b966833d836fb1ce8f55e2c0046a0ae7c3d3c22378e60ff7458695421756d7bc12657093e2a727d7c78efe78ba341a4bfce446eac141001c937408151287caf4bfe7f0d78619fdd9859c26426e84a53e8b51b01f04d3aa07d313244bc01e87cb524c975865cc9acc41be258a95f1f64a2e5bf59c6de38956a540867862f6574bf1c06d54b4c8451a059e30ccc4a58ab12f8063913ad4479688a21b52ab9f2c3d7a6371f3997817c4259699fabe780dcdeb15b3e49ee3384de6e88f73ae7ea6e58c782184ba534a22d879ee42545edb5383203ec336504be3fc169e5e1223fc3fc9e890cd2a0843e8379111253f7069d5af2385a00688c9c36f17115b2c48f3420550a8d50f331f03410389f351b5b74dbd2fe7e14f0055ac9edcce85aeac25b31ac97bc327d152d9d0ef51dc5731d98d97d6d3cfa3d129dbca51a2fbbb6cf6716ee0e4fb8ee1cadbb80576798d4173ed15d2f7b61fb86bd30d1e8d8f4511eeb63d5b86cf8138c57c2249651745d959cf6f99d28702f4600cf812e25be4c3875694135b9e752f740dd36448f828814acbe07777ae7b55d9e1e948420ae963f3755303b2657ad6c9808e1a91aa0d032726c825e9b452eab3df9662a0e9a94447d72be59d02438f7257f3cd6171f01d4577ee66435a7b0b36d28656caf67a9398ae623dcf1e6d62927af1a1e231538603c8bff61cda2fc1e79727e4b1d0c446987b040886e3b5a46b5ddd15a919e3982935a1eb911b496bad3ac6dec3bcda659dd68b3314b1437cda81b8ce65963f6f39458f652bc69e68f255b5bd830fcd18dab3ed377bbed1242c29fa955fb1f3ee4ff3b6bec296df74e1a4f4fcb0759b63f33d5399107b15d176eb28ffee91f95009b299ff7effa591300af2c79b8c7e1d957c24d03dc52e2adc379be69b9c900f0f844adb0e1cef754c0781eb896b7fef5f7e0f9aa09f8ea28ed70322b74914eeac93b25651c884ce79636f8e4f70eda6f58dcbfd46ebaf9e662321720af5ccd617a87a35d478575947485bcaf812c0154c60b7139fabf554b82ec5cf09f2a4f91b1d1cf49dd07fb37e3c21f9b64237960d2dc1df7048c2147380b7fd15c6ede252365c9957889a7da5adc3604b6e939e75b4a521281ba5c910f6ca064b018f50d6a8471c77ba2baf032e103255dee25129e6c6d2b28026ee79e772d77247aaf79b411be07c0af73055546f83d1c9fe8822a88ee0123b42a1b05d3b7a5f8b7b8e15c7f7858d3e1f03147c15b296d1086b00ea4493e2be479b2d43089fd196580696893ee256f992679b52a26c53d70bd9ba2b9d06707e653fd68d0eba50f41cf85516ace3c09bdd9b976ea6244c4c6e0b8eefb28e44dfda6dd2a3f00e810c80d424aa59bd7a8e50e5f8c99c2b22542e1345e68143d0fa9f187027d20a630622897ecfe72a69dab98bf1725e55c31339bebffa465deca1fe94b2c1fcf3af7aa7cbe13b39d0bc257735bec70190f7a67ba415e65ca106072c7fdeab88b4909930692dca30a54945e61fa7de8964de026c1be12deb46a57614dc7fababbba4543b4ec5d863ad93fa52789a88600dcde450e2e4926217b689791ea89797091891f2826e569d16b2f8c4a0ea25d404242cd230e57add3d67295f017c4bba87c9293cf371eccdcc660d36d42d8db4fc67549279a7dc410fc35e10be7d4460fb890b8864beb770f5b281f13bd8f0e635498a372d37c6a601e05f55f0cd7df07aa0111424ee16bd302d1f753c5cad883fbc30decd596d8835201973c8817547b9b09e88fe410b04bc10189685a40cb7d109e7510d979baf6c76715c95055ce241dbbdb70b0dadb2bf8d4c200e2f63518b962e41bafe98744ebf68c9399c009f866f7119db2265574a480b94e86d15872852f6cc61db38b00d8b50ee60558c46e0be154ab7e6e930ab6be1d6dbe00f4791006c83010dcfcb08a6bf176f6d3858efc14c1080f3013c89bdc3a73aee18e0691d9c22aa7f842d7b09053f113a31ae6e81d"])
lsetxattr$trusted_overlay_nlink(&(0x7f0000000340)='./file0\x00', &(0x7f0000000300)='trusted.overlay.nlink\x00', &(0x7f00000002c0)={'U+', 0x2e65}, 0x28, 0x1)
r1 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000800)='/dev/snapshot\x00', 0x800, 0x0)
sendto$ax25(r2, &(0x7f0000000840)="0f8dc37fad7b50d83a27d4550f0578c0b06a765b79d5c1bf245cd09579fb58e435b6fb1e93a185bf326c368ae2a3b42ed74b181a7775d805c420d8df9d384877512721c285b70f4857ae8ef5ece6b9c325739383821d5ac614dbd5ac61064d1400e836620a756b31afc782f5ccc99430960a0cd8a203c35c2225ef8ad2253b164d32a69367541c6e621f69aadd1cb3aede672ffe15c738b1aad8bc5484475cb8df5889f92ac0d8a7ebc0ae4d88c00fb55ab27eda4c6a898dee", 0xb9, 0x20004080, 0x0, 0x0)
fsetxattr$trusted_overlay_nlink(r1, &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f00000001c0)={'U-', 0x5b4}, 0x28, 0x3)
r3 = syz_open_dev$media(&(0x7f0000000600)='/dev/media#\x00', 0xffff, 0x0)
ioctl$RTC_UIE_OFF(r3, 0x7004)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000080)={&(0x7f0000000040)='./file0\x00', 0x0, 0x18}, 0x10)
ioctl$VIDIOC_G_FREQUENCY(r3, 0xc02c5638, &(0x7f00000007c0)={0x3, 0xd0dbe76fdc9ddd94, 0x1})
r4 = syz_open_dev$sndpcmp(&(0x7f0000000200)='/dev/snd/pcmC#D#p\x00', 0x5, 0x80)
getsockopt$inet_sctp6_SCTP_STATUS(r3, 0x84, 0xe, &(0x7f0000000640)={0x0, 0x2, 0x2, 0x0, 0x3, 0x3, 0x1, 0x6, {<r5=>0x0, @in6={{0xa, 0x4e22, 0x7, @ipv4={[], [], @loopback}, 0x1}}, 0x0, 0x3, 0xd6, 0x2, 0x9}}, &(0x7f0000000700)=0xb0)
getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r4, 0x84, 0x76, &(0x7f0000000740)={r5, 0x3}, &(0x7f0000000780)=0x8)
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f00000000c0)={<r6=>0x0, @in={{0x2, 0x4e22, @multicast1}}, 0xfffffffffffffff9, 0x7fff, 0xb, 0x8000, 0x24}, &(0x7f0000000380)=0x98)
getsockopt$inet_sctp6_SCTP_RTOINFO(r4, 0x84, 0x0, &(0x7f00000003c0)={r6, 0x81, 0x6, 0xfffffffffffffc00}, &(0x7f0000000ec0)=0x10)
ioctl$sock_inet6_udp_SIOCOUTQ(r4, 0x5411, &(0x7f0000000280))
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000480)={0x0, <r7=>0x0}, &(0x7f00000004c0)=0xc)
quotactl(0x101, &(0x7f0000000440)='./file0\x00', r7, &(0x7f0000000500)="b8c2da30a65864bb71b886ac3cdedd7d0a4ac71b2bd83b7523ba677f9b00be5446ada26ea41e519e7ec13228ff290f4c3281671b23e00673c713adc4409a9c3fe468b0825531da53e0c3bf8ae2398f5a512cf391f2e0d00b9954356103ec95aa90297dfb645efd9c644e6cee1623ad2efcb57cda5f7f9e182ec4e95e9949f221e4530a84c65c64809ec31654de7476a967fee7b1880abc97e5601a42f2625258141afd6b1221bc2c6811c28ad78f9eb60c3c083947ebcfba51ed6153fdc2ab30c856dc")
getsockname$ax25(r4, &(0x7f0000000f00)={{0x3, @null}, [@remote, @netrom, @null, @rose, @rose, @bcast, @default, @rose]}, &(0x7f0000000f80)=0x48)
write$binfmt_elf32(r0, &(0x7f0000003000)=ANY=[@ANYBLOB="7f454c4607010007090000000000000002003e00010000004800000038000000d001000006000000a300200001004000ffff09000000000006000000b90a0000370f0000800000000400000007000000b9570000050000006811606d9153ee2009f35620d15d7c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d6c460b70ad1ab990000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000076000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000900000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006896c86f4e56f5440b743c338eee15efb09c4ed70f4faef12f4bbfd471877ea26816defa9990ef0958b0ef833320b4aa0361e379a5e2a5c9b1ff5394d291fc0c2a1b5c9eab376dbe713f308634f476eacf6b0aad2a68d446a0f18f3d89bb7a879f4a5e1ab86a6fbfb867a6176d944a781507b6a5e701995490fe43842543f461062c38dc48f469de9b0ea0f8b7edc35b5256ffa73c057769474c8cbd7c1ac478a11191e50a5fcb3d8b8d179f1b7b83afebc2b13171ff4e7675a1057f"], 0xa67)
ioctl$sock_SIOCSIFBR(r4, 0x8941, &(0x7f0000000240)=@generic={0x3, 0xa2, 0x3})

14:51:22 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/vs/snat_reroute\x00', 0x2, 0x0)
getsockopt$inet_sctp6_SCTP_INITMSG(r2, 0x84, 0x2, &(0x7f0000000140), &(0x7f0000000180)=0x8)
r3 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/pmtu_disc\x00', 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0x4008af12, &(0x7f00000001c0)={0x2, 0x2c79})
getsockopt$inet_sctp6_SCTP_AUTOCLOSE(r3, 0x84, 0x4, &(0x7f0000000080), &(0x7f00000000c0)=0x4)
r4 = dup2(r1, r0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r4, 0x10e, 0x2, &(0x7f0000000040)=0x12, 0x4)

[  297.767623] audit: type=1326 audit(1551451882.412:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=12897 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45ac8a code=0x0
[  297.844108] binder: 12909:12914 ioctl c0306201 0 returned -14
[  298.531598] audit: type=1326 audit(1551451883.182:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=12897 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45ac8a code=0x0
[  299.048169] net_ratelimit: 20 callbacks suppressed
[  299.048176] protocol 88fb is buggy, dev hsr_slave_0
[  299.058198] protocol 88fb is buggy, dev hsr_slave_1
[  299.528169] protocol 88fb is buggy, dev hsr_slave_0
[  299.533280] protocol 88fb is buggy, dev hsr_slave_1
[  299.848158] protocol 88fb is buggy, dev hsr_slave_0
[  299.853233] protocol 88fb is buggy, dev hsr_slave_1
[  300.008127] protocol 88fb is buggy, dev hsr_slave_0
[  300.013183] protocol 88fb is buggy, dev hsr_slave_1
[  300.018284] protocol 88fb is buggy, dev hsr_slave_0
[  300.023311] protocol 88fb is buggy, dev hsr_slave_1
14:51:25 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c)
gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(0x0, 0x1000000000015)

14:51:25 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r1}, {r1}], 0x2, 0x0, 0x0, 0x800000000000000)

14:51:25 executing program 3:
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc004510e, &(0x7f0000000000))

14:51:25 executing program 5:
clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0))
r0 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vfio/vfio\x00', 0x10000, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x3)
request_key(&(0x7f00000003c0)='asymmetric\x00', &(0x7f0000001ffb)={'\x05\x05\x00'}, &(0x7f0000001fee)='R\x0frcst\xe3c%sgrVex:De', 0x0)
timer_create(0x7, &(0x7f0000000040)={0x0, 0xe, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000080)=<r1=>0x0)
timer_getoverrun(r1)

14:51:25 executing program 2:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0x20000, 0x0)
ioctl$KVM_SET_LAPIC(r1, 0x4400ae8f, &(0x7f0000000140)={"3874f776bed4e9ab9f186e2bacc048fe185ca20f8660254b1daee2bd4e4a8a12ec43a81c4eaef88da011011adbd6954183929528320cae973b35b3ae9f3940d99dcbd7b97b9673aa472d4f018ffb4cf46518df55cc9b38138538714aed9de7b417e907800403b95d1361895382d46960cc27a3854eb98fd329b920e722cb02c55a061aed3ed85fd2eef4714be8804fe2737b4403173a88ebcd1094e84bdb87ac64c727933d274118a010afdd8e26aeee6b6af21aec5116f0776a919249bd2b01785b8e39d0e1fa98f0b85a99e891d9ea58f9f39d50cf3ec55a7d093961c12b5953f5a3f576127da5fbbc1a302efee245e41fc1ab7a26857e62522eb6bedc4f72cd49e8fbd3ba93e74ce246efdebf5a4c05c92c39591610f02eb532b7901123c66d24666a7d121fe15a57d3c345cf9a76b208b5e79d1b7f22f1e87b6c4992fa2b9f456c1e39664ed08b89f9a94a6e49c5d380a0374e6ed9fbf393ad84cfb63cd2eab8b475951395ea7430293524042ab1b5847049c7bd389b64be790afdc85d3cdf96b60a0d61a88f517d82e5afa3393fdf7da35a88554916fa3330793c9b3399255bc8290989c75e8e5853f406ab66756c68a8fc91567f9758b18ded61a59cfd4a88a84657635505cefc73ef6e37bd9d6b0b139c364b1aeee3ba5843e3528074a824b5f20a3c8866f3eb3dcec4c5cced09a27b3d4210f3caed66ade6a270645e7da049500821850af8b4dee08b32a3745e88db99cb997dd497a2e8846ae92cd36760df9bd833f7efd836f1469ec51808cd57e3a984a770eed3ca8b1b980a8b690df3ffa88bba1b0b6cba106f840fdfd80c6af847e4c0156a7f1b2c4f0a4efa8139cbf65e0b371a781462be5a4418b5552f8dc83ad6ba5eb29957ed777faf1716f55ea1bff8bf4ad8ad66d855e1920ae0cf75bfe917bbf8e3c5052b221eef7cd70bb7361ff0fc0091434935bf75898f99b105b195c4419c4d9700a34091ee5f7d5e73e9ac004bb493f9e1050fc1ca056924ed0df6ffe6377fbfeee396bb70fc18a386f85175951e08e3550641c33334f4efec27cd2d9327557687d488aa4b7231b43035b964842894da9d443b0c515fd0c96fbb36a11e11fc758a46279eb7341bd0ecc2ac7bc6326d8df23cd01544d485cd5afd306a17f8526ce26f5207c91e6cfe704c59bb014c6caaedfaba1a7b4f7088ce9e7ace10397d5d9b71cf4cd481ac22f566cc0277a7624dc60b0a0f659bff4a66044f751c28492e471a4e6b68de227a95f8464cf69bb9096c1a32461a26ca1fab453eda77e23bc128d222e8dcbdaa263b94f94f658b846dbfaf769067b45057abee858dcaf8f424f1ce0476b15b7a52667a46a8592c117ec035c745bca01501cfbdb16a38e6195173ec02d81e07e500dbf81a58a87689fc41d39239f4b0dc9547e081a7bfac183c13cf42dcf7cc5a"})
setsockopt$inet6_udp_int(r1, 0x11, 0xb, &(0x7f00000000c0)=0x2, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x8, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000061129500000000000000000000000000db3310c0df995c2dc60fe31b8046688aa5e1a94eaa5871b6129af724dff8e87ab45e5b549f26e389f9f796b41528e635202396b87ca9834c086cf27deb3da9b03318d4b769"], &(0x7f0000000100)='GPL\x00'}, 0x48)

14:51:25 executing program 0:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000003c0)=ANY=[@ANYBLOB="0180c200000071f6f598b11f86dd60a1d8f20010020003000000000000000000000000000000ff0200000000c46e60e513a00000000000000000000100080000000000000000000000000000"], 0x0)
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x193800, 0x0)
timerfd_create(0xe, 0x800)
prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f0000000040)={0x4, &(0x7f0000000000)=[{0x7, 0x4, 0x1, 0x3}, {0x23e, 0xfff, 0x2, 0x7}, {0x1, 0xa7, 0x9, 0x80}, {0x100000000, 0x7, 0xfffffffffffffffb, 0x9}]})
write$UHID_CREATE(r0, &(0x7f0000000200)={0x0, 'syz1\x00', 'syz0\x00', 'syz0\x00', &(0x7f00000000c0)=""/186, 0xba, 0x7f, 0x6, 0x3, 0x9, 0xfffffffffffffc00}, 0x120)

14:51:25 executing program 5:
io_setup(0x7f, &(0x7f0000000000)=<r0=>0x0)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x80000, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r1, 0xc08c5334, &(0x7f00000001c0)={0x6, 0x9, 0x81, 'queue1\x00', 0x5})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x88001, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000140)={'\x00\x10\x06\x00\b\x00\xbb\x00\x00\tYJ\xdf\x00\x04\x00', 0x20000005002})
io_submit(r0, 0x1, &(0x7f0000000600)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r2, 0x0}])

[  300.680988] audit: type=1326 audit(1551451885.322:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=12928 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45ac8a code=0x0
14:51:25 executing program 3:
seccomp(0x2, 0x1, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)

14:51:25 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x2)
r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control\x00', 0x20000, 0x0)
r2 = syz_open_dev$sndpcmc(&(0x7f0000000140)='/dev/snd/pcmC#D#c\x00', 0x2, 0x0)
ioctl$VIDIOC_SUBDEV_G_DV_TIMINGS(r2, 0xc0845658, &(0x7f0000000180)={0x0, @reserved})
write$RDMA_USER_CM_CMD_GET_EVENT(r1, &(0x7f00000003c0)={0xc, 0x8, 0xfa00, {&(0x7f0000000240)}}, 0x10)
ioctl$VIDIOC_ENUMSTD(r1, 0xc0485619, &(0x7f0000000100)={0x500000, 0xffb6ff, "c16ee0107af37e5b70b99ee532a78e28b8d3d4d803a87897", {0x2, 0x1000}, 0x9})
r3 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x48000)
ppoll(&(0x7f0000000080)=[{r3}, {r3}], 0x2, 0x0, 0x0, 0x0)

14:51:25 executing program 2:
syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x163882)
syz_open_dev$sg(0x0, 0x0, 0x0)
r0 = syz_open_dev$ndb(&(0x7f00000001c0)='/dev/nbd#\x00', 0x0, 0x40400)
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000200)={0xff, 0xffffffff98d2507b, 0x100000000, 0xffffffffffff7fff})
r1 = gettid()
timer_create(0x0, &(0x7f0000000140)={0x0, 0x12}, &(0x7f0000000180))
rt_sigqueueinfo(r1, 0x38, &(0x7f0000000300)={0x30, 0xac4, 0x200})
r2 = accept(0xffffffffffffff9c, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev}}}, &(0x7f0000000080)=0x80)
connect$pppoe(r2, &(0x7f0000000100)={0x18, 0x0, {0x3, @local, 'veth1_to_hsr\x00'}}, 0x1e)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
rt_sigqueueinfo(r1, 0x15, &(0x7f0000000280))

14:51:25 executing program 3:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
r1 = dup2(r0, r0)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x131f64)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$SNDRV_TIMER_IOCTL_INFO(r1, 0x80e85411, &(0x7f00000002c0)=""/4096)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000000)={&(0x7f0000ffd000/0x1000)=nil, 0x1000}, &(0x7f00000000c0)=0x10)
r2 = gettid()
setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000000006eb2dac302d8c4fb3b96f100000000000001000000"], 0x1)
ptrace$setopts(0x4206, r2, 0x6, 0x0)
tkill(r2, 0x2b)
fcntl$setstatus(r1, 0x4, 0x2000)

14:51:25 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000180)="0edc1f123c123f94e3c04761ebb3728f14bc2370413100b03979364592b63e2e7ea749eba83c5aa84b26e155793d147a3321912699e0ce52245b62d7286401934b948c9c7b5a3a0fe703e291a5063853c0c6b542f1fea1d0d6d2161e71886c87f106d6439b5200000000000000")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r1}, {r1}], 0x2, 0x0, 0x0, 0x0)
readv(r1, &(0x7f0000000040)=[{&(0x7f00000000c0)=""/103, 0x67}, {&(0x7f0000000200)=""/158, 0x9e}, {&(0x7f00000002c0)=""/4096, 0x1000}], 0x3)

14:51:26 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c)
gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(0x0, 0x1000000000015)

14:51:26 executing program 2:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x2801, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xd)
r2 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0)
r3 = syz_open_dev$usb(&(0x7f0000000400)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0)
fanotify_mark(0xffffffffffffffff, 0x0, 0x3, 0xffffffffffffffff, 0x0)
r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000081, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$unix(0x1, 0x0, 0x0)
setsockopt$l2tp_PPPOL2TP_SO_SENDSEQ(r3, 0x111, 0x3, 0x1, 0x4)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0)
setsockopt$RDS_FREE_MR(0xffffffffffffffff, 0x114, 0x3, 0x0, 0x0)
fchdir(r5)
getsockopt$netrom_NETROM_T1(r2, 0x103, 0x1, &(0x7f0000000140), &(0x7f0000000180)=0x4)
syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0)
umount2(&(0x7f0000000280)='./file0\x00', 0x800000000000)
dup3(r4, 0xffffffffffffffff, 0x80000)
ioctl$UI_END_FF_ERASE(0xffffffffffffffff, 0x400c55cb, 0x0)
signalfd(r3, &(0x7f00000001c0)={0x3ff}, 0x8)
pipe(0x0)
syz_open_dev$sndctrl(0x0, 0x0, 0x0)
write(0xffffffffffffffff, 0x0, 0x0)
clock_gettime(0x7, &(0x7f0000000480))
vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
write$binfmt_misc(r0, &(0x7f00000000c0)=ANY=[], 0xffa8)
r6 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ubi_ctrl\x00', 0x501000, 0x0)
ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f00000000c0)={0x400, <r7=>0x0, 0x1, 0x6c97})
ioctl$DRM_IOCTL_AGP_FREE(r6, 0x40206435, &(0x7f0000000100)={0x3, r7, 0x10000, 0x7})
ioctl$TCFLSH(r2, 0x5411, 0x70a000)

14:51:26 executing program 5:
r0 = syz_open_dev$sndpcmc(&(0x7f0000007900)='/dev/snd/pcmC#D#c\x00', 0x1, 0x20082)
ioctl$DRM_IOCTL_CONTROL(r0, 0x40086414, &(0x7f000000bbc0)={0x2, 0x6})
getsockopt$EBT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x81, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000006500)='/dev/cachefiles\x00', 0x4200, 0x0)
r2 = socket$inet6(0xa, 0x3, 0xbb)
recvmmsg(r2, &(0x7f000000b940)=[{{&(0x7f0000000140)=@pptp, 0x80, &(0x7f00000015c0)=[{&(0x7f00000001c0)=""/114, 0x72}, {&(0x7f0000000240)=""/144, 0x90}, {&(0x7f0000000300)=""/4096, 0x1000}, {&(0x7f0000001300)=""/42, 0x2a}, {&(0x7f0000001340)=""/69, 0x45}, {&(0x7f00000013c0)=""/86, 0x56}, {&(0x7f0000001440)=""/215, 0xd7}, {&(0x7f0000001540)=""/42, 0x2a}, {&(0x7f0000001580)=""/53, 0x35}], 0x9, &(0x7f0000001680)=""/4096, 0x1000}}, {{&(0x7f0000002680)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, 0x80, &(0x7f0000003d40)=[{&(0x7f0000002700)=""/4096, 0x1000}, {&(0x7f0000003700)=""/9, 0x9}, {&(0x7f0000003740)=""/135, 0x87}, {&(0x7f0000003800)=""/44, 0x2c}, {&(0x7f0000003840)=""/203, 0xcb}, {&(0x7f0000003940)=""/205, 0xcd}, {&(0x7f0000003a40)=""/213, 0xd5}, {&(0x7f0000003b40)=""/249, 0xf9}, {&(0x7f0000003c40)=""/247, 0xf7}], 0x9, &(0x7f0000003e00)=""/66, 0x42}, 0x826e}, {{&(0x7f0000003e80)=@nfc_llcp, 0x80, &(0x7f0000005400)=[{&(0x7f0000003f00)=""/242, 0xf2}, {&(0x7f0000004000)=""/52, 0x34}, {&(0x7f0000004040)=""/100, 0x64}, {&(0x7f00000040c0)=""/245, 0xf5}, {&(0x7f00000041c0)=""/144, 0x90}, {&(0x7f0000004280)=""/4096, 0x1000}, {&(0x7f0000005280)=""/217, 0xd9}, {&(0x7f0000005380)=""/66, 0x42}], 0x8, &(0x7f0000005480)=""/4096, 0x1000}, 0x8}, {{&(0x7f0000006480)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}}}, 0x80, &(0x7f0000006500)}, 0x100}, {{&(0x7f0000006540)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}}, 0x80, &(0x7f0000007780)=[{&(0x7f00000065c0)=""/147, 0x93}, {&(0x7f0000006680)=""/4096, 0x1000}, {&(0x7f0000007680)=""/201, 0xc9}], 0x3, &(0x7f00000077c0)=""/62, 0x3e}, 0x8}, {{&(0x7f0000007800)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000008b40)=[{&(0x7f0000007880)=""/101, 0x65}, {&(0x7f0000007900)}, {&(0x7f0000007940)=""/136, 0x88}, {&(0x7f0000007a00)=""/13, 0xd}, {&(0x7f0000007a40)=""/121, 0x79}, {&(0x7f0000007ac0)=""/4096, 0x1000}, {&(0x7f0000008ac0)=""/113, 0x71}], 0x7, &(0x7f0000008bc0)=""/70, 0x46}, 0x4}, {{&(0x7f0000008c40)=@xdp, 0x80, &(0x7f000000a1c0)=[{&(0x7f0000008cc0)=""/149, 0x95}, {&(0x7f0000008d80)=""/88, 0x58}, {&(0x7f0000008e00)=""/3, 0x3}, {&(0x7f0000008e40)=""/170, 0xaa}, {&(0x7f0000008f00)=""/4096, 0x1000}, {&(0x7f0000009f00)=""/18, 0x12}, {&(0x7f0000009f40)=""/254, 0xfe}, {&(0x7f000000a040)=""/170, 0xaa}, {&(0x7f000000a100)=""/142, 0x8e}], 0x9, &(0x7f000000a280)=""/46, 0x2e}, 0xe6db}, {{&(0x7f000000a2c0)=@nfc_llcp, 0x80, &(0x7f000000a3c0)=[{&(0x7f000000a340)=""/89, 0x59}], 0x1, &(0x7f000000a400)=""/98, 0x62}, 0x76}, {{&(0x7f000000a480)=@rc, 0x80, &(0x7f000000a740)=[{&(0x7f000000a500)=""/85, 0x55}, {&(0x7f000000a580)=""/9, 0x9}, {&(0x7f000000a5c0)=""/69, 0x45}, {&(0x7f000000a640)=""/58, 0x3a}, {&(0x7f000000a680)=""/138, 0x8a}], 0x5, &(0x7f000000a7c0)=""/191, 0xbf}}, {{0x0, 0x0, &(0x7f000000b900)=[{&(0x7f000000a880)=""/92, 0x5c}, {&(0x7f000000a900)=""/4096, 0x1000}], 0x2}, 0x1000}], 0xa, 0x0, 0x0)
fsetxattr$security_selinux(r2, &(0x7f00000000c0)='security.selinux\x00', &(0x7f0000000100)='system_u:object_r:crontab_exec_t:s0\x00', 0x24, 0x3)
setsockopt$inet6_int(r2, 0x29, 0x4a, &(0x7f0000000000)=0x2, 0x4)
connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
r3 = syz_open_dev$cec(&(0x7f000000bc00)='/dev/cec#\x00', 0x2, 0x2)
setsockopt$netlink_NETLINK_CAP_ACK(r3, 0x10e, 0xa, &(0x7f000000bc40)=0x5, 0x4)
sendmmsg(r2, &(0x7f00000092c0), 0x41e, 0x0)
ioctl$void(r1, 0x5451)

14:51:26 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
pipe(&(0x7f0000000100))
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
getuid()
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x400000f0e, 0x2000)
ioctl$VHOST_GET_FEATURES(r1, 0x8008af00, &(0x7f0000000080))
ppoll(&(0x7f0000000040)=[{r0, 0x8000000600}, {r1}], 0x2, 0x0, 0x0, 0x0)

14:51:26 executing program 3:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x4, 0xffffffffffffffff, 0x0)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x109100, 0x0)
getsockopt$inet_sctp6_SCTP_NODELAY(r1, 0x84, 0x3, &(0x7f0000000040), &(0x7f00000000c0)=0x4)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000080)='sha256-sss\"3\x00')

14:51:26 executing program 0:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000003c0)=ANY=[@ANYBLOB="0180c200000071f6f598b11f86dd60a1d8f20010020003000000000000000000000000000000ff0200000000c46e60e513a00000000000000000000100080000000000000000000000000000"], 0x0)
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x193800, 0x0)
timerfd_create(0xe, 0x800)
prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f0000000040)={0x4, &(0x7f0000000000)=[{0x7, 0x4, 0x1, 0x3}, {0x23e, 0xfff, 0x2, 0x7}, {0x1, 0xa7, 0x9, 0x80}, {0x100000000, 0x7, 0xfffffffffffffffb, 0x9}]})
write$UHID_CREATE(r0, &(0x7f0000000200)={0x0, 'syz1\x00', 'syz0\x00', 'syz0\x00', &(0x7f00000000c0)=""/186, 0xba, 0x7f, 0x6, 0x3, 0x9, 0xfffffffffffffc00}, 0x120)

14:51:26 executing program 2:
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4000000000000024, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000))
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000013e95), 0x4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r1, 0x84, 0x5, 0x0, 0x0)
close(r1)
close(r0)

[  301.563852] audit: type=1326 audit(1551451886.212:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=12977 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45ac8a code=0x0
14:51:26 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x36b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x3, 0x18)
connect$inet6(r0, &(0x7f00000000c0), 0x1c)
sendmmsg(r0, &(0x7f0000000440), 0x40000000000006a, 0x810)

14:51:26 executing program 3:
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x0, 0x0)
fcntl$addseals(r0, 0x409, 0x2)
getsockopt$IPT_SO_GET_ENTRIES(r0, 0x0, 0x41, &(0x7f0000000100)={'mangle\x00', 0xdc, "6993e021e0aac4ced49337dc1500fd2e523c8fa3adcd05429baa4756e5b9a6ffc73f4366b0e9ebce14857ed204fd0d8e767d042d344fac79fb254a835fb19b5d6ddd6ef577a77ec932927f4e7deed0729104c60d6b043170ee7696209659640b1c5dbfa06e25e54a4a311d4c493aa0415f17eb67626423420a717201a0dfe014da6535a21f9d5c8b27b51693857cef9801241a7b698a249f487eb1ae23fa14fe94c82f263094be4d9118de9f8fce78afd5d43f3f24e31faa1e2847b2965b3e42a485c18a90362004820c2c555487bf3449f9b92c621314176c624ace"}, &(0x7f0000000080)=0x100)
ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc08c5102, &(0x7f0000000000)={{}, {0x7}})

14:51:26 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r1, 0x84, 0x70, &(0x7f0000000180)={<r2=>0x0, @in6={{0xa, 0x4e24, 0x7, @empty, 0xc88}}, [0x6, 0x1, 0x7, 0xffffffffffffffc6, 0x7, 0x5, 0x9, 0x2, 0xc23b, 0x99, 0xff, 0x7fff, 0x1, 0x6, 0x98]}, &(0x7f0000000280)=0x100)
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f00000002c0)={r2, 0xf35}, &(0x7f0000000300)=0xc)
uselib(&(0x7f0000000040)='./file0\x00')
ppoll(&(0x7f0000000080)=[{r1}, {r1}], 0x2, 0x0, 0x0, 0x0)

14:51:26 executing program 5:
r0 = syz_open_dev$media(&(0x7f00000000c0)='/dev/media#\x00', 0x3ff, 0x6000)
r1 = openat$cgroup_ro(r0, &(0x7f0000000100)='cpu.stat\x00', 0x0, 0x0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
ioctl$DRM_IOCTL_IRQ_BUSID(r1, 0xc0106403, &(0x7f0000000140)={0xa845, 0x8, 0xffffffff, 0x8})
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0)
write$binfmt_script(r3, &(0x7f00000000c0)=ANY=[], 0x0)
ioctl$FS_IOC_RESVSP(r3, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8000003})

14:51:26 executing program 3:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x2c, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10)
listen(r0, 0x0)
recvmsg(r0, &(0x7f0000001580)={0x0, 0x0, 0x0}, 0x0)
fallocate(r0, 0x0, 0x7f, 0xb046)
r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x11b000, 0x0)
ioctl$KVM_DEASSIGN_PCI_DEVICE(r1, 0x4040ae72, &(0x7f0000000100)={0x7fffffff, 0xfffffffffffeffff, 0x0, 0x1, 0x1})
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = socket$inet(0x10, 0x0, 0x3)
ioctl$sock_netdev_private(r1, 0x89f9, &(0x7f0000000180)="d990da965e41ebd397167edac2f78b26385c6d443e62db07c49f04faf663d713086e8b5e848180d7f5029ac5ff833dab37d1d45fee4351b5c7f9cd53b19360463a8c6edab648462582e4c48219a002c4026c489684040301893acee0719740315ed74db3fbf8ae96c7635284d24ca93cadeae71845c8b52d4c0f07379e03c1ba621ec98597863b6fdcff953ba8b739ff81279b66488aa2b5a92e80591ac079ffedeaf9ccb7d4985f2cdc792d2348b66a849805e2e50312388f487906233b9c0b61ec0f2c131d446b995281cabc247c4e8bd80cb41938b56619aab20d4b20a5b01cdfa63c76e6473bfd46bb74975d2edfa32e")
getsockopt$inet_sctp_SCTP_ASSOCINFO(r1, 0x84, 0x1, 0xffffffffffffffff, &(0x7f0000000140))
sendmsg(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000003c0)="240000001a0007041dfffd946f6105000a0000001f000000000008000800030002000000", 0x24}], 0x1}, 0x0)
syz_open_dev$vbi(&(0x7f0000000080)='/dev/vbi#\x00', 0x2, 0x2)

14:51:27 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c)
gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(0x0, 0x1000000000015)

14:51:27 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x2, 0x0)
epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r1)
setsockopt$l2tp_PPPOL2TP_SO_DEBUG(r1, 0x111, 0x1, 0x2, 0x4)

14:51:27 executing program 2:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x0}, 0x20)
r0 = socket$kcm(0xa, 0x2, 0x88)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={<r1=>0x0, <r2=>0x0})
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000580)={r1}, 0x3e8)
getsockopt$inet6_mreq(r2, 0x29, 0x14, &(0x7f00000007c0)={@loopback}, &(0x7f0000000800)=0x14)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
getsockopt$inet_mreqn(r2, 0x0, 0x27, &(0x7f0000000dc0)={@rand_addr, @dev}, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000002100)={'tunl0\x00'})
getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000002340)={{{@in6=@empty, @in6}}, {{@in=@loopback}, 0x0, @in=@empty}}, &(0x7f0000002440)=0xe8)
getsockopt$inet6_mreq(r2, 0x29, 0x1c, &(0x7f0000002680)={@initdev}, &(0x7f00000026c0)=0x14)
getsockopt$inet_mreqn(r2, 0x0, 0x27, &(0x7f0000002700)={@multicast1, @initdev}, &(0x7f0000002740)=0xc)
getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000028c0)={{{@in6=@mcast2, @in6}}, {{}, 0x0, @in=@multicast2}}, &(0x7f00000029c0)=0xe8)
clock_gettime(0x0, &(0x7f0000003240)={<r3=>0x0})
recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x0, &(0x7f0000002c80)=[{&(0x7f0000002a80)=""/245, 0xf5}, {&(0x7f0000002b80)=""/252, 0xfc}], 0x2}}], 0x1, 0x12040, &(0x7f0000003280)={r3})
getsockname$packet(r2, &(0x7f0000005580)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000055c0)=0x14)
getpeername(r2, &(0x7f0000005600)=@hci, &(0x7f0000005680)=0x80)
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000000c0)=""/49, 0x31}], 0x10000023, &(0x7f00000002c0)=""/77, 0x4d}, 0x0)
recvmsg$kcm(r1, &(0x7f0000000200)={&(0x7f0000000040)=@ax25, 0x2, &(0x7f0000000000)=[{&(0x7f0000000080)=""/151, 0xffffff77}], 0x1, &(0x7f00000001c0)=""/17, 0xffda}, 0x3f00)
sendmsg(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100), 0x47, &(0x7f0000000000)}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$full(0xffffffffffffff9c, &(0x7f0000000240)='/dev/full\x00', 0x0, 0x0)

14:51:27 executing program 5:
r0 = socket$kcm(0x2, 0x2, 0x73)
setsockopt$inet_opts(r0, 0x0, 0xd, 0x0, 0x0)
r1 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x2216910a, 0x8000)
dup(r0)
ioctl$FS_IOC_FSGETXATTR(r1, 0x801c581f, &(0x7f0000000040)={0x400, 0xae, 0x1, 0x48})

14:51:27 executing program 3:
r0 = syz_open_dev$sg(0x0, 0x0, 0x2)
r1 = dup(r0)
socket$inet_udplite(0x2, 0x2, 0x88)
r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
perf_event_open(&(0x7f000000a000)={0x3, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0xa00000400, 0x0, 0x8000010004}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='nfs\x00', 0x4, &(0x7f000000a000))
socketpair(0x0, 0x200000080001, 0x0, 0x0)
socketpair(0x0, 0x80005, 0x0, &(0x7f0000000000)={0x0, 0x0})
ioctl$SG_NEXT_CMD_LEN(0xffffffffffffffff, 0x2283, 0x0)
sendto$ax25(r2, &(0x7f00000001c0)="67d1d2ef9aa482830b33e501bc58f2c6a94a7e39c7650e29e040ae083054b7c6ffc6e197c25d65fee8418dae1e3971b440021db7eb6a186bb03dbb155cce12ebc94f496b3ffd4d4ea6b8e88176b19042ab8399cb30b06b629ebe28580ffd661b2caace82d5078735a37d6ad18460814357886d3beed7a03d58a285cee7b8735144cccf34280862a850c0249b4a4fa7ef80cb143deaaf1d21656402bfc571c8e3925e128f767e1c3e369fd5b0a2366ff7a9aa8e06fa1ea95179d4794a4f5211c9cb87874face24c26", 0xc8, 0x4, &(0x7f00000002c0)={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x3}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x48)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$EVIOCRMFF(r1, 0x40044581, &(0x7f0000000040)=0x1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
write$FUSE_ATTR(r1, 0x0, 0x0)

14:51:27 executing program 0:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000003c0)=ANY=[@ANYBLOB="0180c200000071f6f598b11f86dd60a1d8f20010020003000000000000000000000000000000ff0200000000c46e60e513a00000000000000000000100080000000000000000000000000000"], 0x0)
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x193800, 0x0)
timerfd_create(0xe, 0x800)
prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f0000000040)={0x4, &(0x7f0000000000)=[{0x7, 0x4, 0x1, 0x3}, {0x23e, 0xfff, 0x2, 0x7}, {0x1, 0xa7, 0x9, 0x80}, {0x100000000, 0x7, 0xfffffffffffffffb, 0x9}]})
write$UHID_CREATE(r0, &(0x7f0000000200)={0x0, 'syz1\x00', 'syz0\x00', 'syz0\x00', &(0x7f00000000c0)=""/186, 0xba, 0x7f, 0x6, 0x3, 0x9, 0xfffffffffffffc00}, 0x120)

[  302.465379] audit: type=1326 audit(1551451887.112:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=13034 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45ac8a code=0x0
14:51:27 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r1}, {r1}], 0x2, 0x0, 0x0, 0x0)

14:51:27 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000040), &(0x7f0000000100)=0x14)
ioctl$BINDER_SET_MAX_THREADS(r1, 0x40046205, 0x3)
ppoll(&(0x7f0000000080)=[{r1}, {r1}], 0x2, 0x0, 0x0, 0x0)

14:51:27 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
r0 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = socket$inet(0x10, 0x3, 0xc)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00')
sendmsg$TIPC_NL_LINK_RESET_STATS(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="e3b58a70", @ANYRES16=r2, @ANYBLOB="110a2cbd7000fbdbdf250a0000004c0007000800010001000000080001000080000008000100090000000800010005000000080001000000000008000200040000000c00040000000000000000000c0003009104000000000000"], 0x60}, 0x1, 0x0, 0x0, 0x24000084}, 0x20000000)
sendmsg(r1, &(0x7f0000011fc8)={0x0, 0x550, &(0x7f0000000040)=[{&(0x7f0000000100)="24000000010307031dfffd946ff20c0020200a0009000100021d85680c1baba20400ff7e", 0x24}], 0x10000000000001ef, 0x0, 0x264}, 0x3)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000280)={0x9, [<r3=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f00000002c0)=0x28)
setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000000300)={r3, 0x101}, 0x8)

14:51:27 executing program 3:
r0 = syz_open_dev$sg(0x0, 0x0, 0x2)
r1 = dup(r0)
socket$inet_udplite(0x2, 0x2, 0x88)
r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
perf_event_open(&(0x7f000000a000)={0x3, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0xa00000400, 0x0, 0x8000010004}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='nfs\x00', 0x4, &(0x7f000000a000))
socketpair(0x0, 0x200000080001, 0x0, 0x0)
socketpair(0x0, 0x80005, 0x0, &(0x7f0000000000)={0x0, 0x0})
ioctl$SG_NEXT_CMD_LEN(0xffffffffffffffff, 0x2283, 0x0)
sendto$ax25(r2, &(0x7f00000001c0)="67d1d2ef9aa482830b33e501bc58f2c6a94a7e39c7650e29e040ae083054b7c6ffc6e197c25d65fee8418dae1e3971b440021db7eb6a186bb03dbb155cce12ebc94f496b3ffd4d4ea6b8e88176b19042ab8399cb30b06b629ebe28580ffd661b2caace82d5078735a37d6ad18460814357886d3beed7a03d58a285cee7b8735144cccf34280862a850c0249b4a4fa7ef80cb143deaaf1d21656402bfc571c8e3925e128f767e1c3e369fd5b0a2366ff7a9aa8e06fa1ea95179d4794a4f5211c9cb87874face24c26", 0xc8, 0x4, &(0x7f00000002c0)={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x3}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x48)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$EVIOCRMFF(r1, 0x40044581, &(0x7f0000000040)=0x1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
write$FUSE_ATTR(r1, 0x0, 0x0)

14:51:27 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r1}, {r1}], 0x2, 0x0, 0x0, 0x0)
r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_FIEMAP(r2, 0xc020660b, &(0x7f0000000340)={0x0, 0x1, 0x2})
setsockopt$packet_buf(r1, 0x107, 0xd, &(0x7f0000000100)="d7dfa9a14c6fd905b3a0606049854f717c6b62ea1ea11ec459368ca4740f47aaa3437b6fa7876af7e9927978f13d9eaab55f53fe0cd60807c4d201a396dd674e022477607d7a23e4eca7a32920da9a4743d00ea12638757ebda326f7175865d2d8a21f39612dcd06e5b51c01fc9b874c042e02870fc7d6bbf1234761a9e215ad025049f9d104dba841249146858a9bc19ae567e2cd340411ba169b72d72e3767c94ca12e62805ced54ba6cf9250ded8ab1ff7e3c312326c6b30e00710721872708a2a987356f656031ae584232b0b40ec98ed38f3ed88ebbf38ce30a7f11ed382e0102b930afa733cfec478117e91505eb74", 0xf2)
ioctl$sock_inet_udp_SIOCINQ(r0, 0x541b, &(0x7f0000000040))

14:51:27 executing program 5:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r0, &(0x7f0000000040), 0x8)
listen(r0, 0x7)
r1 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffa)
r2 = getpid()
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000000140)={{{@in=@multicast1, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{}, 0x0, @in6}}, &(0x7f0000000240)=0xe8)
ioctl$DRM_IOCTL_GET_CLIENT(r0, 0xc0286405, &(0x7f0000000280)={0x10001, 0x3, r2, 0x0, r3, 0x0, 0x9})
r4 = add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffff8)
keyctl$unlink(0x9, r1, r4)

14:51:27 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x0)

14:51:27 executing program 5:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r0, 0x0)
getresgid(&(0x7f0000000500), &(0x7f0000000540), &(0x7f0000000580))
process_vm_writev(0x0, 0x0, 0xfffffffffffffef8, 0x0, 0x0, 0x0)
r1 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x2, 0x2)
sendto$unix(r1, &(0x7f00000005c0)="8b345f100cc58fe316d35f295d49bc8ee1490196ba7915e1a66060016fe5b0253a2ddd75368d5521c5d5cd42cc8ac1759a508155c8589c0b2e74c5997ed701ffe14a00b5dd09610320edc1f017758c34c10045d81ca19a140c19de0db517132beadbab4b9160f285d6b07ed64a890c9a4778e82705cd20142e65cf23d848c8ec39fbbf78c7e824cd990646a3f88b6916ddde59315552f3e7f54c0d26449aab6abf3c5986554ad6652fecabfb07c06acb97f57691a9b5c4ba1c9a719e231102ab5a7e2fe2a236f72eacee23aab1850725d355b91d46ac354cdaafe8a95e24892197ff001542cae69374b450e56b503de635dcb3365819a73dee0374f0edee6a8d2ff7e5ed2b5dfd66e5bb9f0217f4a3eabdf66328263d851f1439afdae5e7f05b62817e659f9ef89a19c642d813d94ed5d20130131ffa79a03ed1e544fe26e3c67ae38fc4484f90b31a701096fa1a49c58854793a40e9629d4183c4639e32a135ebbcafa2f608eb9268d049f453a9a155f57f4e28143aa73f13472466a88cd7845be7475f00f94c4b452113762b389412f1dfe11e7d54bb43b99f0dbb9bd1b7c802f62b285bc8a3eb9d59879221ec077c0a1572cd71a0222564261faea0336f66d2b7f11c0970f423efe348d6da8beb297b47b7f5232ef77b8facacfbe2fa42624370be4a849689081dab8080e20030e9266384d5f3f5a2415eea6c2351ab82dc22a34fe6a5cdacd83311f91396539e0af6914225fdd0353b192790c2c90a87127e0f79d3da7f8b0e6a36cadf863a775be7b7313770e98114c0e2da454e62c36d235cfbb3176fdbf458dcd2aef1ba4a2a92f802f2defea97cd6ff9e899d4041d5f9e8658500d0cc7971a0ac22ac5ac0827eec53691b0cea92f2c8d1b8d904cfdc82d2f484b56a5c6c15e189f1f16a0171d4dc3d0fb79c057bc00bba924d2d38755df294bf27de57dc317b902530270579c847ce48c9f5ddaf057c663caa3417f157b660042d6325f8d5e3fc6938adceb7dfbbdff7e92a852289bf06201ea27824243bbf7fde47fc9181d54fa5864b101f419ca1139d787e7f552bd1c41b8d6af02680ead91fca5ad12d0ae673e3bb7719d19835f99b6a87c973a5b01c2599fef8892674e55bf4ffe12a3cd24148d02f5b67372cbf7f0fcc65bd53e02803105c0e5be8cc7401567cf5c810c745968c49f84ad79354cdbeadc9f8cdcdbf9c5c48792278e52d4fdb648e377501b57e412afecc5d108bc286f0e1b2207b92099cb52303fd52f30714a6045835a1e59227daa1ddb2e5137e2f0a9a3efb258717d4307c5464a1855f48501febd0a1b4ac97f2c0cad62cd5a88a7c985ff6de2e57d25cf13677eac551b58745804e70bae64b8a0d70a6df753ed5a3393ffa4aa5f50f32299e261ae0f03675ca439c353259b2b4690306593dd39a8bb6318f90eb763e1413166dc5fcdc40631bd8dcbdf2b1220a7505984d5c7942efbff74cb886a653224ad1c3b53e6a8f8d76acbc7b8aa810c37940411b971453708e8ed637b53c8a3373cb2582b1560918ea103ed3c32833f98271dfbdc069a398dbe0353319f118686b9b99be38217997e0dbf1e064133b663f0a649de3fe85177eb6c738cbbf0553a90e4531eb0b4e945a187d0002cc80f89cda3534c2dc882966e6327bf0485595fdfed966fd835a24627710a9174261ffc37457567f8308c4271e895a3ff5ed6ceca82f5c2da67504ee390c188a891855dbde89e005d13b477a0e51074abeb5270cdf652a95df9b42b91ac9eb3b0ff7800605dc36d27cf5b135d6fe2e83609128115b98c5811b2a76bd31c2b5c1127cb7dc5ae5b58ef2b9f068983f186727c814612b669c7bc09f3ac5a3f3b6f034750a0205b0ba9f69efb21736b3dc992c2035e8b5ffc0fadf11e4f263dd7cbe004daa75106d391f29d4886d15e203ef51932420035cb8dd8ac475c5e5c6a817d568313904d19359a3a8430b868c0e05fe1134f0657e4af8d8fd6641bb8809809cef60bbe13a05b1fbd7b352adf9a50312288e5384a7a93519587ef277ad78117c914ddfd5912d33bc30231c3045d046738bdb213c5a85a65be897fc9d1f3fd88020ec384ab9bb1fb39657b60eb49e21273e3b59d8317ce81a7740a0b0af379972985705bfc578a9c4ea3580b43f50030f4073d56ba761951bcd159d0678b3db1a5352f2e8886d6e0b98c3d6b30ff10d936f6eed5444ab074479fe70b708f9ffb3b1d685070adcdb5163d87ac0ed99ac00669ea9282091abd5debaf6b36be6364ce18938ef0e3c94946bc71682f4c8f2fd1560c1e2d56915608cf06149d3d5b4115b082ab951b8321f7a846d129d4d4f6bf8b202fcb90ffde9301fefc70116b616c18b743281165f4b488bf418f33d450bd0632ce163ec5bba13c1c49081bcce370cab0033426813d9b1335f27abc76a29e4fce97993ca4fad5411ff0e10a9e381dacae585d93d832b73674ec4d6ebffddd3c9fa7e7ba5c66e48f16f340fb66ba21fdb168e0df4597143de26d32b9f7fef079655de25c3fb03e84cad915d5793640e04e82cc126e59ee0f4332660b7a9c98640fb2245b613e40f86fce3cb997a25e84a4d77354a7c438cf40cc2be53b8b5dbbeb5ea32a0bb76931cf243ab29a8a3816da3855ef20da0871491f4e2ef46c875f2e5d1b49058bf0b28f8d837b6db6fb5f1baa798645cce51f588a1623bfd7d25bd349056cd78d15a402761c88e82c476fab8b3b75978ed9b4755a2a49b43d64ba94074f27bf570303aefd294b23e92b64573991a8315304380d6a793700d615b2caf5dec1ff3d74f771926d0c39cd25b1d00ba0ded6df7f05f978c1d16a7f5b5cb3064d0d2158092b422d7cd5688ef3e8fab35832da09d219a9f68da12c894317360be38430eb1f03556d34b3c1b103ce76ce60b58802c27057df262a3ca1e402f4042b16882ce36dc9153663838c9b6bf8ab4dd6569aa3bc695b181edc0b86141237ef41d64f4832ca4bcf958c5510ce07d7b62dc64a5ac14d13294ae38e91756d84be7f30edbb5241b09a8be09991b67db6e3e239cf182e2db07c944494adda346ff529fa8d6cdc1ac919b62eeaf53aac53f6c311fdcaad50015fa748fe8632022d844622f57a791fbc188dbe7246084994fb18710603746bce49b87af53f27727490330e4a221a5caaa7d4882686986e501151e3f6d5bbc89b6741f2f94855e1abaca0bd69e17e02799a2d32c69802afdb27a2f1d5e0b87cd1615136258526b700e21dfe8b35ee62b2124a849d53f32a6a2264b1dc0e5505c029bb666000d2660ffb15b06d43e27138d9c4625a5e925b51a803494f53584a1673e66160b93b03e0659a3d3b19baafba467ed8fe09378d031724d8fa7d3a9ffcf5c7947cde862bea33f5edf4df259a62e89281347ed00839a71cd92eecfe94b7cc1518790d9168921245208ab787fc5a7a1446a32952b1a7b4acfe334cada846ae45317c96d0994f7df28a8b2f99c18ac3ea318105507a680cb5203b66c3885deb0cfa35c1746554ddf09461b89301ff49a77f66545ad1ebfad5fff3597aa462ce57ac5a7259e163cce8ef099ae831e5245f6e4a58f3d12d11343f871e66c82cb34e5aa7813c19ef02e70a04e99fb5a61c853a6189dc5048b9237102b34358dbf91320aa501ef8f93c21a226c37fe762cc63788c21d0de16dec1e52f634d6b331a4433bda701a8a86ec96b527aa585b6fbec655559b3ee6c233fa40f54c3b13d5b73081c053f437087480ff7fdd2a7d4b0c788984b45449cafcbf8b07526f4c08d2544653772e433502f49cc8cb613cb2b5f91b3d5064cb67868efc43720e30479462fccc74b9a90f99aec366616f967dc3aaa423aaeb85f7d443ce55c7cacfad5b768c30672d528e74d92db9db88422d9cb969bec4f3b594717bfbc9fe6438e939e4c2d4088bad715f5635cdf7433be18ed42a1852eadd836ded6a9a6eaf9818c6d4de47c6b1165733429ba002e22d0ba61b0a0bfdac104f773ed1d79556dff6e878a79990c50f07bc76d931d0fee00a07139b742be7f0a4b101877e29c1b5eb4cf5cc0e2038c8ab78c2bc69d65c6f5604d1adbc056dcc04b609f4c1ae776e7082211fa8c00b4d08a11bad9fdb775c387e0105c1f2fa975e539140e5cf392c1801727896aa1554fa250294ca2f66fde84ff7f930792c48c36a96ead24c6cc97b18cc05aeee8e6b250a5a4098ee6eb298342343904545ea1c5d28569710603ef3f60a778c85698ec456b491c0ae6df858d56ebe7930eac7c45c06c8fda22705037f244a43d54e14dae679277348c30bda2da41757ff2307f740428a00a77bae2034a69e9821e7e2bcab16a06437875bd6bbdfe5344e6c32e1a936f908d988c0deda4a78215252faef59bd5a5a08b44a796ddfdded46af84bc67bbab71db172bc585ccbbc1124223bf33a29a36014813fbe1309b5b4c3209dbef7134a3d65927a33caf49c07da35dfa7556588ebc09d836c42939bc6ec496df40b247e1d56936ed6a88a607b0818d597876fe78e34666f2508a3596a48b82411878f8c9a0e297a12b8ad2694b04b3345a1fbd942aa8dc88426e21a0edd5509f1f4b4f8cd302436ac8b5e496847c4d5f9c5ca834c18eac4b6b808f2be1ce348a83e1bbe330fa76cbad1cc235a77320cab8f8cf935fded9bbfc9a629aa7a0b59a68e3bd9a82790ba03c2a718b11a932a0a504a9ec6f3ef971cad9c94883a7deb6007a6b682e0634b64d470f4c61a0faa7bbd7efd4911bb65d9744083d1507e76b6b548758bf409e845e2fb4e579f320e4129c88a2b417f8b999afe50dacefc691ac9d3c09e59960dad0c078610d628a3c1e8a1136850365cebf46bb466c8df3d439462eede49cffc1af6cc2c9817dcc525519e318e0b5743e0105fcd2eea0263f5a00f428399932b2e81c9955ce6c37fb04d5e2cf2510399c72d847d7d71709693e4ee06c0c98195ea96116e2ab3addf2bbcdeb2a032f3ac26bce76d6911cdba1f1dd41786deda7aebee417394035c95a8d18acea4a2de2c5c2a64c3c62ef378a61a2ca1c00285af2870248502812c5c0f4a87cac0835123fc37fbbb6d1fbc58fc9fc9bba4dad31f07c41664fb2126b346b913a1ad6275f0a250bc14037296456ae83d492fb961f3581e287dd8b29e1cde592c8d01ccb1acc287587b40980ea61279d9c2f1d63372d5f384707f48fac72a84d017490416f1cbab5f4c7ce3f4433731792eabf45e2401838680d99667d4c9293a136a22e166da18c5909780639340e018abf2f0b7bf90abdc70f15125f59e1f536f6704d9413e38378e588d747266c3878b8294db4754cbb99c47a34127ebf96dd9d75e4cfdd88e31d84a7421a1da402aec1943a1da54a12d527581f755317ef5625bed4e0f738f37abbc5c376e2d285e14dcde2ce0e5094109840162491a91e37f4c4dcb09c60a9a2362678b2e40b44344fae4c9fdaf5a71640331e5a62ec71305c48f9f99d700b6c471ee69def1626756a144cf20c26e84169b457f31d4f7d163370d5511ccfe47c2e7e41c44ab1a32c4a49286b57f69901995e3b219065d0890b6e17d401072980cbaed346acec13b5307ac5f7bd64ca025667c9e6ff0b63ec230675a37a8421757d1580d2e8a11aec607740b2749c5672d2fd99ea4cd097a33fd628c415a9efcb73ffdba30cf71eff1b8fd12765d45ce48548121466b07e6ffebc8e1b74bc070205526e094bc4ee83c13975a67f494aac9f0273957037871a8e7708781faa47e5c3c77f5fd0530c188fbff087c814d1494828fcbf", 0x1000, 0xc001, &(0x7f0000000280)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
getsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffff9c, 0x84, 0x0, &(0x7f0000000040)={<r2=>0x0, 0x9, 0xffff, 0xa2f}, &(0x7f00000000c0)=0x10)
getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f00000001c0)={r2, @in={{0x2, 0x4e22, @multicast1}}}, &(0x7f0000000100)=0x84)

14:51:27 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0xdf0e, &(0x7f0000000040)="ff7f000000000000edb070")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r1}, {r1}], 0x2, 0x0, 0x0, 0x0)

14:51:27 executing program 3:
r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/pfkey\x00', 0x40102, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r0, 0xc0305302, &(0x7f0000000180)={0x400, 0x7, 0xe462, 0x200, 0x5, 0xfff})
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x80000, 0x0)
ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff}, 0x13f}}, 0xffaf)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f00000000c0)={0x3, 0x40, 0xfa00, {{0x2, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @initdev}, r3}}, 0x48)

14:51:27 executing program 2:
unshare(0x8000400)
r0 = mq_open(&(0x7f0000000040)='-$\x00', 0x6e93ebbbcc0884f2, 0x0, 0x0)
mq_notify(r0, &(0x7f0000000000))
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x400, 0x0)
mmap$perf(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x6, 0x10, r1, 0x60)
mq_timedsend(r0, 0x0, 0x0, 0x0, 0x0)
setsockopt$l2tp_PPPOL2TP_SO_SENDSEQ(r1, 0x111, 0x3, 0x1, 0x4)

14:51:27 executing program 0:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000003c0)=ANY=[@ANYBLOB="0180c200000071f6f598b11f86dd60a1d8f20010020003000000000000000000000000000000ff0200000000c46e60e513a00000000000000000000100080000000000000000000000000000"], 0x0)
openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x193800, 0x0)
timerfd_create(0xe, 0x800)
prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f0000000040)={0x4, &(0x7f0000000000)=[{0x7, 0x4, 0x1, 0x3}, {0x23e, 0xfff, 0x2, 0x7}, {0x1, 0xa7, 0x9, 0x80}, {0x100000000, 0x7, 0xfffffffffffffffb, 0x9}]})

14:51:28 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ff030000de000000000000000400000000000000ff7f00000000000007000000001200000000000000000000000000000000000000000000000000000500000005000000ff7f0000000000000900000000000000fbffffffffffffff070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"])
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r1}, {r1}], 0x2, 0x0, 0x0, 0x0)

14:51:28 executing program 3:
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
setsockopt$bt_hci_HCI_TIME_STAMP(0xffffffffffffffff, 0x0, 0x3, 0x0, 0x0)
r1 = accept$inet6(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000300)={{{@in6, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in6=@loopback}, 0x0, @in6=@dev}}, &(0x7f00000001c0)=0xe8)
ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000240)=<r4=>0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000280)={<r5=>0x0}, &(0x7f0000000400)=0xc)
ioctl$KVM_GET_REG_LIST(r2, 0xc008aeb0, &(0x7f0000000600)={0x3, [0x4, 0x7, 0x4]})
ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r2, 0x40a85321, &(0x7f0000000640)={{0x3, 0x9}, 'port1\x00', 0x58, 0x40000, 0x7, 0x8, 0x0, 0xe7c3, 0x8, 0x0, 0x4, 0x7fff})
getresuid(&(0x7f0000000440), &(0x7f0000000480)=<r6=>0x0, &(0x7f00000004c0))
sendmsg$netlink(r2, &(0x7f00000005c0)={&(0x7f00000000c0)=@proc={0x10, 0x0, 0x25dfdbfb, 0x8}, 0xc, &(0x7f0000000580)=[{&(0x7f0000000880)={0x6a4, 0x21, 0x1, 0x70bd28, 0x25dfdbfe, "", [@generic="6fcd87b8e029a2a358bf6f86a83d3535bc2b51d1b8e9c05b55922a998af15118ed8b7b495285260892e62bf383cc9e77b8908eb8a59560971225c3db40f4daf2c802ef8ae0db829b8a4fb5c05ed7db16015648553b8fdb6918d7a85006f6644f411df5de82c8c3d63fb20de0c4ad88ffde1b8f4e3f71012780149dfa90a57d9812746b7fc6", @generic="6b7004d4f5a405888a33f727e14d2159201ab5e2ff3d794be2ce0098b54c297f98da5c50e1f77585a6e8368131c2254d697b9ec08de202a500c6a8fa72190939c90e7f2b4c8d3b220f72f11d00b8dd9d582c925ed7e35ebe796373e18f48a1bcb4ffcc42fea4bd850441e3432c339b79cfa99f1923bf52c2795d8ba3747e02857e615bb17e444422ea6eb6", @typed={0xc, 0x67, @str='vfat\x00'}, @generic="4d28db8f8cce468f6e405c79e2f6314f653c313431d4fbd898d591af8c4efd4ee31b2f4de1fda45efd2d516daac2cae27afda66cf4b260e21dcda63d2d99c6b3b63faeebdb0a7693dc691b741f3b1f6db1ea6db5021e12127d2e32d9f50198381cff80f351ff3772ef63a7fb0d1f1cfbb550ab0a547773adfb631aaf63fb9f2432dcadcba12b9c736beae63c6a4ee95b980918c9d964f17544eefc5530b255", @generic="aea8956d486d338f74e4114a7b49ed37d60fec658097599af1eba18d9e68f6fbb733dd6ecaca3f1de7633dd1446302ec9b717f36d4", @nested={0xdc, 0x8a, [@typed={0xc, 0x90, @u64=0x3}, @generic="097ee52268a92f632f6a7db8f3ee707433196294734c1c23eb18bcfccfe60c8ebe21747df5df6c109cc378ef277582631252b1dece677a183ae9b931f945e1a51f12c43fbae9cbfdef6e4839b001b686969755b9a28d544e7b62ce83de081167d49c65cc260602a66571530cf82d33c03a2926a4f9a922b5a6937951c8abb82688b2964998b23fe8f0e812e4fea4da8ce6d713fefcb02378863f11a07b7a31e85b7c95b44b133bed33ce9d2b798ee79a929d3a302752cfc002b8b133538983ee1a9695c882", @typed={0x4, 0x67}]}, @nested={0x344, 0x7a, [@generic="ed239880fec8ebe5f500e6a1b61d2631028550bea8b56ca15c1d0d54135e3e80a6e5ffb871e85e563f6a7d282028046a7b1014df12b7ae31e8d47cf06a8c8d2ae50c712c10b6bac005abf4064ad7355f42c79cd660de297dc2216bb559487c300bb9af96adcb81886e819dd78dab328e84e85523219843a0169b4942349032a867cafc15dd7369c6a3fff9aea4021cabb9979e351a2bd40d8280e59c", @generic="49296165943601be7a8a58ae04a3e15c6cf8f899242d109476e91fe9abbaca8ce2a411cf3e46b930cba2ee51124df2c8e029660cf3d210711e66885a28523c4f15e743eab8a4b0b75f5a2cc4c29bf1ce33d47cd5ed5109842c29cd9724a68a98dd6a620b135510eb4f220dd2e32fcc480549b9c4c41d7233d5cb316b348b12b62f49cc5fb4af1dfa5b9db14dc0a94b57732f4f7b6d00de1cedca247bc8a36a153c418bfc795fa9104823d376098fd38388e218e9dff6dbf6d8", @generic="c64badd922fbb447d2aa27def5a920bf444df1b8e1fe0106498b886d2b77b49f20dc327f483049f1d4084401ecd079cab3bfec842118dbfd157772e7b6e3c6eb116aa1d202b84756bfaa9721b379931ca91586e92fcb8d73b74615cf25f4a29398bed4daa24e9d17ace96ccb7d41e70f58f3f47b8d992ba76794ff5cbd1ff16ab4e1d0d0d0f1913aa8599e3778210dedcc7b5f347c49a87e13df49a9618110d2583bedba79ebfa0487849aa1376b11be80368b893db8f648e226530c9c729a9411f5d047c33732154159d2bd4710b8653ad2b68b4417e45efcefe0454d2b5eb40671dd9fe0f71d69", @typed={0x8, 0x7c, @u32=0x9f98ff3}, @generic="b70a641e1fb96f71ac7a99e8a7e1c0ebd98e0a9fe371dfdca74b72ef8817c83b13b675d3a28b725fc7feb97732eadfad95f5dcc049e09dfa594529038cb675e9c14d6a35404d176a2d89080ecc3233ec61d8cc35e89f0014ca541db69dd414e4d5e54876f291b7f4e97a242183c7", @typed={0x8, 0x3d, @uid=r3}, @typed={0x8, 0x7c, @u32=0x8e9}, @typed={0x8, 0x59, @pid=r4}, @generic="851e329718118b5754bc784bc36d2d4e88358f9c571eaf8ac4ade103bdb071294425e752cbf024cf6be0b77621cc7388019d03aca73fa079f02150f74010735dcc0bbb1b87f58abb10f45694440e92d0fdf1c26f569ad47c89ed93ea68bfb82b703eb65bdbb78b1d44c395b199a129a90600"]}, @generic="7266ed60761f1ffaffa1ae426bba564ed8aad211be802a5f1dde8655be88ad9dff99bc3857fa09c4d5f9821768ffe9c20bdb564a9e17e3c2c2fbc81127c7dd7ccabe04952a9567ab73b6f6efc4afaaf0f315f246b35653c33994a97c79c97c4519de5be33fe9306d46b5be54aab8f7c1b4aac5a92a0ab0880033d2bd4f72ecf6e1254d"]}, 0x6a4}, {&(0x7f0000000500)={0x28, 0x27, 0x0, 0x70bd2c, 0x25dfdbfd, "", [@nested={0x18, 0x41, [@typed={0x4, 0x30}, @typed={0x8, 0x7a, @pid=r5}, @typed={0x8, 0x58, @uid=r6}]}]}, 0x28}], 0x2, 0x0, 0x0, 0x4008844}, 0x40000)
r7 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r7)
r8 = open(&(0x7f0000000080)='./bus\x00', 0x1fe, 0x0)
write$binfmt_aout(r8, &(0x7f0000000100)=ANY=[@ANYBLOB="00001a9c54e71f3be48a2b6e05a7de11"], 0x10)
perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
truncate(&(0x7f0000000180)='./bus\x00', 0x9)
unlink(&(0x7f0000001e00)='./bus\x00')
ioctl$VHOST_SET_VRING_ERR(r7, 0x4008af22, &(0x7f0000000f40)={0x3, r8})
sendfile(r8, r8, &(0x7f0000000000), 0x8080fffffffe)
write$P9_RWRITE(r7, 0x0, 0x0)
mkdir(&(0x7f0000001540)='./file0\x00', 0x0)
r9 = msgget$private(0x0, 0x100)
msgctl$MSG_STAT(r9, 0xb, &(0x7f0000000700)=""/215)

14:51:28 executing program 5:
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f00000000c0)={0x18, 0x0, {0x1, @random="a14ab814f78a", 'ip6_vti0\x00'}}, 0x1e)
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/drop_packet\x00', 0x2, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000000280)={{{@in6=@mcast1, @in=@multicast1}}, {{@in6=@mcast2}, 0x0, @in=@initdev}}, &(0x7f0000000380)=0xe8)
setsockopt$inet_group_source_req(r1, 0x0, 0x2e, &(0x7f0000000140)={0xcf3, {{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1a}}}, {{0x2, 0x4e24, @rand_addr=0x1}}}, 0x108)
pipe(&(0x7f0000000000)={<r2=>0xffffffffffffffff})
ioctl$DRM_IOCTL_ADD_CTX(r2, 0xc0086420, &(0x7f0000000040))
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xffffffffffffffff, 0x32, 0xffffffffffffffff, 0x0)
ioctl$PPPIOCGMRU(r0, 0x40047452, &(0x7f0000000100))

14:51:28 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = socket$inet(0x10, 0x3, 0xc)
r2 = openat$null(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/null\x00', 0x800, 0x0)
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000000340)={&(0x7f0000000300)=[0x4, 0x10000, 0x8, 0x6], 0x4, 0x4, 0xdd, 0x2, 0x0, 0x4650, {0x100000001, 0x3ff, 0x2, 0x3ff, 0x13, 0x2d27, 0x5, 0x0, 0x1f, 0x1, 0xaa01, 0x7, 0xe8, 0x4, "21095a53df1f023576fb63a61d6665a3d37494a9d550ac51073da0cc521c2098"}})
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffff9c, 0x84, 0x18, &(0x7f0000000140)={<r3=>0x0, 0x7}, &(0x7f0000000180)=0x8)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f00000001c0)={r3, @in={{0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}}, 0x1, 0x77}, &(0x7f0000000280)=0x90)
sendmsg(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="24000000020707031dfffd946fa2830020200a0009000100001d85680c1baba20400ff7e28000000110affffba010000000009b356da5a80d18be34c8546c8243929db2406b20cd37ed01cc0", 0x4c}], 0x1}, 0x0)
r4 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x0, 0x0)
ioctl$TUNDETACHFILTER(r4, 0x401054d6, 0x0)
setsockopt$l2tp_PPPOL2TP_SO_LNSMODE(r4, 0x111, 0x4, 0x0, 0x4)

[  303.420070] audit: type=1326 audit(1551451888.072:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=13093 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45ac8a code=0x0
14:51:28 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x1, 0x2)
ioctl$BLKFRASET(r1, 0x1264, &(0x7f0000000100)=0x7)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r2 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r2}, {r2}], 0x2, 0x0, 0x0, 0x0)

14:51:28 executing program 5:
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000200)={0xffffffffffffff9c, 0x10, &(0x7f00000001c0)={&(0x7f0000000140)=""/123, 0x7b, <r0=>0xffffffffffffffff}}, 0x10)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000280)=r0, 0x4)
sched_setaffinity(0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, 0x0, 0x0)
mknod(&(0x7f0000000100)='./file0\x00', 0x103f, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$NBD_DISCONNECT(0xffffffffffffffff, 0xab08)
ioctl$RNDZAPENTCNT(r2, 0x5204, &(0x7f00000000c0)=0x101)
syz_genetlink_get_family_id$fou(&(0x7f0000000240)='fou\x00')
sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0)
process_vm_readv(r1, &(0x7f0000000640)=[{&(0x7f0000000580)=""/143, 0x8f}], 0x354, &(0x7f0000001540)=[{&(0x7f0000001400)=""/90, 0x5a}], 0x1, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
getsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)

[  303.596156] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 0)
[  303.598980] FAT-fs (loop3): error, invalid access to FAT (entry 0x00006500)
[  303.616078] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'.
[  303.625428] FAT-fs (loop3): Filesystem has been set read-only
[  303.653658] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'.
[  303.673355] FAT-fs (loop3): error, invalid access to FAT (entry 0x00006500)
[  303.713367] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 0)
[  303.769651] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 0)
14:51:28 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x0)

14:51:28 executing program 2:
r0 = socket$kcm(0xa, 0xffffffffffffffff, 0x73)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070")
recvmmsg(r0, &(0x7f0000002ec0)=[{{0x0, 0x0, 0x0}}], 0x2b8, 0x0, 0x0)
r2 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x2e, 0x80)
accept$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
connect$can_bcm(r2, &(0x7f0000000100)={0x1d, r3}, 0x10)
shutdown(r0, 0x0)

14:51:28 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$l2tp_PPPOL2TP_SO_RECVSEQ(0xffffffffffffffff, 0x111, 0x2, 0x1, 0x4)
ioctl(r0, 0x1000008912, &(0x7f0000000140)="674bf63e08ba4e341d560001000000000000000800")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
getpid()
ppoll(&(0x7f0000000080)=[{r1}, {r1}], 0x2, 0x0, 0x0, 0x0)

14:51:28 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000000)=ANY=[@ANYRES32=<r1=>0x0, @ANYBLOB="2b070a00bd03000400000000000000000000000000000000"], &(0x7f0000000040)=0x1c)
setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000140)={r1, @in6={{0xa, 0x4e23, 0x2, @remote, 0x100000000000}}}, 0x84)
sendmsg(r0, &(0x7f000001d000)={0x0, 0x0, &(0x7f0000024000)=[{&(0x7f0000000100)="24000000100007031dff22946fa2830020200a0009000300001d85687f0000000400ff7e28000000140a43ba5d806055b6fdd80b400000001400", 0x3a}], 0x1}, 0x0)

14:51:28 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
fsync(r1)
ppoll(&(0x7f0000000080)=[{r1}, {r1}], 0x2, 0x0, 0x0, 0x0)

[  304.168143] net_ratelimit: 20 callbacks suppressed
[  304.168150] protocol 88fb is buggy, dev hsr_slave_0
[  304.178179] protocol 88fb is buggy, dev hsr_slave_1
[  304.183280] protocol 88fb is buggy, dev hsr_slave_0
[  304.188367] protocol 88fb is buggy, dev hsr_slave_1
14:51:28 executing program 0:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000003c0)=ANY=[@ANYBLOB="0180c200000071f6f598b11f86dd60a1d8f20010020003000000000000000000000000000000ff0200000000c46e60e513a00000000000000000000100080000000000000000000000000000"], 0x0)
openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x193800, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f0000000040)={0x4, &(0x7f0000000000)=[{0x7, 0x4, 0x1, 0x3}, {0x23e, 0xfff, 0x2, 0x7}, {0x1, 0xa7, 0x9, 0x80}, {0x100000000, 0x7, 0xfffffffffffffffb, 0x9}]})

14:51:28 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4)
bind$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10)
r2 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x6, 0x2)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000100)='TIPC\x00')
sendmsg$TIPC_CMD_SET_LINK_WINDOW(r2, &(0x7f0000000640)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000140)={&(0x7f00000002c0)={0x68, r3, 0x20, 0x70bd2d, 0x25dfdbff, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0x4, @media='ib\x00'}}}, ["", "", "", "", "", "", ""]}, 0x68}}, 0x4000)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f00000007c0)='bbr\x00', 0x3)
sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000005340)={0x2, 0x200000000004e23, @local}, 0x10)
write$binfmt_elf64(r1, &(0x7f0000005380)=ANY=[@ANYBLOB="7f454c460100f30700000000000000000300000002000000f80100000000000040000000000038000eff4f6d0200c8000180070057e574640600000001000000000000000800000000000000008000002000000006000000000000850500007a36818e00ff070000001e00001c9d5b02008b1ed41275af6b341e8ea900000017000000000000000000000013061fbcd9d0bd281fc084c20000000036a00bc70000000000000000000000000009000000000100000000000000c33aece02049dab161b27cff26182138"], 0xc9)
write$binfmt_elf64(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c460000000000000000000000000000000000000000000000000000400040000000000000000000000000000000000000000000380000000000000000000000000000000000f6ffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090f8def600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x2d8)
sendto$inet(r1, &(0x7f00000001c0)="5632847c502b9a60462bdd31e3575ae0d1b87465fa87c98f5f4c1d8239066f24da819afaf12a2b375ec5a32117a02df0abe531eedfeac6fa3346547f364e462332fb802e59d60352a7143e6704d2bb8c33837f5da4866aa86ba7fed1b39586537b1f952d0446acc946ead76982089b54e9cc26e29d66f6a7edc0376370c61c1eba46f376de27ea02d12b7ca2e9f6d5a0b7c9523b0c8e78383442d25d542a03519b719ad626b2b82cb5a6e3b364e3dfa10c644c1f7a1df23bdfdb9aae2db7e846b7e5ed1b729ac61086dc9a698df44d060928eb84d82fe21ce1d29b7f57bea77757a8a8a4ddc53dbea4adaebc", 0xec, 0x0, 0x0, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4)
sendto$inet(r1, &(0x7f0000000f40)="03f4a2c970de1d9c3776a9481255ced5dbc57fe63cd931916a02bae17f782faea473b1c2395dcc0f572febcadeb7fa0f2ee9dc78ccc69169ccfc0bf46dbaba25f3f5a75b77654c0cb9989ea026da080991348232bc2541328a29ec7e06942980144d2ae1b8811ef7af232c4bcb7d89d1aafda6e27d68ed8047debe4f6acdb39851142538045af7a37276d45101a908acd7e6586aaa477a1ed765207d078f68d3f09646ebb175b64f48673bab39a740b280f8876953befe1c9eb8b1494786cdda1a87dbce11989c23041ee13071a5af0e17e267cc0bf8e310b695e5f3bf0f5e0a5ba3393a682e7d0cc9a93e2c8faa4f71f684e0ac9feb65e2a8cb931b4bc84551fe3bc41bdd5d148b8b366152e78e76a6b4bf34f883b99166fc25192d0ea28755cd248b191b5951e5e9ec835e6346d71f731b28e9ad931c763aa39e5da99743f9", 0x140, 0x0, 0x0, 0x0)

14:51:28 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r1}, {r1}], 0x2, 0x0, 0x0, 0x0)
r2 = open(&(0x7f0000000040)='./file0\x00', 0x1, 0x80)
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r2, 0x84, 0x6b, &(0x7f0000000100)=[@in6={0xa, 0x4e24, 0xda2, @dev={0xfe, 0x80, [], 0x1a}, 0x8}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}], 0x2c)

14:51:28 executing program 3:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000580)={0x26, 'aead\x00', 0x0, 0x0, 'aegis256-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20)
r1 = accept$alg(r0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f00000008c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140))
r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x42001, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x80000000400200)
sendmsg$can_bcm(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYBLOB="eb9836cb292cf79b1b2aeb4770485d0e33510ca53eeb9889c7207bb97d1f6abd457233709ac94e325b54ce44e8985a2ea37f8ceb1383c022440c415a8ba7c64c39f605056120aac2d56cad66ddb0b7516910bfde4c352bf34ec478613cb3bf1cda3e7d15b1fea8c1d1fec6d93ebc4d89a0921e85db031cbf68fd4752728b7c00be7b814bb4b88c6131b2803ba5b88d569052ca9a4d3cf533f4cc2adb860fddca610fba980d963140b3b5b394324e3dbcba7b620860a2"], 0x1}}, 0x0)
recvmsg(r1, &(0x7f00000024c0)={0x0, 0x0, &(0x7f0000001340)=[{&(0x7f00000014c0)=""/4096, 0x1000}], 0x1}, 0x0)
getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000380)={{{@in6=@mcast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in=@local}, 0x0, @in=@dev}}, &(0x7f00000000c0)=0xe8)
ioctl$sock_inet6_SIOCSIFDSTADDR(r2, 0x8918, &(0x7f0000000100)={@mcast1, 0x100, r3})

[  304.313125] audit: type=1326 audit(1551451888.962:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=13158 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45ac8a code=0x0
14:51:29 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
prctl$PR_GET_TID_ADDRESS(0x28, &(0x7f0000000100))
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r1}, {r1}], 0x2, 0x0, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, &(0x7f0000000040)=0x5)

14:51:29 executing program 2:
r0 = syz_open_dev$video4linux(&(0x7f0000000080)='/dev/v4l-subdev#\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_S_EDID(r0, 0xc0305616, &(0x7f00000000c0)={0x3, 0x0, 0x0, [], 0x0})
getpeername$ax25(r0, &(0x7f0000000000)={{0x3, @default}, [@netrom, @netrom, @null, @default, @bcast, @bcast, @null]}, &(0x7f0000000100)=0x48)
r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20\x00', 0x44001, 0x0)
write$FUSE_LSEEK(r1, &(0x7f0000000280)={0x18, 0x0, 0x7}, 0x3)
syz_open_dev$sndseq(&(0x7f0000000180)='/dev/snd/seq\x00', 0x0, 0x400000)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r1, 0x40bc5311, &(0x7f00000001c0)={0x6, 0x0, 'client1\x00', 0xffffffff80000003, "4c137b130a0370ad", "dfc8e3c68c1f1f80801ad9dd8c61a17f5ba4eaf517d10d597cdb601a5dbe45b8", 0x3, 0x480000})

14:51:29 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'hsr0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="6245da9d00000000a398db7419730b691ca2a57a4da9c243d8f9e3f904efd247a5d49547a3173fd1d28dee7482c2adf29dc12e8daf36030c6afa739b7a8eb5768bb8a7f7e7db6f664ba233840000000000"]})
r1 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x6, 0x1)
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f0000000140)=[@in6={0xa, 0x4e24, 0x4, @local, 0x9b}, @in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xe}}, @in={0x2, 0x4e23, @rand_addr=0x2}, @in={0x2, 0x4e21, @local}, @in={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x1, 0x0}}, @in6={0xa, 0x4e22, 0x5, @remote, 0x1}, @in6={0xa, 0x4e24, 0x4, @loopback, 0x2}, @in={0x2, 0x4e23, @loopback}, @in={0x2, 0x4e23}, @in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}], 0xc4)

[  304.568151] protocol 88fb is buggy, dev hsr_slave_0
[  304.573386] protocol 88fb is buggy, dev hsr_slave_1
14:51:29 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x0)

14:51:29 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x9, &(0x7f0000000180)="05006e8c9f2b00dd81f1ff43000000f30000")
r1 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x0, 0x4100)
accept4$bt_l2cap(r1, 0x0, &(0x7f00000000c0), 0x80800)
r2 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0xfffffffffffffff9, 0x0)
ppoll(&(0x7f0000000080)=[{r2}, {r2}], 0x2, 0x0, 0x0, 0x0)

14:51:29 executing program 2:
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0)
clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x9, 0x100)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0x17, 0xfffffffffffffff7, 0x8, 0x7c41, 0x1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, 0x10)
r1 = gettid()
futex(&(0x7f0000000140)=0x2, 0x0, 0x2, 0x0, 0x0, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$BLKTRACETEARDOWN(r2, 0x1276, 0x0)
tkill(r1, 0x2f)
write$P9_RREAD(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB="190002d07701000000cd2e539c162c4c4456ef5db86397600900000056efc427482eedf242ec00ed3edfa7afee1cf0cb01702ed48f40d515e6f4fa194b49b03e01c734c0905e198c2614b9e6e5a5273a7fec287616f74c279a72931f810dc0c5c77565556584eb22a48d149f7362ed6219c71fa28b4ecd58441816e535ccc422d519a129b0fd5c0000000000000000000000335a7a2c3d81938fa89b23affcb95ce37d0f6d394f5ed199c578fdafcef09e463717c28cfe8b97b270100654"], 0x39)
ptrace$cont(0x18, r1, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000080)={0x80, 0x45c, 0x8006, 0x6, 0xaa5, 0x8b, 0x906, 0x8, <r3=>0x0}, &(0x7f00000000c0)=0x20)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r2, 0x84, 0x73, &(0x7f0000000100)={r3, 0x6000000000000000, 0x10, 0xfffffffeffffffff, 0x16}, &(0x7f0000000240)=0x18)
ptrace$setregs(0xd, r1, 0x0, &(0x7f00000000c0))
ptrace$cont(0x1f, r1, 0x0, 0x0)

14:51:29 executing program 5:
clone(0x20000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x2, 0x2)
ioctl$KDADDIO(r0, 0x4b34, 0xd72)
r1 = socket(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r1, 0xa00000000000000, 0x80, &(0x7f00000000c0)=@broute={'broute\x00\x00\x00\x00\x00\x00\x00\x03\x00', 0x20, 0x1, 0x9c0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000e00], 0x0, 0x0, &(0x7f0000000e00)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff010000000b00000000000000000062726964676530000000000000000000766c616e300000000000000000000000736974300000000000000000000000007465716c3000000000000000000000000000000000000000000000000180c20000000000000000000000b8080000b808000030090000616d6f6e670000000000000000000000000000000000000000000000000000002008000000000000140400000c000000000000000aaaaaa900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e86aa5648900a6690000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008b95aaf000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006e666c6f670000000000000000000000000000000000000000000000000000005000000000000000000000000000000000000000a600a9e85725d89818472e65aba21d9bbc1b20e8331c6fd24a5aceaeefe102e42a013ac2c00eeb782c34eab997013e0506220c21a44cc58ff5bc83d5e4066c770000000000000000000000000000000000000000000000000000000000000000000000000000000001000000fcffffff00000000"]}, 0xa38)
r2 = shmget$private(0x0, 0x3000, 0x78000028, &(0x7f0000ffd000/0x3000)=nil)
fcntl$getflags(r0, 0x40a)
shmctl$SHM_UNLOCK(r2, 0xc)

14:51:29 executing program 3:
openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000007d40)='/dev/ubi_ctrl\x00', 0x0, 0x0)
r0 = socket(0x2, 0x803, 0xff)
connect$inet(r0, &(0x7f0000000100)={0x2, 0x0, @remote}, 0x10)
write$binfmt_aout(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="0801000000007c1e000000000000da500e1a9ba80000000000b2f622eb732945"], 0x20)
sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x40000)
ioctl$TUNGETFILTER(0xffffffffffffffff, 0x801054db, &(0x7f0000002580)=""/4096)
r1 = openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r3=>0x0}, &(0x7f0000cab000)=0xc)
timer_create(0x0, 0x0, 0x0)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000140)=ANY=[], 0x0)
setresuid(0x0, r3, 0x0)
write$vnet(r1, &(0x7f0000000400)={0x1, {0x0, 0x0, 0x0, 0x0, 0x4}}, 0x68)
r4 = inotify_init1(0x80000)
fcntl$setown(r4, 0x8, 0xffffffffffffffff)
fcntl$getownex(r4, 0x10, &(0x7f0000000180)={0x0, <r5=>0x0})
openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0)
ioctl$VIDIOC_S_HW_FREQ_SEEK(r1, 0x40305652, &(0x7f0000000080)={0x9, 0x5, 0x3, 0x200, 0x3f, 0x8c9, 0x8})
process_vm_readv(r5, &(0x7f0000000380)=[{&(0x7f0000000340)=""/61, 0x3d}], 0x1, &(0x7f0000002540)=[{&(0x7f00000003c0)=""/63, 0x3f}], 0x1, 0x0)
shmat(0x0, &(0x7f0000ffb000/0x3000)=nil, 0x0)

[  305.092863] ptrace attach of "/root/syz-executor.3"[7410] was attempted by "/root/syz-executor.3"[13196]
[  305.095197] ebt_among: dst integrity fail: 37d
[  305.122101] ebt_among: dst integrity fail: 37d
14:51:29 executing program 0:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000003c0)=ANY=[@ANYBLOB="0180c200000071f6f598b11f86dd60a1d8f20010020003000000000000000000000000000000ff0200000000c46e60e513a00000000000000000000100080000000000000000000000000000"], 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f0000000040)={0x4, &(0x7f0000000000)=[{0x7, 0x4, 0x1, 0x3}, {0x23e, 0xfff, 0x2, 0x7}, {0x1, 0xa7, 0x9, 0x80}, {0x100000000, 0x7, 0xfffffffffffffffb, 0x9}]})

14:51:29 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000beeff0)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c010000100013070000000000000000fe8000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff020000000000000000000000000001000000003200000000000000000000000000ffff0000b2a55cb2a1a900ae5ea1beb641690b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000001200726663343100000000636d28616573292900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000adf733a23ff4a2fa1c696313bc3599d978d7916772909651d2bbaf87097fd6c45bed646b48f9145b40995bfe283b539db6e51668347fbadc01fcfa2aa0e53992b295cc8e2cd14b5a2c32c33104d56aaa18a3c93662376fe53e6d06449e9c1dffb00a1f34f071af0266ef6b0727c33ec16251404f2f44f33f9c6fc75ebfc415b699dfb9729a63966a2dee41e6bb1accbd7838546122af011fd93fcf8a53cc6eccb4286fa4f7e554fd6a14dfab1a"], 0x13c}}, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000240)=<r1=>0x0)
r2 = syz_open_dev$adsp(&(0x7f0000000280)='/dev/adsp#\x00', 0xe5f4, 0x80040)
ioctl$KVM_GET_XCRS(r2, 0x8188aea6, &(0x7f0000000380)={0x0, 0x3})
read$alg(r2, &(0x7f00000002c0)=""/161, 0xa1)
ioctl$FS_IOC_ENABLE_VERITY(r0, 0x6685)
tkill(r1, 0x38)

14:51:29 executing program 5:
r0 = accept4(0xffffffffffffff9c, &(0x7f0000000000)=@pptp={0x18, 0x2, {0x0, @loopback}}, &(0x7f0000000080)=0x80, 0x80800)
getsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f00000000c0), &(0x7f0000000100)=0x4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r0, 0x660c)
fallocate(r2, 0x2, 0x0, 0x100)
r3 = syz_open_dev$radio(&(0x7f0000000180)='/dev/radio#\x00', 0x2, 0x2)
ioctl$DRM_IOCTL_AGP_ALLOC(r3, 0xc0206434, &(0x7f00000001c0)={0x9, <r4=>0x0, 0x10003, 0x1})
ioctl$DRM_IOCTL_SG_ALLOC(r3, 0xc0106438, &(0x7f0000000200)={0x7f, r4})
ioctl$DRM_IOCTL_FREE_BUFS(r3, 0x4010641a, &(0x7f0000000280)={0x4, &(0x7f0000000240)=[0x1, 0x2615, 0xffff, 0x4]})
lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
r6 = getgid()
getgroups(0x4, &(0x7f00000003c0)=[0x0, <r7=>0xee00, 0xffffffffffffffff, 0xee01])
stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0})
fsetxattr$system_posix_acl(r0, &(0x7f00000002c0)='system.posix_acl_access\x00', &(0x7f00000004c0)={{}, {0x1, 0x7}, [{0x2, 0x80919893d0c6b2a1, r5}], {0x4, 0x4}, [{0x8, 0x2, r6}, {0x8, 0x2, r7}, {0x8, 0x0, r8}], {0x10, 0x2}}, 0x44, 0x3)
r9 = semget(0x2, 0x0, 0x400)
semctl$GETALL(r9, 0x0, 0xd, &(0x7f0000000540))
ioctl$SIOCGIFHWADDR(r3, 0x8927, &(0x7f0000000580))
ioctl$VIDIOC_SUBDEV_S_SELECTION(r3, 0xc040563e, &(0x7f00000005c0)={0x0, 0x0, 0x3, 0x1, {0x6, 0x5, 0x9d9, 0xffff}})
pread64(r1, &(0x7f0000000600)=""/85, 0x55, 0x0)
getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x75, &(0x7f0000000680)={<r10=>0x0, 0x80000000}, &(0x7f00000006c0)=0x8)
setsockopt$inet_sctp6_SCTP_CONTEXT(r3, 0x84, 0x11, &(0x7f0000000700)={r10, 0xcc39}, 0x8)
r11 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000740)='/dev/vcs\x00', 0x200, 0x0)
setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r11, 0x84, 0x1f, &(0x7f0000000780)={r10, @in={{0x2, 0x4e23, @multicast2}}, 0x7, 0x400}, 0x90)
accept4$vsock_stream(r11, &(0x7f0000000840)={0x28, 0x0, 0x0, @host}, 0x10, 0x800)
renameat2(r3, &(0x7f0000000880)='./file0\x00', r3, &(0x7f00000008c0)='./file0/file0\x00', 0x5)
epoll_ctl$EPOLL_CTL_DEL(r11, 0x2, r3)
getsockopt$IP_VS_SO_GET_SERVICES(r3, 0x0, 0x482, &(0x7f0000000900)=""/96, &(0x7f0000000980)=0x60)
ioctl$TIOCGSID(r3, 0x5429, &(0x7f00000009c0)=<r12=>0x0)
ioctl$TIOCSPGRP(r3, 0x5410, &(0x7f0000000a00)=r12)
ioctl$KVM_ASSIGN_PCI_DEVICE(r0, 0x8040ae69, &(0x7f0000000a40)={0x594f, 0x6, 0xffffffff7fffffff, 0x1, 0x5})

14:51:29 executing program 3:
signalfd(0xffffffffffffff9c, &(0x7f0000000000)={0xffffffffaaec95c6}, 0x8)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
fcntl$getownex(r0, 0x10, 0x0)
openat$rfkill(0xffffffffffffff9c, 0x0, 0x80000000204081, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = socket$inet(0x10, 0x3, 0xc)
prctl$PR_SET_FPEMU(0xa, 0x1)
sendmsg(r1, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="24000000010307031dfffd946ff20c0020200a0009000100021d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0)

[  305.198595] netlink: 76 bytes leftover after parsing attributes in process `syz-executor.3'.
[  305.216194] netlink: 76 bytes leftover after parsing attributes in process `syz-executor.3'.
[  305.217521] audit: type=1326 audit(1551451889.862:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=13218 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45ac8a code=0x0
14:51:29 executing program 5:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
lsetxattr$trusted_overlay_redirect(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='trusted.overlay.redirect\x00', &(0x7f00000001c0)='./file0\x00', 0x8, 0x2)
perf_event_open(&(0x7f000000a000)={0x3, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0xa00000400, 0x0, 0x8000010004}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='nfs\x00', 0x0, &(0x7f000000a000))
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, 0x0, 0x0)
socketpair(0x9, 0x0, 0x0, 0x0)
ioctl$SG_NEXT_CMD_LEN(0xffffffffffffffff, 0x2283, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000040)={0x78, 0x200000}, 0xfddf)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)

14:51:30 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xf7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
msync(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x5)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020300030c00000000007bda015ae479612ba5c9910ce8077c0a07200000000002000900400000000000bc000000000003000600000000000200eeeee0000054d81458186fe8b90002000100000000000000020200044a7b0300050000000000"], 0x60}}, 0x0)
msync(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x1)
exit(0x0)
ioctl$KDSETMODE(0xffffffffffffffff, 0x4b3a, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'lo\x00'})
r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000440)='/dev/dlm-control\x00', 0x101100, 0x0)
ioctl$BLKPBSZGET(r1, 0x127b, &(0x7f0000000480))
syz_mount_image$ceph(&(0x7f00000001c0)='ceph\x00', &(0x7f0000000200)='./file0\x00', 0x25a27be1, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000240)="0e1eb8d199603eac373188ed3547a8f36363e3fed2cb4fe13d8a50101e0adfca31b72fa462245bce4a093547f41648d0607a0fb23648884dd8fe4716e00e66de45ffa2e8568f48d4f128004a5d8b8a915cd18cecb1a2a47f65f2dc470b41f9d9b714415788afa4520d", 0x69, 0x40000000}, {&(0x7f00000002c0)="d39114ad0426028c129980455c018e5873bfaabcbb846309ea262b00978471eada4f8d455f9c676e72fe66cf62f28fd0a5a77c56c3fb3d60890da7cddaf2ef03f10f53b378494ab3a64451b4ff74afbe27a89e2fd9e8987fd61fc93d67361f8a0a86615efe3011ba21229fe988f14da1aa1aaca5616de8185970948991b7b3d2b579e188030641652ec63a39d5a55ac38f6c6f7652e0a1372e873c9b76a7742d52a9424863a59ca339b0b074080b45a3b21243c50b145005e810d533c079a9ea2ac907f88e88bc8cf0f162c0d4c108b4dc31623868618ca7899be24fda1a", 0xde, 0x20}], 0x1000000, &(0x7f0000000400)='em0]\x00')
clone(0x2002002102001ff8, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
fstat(0xffffffffffffffff, 0x0)
ioctl$TUNSETOWNER(0xffffffffffffffff, 0x400454cc, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000780)={{0x1cf, 0x0, 0x1, 0xc9, 0x1ca, 0x20}, "", [[], []]}, 0x220)
msgsnd(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB=','], 0x1, 0x0)
ioctl$BLKIOOPT(r1, 0x1279, &(0x7f00000004c0))
msgrcv(0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000700))
msgrcv(0x0, 0x0, 0x0, 0x0, 0x0)

[  305.288153] protocol 88fb is buggy, dev hsr_slave_0
[  305.293236] protocol 88fb is buggy, dev hsr_slave_1
[  305.326919] rpcbind: RPC call returned error 22
14:51:30 executing program 5:
r0 = semget$private(0x0, 0x3, 0x0)
semtimedop(r0, &(0x7f0000000240)=[{0xffffffffffffffff, 0xffff}], 0x1, 0x0)
ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, 0x0)
socketpair$unix(0x1, 0x1000000000001, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x2000, 0x0)
ioctl$NBD_CLEAR_QUE(r2, 0xab05)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
write$capi20_data(r2, &(0x7f0000000440)=ANY=[], 0xfffffffffffffd6b)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x9, 0x0, 0x0, 0xfffffffffffffe5e)
getsockopt$inet_sctp6_SCTP_CONTEXT(r2, 0x84, 0x11, &(0x7f0000000080)={<r3=>0x0, 0xfffffffffffffff8}, &(0x7f0000000200)=0x8)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r2, 0x84, 0xf, &(0x7f0000000280)={r3, @in6={{0xa, 0x4e22, 0x1000, @mcast1, 0x10001}}, 0x8, 0x100000000, 0x9, 0x3, 0x8}, &(0x7f0000000340)=0x98)
accept4$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0)
semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000200))
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={<r4=>0x0, 0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000000)='{nodev&\x00', 0xffffffffffffffff}, 0x30)
syz_open_procfs(r4, &(0x7f00000000c0)='environ\x00')
ioctl$KVM_ENABLE_CAP(r2, 0x4068aea3, &(0x7f0000000180)={0x74, 0x0, [0xef8, 0x0, 0x39, 0x1]})

[  305.365502] rpcbind: RPC call returned error 22
[  305.768163] protocol 88fb is buggy, dev hsr_slave_0
[  305.773304] protocol 88fb is buggy, dev hsr_slave_1
14:51:30 executing program 5:
timer_create(0xfffffffffffffffc, 0x0, &(0x7f0000044000)=<r0=>0x0)
request_key(&(0x7f0000000080)='pkcs7_test\x00', &(0x7f0000000340)={'syz'}, 0x0, 0xfffffffffffffffe)
syz_execute_func(&(0x7f0000000000)="3642926433ef93f6c89c7bd667f2440f34a2ebf717c4dc7518ffc4e24d3ef9d6722b691f1f63ad489e66460fd9cc000000615167660fda9803000000aec4817911350e000000fdc422c5aa717ae5db6726660fdd6244a77e")
prctl$PR_SET_NAME(0xf, &(0x7f00000000c0)='pkcs7_test\x00')
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer2\x00', 0x18000, 0x0)
ioctl$UI_SET_LEDBIT(r1, 0x40045569, 0xb)
accept4$tipc(r1, &(0x7f0000000140)=@id, &(0x7f0000000180)=0x10, 0x0)
timer_delete(r0)

14:51:30 executing program 3:
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000000)='lo\x00', 0x10)
bind$x25(0xffffffffffffffff, &(0x7f0000000080)={0x9, @null='               \x00'}, 0x12)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$vbi(&(0x7f0000001280)='/dev/vbi#\x00', 0x3, 0x2)
setxattr$security_ima(&(0x7f0000000200)='./file0\x00', 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB], 0x1, 0x3)
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000080)={0x0, 0x1f}, 0x0)
r1 = memfd_create(&(0x7f0000000000)='\xac\x00\x00', 0x4)
ftruncate(r1, 0x1000000)
ioctl$KVM_GET_CPUID2(r0, 0xc008ae91, &(0x7f0000000240)={0x9, 0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}]})
sendfile(r0, r1, &(0x7f00000000c0)=0xf10001, 0xeffffdef)
close(r0)
ioctl$EXT4_IOC_PRECACHE_EXTENTS(r1, 0x6612)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
ioctl$TUNSETOWNER(0xffffffffffffffff, 0x400454cc, 0x0)
sendto$x25(0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, 0x0)

14:51:32 executing program 2:
r0 = syz_open_dev$evdev(&(0x7f00000002c0)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGKEYCODE_V2(r0, 0x80084503, 0x0)
r1 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x1, 0x101800)
getsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000000040), &(0x7f0000000080)=0x4)

14:51:32 executing program 4:
ioctl(0xffffffffffffffff, 0x8, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r0 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
setsockopt$ARPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x61, &(0x7f0000000180)={'filter\x00', 0x2}, 0xfffffe66)
ppoll(&(0x7f0000000080)=[{r0}, {r0, 0x8000}], 0x200000dd, 0x0, 0x0, 0x0)
ioctl$EVIOCGABS2F(r0, 0x8018456f, &(0x7f0000000040)=""/25)

14:51:32 executing program 1 (fault-call:2 fault-nth:0):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:51:32 executing program 0:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f0000000040)={0x4, &(0x7f0000000000)=[{0x7, 0x4, 0x1, 0x3}, {0x23e, 0xfff, 0x2, 0x7}, {0x1, 0xa7, 0x9, 0x80}, {0x100000000, 0x7, 0xfffffffffffffffb, 0x9}]})

14:51:32 executing program 3:
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000000)='lo\x00', 0x10)
bind$x25(0xffffffffffffffff, &(0x7f0000000080)={0x9, @null='               \x00'}, 0x12)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$vbi(&(0x7f0000001280)='/dev/vbi#\x00', 0x3, 0x2)
setxattr$security_ima(&(0x7f0000000200)='./file0\x00', 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB], 0x1, 0x3)
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000080)={0x0, 0x1f}, 0x0)
r1 = memfd_create(&(0x7f0000000000)='\xac\x00\x00', 0x4)
ftruncate(r1, 0x1000000)
ioctl$KVM_GET_CPUID2(r0, 0xc008ae91, &(0x7f0000000240)={0x9, 0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}]})
sendfile(r0, r1, &(0x7f00000000c0)=0xf10001, 0xeffffdef)
close(r0)
ioctl$EXT4_IOC_PRECACHE_EXTENTS(r1, 0x6612)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
ioctl$TUNSETOWNER(0xffffffffffffffff, 0x400454cc, 0x0)
sendto$x25(0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, 0x0)

14:51:32 executing program 5:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x10, 0x4, 0x4, 0x5, 0x0, 0x1}, 0x2c)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r0, 0x28, &(0x7f0000000100)={0x0, <r2=>0x0}}, 0x10)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000180)={r2}, 0xc)
pwrite64(r0, &(0x7f0000000040)="efef37adeb678b99752ad627e113d28f83d2ad4ba913c0fc33a7564858168e2a0dff35103f795941eb68867dfcfcf141a81a062b96ee84d2fd08f6b16e5b7c3a334e7a1ce60b8a6ef940089353fc38ae81aa3fb4ee42641a", 0x58, 0x55)
close(r0)
r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/dsp\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_PVERSION(r3, 0x80045300, &(0x7f0000000280))
listxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)=""/125, 0x7d)

[  308.098560] audit: type=1326 audit(1551451892.752:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=13264 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45ac8a code=0x0
[  308.122197] FAULT_INJECTION: forcing a failure.
[  308.122197] name failslab, interval 1, probability 0, space 0, times 1
[  308.133672] CPU: 1 PID: 13267 Comm: syz-executor.1 Not tainted 5.0.0-rc8+ #89
14:51:32 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
truncate(&(0x7f0000000280)='./file0\x00', 0x1)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0xfffffffffffffffd, 0x200004)
ppoll(&(0x7f0000000080)=[{r1}, {r1}], 0x2, 0x0, 0x0, 0x0)
ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000300)={0xfffffffffffffff7, 0x6, 0x7, 0x3f, 0x7, [{0xf0b2, 0x9, 0x5, 0x0, 0x0, 0x2200}, {0xffffffff, 0x7fffffff, 0x3, 0x0, 0x0, 0x1001}, {0x7fffffff, 0x8001, 0x9, 0x0, 0x0, 0x1300}, {0x6, 0x6, 0x50, 0x0, 0x0, 0x204}, {0xb365, 0x1f, 0x101, 0x0, 0x0, 0x1}, {0x1f, 0x0, 0xa254, 0x0, 0x0, 0x3489}, {0x8, 0x5, 0xffffffff, 0x0, 0x0, 0x100}]})
write(r0, &(0x7f0000000000)="5597a8a9e6aadef5da1c", 0xa)
accept4$alg(r1, 0x0, 0x0, 0x4007fe)
getsockopt$inet_udp_int(r0, 0x11, 0x406f, &(0x7f0000000500), &(0x7f00000004c0)=0xffda)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180)='TIPCv2\x00')
sendmsg$TIPC_NL_NODE_GET(r1, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="000128bd7000fedbdf250d7f08000100280600000800010008000000"], 0x30}, 0x1, 0x0, 0x0, 0x4800}, 0x20000000)
socket$pppoe(0x18, 0x1, 0x0)

14:51:32 executing program 5:
r0 = getpgrp(0x0)
r1 = gettid()
r2 = socket$bt_hidp(0x1f, 0x3, 0x6)
getsockopt$bt_BT_POWER(r2, 0x112, 0x9, &(0x7f00000001c0)=0x1, &(0x7f0000000200)=0x1)
ioctl$FS_IOC_ENABLE_VERITY(r2, 0x6685)
rt_sigprocmask(0x0, &(0x7f0000000100)={0xfffffffffffffffe}, 0x0, 0x8)
rt_tgsigqueueinfo(r0, r1, 0x400000000000007, &(0x7f0000000080)={0x0, 0x0, 0x800000000002})
r3 = signalfd4(0xffffffffffffffff, &(0x7f0000002d40), 0x8, 0x0)
r4 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000002c0)='/pdoc/sys/net/ipv4/vs/syn\xce\athU\xe2\xc7\xc6\xd6ireshold\x00$\xd4tR\xc1\xb8\xa3v\xb8\xfbR\xf6q\x8cG((i\xf1\x17p\xbd\xef1\t\xe7y\xf1\x12\xc5-sI\x9f\xcdlRk]V\xd4\x1a\f\x8b\xee\x8a\xe4\xe3\x8dWAR', 0x2, 0x0)
setsockopt$TIPC_MCAST_BROADCAST(r4, 0x10f, 0x85)
read(r2, &(0x7f0000000340)=""/128, 0xffffffd9)
r5 = syz_open_dev$dmmidi(&(0x7f0000000140)='/dev/dmmidi#\x00', 0x7, 0x450000)
connect$bt_sco(r5, &(0x7f0000000000)={0x1f, {0x3, 0xcee, 0x2, 0x9, 0x3ff, 0x8}}, 0x8)
ioctl$UI_SET_SNDBIT(r5, 0x4004556a, 0x3)
signalfd4(r3, &(0x7f0000a71ff8)={0x5f}, 0x8, 0x0)

[  308.140942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  308.150290] Call Trace:
[  308.152887]  dump_stack+0x172/0x1f0
[  308.156537]  should_fail.cold+0xa/0x1b
[  308.160466]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[  308.165586]  ? perf_trace_lock+0x510/0x510
[  308.169826]  __should_failslab+0x121/0x190
[  308.174063]  should_failslab+0x9/0x14
[  308.177851]  kmem_cache_alloc+0x47/0x6f0
[  308.181924]  ? rwlock_bug.part.0+0x90/0x90
[  308.186153]  ? lock_acquire+0x16f/0x3f0
[  308.190112]  ? __inet_hash_connect+0x3e5/0xf00
[  308.194677]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  308.199685]  inet_bind_bucket_create+0x2e/0x290
[  308.204353]  __inet_hash_connect+0x6b1/0xf00
[  308.208747]  ? inet6_lookup+0xe0/0xe0
[  308.212541]  ? inet_hash+0xb0/0xb0
[  308.216073]  ? lock_downgrade+0x810/0x810
[  308.220294]  inet6_hash_connect+0x76/0xe0
[  308.224436]  tcp_v6_connect+0x143e/0x21c0
[  308.228573]  ? tcp_v6_send_check+0x420/0x420
[  308.232969]  ? debug_smp_processor_id+0x1c/0x20
[  308.237617]  ? perf_trace_lock_acquire+0xf5/0x580
[  308.242451]  __inet_stream_connect+0x83f/0xea0
[  308.247020]  ? tcp_v6_send_check+0x420/0x420
[  308.251427]  ? __inet_stream_connect+0x83f/0xea0
[  308.256170]  ? mark_held_locks+0xb1/0x100
[  308.260313]  ? inet_dgram_connect+0x2e0/0x2e0
[  308.264806]  ? lock_sock_nested+0x9a/0x120
[  308.269036]  ? trace_hardirqs_on+0x67/0x230
[  308.273345]  ? lock_sock_nested+0x9a/0x120
[  308.277566]  ? __local_bh_enable_ip+0x15a/0x270
[  308.282309]  inet_stream_connect+0x58/0xa0
[  308.286530]  __sys_connect+0x266/0x330
[  308.290401]  ? __ia32_sys_accept+0xb0/0xb0
[  308.294625]  ? ksys_write+0x166/0x1f0
[  308.298419]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  308.303242]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  308.307980]  ? do_syscall_64+0x26/0x610
[  308.311937]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  308.317292]  ? do_syscall_64+0x26/0x610
[  308.321258]  __x64_sys_connect+0x73/0xb0
[  308.325322]  do_syscall_64+0x103/0x610
[  308.329196]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  308.334366] RIP: 0033:0x457e29
[  308.337543] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  308.356537] RSP: 002b:00007ff04e06ac78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  308.364225] RAX: ffffffffffffffda RBX: 00007ff04e06ac90 RCX: 0000000000457e29
[  308.371477] RDX: 000000000000001c RSI: 0000000020000140 RDI: 0000000000000003
[  308.378731] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[  308.385985] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff04e06b6d4
[  308.393256] R13: 00000000004be25b R14: 00000000004ce9e8 R15: 0000000000000004
14:51:33 executing program 5:
capset(&(0x7f0000000000)={0x20071026}, &(0x7f0000000040))
r0 = socket$inet(0x10, 0x10000000003, 0x9)
recvmmsg(r0, &(0x7f0000009040)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000080)=""/89, 0x59}, {&(0x7f0000000100)=""/31, 0x1f}], 0x2}, 0x3}, {{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000180)=""/195, 0xc3}, {&(0x7f0000000280)=""/192, 0xc0}], 0x2}, 0x3}, {{&(0x7f0000000380)=@nfc, 0x80, &(0x7f0000001500)=[{&(0x7f0000000400)=""/4096, 0x1000}, {&(0x7f0000001400)=""/199, 0xc7}], 0x2, &(0x7f0000001540)=""/100, 0x64}, 0x4}, {{&(0x7f00000015c0)=@xdp, 0x80, &(0x7f0000001a00)=[{&(0x7f0000002040)=""/4096, 0x1000}, {&(0x7f0000001640)=""/209, 0xd1}, {&(0x7f0000003040)=""/4096, 0x1000}, {&(0x7f0000001740)=""/221, 0xdd}, {&(0x7f0000001840)=""/122, 0x7a}, {&(0x7f00000018c0)=""/227, 0xe3}, {&(0x7f00000019c0)=""/9, 0x9}], 0x7, &(0x7f0000001a80)=""/91, 0x5b}, 0x4}, {{&(0x7f0000001b00)=@l2, 0x80, &(0x7f0000001c00)=[{&(0x7f0000004040)=""/4096, 0x1000}, {&(0x7f0000005040)=""/4096, 0x1000}, {&(0x7f0000001b80)=""/82, 0x52}], 0x3, &(0x7f0000001c40)=""/44, 0x2c}, 0xffff}, {{&(0x7f0000001c80)=@pppol2tpv3={0x18, 0x1, {0x0, <r1=>0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, &(0x7f0000001ec0)=[{&(0x7f0000001d00)=""/152, 0x98}, {&(0x7f0000006040)=""/4096, 0x1000}, {&(0x7f0000007040)=""/4096, 0x1000}, {&(0x7f0000001dc0)=""/75, 0x4b}, {&(0x7f0000001e40)=""/101, 0x65}], 0x5, &(0x7f0000008040)=""/4096, 0x1000}, 0xfffffffffffffffe}], 0x6, 0x40, &(0x7f0000001f40)={0x77359400})
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000001fc0)='IPVS\x00')
sendmsg$IPVS_CMD_SET_DEST(r1, &(0x7f0000009340)={&(0x7f0000001f80)={0x10, 0x0, 0x0, 0x21000}, 0xc, &(0x7f0000009300)={&(0x7f00000091c0)={0x104, r2, 0x608, 0x70bd2c, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_DAEMON={0x24, 0x3, [@IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x3}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}]}, @IPVS_CMD_ATTR_DAEMON={0x50, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @dev={0xfe, 0x80, [], 0xd}}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x5}, @IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x1}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e23}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e21}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x1f}]}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x617}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x8}, @IPVS_CMD_ATTR_DAEMON={0x2c, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'ifb0\x00'}]}, @IPVS_CMD_ATTR_SERVICE={0x24, 0x1, [@IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@rand_addr="012fbbe1ab4324d8eeceb71f5b01a27a"}, @IPVS_SVC_ATTR_SCHED_NAME={0xc, 0x6, 'lblcr\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x4}]}, 0x104}, 0x1, 0x0, 0x0, 0x20000080}, 0x0)
sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000340807041dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

14:51:33 executing program 1 (fault-call:2 fault-nth:1):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:51:33 executing program 5:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x40800)
setsockopt$netrom_NETROM_IDLE(r0, 0x103, 0x7, &(0x7f0000000080)=0x1, 0xffcd)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000040)={r1, 0x0, 0x1, 0x0, 0x0, 0xfffffe2f}, 0xfffffdf7)

[  308.479839] capability: warning: `syz-executor.5' uses deprecated v2 capabilities in a way that may be insecure
[  308.544487] FAULT_INJECTION: forcing a failure.
[  308.544487] name failslab, interval 1, probability 0, space 0, times 0
[  308.569557] CPU: 0 PID: 13292 Comm: syz-executor.1 Not tainted 5.0.0-rc8+ #89
[  308.576845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  308.586284] Call Trace:
[  308.588897]  dump_stack+0x172/0x1f0
[  308.592527]  should_fail.cold+0xa/0x1b
[  308.596425]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[  308.601514]  ? lock_downgrade+0x810/0x810
[  308.605645]  ? ___might_sleep+0x163/0x280
[  308.609815]  __should_failslab+0x121/0x190
[  308.614066]  should_failslab+0x9/0x14
[  308.617852]  kmem_cache_alloc_node+0x264/0x710
[  308.622424]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  308.627942]  ? sk_setup_caps+0x20a/0x6a0
[  308.632017]  __alloc_skb+0xd5/0x5e0
[  308.635632]  ? skb_scrub_packet+0x440/0x440
[  308.639937]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  308.645458]  sk_stream_alloc_skb+0xc8/0x860
[  308.649787]  tcp_connect+0xfd8/0x40a0
[  308.653584]  ? inet6_lookup+0xe0/0xe0
[  308.657399]  ? tcp_push_one+0x110/0x110
[  308.661359]  ? secure_tcpv6_ts_off+0x24f/0x360
[  308.665928]  ? secure_dccpv6_sequence_number+0x280/0x280
[  308.671568]  ? check_preemption_disabled+0x48/0x290
[  308.676593]  ? prandom_u32_state+0x13/0x180
[  308.680919]  tcp_v6_connect+0x15fa/0x21c0
[  308.685168]  ? tcp_v6_send_check+0x420/0x420
[  308.689585]  ? debug_smp_processor_id+0x1c/0x20
[  308.694274]  ? perf_trace_lock_acquire+0xf5/0x580
[  308.699132]  __inet_stream_connect+0x83f/0xea0
[  308.703703]  ? tcp_v6_send_check+0x420/0x420
[  308.708098]  ? __inet_stream_connect+0x83f/0xea0
[  308.712861]  ? mark_held_locks+0xb1/0x100
[  308.716998]  ? inet_dgram_connect+0x2e0/0x2e0
[  308.721476]  ? lock_sock_nested+0x9a/0x120
[  308.725694]  ? trace_hardirqs_on+0x67/0x230
[  308.730007]  ? lock_sock_nested+0x9a/0x120
[  308.734244]  ? __local_bh_enable_ip+0x15a/0x270
[  308.738923]  inet_stream_connect+0x58/0xa0
[  308.743153]  __sys_connect+0x266/0x330
[  308.747021]  ? __ia32_sys_accept+0xb0/0xb0
[  308.751257]  ? ksys_write+0x166/0x1f0
[  308.755062]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  308.759989]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  308.764831]  ? do_syscall_64+0x26/0x610
[  308.768804]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  308.774166]  ? do_syscall_64+0x26/0x610
[  308.778150]  __x64_sys_connect+0x73/0xb0
[  308.782217]  do_syscall_64+0x103/0x610
[  308.786103]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  308.791295] RIP: 0033:0x457e29
[  308.794479] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  308.813371] RSP: 002b:00007ff04e06ac78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  308.821072] RAX: ffffffffffffffda RBX: 00007ff04e06ac90 RCX: 0000000000457e29
[  308.828343] RDX: 000000000000001c RSI: 0000000020000140 RDI: 0000000000000003
[  308.835603] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
14:51:33 executing program 2:
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000640)={0x2, 0x4e23, @multicast1}, 0x10)
bind$rds(r0, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
ioctl$VIDIOC_ENUMSTD(0xffffffffffffffff, 0xc0485619, 0x0)
ioctl$UFFDIO_WAKE(0xffffffffffffffff, 0x8010aa02, 0x0)
pipe2(&(0x7f0000000680)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x4000)
ioctl$CAPI_MANUFACTURER_CMD(r1, 0xc0104320, &(0x7f0000000800)={0x1, &(0x7f0000000880)="b2b257433a323eec6c663ede3a4e835efa4c3bf503254038d601c580cc35febf9f60df27a85eb90b12d73f97b350bf982503f36852c0c18cabddc3cbdebb0e4b269f508d85715f685068f3324ae41eafe877ef1d5c0728d10bc3f4f28e9a3075d0c4e9d627388b8a6f6b19b0451a0ed81c2f9ccce4388a9033ce8e4da161e2313c444f06fa1af28d6537f35b5cc5fab08e10e724d0f94b8cc8fb1a372c5138d530ee675e30810411ded3dfbb677cb0d6356108a3c7dc985a5828c5a1ef755f21c2e9fef1eb33c4"})
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0xf}, 0x14)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0)

[  308.842943] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff04e06b6d4
[  308.850411] R13: 00000000004be25b R14: 00000000004ce9e8 R15: 0000000000000004
14:51:33 executing program 3:
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000000)='lo\x00', 0x10)
bind$x25(0xffffffffffffffff, &(0x7f0000000080)={0x9, @null='               \x00'}, 0x12)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$vbi(&(0x7f0000001280)='/dev/vbi#\x00', 0x3, 0x2)
setxattr$security_ima(&(0x7f0000000200)='./file0\x00', 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB], 0x1, 0x3)
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000080)={0x0, 0x1f}, 0x0)
r1 = memfd_create(&(0x7f0000000000)='\xac\x00\x00', 0x4)
ftruncate(r1, 0x1000000)
ioctl$KVM_GET_CPUID2(r0, 0xc008ae91, &(0x7f0000000240)={0x9, 0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}]})
sendfile(r0, r1, &(0x7f00000000c0)=0xf10001, 0xeffffdef)
close(r0)
ioctl$EXT4_IOC_PRECACHE_EXTENTS(r1, 0x6612)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
ioctl$TUNSETOWNER(0xffffffffffffffff, 0x400454cc, 0x0)
sendto$x25(0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, 0x0)

14:51:33 executing program 1 (fault-call:2 fault-nth:2):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:51:33 executing program 2:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="850000526137440015000000000000000000acbe00000000c6bcba099747058ed254e391088a8306834b73aaff7159789b76ebf35fb47e421dd16775cacaaf52c7b4d269a94ec61dcdbc5c870806aae9fb364ee37efd431f3a855feea8b7c7a7093908fde56e1224177c1d5ffbbfc0be3aea2e6c30fab30e4d2fae07e0e906b368bd3404f8e3e7726af572f85edecbac88c10424887e"], 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x48)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
socketpair(0x0, 0x0, 0x7, 0x0)
ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={<r2=>0x0, <r3=>0x0})
close(r2)
setsockopt$sock_attach_bpf(r3, 0x10f, 0x87, &(0x7f0000000180), 0x127)
r4 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x101200, 0x0)
ioctl$NBD_SET_TIMEOUT(r4, 0xab09, 0x4)

[  308.901484] rdma_op 0000000074db426e conn xmit_rdma           (null)
[  308.911360] rdma_op 0000000072ccc9aa conn xmit_rdma           (null)
14:51:33 executing program 0:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f0000000040)={0x4, &(0x7f0000000000)=[{0x7, 0x4, 0x1, 0x3}, {0x23e, 0xfff, 0x2, 0x7}, {0x1, 0xa7, 0x9, 0x80}, {0x100000000, 0x7, 0xfffffffffffffffb, 0x9}]})

14:51:33 executing program 2:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0xfffffffffffffff9, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x100, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syz_tun\x00', 0x2})

[  309.000879] FAULT_INJECTION: forcing a failure.
[  309.000879] name failslab, interval 1, probability 0, space 0, times 0
[  309.018388] audit: type=1326 audit(1551451893.672:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=13314 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45ac8a code=0x0
[  309.045077] CPU: 1 PID: 13311 Comm: syz-executor.1 Not tainted 5.0.0-rc8+ #89
[  309.052467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  309.061817] Call Trace:
[  309.064404]  dump_stack+0x172/0x1f0
[  309.068022]  should_fail.cold+0xa/0x1b
[  309.071902]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[  309.076992]  ? lock_downgrade+0x810/0x810
[  309.081127]  ? ___might_sleep+0x163/0x280
[  309.085269]  __should_failslab+0x121/0x190
[  309.089495]  should_failslab+0x9/0x14
[  309.093275]  kmem_cache_alloc_node_trace+0x270/0x720
[  309.098362]  ? __alloc_skb+0xd5/0x5e0
[  309.102148]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[  309.107596]  __kmalloc_node_track_caller+0x3d/0x70
[  309.112514]  __kmalloc_reserve.isra.0+0x40/0xf0
[  309.117167]  __alloc_skb+0x10b/0x5e0
[  309.120878]  ? skb_scrub_packet+0x440/0x440
[  309.125186]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  309.130712]  sk_stream_alloc_skb+0xc8/0x860
[  309.135031]  tcp_connect+0xfd8/0x40a0
[  309.138824]  ? inet6_lookup+0xe0/0xe0
[  309.142619]  ? tcp_push_one+0x110/0x110
[  309.146581]  ? secure_tcpv6_ts_off+0x24f/0x360
[  309.151148]  ? secure_dccpv6_sequence_number+0x280/0x280
[  309.156584]  ? check_preemption_disabled+0x48/0x290
[  309.161599]  ? prandom_u32_state+0x13/0x180
[  309.165916]  tcp_v6_connect+0x15fa/0x21c0
[  309.170056]  ? tcp_v6_send_check+0x420/0x420
[  309.174460]  ? __might_fault+0x12b/0x1e0
[  309.178511]  __inet_stream_connect+0x83f/0xea0
[  309.183077]  ? tcp_v6_send_check+0x420/0x420
[  309.187497]  ? __inet_stream_connect+0x83f/0xea0
[  309.192242]  ? mark_held_locks+0xb1/0x100
[  309.196378]  ? inet_dgram_connect+0x2e0/0x2e0
[  309.200861]  ? lock_sock_nested+0x9a/0x120
[  309.205081]  ? trace_hardirqs_on+0x67/0x230
[  309.209389]  ? lock_sock_nested+0x9a/0x120
[  309.213609]  ? __local_bh_enable_ip+0x15a/0x270
[  309.218269]  inet_stream_connect+0x58/0xa0
[  309.222496]  __sys_connect+0x266/0x330
[  309.226371]  ? __ia32_sys_accept+0xb0/0xb0
[  309.230615]  ? ksys_write+0x166/0x1f0
[  309.234404]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  309.239145]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  309.243887]  ? do_syscall_64+0x26/0x610
[  309.247851]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  309.253198]  ? do_syscall_64+0x26/0x610
[  309.257162]  __x64_sys_connect+0x73/0xb0
[  309.261222]  do_syscall_64+0x103/0x610
[  309.265095]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  309.270266] RIP: 0033:0x457e29
[  309.273548] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  309.292560] RSP: 002b:00007ff04e06ac78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
14:51:34 executing program 5:
clone(0xfffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
exit_group(0x0)
fgetxattr(0xffffffffffffffff, &(0x7f0000000040)=@known='security.apparmor\x00', 0x0, 0x0)
clone(0x40000004001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3)
ptrace$cont(0x18, r0, 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0x9f, r0})
ptrace$setregs(0xa, r0, 0x200000000000800, &(0x7f0000000080))
r1 = syz_open_dev$usb(&(0x7f0000000080)='/dev/bus/usb/00#/00#\x00', 0x7, 0x101000)
ioctl$VHOST_SET_VRING_NUM(r1, 0x4008af10, &(0x7f0000000140)={0x1, 0x8})
gettid()
ioctl$SNDRV_TIMER_IOCTL_PAUSE(r1, 0x54a3)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="cdd7"], 0x1}}, 0x0)
ptrace$cont(0x1f, r0, 0x0, 0x0)

[  309.300253] RAX: ffffffffffffffda RBX: 00007ff04e06ac90 RCX: 0000000000457e29
[  309.307507] RDX: 000000000000001c RSI: 0000000020000140 RDI: 0000000000000003
[  309.314762] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[  309.322012] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff04e06b6d4
[  309.329283] R13: 00000000004be25b R14: 00000000004ce9e8 R15: 0000000000000004
14:51:34 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = syz_open_dev$vbi(&(0x7f0000000040)='/dev/vbi#\x00', 0x3, 0x2)
setsockopt$inet_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f00000001c0)={@in6={{0xa, 0x4e21, 0x0, @loopback, 0x200}}, 0x0, 0x983, 0x0, "9e4f7605afc405c0a33a4bd86bf5a5105ebcb4a691308efc23234105668fbe36ab34a3f0570b007c22d41d7c322425971ec073896bc33ce2319ca69c99e6c6f1bded2babd94a7cdbc13481caa02f9e16"}, 0xd8)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r2 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r2}, {r2}], 0x2, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000140)={<r3=>0x0, 0xc6}, &(0x7f0000000180)=0x8)
getsockopt$inet_sctp_SCTP_RTOINFO(r2, 0x84, 0x0, &(0x7f00000003c0)={r3, 0x100000000, 0x5, 0x20}, &(0x7f0000000400)=0x10)
ioctl$VIDIOC_QUERYSTD(r2, 0x8008563f, &(0x7f0000000100))
write$FUSE_NOTIFY_STORE(r2, &(0x7f00000002c0)=ANY=[@ANYBLOB="2b00000004000000000b23d5151a320e3d00000000000000fe0f0000000000000300006300775c00000000941882ee501a8a31892415a42a85ec00177ba734b7a6bfdc15815002dfa22f93212f40e4351d022fe3369fd42d98955ae8d339bbfc9c9fff9f7eaf066946932c0c5b896ec55924083b4fa04be2dff065a5ca70b8fd4f38c64740bd1d4e8d380983d012d6129a416f02b1429cf0bb74b197ec3124a4f50d44f4136dbfbe2b41602ad9298b2548195c7789bbcd3cd3bb89f65e557991496b2f56c09ef21baf49bfc4"], 0x2b)

14:51:34 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
clock_gettime(0x0, &(0x7f0000000900))
pipe(&(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6(0xa, 0x800, 0x10000)
setsockopt$inet6_buf(r3, 0x29, 0xff, &(0x7f0000000140)="5399c98148ec3612016590d127f48553222eb681962a17cc9c46b2969c4c33c0c2c79607ce9cebdb924c2bd19d98afb129430cb43810da52c6a0f6fa6672e10830867ef1bf1cef77cd1a13ede29f036b994b75470712d9b8e938bf863cfa0c57c4e471be09616b424f", 0x69)
r4 = accept$alg(r0, 0x0, 0x0)
sendmsg$alg(r4, &(0x7f0000001380)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x2f5}], 0x30}, 0x0)
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f00000001c0)=0x460, 0x4)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
getresuid(0x0, 0x0, 0x0)
getuid()
write$binfmt_script(r4, &(0x7f0000000600)=ANY=[], 0xfec8)
recvmmsg(r4, &(0x7f0000007e00)=[{{&(0x7f0000001240)=@alg, 0x80, &(0x7f0000004700)=[{0x0}, {&(0x7f0000003580)=""/4096, 0x1000}], 0x2, &(0x7f0000004780)=""/245, 0xf5}}], 0x1, 0x0, 0x0)
accept$ax25(r2, &(0x7f0000000200)={{0x3, @netrom}, [@bcast, @default, @default, @default, @netrom, @rose, @bcast, @netrom]}, &(0x7f0000000280)=0x48)
setsockopt$inet_opts(r2, 0x0, 0x9, &(0x7f00000002c0)="bd0457fcefb30669432f7597e09dd59025b0", 0x12)

14:51:34 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x400, 0x0)
ioctl$DRM_IOCTL_ADD_MAP(r1, 0xc0286415, &(0x7f0000000040)={&(0x7f0000ffb000/0x3000)=nil, 0x1000, 0x1, 0x8, &(0x7f0000ffc000/0x4000)=nil, 0xbde3})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f00000004c0)=@broute={'broute\x00\x00\x00\x00\x00\x00\x00\x02\x00', 0x20, 0x1, 0x160, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000240], 0x0, 0x0, &(0x7f0000000240)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x11, 0x0, 0x0, 'nr0\x00', 'yam0\x00', 'yam0\x00', 'veth1_to_team\x00', @link_local, [], @dev, [], 0xa0, 0xa0, 0xd0, [@cgroup0={'cgroup\x00', 0x8}]}}, @common=@AUDIT={'AUDIT\x00', 0x8}}]}]}, 0x1d8)

14:51:34 executing program 5:
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x89a1, 0x0)
ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0)
prctl$PR_GET_FPEMU(0x9, &(0x7f0000000240))
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x8, 0x800000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$media(0x0, 0x1, 0x0)
setsockopt$inet6_MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, 0x0, 0x0)
connect$netrom(r0, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @netrom, @bcast, @rose, @rose, @null]}, 0x48)
listen(r0, 0x0)
r2 = accept(r0, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x0, 0x84)
sendmsg$rds(r2, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x0)
syz_execute_func(&(0x7f00000001c0)="660ff4c2f2460f702f00c48109ec0367f041834d8a7c660f3a16610f00f2af26f20f1297775567a8c4410d71e30099c4c1e5f20df7000000")
ioctl$SIOCRSGCAUSE(0xffffffffffffffff, 0x89e0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(0xffffffffffffffff, 0xc0bc5351, 0x0)
syz_open_dev$audion(0x0, 0x3, 0x0)
ioctl$SCSI_IOCTL_GET_IDLUN(0xffffffffffffffff, 0x5382, 0x0)
ioctl$EXT4_IOC_MIGRATE(r0, 0x6609)
clock_gettime(0x7, &(0x7f0000000080)={<r3=>0x0, <r4=>0x0})
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, &(0x7f0000000680)={{0xa, 0x1, 0x92, 0x20, 'syz1\x00', 0x2}, 0x1, [0x3df8000, 0x3, 0x2, 0x5, 0x2, 0x80, 0x100, 0x3ff, 0x9, 0x7, 0xffffffff, 0x6, 0x101, 0x10000, 0x9, 0x40, 0xcfb, 0x5, 0x12, 0x0, 0x8, 0xffffffff, 0x8, 0x1, 0x10000, 0x0, 0x2008000, 0x56a0, 0x398, 0x400, 0x9, 0x10000, 0x6c, 0x4172cd1b, 0x1f, 0x0, 0x40, 0x5, 0x8, 0x1f, 0x400000000000000, 0x5, 0xfffffffffffff488, 0xd3ee, 0x1ff, 0x16e, 0x5, 0x3, 0x6, 0x18000, 0x80, 0x9, 0x0, 0x7fffffff, 0x0, 0x7, 0x0, 0x9, 0x2, 0x858f, 0x3, 0x1, 0x1000, 0x5, 0x3f, 0xffffffffffff5e40, 0x7fff, 0x6, 0x5, 0x9, 0x44d791bb, 0x400, 0x3ff, 0x1, 0x6, 0x3ff, 0x101, 0x3, 0x4, 0x0, 0x401, 0x21, 0x5d0, 0x12c, 0x4, 0x8, 0x3, 0x9, 0x3, 0x101, 0x4, 0x6, 0x8, 0x10001, 0x9, 0x7, 0x8058, 0x10000, 0x6, 0x7f, 0xfffffffffffeffff, 0x2, 0x6, 0x4, 0x3, 0x1, 0x6, 0x9, 0x1f, 0x8, 0x7127, 0x2, 0x9, 0x400000000, 0x10001, 0x1, 0x3, 0x22, 0x7fff, 0x7, 0x7fff, 0xffffffff, 0x1f, 0x7f, 0x4, 0x6, 0x7ff, 0x759f], {r3, r4+30000000}})
sigaltstack(&(0x7f0000ffc000/0x4000)=nil, 0x0)

[  309.448187] net_ratelimit: 20 callbacks suppressed
[  309.448194] protocol 88fb is buggy, dev hsr_slave_0
[  309.458758] protocol 88fb is buggy, dev hsr_slave_1
14:51:34 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x400, 0x0)
ioctl$DRM_IOCTL_ADD_MAP(r1, 0xc0286415, &(0x7f0000000040)={&(0x7f0000ffb000/0x3000)=nil, 0x1000, 0x1, 0x8, &(0x7f0000ffc000/0x4000)=nil, 0xbde3})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f00000004c0)=@broute={'broute\x00\x00\x00\x00\x00\x00\x00\x02\x00', 0x20, 0x1, 0x160, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000240], 0x0, 0x0, &(0x7f0000000240)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x11, 0x0, 0x0, 'nr0\x00', 'yam0\x00', 'yam0\x00', 'veth1_to_team\x00', @link_local, [], @dev, [], 0xa0, 0xa0, 0xd0, [@cgroup0={'cgroup\x00', 0x8}]}}, @common=@AUDIT={'AUDIT\x00', 0x8}}]}]}, 0x1d8)

14:51:34 executing program 3:
r0 = syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0)
ioctl$BLKALIGNOFF(r0, 0x127a, &(0x7f0000000040))
r1 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0x10100, 0x0)
ioctl$VIDIOC_G_ENC_INDEX(r1, 0x8818564c, &(0x7f0000000200))
ioctl$BLKALIGNOFF(r0, 0x127a, &(0x7f00000001c0))
socket$pptp(0x18, 0x1, 0x2)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000100)='TIPC\x00')
sendmsg$TIPC_CMD_SET_NETID(r1, &(0x7f0000000a40)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x24, r2, 0x4, 0x70bd26, 0x25dfdbfb, {{}, 0x0, 0x800b, 0x0, {0x8}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000000}, 0x800)

14:51:34 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
capset(&(0x7f0000000c00)={0x20071026}, &(0x7f0000000000))
unshare(0x8000400)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm_plock\x00', 0x8000, 0x0)
ioctl$VIDIOC_S_EDID(r1, 0xc0285629, &(0x7f0000000140)={0x0, 0x5, 0x1, [], &(0x7f0000000100)=0x2})
r2 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r2}, {r2}], 0x2, 0x0, 0x0, 0x0)

14:51:34 executing program 1 (fault-call:2 fault-nth:3):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  309.700781] FAULT_INJECTION: forcing a failure.
[  309.700781] name failslab, interval 1, probability 0, space 0, times 0
[  309.725845] CPU: 0 PID: 13368 Comm: syz-executor.1 Not tainted 5.0.0-rc8+ #89
[  309.733132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  309.733159] Call Trace:
[  309.733185]  dump_stack+0x172/0x1f0
[  309.733205]  should_fail.cold+0xa/0x1b
[  309.733222]  ? __nf_conntrack_find_get+0xe45/0x1960
[  309.733241]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[  309.757868]  ? __nf_conntrack_find_get+0xe45/0x1960
[  309.757896]  __should_failslab+0x121/0x190
[  309.757913]  should_failslab+0x9/0x14
[  309.776015]  kmem_cache_alloc+0x47/0x6f0
[  309.780081]  ? __nf_conntrack_find_get+0xe6c/0x1960
[  309.780100]  __nf_conntrack_alloc+0xdb/0x680
[  309.780119]  init_conntrack.isra.0+0xe3a/0x1180
[  309.789524]  ? nf_conntrack_alloc+0x50/0x50
[  309.789548]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[  309.789569]  nf_conntrack_in+0xa68/0x1070
[  309.789595]  ? nf_conntrack_update+0x990/0x990
[  309.812696]  ? __do_replace+0x910/0x910
[  309.816685]  ? save_stack+0xa9/0xd0
[  309.820319]  ipv4_conntrack_local+0x169/0x210
[  309.824827]  nf_hook_slow+0xbf/0x1f0
[  309.824998] netlink: 3286 bytes leftover after parsing attributes in process `syz-executor.5'.
[  309.828550]  __ip_local_out+0x403/0x880
[  309.828569]  ? ip_finish_output+0xd50/0xd50
[  309.828581]  ? try_charge+0xb01/0x1570
[  309.828601]  ? ip_append_data.part.0+0x170/0x170
[  309.828618]  ? __lock_is_held+0xb6/0x140
[  309.828645]  ? check_preemption_disabled+0x48/0x290
[  309.828663]  ip_local_out+0x2d/0x1b0
[  309.828676]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[  309.828694]  __ip_queue_xmit+0x86f/0x1bf0
[  309.828718]  ip_queue_xmit+0x5a/0x70
[  309.828736]  __tcp_transmit_skb+0x1a5f/0x3680
[  309.828750]  ? tcp_connect+0x1158/0x40a0
[  309.828782]  ? __tcp_select_window+0x8b0/0x8b0
[  309.828817]  ? tcp_rbtree_insert+0x188/0x200
14:51:34 executing program 5:
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x100, 0x100)
ioctl$int_out(r0, 0x2, &(0x7f0000000040))
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$kcm(0x10, 0x3, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r2, 0x29, 0x2a, &(0x7f0000000f80)={0x6, {{0xa, 0x4e20, 0x7, @ipv4={[], [], @multicast1}, 0x8}}}, 0x88)
sendmsg$kcm(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000000280)="fa0c000026008152915a655267d7d137ab2ff96e27bf28b285fe3903a44a6017edcaa3a2b4dade3baee72569b51366463fedf5e787c05b0cb5927a3a7edfb4d078e9ae1504d489e058be9fafaa633705b6d4bf0401f2cd9ebf19724a1b0b9760612582bccd3983ce4474844c065e914dab8bbd52a45f431678bfe28633bf7c8dc83df809238ed87f1e393883ef750ce79c6f84e5e5de176e2f26024e4e3a3d8fbdaf3254022f265d8ccc5fd7205d9d9c2c407ec58162523082d81a39c43f782332ba8e82b4107a049cb82bba8b5edd80473844291437b8d22edca68047582e6be601e9df5e60a32c7cd202c5a30b8b606e43362739551cbb013b65e238f41cc00d7900140cf06b7bc9030f2563bcf9d4f4b7f48c79ec1a323d06276a0a3f8846b7c62b66f9709cabcaad234c53f3bc9b11165a6321f1db1057f076cfaebf8fbfa033fdc1dc2c3e314b36b3b3dd50425447da8bc5938ff7a17361100ab0b1ffeab7ac487411824224781eb9cdd4edef57ae91cd61f56a56c0599cfc3a491447207610f242da6cd6b030ae5f35e3181c44ae68665a023759b9ef4358db46107edc49194aed72b62600ec0ae4fc9065be059fc010cd6e6c9ea77c666b5e25693fbcf595e3e57113ff3a0e0c63d0604a16ea5adb8b7b54d47d4d8804612fde571863064528a49bf684d8a880a11afd819f186c177c49cac3ba1e9d1aa7ad0ff36b9e36d73c05b8abcaf96df0bacd2c9653f30ec29e1284af8749a9b2803c2727e992a6e65df192e1875c3e6d3553ffb7cb34ffee8f8ac0123c390454b42a0316952cbc9949376d9320ec207f77c2d5eb9e86d720cf8e9008a9a51932b45cd4cab21414c92d1c20f9e15e3fc16c7ce181e9ab19b01b70343934c823b1215e173405dd225233823cd4a604a77f06b14eb05b860e6cf8790335788c43abe9de1598e9952e5c7e6b2f8b17b1788ff3033e7d1635b008834bdf4054e6195e55000827c6202b227dde06f23ae21c00b371bdb6b7ea47b2e78844b52a77f9f0929790dcd7df2752e4af092d539c87c18751a5eb3eb4d38a2a0e070064b4ffaacff0543b115cc89f6c7e78f12147ebfcf1c80bac8f98deb59cbe670adb4cd1882a7e0ca4ba85ae9d445223ffb32301d46c0c9b05a830cbea0f72294ab3b539e4ed7cac2e22b235e8ceedeb643fb90b061a58368e76036ff3c1828d8a4e21288662afb6f2acab00d734db7ffc8373a928571819ce9ea6cb0956a6093b2b1f65662b76bc6ac8a171451714e1d0e4ff7647fe7551d3cf16f37cb5547317e4fef51e4fb471de6ffbb90c2dd4a64266c4c2f75fc62e58ec306fb92212fb262d8b138899a3b53e67cde2f97d94cd2265cc04d32b29edf77e75b1f88372495cb2937f183bfc8604d72efb3af5c1f41b665b25592676b0ad2185478eade7e663e743e0e09cce6224c787ce1d789dc4a9b350bfe3a75f551341b11dd96cdaea17989dad565b16324a69842dc29a0ed16744ea5935598ac8238e146139189927a14d3b2863044b63b468ae75f48fab68ad235c36daffebfe4b468fc9b13198b1a683dcd3b3b4294ba22caddbacf8792d5783bc12e2538e4609e6bb6e9eeab98a06452c252a657f400260458c29fae8879097698c9aba2b2d889fc78f00d0d8271e09e8542b71018be6ff8cb03cb423e79303047d6ce124a00f64461b899bbddc4fe87ff677533391e16c01fa9cd6420bdc856c4c7f057b249ee9817efd6ab2cd02eb887d2631435ef2d5a1c7e57ac046ef615a1285ca89ade18ae69af3b3f8f76ca8aa060e373c0f99424fe1c5fadc72fe145fd2d4e4da4b78597890516857de188fcdaf15e3b0871b346cd39ab772cc25fab49e60c818cde934b137144adfc4fbde3ddbeccce9679f02b66746e822c67b3ed5fdafb4a936a2683b39a002115ecd62220605ca542610a80f2e3530aa89d3ed6ed9c57bbfd5db3a0b62786a608309a355443c616032008f9458b2f10db93e29470192370084e9322c309c9b23333b46d04e79176659503ad4b05deebb3c67d715ee6e84a89002ea6f7f71bf41ad36b42c8ae01c97174dbb641e50641aba60c291a84e906c013087370a5043e07d36fcead378f6c1e6ed3f5ac695124b82b20261cf7c9b82172e09c81d7d39eed72aee5678613a3c671ddd44f2c7c75a3b5d316aa165d56594fccab20903d7f503a08928e76c779918b2463b720ee6367a43e494a1db3ed1a80690e665570c01ce7eb979cdd95d4e1ca51730eb2cd63ffb2a56049601627c9788254945142dce85adbe1eb5997d16cdfe2a3758b13dc6bb121e2206ae64206868c1c5e89a101bc121719ac435dcad093f5f67cefd863cc7c8f3fc8a9dc62a83c115f1ce714b18af067951aa06dd9bb4ed98a820bf4704d156977caa4e6415b2a0df0386e2f6a061bf44abc8a397cf4abdafc51b78ebec9831f3c60fde6e62a1fd082903080aef20ff8de8bc0dced06f627514600539ca7114a088848da4244a85b4cf5b976d3a698c9a568d417e276917baba05d1a02181db2e6cc35986da4ccc63f8cd8e85a4a923dd27e2f499664601fdc44fdf46e2d2880cd5a7ece89c370234c438dcc0b43865cc62bad21e9dc37da758cbe01752f02fd9cbfe98630a30a78bb1239e25cdaba3d45d13cd3e7216d9d8070f3ff1a0cd9a0c91f29974c98f2677ba88c1091bde4be0cd37ea5eeb3b9cd59560a00ddd40bbd60ffb8d4daa973ef0977c18dd4b38a605cee957872dca85787c37b6931293eddb77015faf143d1d28d24822d1a5d134799e8175a38b255aaf0e39b68c7f734e2e1e7044626daa84c9113e86d86ef63c863703703ea163319261dcf516c32d49478f7af30d52baa18ea6b0fc286c06b7e4ee019bf3fe74845a652d4a52aaa241a189c411e90e2953863a2bc4124e573607b94cdff19e280731824931a83f056cb5857672619b97ce38081592c0c319ce72e04e9eadce89775cfb5a4b2842663bc79bde565435cbcd46c4d505ceef7dde86512d39d4cb270deb7e79ebf8602bdc0d76c3e833d36ee08be10be634f44056c2f3fd6a328c7cd562e9c96ff7845fc3df81a876bb07f1cc833bed6ca1dc5cf935a4e959db6a4fae6edbc45357d8758faa9cd04cd41eb6efcfbd91658519bf520b90107f767d126854818485e98cb7ef56804de6950bf4e72098a949d14ea0e4e9f2534cf16cac0aeb970fc5c39f37e93910d5c99ac163792260d2280ec5c9a79bf295588ec23f524aae65f800f9c39e338f3d66b1a69e5488e04823eab36ae6ec6a2c5ce133ccd819a2b217b1ab7f4afd1697bb42929b3131358b5421c83f925571934442d0fd0ce3990d4e5d31d8b956f76df3c2f8533e46b892c88692ce009155dd5c7dbe4c86874b95762650f63e4b4aabb41320978b05b80cfe8fa2830904ef6b5c4f7ad46ca5dac151c9077c4d2c6adfe5066a8eb09a9bc6892330ea2b259a53c7137f8498254e1b04bf920c35c5333c4d640b11da60917ae921037b4aedbd6a0fbeeaf88ef6defc830552b4cbe3fe2a844806a48923dd428ea1c8d797bd8e6aabd1d1a8c97c8038b627120a77f4e47fa1f788aa9da268b0ec10fc453cb722685df76547dbf55a16663aa2b2a51e9c52456cccdf682592d1369dd12e3d3cb504e0f2d7004e62c297d5a25d0298045dae8fca8cb795ea57288b85a7e705820087d55ca6c42e920e2aa1174e128622cf64a197fd728cb2949536ba63e8bda8589261f1377caea37302e47228d3708a5666c66ba711d3c0b310a8c47e86d26597299d523c28c90e4feab43e950f398f7b61ccf7e6490d75ba6d8214e2d5ef2d7a088db490e1ebacf4e6eecc896cb1c704f0a8fcdf4ccb5dfa53eaf43d709287f36c10188c19fd59da7d73494de089c1b0a69ee22dcb847001c5317846a876bee1685d11c4db0673ec4c3a12008bb719650525b3c39e2b0469edda93830b3f1bde3e5b0b4637197866bb08c5858cf0d9876e3c7cad54169887bf9c80f9f4be362e1bc8c27f3434e9a918bac355c184bd899b9aebe6be20e70c0c69234342eb8b57aa9ffb7797a32df91cec2bbc90201658ca2297bf1fe68e65363867e1f6ad79b827f363d64fbd3b188d95307d011c4ce5bf4407908c058eeb97ec98dd0ebfdab6b348fa387f2a7573cac25344c983e8fd526c30ee6d59fe99a30c7d7e2864aa22bfa49df5f32da68309cab3ed9c2ce69b6ecb8508ce28a43ebd6c809b8afd07a4606e664965d316f3707a3abee9bcdc32a78031b0171fb565d90c16cd56e5792c0cf618b799715f32538e38f493d4e19ec76fc8a07576a13975706bfc2bb1516c2d18a4385cc37a206eac6c9fb8d073572ba2671d2198abf24fdd0c40d079ae44962c26743b4bf5950ac5ee34c5d7bd60b364ce670958112c37b9829bed7e1327356d6b94af3ba020c2337b2dba37d00af8a128a614390cdde62ce871f948427fb5c187df9a1540a5cc71da1a86144acbfd94bf433f744f0c4f2a675eba3ed251c5b11b08dfefc726c0394a9b75121d88467ed4b2cd69819dfe50693a4a4c8370d3af12f41c0067283bbb5a90044a340fc357a11081a6c13bb9c32d9caa448479fd5f0302b6729ca7233094540b14546d6bcc15771c2686279b34f9c0914f5306d0fabd5979266ea01a17a22507e560dbf904dd62c40e2bccb468710ee4c1caf4e786", 0xcfa}], 0x1}, 0x0)
getsockopt$inet6_mreq(r2, 0x29, 0x1b, &(0x7f0000000080)={@initdev, <r3=>0x0}, &(0x7f0000000100)=0x14)
sendmsg$kcm(r1, &(0x7f0000000140)={&(0x7f0000000200)=@xdp={0x2c, 0x0, r3, 0x26}, 0x80, &(0x7f0000001600)=[{&(0x7f0000001040)="f7afa8f96636f40c2420138d3da5bb7fbb05e75c2f1a165c5a87ac83efc707b410a31420dfaf6ff925f22b6fb96f0c424309adcb838ba5d08d383bfce0e686d53f4823e9c4fa079a3f30e44cfa250bf4436e61ab9687f0026784a18d3e02661bc90f0430009da1496a50b560e9683a5cb91f7cf4d00b178861ef935586d3821d3f6f663a6e5df008a15bf5267e912d934a34a71a696417661a4277e850f521c53b186f6e535d195a1347e8d2770ebc9783dcb73fb146b99428040e22be8900b17369f7d9b9be98822a296108dcd855149608817fe38f2764455397e6c22e1f28e427d62bca4e34ff22b2206fa59a", 0xee}, {&(0x7f0000001140)="bd3c6798344fc3e04eb86f512de111a565b5c8b09cacba0beac316643e295655072a0b8511ec69250073a30efe6ec4d428f30f8ed977374024c4e893e62568806d8d543a7ca159acfd2c2021ed3461d2a580cb16589a0601aad59845ce4b0227409e09852a1e37e7980aecec76927c0b2301a49f5758b9e2d6f28b1c776dc44981fb831e6b6fe245ae0e2c910caefe1f8f40dd2edbc89d9fbc88b539db5bced22142b62d63138462005c30dd9d806c699ae436dd83166f5d74603869b2e165725884f9af01f0f8caadd71644699d8d8502fd24b23ef5f9da400a37c98d99ce8891077f", 0xe3}, {&(0x7f0000001240)="bdd55929ebf7822af391459c4f3410ca9ac8de70c747d522ad9d679f18b6e2541be85c764da73889ea0429fbe131330ab144d988dfb4090a3f956db95ce6a22cb62d080d13a843e42e7ca9068fd779b454f4f11eb2360359440755243df85034adc12d17cf217638d1e4175963fff9c3ea86c0d929a3d432784eaedf446719cc70be28d9845b16bc43b2cf39043f7a374258fb264891a8f54e82f27f30", 0x9d}, {&(0x7f0000001300)="b2418e5ae153232c7d685ea2da338d6595d5701ec79c9d4ef107cc5ac368d4ab56d6dab8689bbfb19a17f60b06b034fe53b4474d5656e892c3dbca457bbece867df3ff019f3bd0ceaa7477888596504b5a497f0dc17f7ec557ad01f7cd30c9c756e86d95900b4cabd93eeecc75dc00853e18ca7fa87c24157528385f06b44b77e4dc40c6c1bd699a5ec50cd5f275d03c6862d02fee5b64d00dc7bc68ad28eac832b553fc4668b4bb7da88d47731a7e2456e08f11", 0xb4}, {&(0x7f00000013c0)="587a36fd29e91efeddfaa78bd7e1e1562b3e6bdd81ee8c2c50565fe29cbc699d021c8f217ef2974fbda4393f302a5685e5d7de04768fe113d3d75b813e3dc2846d114bdddbbf162be35d43cc9e3447006dca7676020e0a36ecf4d60577eec8798cacebf5b3dc57d4e71192019140b5d1ff21978898711c03daac00ac73fe36e7c2d9dab5ff9131ce6ce5ecbf3339cce9659ee6dc6fe4d216886953e68b1d17a895182c6ffaa7f00633900958ac9fcd2e7de5e6edde25a9f96766127023ce6c661a7efa81a4f9d9f084e83f75fb5d46fc917f0f0d6f3d8acabad4593d7930749ece0cb64a0685f466c807153ae77357f9f25510c5e11aec1de4a372c08bc6", 0xfe}, {&(0x7f00000014c0)="430eb00c57efb83cfaaf097a096b15f1eabfd34d5dfae899a6d818531fb60403c9a50bf638d1e04738b3d62f44f4f38806458a02af26a201017ec11ee43460c57b4598615d320dc901e06894e781a7b3eabb516cb239ca80d74e627ed538a04474209ab4fa5e3ee4ae22eed49864004b71c34558b3d51bbf6ed26b2b3514e84a4ed076", 0x83}], 0x6, &(0x7f0000001680)=[{0x108, 0x117, 0x5, "2b75a913b93f0b6811c4e11208c5e2c237e890660d2e9986c8c9f7aec7de414326fd76ce4a2d34559c08012820493d1c2084b141b147f9544f3e41cbd8bf8e1d0032740687552dd743392f8ccb5145d8c06c4a54882d0b1047aed45adcb401424942843fcf9dd63fc1128623fb67f21d519f57079311e4b474cc100850971280dbc131da25e95775f755c42fb2f72e818a19231fd901a872cd76e79fd911885162c9d67bfe6c080e48aa09e2c48ba8c40050c3ae382b99eed4b6557a088799efde6d098c0b7bdb5764a990f1517fe5da21e9e7e43b8bb116c428632643602b64dfb051a1894027af944491beaa3e36661cda"}], 0x108}, 0x50)

[  309.845937] netlink: 3286 bytes leftover after parsing attributes in process `syz-executor.5'.
[  309.849692]  tcp_connect+0x2e2e/0x40a0
[  309.849705]  ? inet6_lookup+0xe0/0xe0
[  309.849731]  ? tcp_push_one+0x110/0x110
[  309.849746]  ? secure_tcpv6_ts_off+0x24f/0x360
[  309.849767]  ? secure_dccpv6_sequence_number+0x280/0x280
[  309.849781]  ? check_preemption_disabled+0x48/0x290
[  309.849820]  ? prandom_u32_state+0x13/0x180
[  309.849842]  tcp_v6_connect+0x15fa/0x21c0
[  309.885107]  ? tcp_v6_send_check+0x420/0x420
[  309.885134]  ? debug_smp_processor_id+0x1c/0x20
[  309.893843]  ? perf_trace_lock_acquire+0xf5/0x580
[  309.893867]  __inet_stream_connect+0x83f/0xea0
[  309.893883]  ? tcp_v6_send_check+0x420/0x420
[  309.928206] protocol 88fb is buggy, dev hsr_slave_0
[  309.928604]  ? __inet_stream_connect+0x83f/0xea0
[  309.933715] protocol 88fb is buggy, dev hsr_slave_1
[  309.937988]  ? mark_held_locks+0xb1/0x100
[  309.983710]  ? inet_dgram_connect+0x2e0/0x2e0
[  309.988186]  ? lock_sock_nested+0x9a/0x120
[  309.992402]  ? trace_hardirqs_on+0x67/0x230
[  309.996719]  ? lock_sock_nested+0x9a/0x120
[  310.000943]  ? __local_bh_enable_ip+0x15a/0x270
[  310.005596]  inet_stream_connect+0x58/0xa0
[  310.009902]  __sys_connect+0x266/0x330
[  310.013788]  ? __ia32_sys_accept+0xb0/0xb0
[  310.018013]  ? ksys_write+0x166/0x1f0
[  310.021796]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  310.026535]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  310.031272]  ? do_syscall_64+0x26/0x610
[  310.035224]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  310.040568]  ? do_syscall_64+0x26/0x610
[  310.044526]  __x64_sys_connect+0x73/0xb0
[  310.048570]  do_syscall_64+0x103/0x610
[  310.052435]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  310.057602] RIP: 0033:0x457e29
[  310.060776] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  310.079653] RSP: 002b:00007ff04e06ac78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  310.087340] RAX: ffffffffffffffda RBX: 00007ff04e06ac90 RCX: 0000000000457e29
[  310.094592] RDX: 000000000000001c RSI: 0000000020000140 RDI: 0000000000000003
[  310.101841] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[  310.109089] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff04e06b6d4
[  310.116337] R13: 00000000004be25b R14: 00000000004ce9e8 R15: 0000000000000004
14:51:34 executing program 0:
prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f0000000040)={0x4, &(0x7f0000000000)=[{0x7, 0x4, 0x1, 0x3}, {0x23e, 0xfff, 0x2, 0x7}, {0x1, 0xa7, 0x9, 0x80}, {0x100000000, 0x7, 0xfffffffffffffffb, 0x9}]})

14:51:34 executing program 2:
socketpair$unix(0x1, 0x80000000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
perf_event_open(&(0x7f000000a000)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x8000000200000000, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='rpc_pipefs\x00', 0x0, 0x0)

14:51:34 executing program 5:
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/snapshot\x00', 0x10000, 0x0)
ioctl$EVIOCGUNIQ(r0, 0x80404508, &(0x7f0000000500)=""/200)
unshare(0x8000400)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ppp\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x6, 0x2)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000080)={0x3, 0x2})
sendmsg$unix(r3, &(0x7f0000000480)={&(0x7f0000000140)=@abs={0x0, 0x0, 0x4e20}, 0x6e, &(0x7f0000000400)=[{&(0x7f0000000200)="bd2ff963c6983aab76a649ba395a4494799b955f78f35d965b75b27ee6bfa309cfca6b33c2c9956f02378c362d3c0a4c1b873d34d6bcfd2dfed642d6d3ffd9dc5d36cac08df8f3c0019926925c63cb634726b361cf4daf565e1913dc00f2d2d1155ee4f1561c859a1a1015a4c924497d914776e141dd891c32ec1d15e4fb34185114b30afabd95d7c4e1bc344136734abd9c40b745fa642f2d", 0x99}, {&(0x7f00000002c0)="d95a206ee8481ac0039f31be6d626595f05d9203943dbbcce6cbe2807505c1b3a438bbdc5e9f37aefb9a9a066dbfc8bf360c99ebc614b60f547ff00ac3ad49138dd3554a359d8da4", 0x48}, {&(0x7f0000000340)="a33fb3564add80bcc18b399a36c87cbe648a0f2dd9493cb5bf6dd62a1c83de01d2c6a0eea0b3a321355e9e420128a85a7294070d56e9d2e10d5e714a5c3dba378394d243fcab1b154012d0f28b7c00e6b5f4b4783e7e27905a8a5c5316f365d9fd5f72dcca2c01d71d158cc39611d3d1b32c4beeaec0687313121b819015d18ff898e258e379d63193e39b82e0584939", 0x90}], 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="30000000000000000100020001000000", @ANYRES32=r1, @ANYRES32=r1, @ANYRES32=r2, @ANYRES32=r3, @ANYRES32=r3, @ANYRES32=r4, @ANYRES32=r4, @ANYBLOB='\x00\x00\x00\x00'], 0x30, 0x4000}, 0x10)
getsockname$inet(r4, &(0x7f00000000c0), &(0x7f0000000100)=0x10)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0)
ioctl$DRM_IOCTL_AGP_ALLOC(r0, 0xc0206434, &(0x7f0000000600)={0x29d, <r5=>0x0, 0x10003, 0x3ff})
ioctl$DRM_IOCTL_SG_FREE(r1, 0x40106439, &(0x7f0000000640)={0x4, r5})
ioctl$EVIOCGPROP(r4, 0x40047438, &(0x7f0000000800)=""/246)

14:51:34 executing program 3:
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup\x00', 0x200002, 0x0)
r1 = openat$cgroup_subtree(r0, &(0x7f00000001c0)='cgroup.subtree_control\x00', 0x2, 0x0)
close(r1)
openat$cgroup_ro(r0, &(0x7f0000000040)='cgroup.stat\x00', 0x0, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000000)={[{0x0, 'memory'}, {0x2f, 'cpu'}, {0x2d, 'cpu'}, {0x2f, 'cpu'}, {0x2b, 'rdma'}, {0x2d, 'memory'}, {0x2b, 'memory'}, {0x2f, 'memory'}]}, 0x35)
recvmmsg(0xffffffffffffffff, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000019c0)=""/61, 0x3d}}], 0x1, 0x0, 0x0)
readv(r1, &(0x7f00000002c0), 0x1a5)

14:51:34 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ioctl$FICLONERANGE(r1, 0x4020940d, &(0x7f0000000040)={r0, 0x0, 0x0, 0x0, 0x80000001})
ppoll(&(0x7f0000000080)=[{r1}, {r1}], 0x2, 0x0, 0x0, 0x0)

14:51:34 executing program 1 (fault-call:2 fault-nth:4):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  310.220392] audit: type=1326 audit(1551451894.872:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=13387 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45ac8a code=0x0
[  310.260443] FAULT_INJECTION: forcing a failure.
14:51:34 executing program 2:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_dev$dspn(&(0x7f0000000a80)='/dev/dsp#\x00', 0x2, 0x802)
getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000380)={{{@in6=@remote, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}}, {{@in6=@local}, 0x0, @in6=@mcast2}}, &(0x7f0000000200)=0xfffffffffffffd6d)
ioctl$sock_inet6_SIOCDIFADDR(r0, 0x8936, &(0x7f0000000340)={@dev={0xfe, 0x80, [], 0x16}, 0x0, r1})
setsockopt$inet6_int(r0, 0x29, 0x13, &(0x7f00000001c0)=0x8, 0x4)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x28c, 0x3ef, 0x2000000000003fe, 0x30c, 0x2a01, 0x0, 0xe003, 0x33c, 0x8, 0x0, 0x3603, 0x252, 0x8]}, 0x75})
r2 = socket$l2tp(0x18, 0x1, 0x1)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000300)='/dev/rtc0\x00', 0x101002, 0x0)
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r3, 0x84, 0x1b, &(0x7f0000000ac0)=ANY=[], 0x0)
rename(&(0x7f00000005c0)='./file0\x00', &(0x7f0000000540)='./file0\x00')
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f00000008c0)=@sack_info={0x0, 0x2e75, 0x815}, 0xc)
ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000640)={@mcast2, @loopback, @mcast2, 0x2c, 0x1000000000000008, 0x6, 0x400, 0x23b, 0x20})
r4 = inotify_init1(0x0)
dup2(r3, r4)

14:51:34 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x8001000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r1}, {r1, 0xffffffffffffffff}], 0x3b5, 0x0, 0x0, 0x0)
ioctl$EVIOCREVOKE(r1, 0x40044591, &(0x7f0000000040)=0x67)

[  310.260443] name failslab, interval 1, probability 0, space 0, times 0
[  310.316134] CPU: 0 PID: 13394 Comm: syz-executor.1 Not tainted 5.0.0-rc8+ #89
[  310.323508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  310.332864] Call Trace:
[  310.335457]  dump_stack+0x172/0x1f0
[  310.339089]  should_fail.cold+0xa/0x1b
[  310.342973]  ? mark_held_locks+0x100/0x100
[  310.347212]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[  310.352308]  ? should_fail+0x14d/0x85c
[  310.356188]  ? __nf_conntrack_find_get+0xe45/0x1960
[  310.361217]  __should_failslab+0x121/0x190
14:51:35 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = syz_open_dev$audion(&(0x7f0000001440)='/dev/audio#\x00', 0x0, 0x500)
getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000001680)={{{@in6=@ipv4={[], [], @loopback}, @in6=@remote}}, {{@in6=@empty}, 0x0, @in=@local}}, &(0x7f0000001780)=0xe8)
fsetxattr$security_capability(r1, &(0x7f0000001640)='security.capability\x00', &(0x7f00000017c0)=@v1={0x1000000, [{0x9, 0x7}]}, 0xc, 0x1)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000018c0)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_STATS(r1, &(0x7f0000001580)={&(0x7f0000001480)={0x10, 0x0, 0x0, 0x20500004}, 0xc, &(0x7f0000001540)={&(0x7f0000001500)={0x1c, r2, 0x28, 0x70bd2d, 0x25dfdbfe, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x44}, 0x24000844)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r3, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070")
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r1, 0xc0505405, &(0x7f00000015c0)={{0x2, 0x1, 0x3, 0x3, 0x18}, 0x8a, 0x7f, 0xa58})
openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0)
setsockopt$TIPC_CONN_TIMEOUT(r1, 0x10f, 0x82, &(0x7f0000001800), 0x4)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000001840)={<r4=>0xffffffffffffffff}, 0x13f, 0x100d}}, 0x20)
write$RDMA_USER_CM_CMD_INIT_QP_ATTR(r3, &(0x7f0000000200)={0xb, 0x10, 0xfa00, {&(0x7f0000000080), r4, 0x3}}, 0x18)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001880)='cubic\x00', 0x6)
getsockopt$bt_BT_SNDMTU(r1, 0x112, 0xc, &(0x7f0000000140)=0x63, &(0x7f00000014c0)=0x2)
write$cgroup_int(r1, &(0x7f0000001900)=0x9, 0x12)
ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000001c0)={'vlan0\x00\x00\xf6\xff\xff\xff\xff\xff\xff\xff\x00', {0x2, 0x0, @rand_addr=0x8}})
readv(r0, &(0x7f0000001400)=[{&(0x7f0000000240)=""/219, 0xdb}, {&(0x7f0000000340)=""/4096, 0x1000}, {&(0x7f0000001340)=""/78, 0x4e}, {&(0x7f00000013c0)=""/5, 0x5}], 0x4)

[  310.365457]  should_failslab+0x9/0x14
[  310.369261]  __kmalloc_track_caller+0x6d/0x740
[  310.373852]  ? lock_downgrade+0x810/0x810
[  310.377999]  ? nf_ct_ext_add+0x2a9/0x640
[  310.382067]  __krealloc+0x71/0xc0
[  310.385523]  nf_ct_ext_add+0x2a9/0x640
[  310.389419]  init_conntrack.isra.0+0x447/0x1180
[  310.389439]  ? nf_conntrack_alloc+0x50/0x50
[  310.389463]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[  310.389484]  nf_conntrack_in+0xa68/0x1070
[  310.389510]  ? nf_conntrack_update+0x990/0x990
[  310.389523]  ? __do_replace+0x910/0x910
[  310.389537]  ? __lock_acquire+0x53b/0x4700
[  310.398496]  ? find_held_lock+0x35/0x130
[  310.398520]  ipv4_conntrack_local+0x169/0x210
[  310.398538]  nf_hook_slow+0xbf/0x1f0
[  310.398559]  __ip_local_out+0x403/0x880
[  310.398576]  ? ip_finish_output+0xd50/0xd50
[  310.398599]  ? ip_append_data.part.0+0x170/0x170
[  310.408193] protocol 88fb is buggy, dev hsr_slave_0
[  310.412723]  ? __lock_is_held+0xb6/0x140
[  310.416707] protocol 88fb is buggy, dev hsr_slave_1
[  310.420894]  ? check_preemption_disabled+0x48/0x290
[  310.420913]  ip_local_out+0x2d/0x1b0
[  310.420929]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[  310.425022] protocol 88fb is buggy, dev hsr_slave_0
[  310.429462]  __ip_queue_xmit+0x86f/0x1bf0
[  310.429487]  ip_queue_xmit+0x5a/0x70
[  310.433193] protocol 88fb is buggy, dev hsr_slave_1
[  310.437130]  __tcp_transmit_skb+0x1a5f/0x3680
[  310.441503] protocol 88fb is buggy, dev hsr_slave_0
[  310.446173]  ? tcp_connect+0x1158/0x40a0
[  310.451211] protocol 88fb is buggy, dev hsr_slave_1
[  310.455814]  ? __tcp_select_window+0x8b0/0x8b0
14:51:35 executing program 4:
r0 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x6c9, 0x80)
getrusage(0xffffffffffffffff, &(0x7f0000000140))
ioctl$PPPIOCGNPMODE(r0, 0xc008744c, &(0x7f0000000100))
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
getsockopt$TIPC_SOCK_RECVQ_DEPTH(r0, 0x10f, 0x84, &(0x7f0000000200), &(0x7f0000000240)=0x4)
r2 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r2, 0xc0a85320, &(0x7f0000000280)={{0xfff, 0x7618ca11}, 'port1\x00', 0x25, 0x1, 0x70a3, 0x7fffffff, 0x7fffffff, 0x1, 0x7, 0x0, 0x1})
ppoll(&(0x7f0000000080)=[{r2}, {r2}], 0x2, 0x0, 0x0, 0x0)

[  310.515863]  ? tcp_rbtree_insert+0x188/0x200
[  310.520275]  tcp_connect+0x2e2e/0x40a0
[  310.524158]  ? inet6_lookup+0xe0/0xe0
[  310.527969]  ? tcp_push_one+0x110/0x110
[  310.531946]  ? secure_tcpv6_ts_off+0x24f/0x360
[  310.536533]  ? secure_dccpv6_sequence_number+0x280/0x280
[  310.541978]  ? check_preemption_disabled+0x48/0x290
[  310.541997]  ? prandom_u32_state+0x13/0x180
[  310.542019]  tcp_v6_connect+0x15fa/0x21c0
[  310.542043]  ? tcp_v6_send_check+0x420/0x420
[  310.542071]  ? __might_fault+0x12b/0x1e0
[  310.542092]  __inet_stream_connect+0x83f/0xea0
[  310.542106]  ? tcp_v6_send_check+0x420/0x420
[  310.542116]  ? __inet_stream_connect+0x83f/0xea0
[  310.542131]  ? mark_held_locks+0xb1/0x100
[  310.559949]  ? inet_dgram_connect+0x2e0/0x2e0
[  310.559963]  ? lock_sock_nested+0x9a/0x120
[  310.559978]  ? trace_hardirqs_on+0x67/0x230
[  310.559991]  ? lock_sock_nested+0x9a/0x120
[  310.560009]  ? __local_bh_enable_ip+0x15a/0x270
[  310.560030]  inet_stream_connect+0x58/0xa0
[  310.560047]  __sys_connect+0x266/0x330
[  310.560061]  ? __ia32_sys_accept+0xb0/0xb0
14:51:35 executing program 3:
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup\x00', 0x200002, 0x0)
r1 = openat$cgroup_subtree(r0, &(0x7f00000001c0)='cgroup.subtree_control\x00', 0x2, 0x0)
close(r1)
openat$cgroup_ro(r0, &(0x7f0000000040)='cgroup.stat\x00', 0x0, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000000)={[{0x0, 'memory'}, {0x2f, 'cpu'}, {0x2d, 'cpu'}, {0x2f, 'cpu'}, {0x2b, 'rdma'}, {0x2d, 'memory'}, {0x2b, 'memory'}, {0x2f, 'memory'}]}, 0x35)
recvmmsg(0xffffffffffffffff, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000019c0)=""/61, 0x3d}}], 0x1, 0x0, 0x0)
readv(r1, &(0x7f00000002c0), 0x1a5)

[  310.616192]  ? ksys_write+0x166/0x1f0
[  310.619992]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  310.624753]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  310.629503]  ? do_syscall_64+0x26/0x610
[  310.629518]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  310.629530]  ? do_syscall_64+0x26/0x610
[  310.629548]  __x64_sys_connect+0x73/0xb0
[  310.629563]  do_syscall_64+0x103/0x610
[  310.629578]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  310.629589] RIP: 0033:0x457e29
[  310.629601] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  310.629608] RSP: 002b:00007ff04e06ac78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  310.629620] RAX: ffffffffffffffda RBX: 00007ff04e06ac90 RCX: 0000000000457e29
[  310.629629] RDX: 000000000000001c RSI: 0000000020000140 RDI: 0000000000000003
[  310.638937] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[  310.638944] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff04e06b6d4
14:51:35 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
shmget$private(0x0, 0x4000, 0x4, &(0x7f0000ffa000/0x4000)=nil)
ppoll(&(0x7f0000000080)=[{r1}, {r1}], 0x2, 0x0, 0x0, 0x0)

[  310.638952] R13: 00000000004be25b R14: 00000000004ce9e8 R15: 0000000000000004
14:51:35 executing program 0:
prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f0000000040)={0x4, &(0x7f0000000000)=[{0x7, 0x4, 0x1, 0x3}, {0x23e, 0xfff, 0x2, 0x7}, {0x1, 0xa7, 0x9, 0x80}, {0x100000000, 0x7, 0xfffffffffffffffb, 0x9}]})

14:51:35 executing program 5:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = epoll_create1(0x0)
r3 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vfio/vfio\x00', 0x10001, 0x0)
r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x200, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f0000000180)={r0, r4})
recvfrom$unix(r1, 0x0, 0x0, 0x100, 0x0, 0xfffffef5)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000b82000)={0x10000004})
dup2(r1, r0)

14:51:35 executing program 1 (fault-call:2 fault-nth:5):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:51:35 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x80000000, 0x4000)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000140)='/dev/snd/pcmC#D#p\x00', 0x1, 0x0)
ppoll(&(0x7f0000000080)=[{r1}, {r1}], 0x2, 0x0, 0x0, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r1, 0x6, 0x3, &(0x7f0000000100)=0x8, 0x4)
getsockopt$TIPC_NODE_RECVQ_DEPTH(r1, 0x10f, 0x83, &(0x7f0000000000), &(0x7f0000000180)=0x4)
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f00000001c0)={0x3, r1})

14:51:35 executing program 2:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x10001)
rt_sigaction(0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000000)={0x7, 0x7, 0x2, 0x61fa, 0x6})

14:51:35 executing program 3:
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup\x00', 0x200002, 0x0)
r1 = openat$cgroup_subtree(r0, &(0x7f00000001c0)='cgroup.subtree_control\x00', 0x2, 0x0)
close(r1)
openat$cgroup_ro(r0, &(0x7f0000000040)='cgroup.stat\x00', 0x0, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000000)={[{0x0, 'memory'}, {0x2f, 'cpu'}, {0x2d, 'cpu'}, {0x2f, 'cpu'}, {0x2b, 'rdma'}, {0x2d, 'memory'}, {0x2b, 'memory'}, {0x2f, 'memory'}]}, 0x35)
recvmmsg(0xffffffffffffffff, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000019c0)=""/61, 0x3d}}], 0x1, 0x0, 0x0)
readv(r1, &(0x7f00000002c0), 0x1a5)

14:51:35 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x80)

[  311.063038] audit: type=1326 audit(1551451895.712:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=13441 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45ac8a code=0x0
14:51:35 executing program 3:
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup\x00', 0x200002, 0x0)
r1 = openat$cgroup_subtree(r0, &(0x7f00000001c0)='cgroup.subtree_control\x00', 0x2, 0x0)
close(r1)
openat$cgroup_ro(r0, &(0x7f0000000040)='cgroup.stat\x00', 0x0, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000000)={[{0x0, 'memory'}, {0x2f, 'cpu'}, {0x2d, 'cpu'}, {0x2f, 'cpu'}, {0x2b, 'rdma'}, {0x2d, 'memory'}, {0x2b, 'memory'}, {0x2f, 'memory'}]}, 0x35)
recvmmsg(0xffffffffffffffff, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000019c0)=""/61, 0x3d}}], 0x1, 0x0, 0x0)
readv(r1, &(0x7f00000002c0), 0x1a5)

14:51:35 executing program 4:
r0 = syz_open_dev$rtc(&(0x7f0000000040)='/dev/rtc#\x00', 0x8, 0x200000)
pread64(r0, &(0x7f0000000100)=""/121, 0x79, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r2 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
write$binfmt_elf32(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="7f454c467f09018401000000000000000200000000800000b10100003800000043030000000000000000200000000000000070010000000200000000000000080000000053fe30b44f84b57afdd5db0000002c0b0000090000000000006002000000080000000700000000040000ffff00000900000007000000818d1cb63815cc9ce2cf530cb32876a4f351ffe8464e2ca45c51e43d33f6dbaf2fa19c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x19b)
ppoll(&(0x7f0000000080)=[{r2}, {r2}], 0x2, 0x0, 0x0, 0x0)

14:51:35 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:51:35 executing program 5:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x10001, &(0x7f0000000240)="0adc1f123c12a1dd9cecf4d3af1154765d282d74236b32a9865fd715fcd610e366e5ebcde3a700000000000000d85bce0a0a58fc0000000000000000")
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x400100, 0x0)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r1, 0xc0505405, &(0x7f0000000140)={{0xffffffffffffffff, 0x3, 0xffffffffffffca64, 0x3, 0x1}, 0x5, 0x7, 0x3})
ioctl$FICLONE(r0, 0x40049409, r0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x8, &(0x7f0000000040)=0x4, 0x4)
getsockopt$XDP_STATISTICS(r1, 0x11b, 0x7, &(0x7f00000000c0), &(0x7f0000000100)=0x18)
getsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x7, &(0x7f0000000000), &(0x7f0000904000)=0x4)

14:51:35 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0x0, 0x841c0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10)
r2 = socket(0xa, 0x20000000001, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000000040)={0x4, {{0x2, 0x0, @multicast2}}}, 0x88)
setsockopt$sock_timeval(r1, 0x1, 0x14, &(0x7f0000000180)={0x77359400}, 0x10)

14:51:36 executing program 0:
prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f0000000040)={0x4, &(0x7f0000000000)=[{0x7, 0x4, 0x1, 0x3}, {0x23e, 0xfff, 0x2, 0x7}, {0x1, 0xa7, 0x9, 0x80}, {0x100000000, 0x7, 0xfffffffffffffffb, 0x9}]})

14:51:36 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x200, 0x0)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000100)=@assoc_value, &(0x7f0000000140)=0x8)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r2 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r2}, {r2}], 0x2, 0x0, 0x0, 0x0)
mmap$xdp(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x89010, r2, 0x180000000)

14:51:36 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r1, 0x40087703, 0x80000002)
io_setup(0x200, &(0x7f0000000080)=<r2=>0x0)
r3 = syz_open_dev$swradio(&(0x7f00000010c0)='/dev/swradio#\x00', 0x1, 0x2)
pipe2(&(0x7f0000001280)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x80000)
ioctl$PPPIOCDISCONN(r5, 0x7439)
r6 = syz_open_dev$dspn(&(0x7f0000001380)='/dev/dsp#\x00', 0x1, 0x203)
r7 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000002400)='/dev/snapshot\x00', 0x200000, 0x0)
r8 = syz_open_dev$sndseq(&(0x7f0000002480)='/dev/snd/seq\x00', 0x0, 0x2180)
r9 = syz_open_dev$amidi(&(0x7f0000002580)='/dev/amidi#\x00', 0x8f5e, 0x500)
io_submit(r2, 0x6, &(0x7f0000002600)=[&(0x7f0000001100)={0x0, 0x0, 0x0, 0x1, 0x5, r0, &(0x7f00000000c0)="ded464d4cb15ea7300e80da3bdbeaf11438d5177034832135080a9d83ad712be869979a6643f78fa4718711441dbf4eeb03aab5b8f6afc4fab541e45f799cf8e123893188671dc4eeb0c6a85860b2525f245c0a5b64814befc5642f3ae5ae61ed12143039989ca1c66e959c9821417fd30610bf2f96263d074e2ab1412c35211279b6f25c6e0ad28b5fc452078896eecbf5b59fcc2b3c40f90845e2180054fd22637de4abfd755faa8f78e8a93e5ae39b38cfed9dcec36d5cbcc5ac6c712d234d98bb64e5de03d9a87e9882aadaa324888497c36aff25acdf2d098f2a8de2d17649cb46c20ff76a824b4ef5b398cc778f58e60ef63c3468cad0bfa9e03ca83af036fc4b273ab74807c4db4d3db7e17f8de74e19ba7b1e61578d00c3c28a6eec1ce48e54d67b74e9b5680f541b8d7ada3e43777a5fccf9fa0aa01d26c473e9c63e2b0a2e823e7d3e5cedabc49c56b6d2919e5a9c48998471f92fcbc412d1b4434318fd759f6360e71de762a7f4ec927316dffeeb469911c4f95d4400cd1c122ebfa1c0ccdb2859bd326425197b5169a9de5b9ea5b4c1718a5230160179d614215a4e4388330b9f942538aa0f8641d819795c7c9e5e3164731ea1ee0d820472ad933a421d16a856b932ebdb06797410f56d7620be465e948061fe59a7c92cbcda1c6f2bf052a21ea2f79ea0d918d42f489a3e8bc94c7b3358c2e7ec15718b42364ff0150393856ef0f7bdb869629309135ad6995e569d13851b2e316ed471aa5f532c564ef638eb88f06d4c7e5e2e748e53fcaff79b482117ee18030dbcd6b963a343e833f84d2b8918a6560702048b7010d936a5b4d1c890a49ff4b3045d34f4cfe7db975da730c47089f9f7a00dc2c87c18207daa128495ff1874e64576188aecbe6a652f3e18c646807e982e7c5b0d325a5779b38afd546274587493185a4acd578d270cd286603b18e86e622c386355b6589efcb4578f698967d4e524b3b53b9d9cb636ead32ad1b43e762ec37445b3b3f971a33cd55df76dad1c22be95237f14688d2c41311fe026506130500b88cfd20ef82b9ef317ab3d80b8d96dd141bc082327c6b1cadde84bc08543dc7eed7f1feda2c256f2cbadcd6a24ea9fb656ac064b8f2c5a66bc03b3b0ec39879622d3eaffc14e1be5bab609fc76fc40ffeac82f3361f782b2b3632d1dc6a6794e38bc8942de702cb5e659c8404633ba3f8bb71d145de06c19d0658fdd326ae5ccc2dc0e0196127c189841814dbc721ef9efbd0a6cf6e91f0c49fdfe7c8073b04056ce5428ba321938237653b7330c084289283c78e9a820c94a420e38f4db59eaebe917f3d5b091448f8006ecfb30167f7b7c432bf8025dab6566cc215cc18797da853a78d34f48bfdc8815b4fb8240f223f77470c4aa0cea07c22c77286d9c68638f1dba2d4e9ddb835ff627ca47547165c7035a31f3bb232840454d16faa1874aae28a671592b24e97fc6495299c67a1217b12cf45b290025a778d3d398fb9513ccccc481ddc0ead8ba6d6b7a08f651b281ffeb42735cbedd5956d3055b2b999a2953e88fed2aeb759b4f428f41e8bf8e28c19cd663df2dad941231b2d94ccd8a62406b6aeaf3f134fe96eea1a415452fff325cf7cf0df508f59dffabeaf69d4ddc5cf1f84f1a26fa52010c29672d23f39ab68821075d9240c9dc5ac947978863526ed22dbb70c16dea36c13d52104eaad3c4bf418cf155c5198a0e8cf8f2eeeb83acc0c61a96e39a8deba276d2da027488ef9f9811681ef66cf6bde377ed5e248e4efe345f97615c8c2aa11a30c7e725cb1c34c6ffc4fe169c385499f67fc7c71c2fa256f64b4a8ca1b82a323bae66b2d83aeeed6c3c46069dbe4c78261e1c3dd60132d021307707835484f6923e2f04383549e0d30ee0caff1aceabca147f218490f806d166746a1aea1fac632c6d45a24c7baf31a808c3b16bd4965bc0c62eae16746f3d56aacb7b0e471c529f936990bdcf97b551bff4e8af8328294a38190aeef39b13b4b8bb12f204fbecdad1656d1fcee98af1cd8a276fc7a2a2a565d08cdd95085dbd43fc191a129e7377233f7076bcb299c54126fdb7792c231ed31aa8d55ad1bda589a746573670abe2e29bf5f093a9e526d0e198fa7c16371330d0d8b1a9d1b1498b854a1439c9ebca768660f738965518e1a35ab51f8c641bb3c04dbef1f55834547e1d793394b065eb441a3817b4a4a1b0a148d304ebc9d378ebed411e2e261c18ce2c52a9dec9184203b256d5dced1b4849340a7cf292faa1be21f252987eae9230b126e505f04b7a4634eec2ebc2048eb4af67f10a4dea771b7e48bdd4ca66818899face6e5cd5e2edefdb0acf883d8c52444ee1d017e7a35036553fad68a02a7a5254198c2e8b0cca18f63166f7d2921201e5f750177664fab9459fac14767768d969ef198b52339ea219b3f8d77b5ae81e5adcebdb3101857febd1a7b69b0a3fcddc691d41684ed24cf5dd29dfb2be8f35460321774920bef8e7e8e2c40c1132f29523d3435b16cb8760d2a13f539a5551a4dd7151642dd8e54324e4171686cbea1bf2619ca2b687850cf08ef6bdf96e081c063c979f517ee0db0e224b983c4e9cfb49e7c5dc5801db8ce92f96451275c4da3621cc174cc052a08b25744e67c463d524bdca7a206cca66b9426d7cc52e7915b0db75b8028665d745c9370c91306cc9aa3cb8b4ad4f465d261a01106d2f36d672e47c7903b8ef22ab2c000f450fa6d945741e46fbeb85803612bc496b298520ffd3909dac915b00fd12dd6c3cbcfc21926a7c84cc074734f4d1542d3a28d4adf04aea5180d1a52678e15f7246d5e655772f7b6eaa92333f8396f9669fe2df41049267898149b14080e0de986dc1713a31effc48be9ddec7d163e491963892ca47c678a93b93a92c69305e735fa36f744340f884a3ae4f9205ceb9584d7473534825807fcd6f6cdfeebe2470554fc54e9cb22f7a2b476f8484e3491c79d549091170faf6ad30b3755e9a7911da5c89fe9421ec329dbdc78b46d03e65f1c279835188c97e3a7e2bbc6c1186b1fad2a7bcaa6131610c2cce7d9bea6ae7bdea1371b5641031908a90548b5c3629ee8971e0b53c0cbe7cb60fc50f98474848791a23cbd87ebff52dddd818b4b14e8a2c406a26e02f0ad3d1802dfccf176c20ec14fd3be044f3903a5ff509bf37e5a5d423a31c5d10cd3f70acaff5f12edbc48b14c8358f172eced0e772ecec3723e0f246f8cd231d7453aa4fe2b778c360ba7fb7788a5966614377d37e73f5ea5c0a6f9281e3d328ac37ddad5d1530abb96b6dfe3c502e820a0a138a2149bc69b3880b50ec70998dcf421a5539f9be60d30f8a85d86003fb4039243f586758ff6a4f7c7a6cdc64dc11c2349196268dee13773c01677ff5960a1b72f0ec6f5df6b521dbee7bf4fe3b8005cf8b1c3b52cf802ff2febde9320092dfecf7ccafd782a7264ad56d597b3068337c07798411a1489fa363b8027143498ecf568aea83d6af0cbc5e3ed19642af2ccf84972a7621767d0341f1459ca8219149b8c5e723dba89c8da5bf29e494e232e697861f1adfa504dcba968798c614862e9357dbf60073eb7b645a4c43d6031a44612d859925a24d661336dc6dc0ca05beab4d0584d5001db69149d306ee32688aacc84fc8131484ef1d92ccce24b98ded04264e74b2f28f41c3655bdb8d2c9c4d531db84322f9a6674c557ed8131f19035ae62ac856ce9470b4b7c85c5ca9ee07ec10cc5bea8592e236b233550e07a56b50fad675013db6d6a054b8787a39a86b14f6bb28a63439a52f3691857e08ef629f69da6fd314cff5319b6008bc3bea4f618cbff8f40c7c7f53f6ee5471dd98f6f166040d337ba529a1f7d9feb3e0f7465a9d6b28e9c871864fbfc7ab048d2d488be0b8b1381c5924bffc6286fda45e5fc744a0521b9992b00f5b233a26357cd33b12e24534be3e86cd6fd2845732ca85e392e0133e48fd059f3022bb03db20e82c79e246d7bfce8dd03a26fb68a49b85dca80c1ce0f5ec32a3cd2a27fa8e6cc88fb68787bdb8f8a88239efed9b542a2a8cfa277d40877d9419f8f4630a5c0d83c03ff9ff6703ebed6019788c5c66b968f6026eee39014e4bf94f112ebda011b1765006a6b7f4f535742a856c0145d552c8763b823e6cabb51300734a72844d328c5eb314dc3e4f8a819fc02f54b01344ac99283b32d2af45cd91af6b58e5501997d8d5af534378f6dc305bba6634123a9d17e3f210aab7a68111fd7ff8df53f822c9fb61de0ba4600234ae032b1a4ca864b7337841680f57d2992e7319dd91462c772c32f941d4681d68d653a269a1844ccf34938dd461923ecfd115ddd6022110ce26c6c24b054b4470c6756a309ab58f56f003cd44b3108f15d6df2d09ee544bc3cbd7c58d8381e1cdb1bf1a3d64f45e9ed1673cb295a34f19c2a5f21172cd8258e027e13c02d1fe564cca7614a06eb145c92f91a47a0f143c774946521564a5fb9743fe46b7df95cc55ff61263ace89c62819cb3cd402c840f8ba158f22e98916eafe74cdae6f1a7eec00670ec1a0404491e61e82a59bdff077e33e6dc37e3ac7617f09d753540d85fdfc0536fd3c3a5424c024f625bfa91f8569b21baf6325639ce52fc781580b498a67a9a13a78eeede291a607a0c39693ba1c0c1a7cec123f17069d015d40e342a1daaef41cf2d2dc60103f65b1386efbcd48314b60a2ea50cc780f22fe039a08ce9506d51c6cce7bf7009f33d144fb0c1bcb0287892696381838202679730cf1acc4837b59b598fc15e761683d92ed0507d7e48710a01730e416156b39531311ae29e8cca76660627c2e70de319202211150a5a70cdce8939ca0df60325a394b37efede1e7f20ca2188849da895bacbfe4508dcdfeba75014dd5d2b3d5664ca82e840e4fb9bfd3a0843b85f251c8681ee1f65c749281d04a3408fa0a6005a5588cc449f7d6b98099b59a7048234ca31eb4bbac26f8639c30fadcb52a2b99da3e7b86af977e67d960e5db41cb8c94587e840cebf6e3c6c7a202cedfe592326366b31edc2f6f29754a7a59e93c572ad282adfacfff1db4cba87bc353a85c9d68baa6338c4375fdcade52dd22c6d98f259788c7645acd4f26b9edd50c33a3d389a90f46e54f3fedddd9b059903f7e4c1c3b64b6a214c1762cc52f0f2945c04afbc368aa31961b6d6f5bc461ea770d7822e4377bffeafdc83487293e7976297602d8968b81405c9c23e89759f59270c170001a54e9cc3633b5c889ee15dd6c6b295e6f0e9df2c24d5956687a98686724701f5e10a5810d3c08c3c8656788d4502ea4e9580afcd343d7a969c5ad740984422c91c3266f5c7ca527dda3e12827b908f91e15e1d6e57239c45ac609893ce3dad2e89115d270f77ec45f6a98f03a9713447efb0bbd97240b6998114185716222eb49f18c9f9d99f0e6b974213c9064b0c08eb331bd3b4808e068a0b9896805bcee14684f2ba6ab6167c372a4a41ed4d8b00f22689ec3bc2d095b83dcbd073a6743c51b51622b522cf4e04d6afd70519ebe1603babf0794528cd56e74da7e3f46c91b99e5924905be3bc3d394e88aa770e1893e411c57bc442b87c8724acb24822ea399031a66f2c43c10c7806f057db31cd49dd04371df2fdbaffb464360497021365385ae92d98e3d6c8de5d1cb7a361e3936ed5ce76d9e74e23943a92ae67130058f0f17c9cbd7644a4925efce32cf7a0c7fb50e51591ecda0178e6a83d468fd59abe3d0816a8387aa2d79eeef799c0966f6d0cf82449", 0x1000, 0x8001, 0x0, 0x2, r3}, &(0x7f0000001200)={0x0, 0x0, 0x0, 0x6, 0x800, r1, &(0x7f0000001140)="c44793383658c2ada2a20d77903cd1ddad52342442874c3ffcd93800c5733154e314877535cbceb294c659b5e2fc83b697eef6aa12a52a13ac08ba0ac975ec989b21852d44cb8d602c873d33cde403916d177e6e9ecfc97dd6b9003d40118e69a7e77a03ef9a8ed990e5b7e7621f083fc161e54cd916588e8430844cc7495a0f6febb21a927d386a291b99e945edad941169e6c0ce8cb77f9a10c022", 0x9c, 0xa0f, 0x0, 0x1, 0xffffffffffffff9c}, &(0x7f00000012c0)={0x0, 0x0, 0x0, 0xf, 0x9, r0, &(0x7f0000001240)="da47ece3feb96a14e42e9dee64beb321721a8abb5f4ead5ad32d7fbe79ea62deab0fc023285d1036f88ea2a0c77ddfb9b086068676e214ae7479f5d45c832f", 0x3f, 0x1, 0x0, 0x3, r4}, &(0x7f00000013c0)={0x0, 0x0, 0x0, 0x1, 0x2400000000, r0, &(0x7f0000001300)="7c90e152cc98aa660b502446bb1cc1588d85bcbc247c8a8c0707104e64119b0ead10245eb2bdf40d85a7c87661b7ff61a16c92362ffea833e108cb3a58f09b27ed724c50e454bb38406f17b9783cd8ab95340503e2c118c6cba7877d1a5dd30f35085a892acc6eb13a52549acc1f09e7", 0x70, 0x5, 0x0, 0x0, r6}, &(0x7f0000002440)={0x0, 0x0, 0x0, 0x6, 0x6, r0, &(0x7f0000001400)="7abdb45799759376c8025a68a81b15c52b0cea1365e6839c5465e9ef114545b2777af39cdba61e2d1a3f209553455de693b8196318fac181d79e814515b497dc22107696f3b9a1ffa99bc008907bc274d2e5c5d920ed98b5b213affc45805574fdc27d4549edecbf638e8dce5c8568f964d6f3e933a2fd235f143b5967165077c239a4a38b55d0534411ec6de1b8e50f69da766e837eeb067786cbb4c01abb1f58f152299f69e23089fd7c46f5d9a3eaf8dda14b405898070b359ded5c12b5d39c2450957041358aeacd1fed330a69d1d29556de20818a8400d1f4c206df1bffb33d78766c441cc98664bb2b6ca248698953e46b98d72ea7ba2d4212ba63fc211b0501caa567adb56dfc0a2a73fd9c488c534e990e80d8b27e08c4bb4df5f42b1db9901a97b2aeccf663d4d4a12cd7c2eae2a40f36c4ec0cdaae508a7c1314e99d125329243b4fea7648eeb5e4fb9b707fb42e28e7b1061c35659193fb6b6d3d2d3fdb7f18fa348599b0cd19102aaef36362813167bc08777bc2dc3b292fb3e8b8ddc155c7deb1bd4788724c8f60a5f21889b7845d3cdbd7d9baf3001b5531dae3c65ea590f58c6c5877e81f129350834cb825ae2a83caf8d7b01cbc1f19a3bba0d9fa9b10ea15d5a476a51a7d3d64816b478b5be59587f1a7ac25ac72efc68e4d5d215ee530d0ef959bdfa1d22a3dcdbda84bfe1e34ba7d8186c65d98fed978683286c573641186975555308507b3e175d73e423abc2126f246a79f5e79017e0aa41a1a4196fdf20f5217f9c4a77e1ff78b6bca6dec4d7aeb004a49d93e28ca7ace3e4870f97b88e1d5ea45e7ce659c15afb67d95c81ae14eb941e76192f9162e330cc79e7b27ce1f8fcd3aae1031984a185241669b9789ea839fdf5f55dd256e56ff5cd886e922b69b572f80861646a0d141d9508860895cc8cd8700273dc7038e1faa3dfe3c85729ac2847cdeca03c0a89f7f9228ab3f7f07732d9f68084d46cafd6e9c16432d86647f79428713089193c22d3d0e0e75eadfcf0d30ceb527bb10ea17b0b6e8cb029419076557fe3069c3cba5ddd037477561509fbb8e4996be10d2ea670065437bfdcdbc373be8d156097dc71e0c6c1dbb3543b1423ada5005c66caf8370470cf31133daa9c74ad41361823a9bcc1bfec303141dd8dfa7325d6f02d70f89b5d4dfa72cb6ec22a7b11d5f3ad61f9ea035b624e8a5a8e4f081a1177a5be5437e87dd58e3b5e5fedb856a7dcd1a48762da6d6e44a1a30a33b4e52db32eaf315688decbe57400b3718c80813653521c593c3d10726d3439570b459f3fa65149f73d6d24a7eb1829c98bc7c31b7075c441b71ea042ebdf0e91cf7439c28b87ac7ae44ef4d2083584d5b6bb0c7fb652aa58ebeef639fa8a9f56fcbe552e9890cefcc55fd5d2c5f6ed5c0cdb0729447538c8dc285f594355d9632e1f6c8695c9a6a3c8fbe5d8062330c12964ee3bffc6e31f93cf498baecd6daf688ab51a48eb234e21194614fc1eea7bc4697902152440b61efb819bea5c97056973135bf686a6bbbb19aa3a5e74816ac64dba86d200cc907375aa604c4b5c59b10e3a425ad3b3125388b0b546dac5bc56658e059b418066970cd85f7412ee67de52a84970eb146683df9eedd0ec2afc233dabda69fd74190548e3708317f33019396465bd52e9c4e7599bc4c0ea2a93186631071902d2e81c1901332e0447cb2c7f088f9558284123b00b73eddcd2181660f95dd8f54115098c78f2c7fd93573c9c2af24d4ec14c744594692202fbf3b109c262c39116d79281ecae52c87ab9cc45cd01dd2468f11005d487a1113279af28a9647fc8545a9bc96328b20cb3b5a58604c525c13b15e7fa07311fc74e9e2881c6d7ee29cc0a9ccf1646f7f8fa4ce775682a7d2082dd66383d22123fdc8a0bf5bfdda9d38a1b33012ea42617692ad6b74ad92d521710c833527633bff9d97f119606c44b9a74fe16dcfbc97a887abca2cc48fdd245f135c820060a10979bb9147adbe33dbcc442c410d0cb6ed69e11fa3dc95b5298d1570fbbbeef45427e41ff3d11d7b74cfd204998261f4f2932ad39ddd6c56d3acb65f1973c817de1f021d44bea241cbb02be91f4bd26e81096fd4424280d1a4bc9f3d571fd037b6f2fd7cdd27e545997fd8994c7f1ad6b59f739504978c40d984434b739d7c67c91f6818f514d77a166201fb048c056afa2f1fdd8eb34ec1c4338a990ab7b5e36d26a70a1f5bb17d01a16f4de3401cbaf1e3b4c8db06f68bd26916a72a1dc3dd5450727feaebcafb5e96f05c5918077eba2faa9787c55974077531728d934d756d8828fb4e33a901061bad001bef133916f6264242beee1e799bb8e342bc90ab3e64cd435b4e17d4e8864fcc7641a629115f11ecc60615299f967ddecfe7f554cd9acdbdc711fda17e31c46f16ff7fa3b9ef37c8c3197e58ac99075e0feef00e50b7fa83b3f792845d3c1c83e411b5f7fe5b052ca1dbcc548734ee24d8fd59941e433c4a91e8e2571235112d746051506bb88594c238fd13e1e7f47255988dbd7fe625d6a57527ba6f5a45d45ea57dc0e47be659a0ee695afe299d01b3436ad28b7c962f736c42a2d214cc522936378f19e1f069ba43309d91c9e6c99475604b7a2df451ef074007f84b9135710f494a89f114ce4f07bd118b6f964ea4d3291aa65422342dcec1debab032c7a419b318b1c7e08847a18fbcb2649b4e742deb8822f97e42afc1a18bde2368aa47b23c204f0ddc24c603211f02bfe9d29e9864a4f2b21f6deaa0a34ecb52c790c912496be67a05426a5ae61f128bb4f996793b7f4150e15128305d3800fc7b752dcc859895fc82274843d4b7e471999f8444b2bf71baed4cd9600fa720cc612f32e4b447feff63df27269e0ce427a50ce86354a57850d87965dfb371e3b4eb8df4b68d8051aab9c3b411ccfb6625b95e4727bd5cdfe6982a174330340a2a12bd4c86b1ebdcfb50d872f43ee75f71522472f96eee82175dcd909f89c91d69623249af4b16ebedc2f8e87b48198c3c9604d2ed77126af10a0ae22781d4738c6b9bdaaa3d234ac532b1e87b90851244493c7f5afc213f58d200e4f81e915e22b27e8e90e7dd6bd7c15a48a54d73f4f5ca92c70b8f9171c18cc60f90fe7fb6f21c42eaa5161fd49c49a6324315abc3fcc555241787b6f30e755476135bec3ac08ccfe9aab351756792240f174ed7d4b9dfbd32be77c3fd623fde765f18bd3d333d10e02b6ec41e82a6b353ef8aae3e9eab3116273882e2ccbd2bf024c71c3da997bc0c68060d94b0189c92e438600bea12fb7be4c4dd384c2d6dba4696293883a99e70fd1fbcb8e5123a06e397b869f84eebbaa61bcf2e1845e1c0544b501d709fc784c34adaa607ac1f068db26bb011dbb7cbd76dcbfd11c4686d1036b774d110f5aa4fad5b8e504aabf94c8180fd118d1fde447dc9a0e0f5a51d2b1e629ade977273b6e916022fc18c441496b05a45eb47f3efdb610a6028b16288ad45bf852a3ca1105619838690dbcecda189ef4c40c01514c0bd73f7d17675f422d05bf6c4696ed72f387ed496bdf506d00d51d50f00fdd533d54af4a941e5b1a22dfa3c63276f6edfc7d0d98706e1977f1a7c2606dba845d060763ef09054f73d5501052f75435f921efce70e2786d744daa8f1a32e3647e7485d750140ccef1c385c86603fc8017d59dabb7475b08ffd7a9ad1222de322bc9076a532ec9b158bb884ca2880cf6fee19cf92f86d085e603078c27d882ad868c22a7f8111ffbaff961f9c9fd06e5857bf75b7d4787a3a0b9cdd2d30581d67ac8d41277b62ee29818caa10cedaa5902f59c5f0b8679a5c137dd4ed03096ce1a56c2d60fd522bcdddb31abd7835f63f06c64fcd58102daaa23982568afc291823c00a8d90730350a114165be71b6b53370a83a6a8b9f205793414a53243c36af96e9151d57bb613982f3003539e91e5b29ead0c4ef2e633259622c5cf2a33ff0050885da09796e017350c9869f181bf64a4fdbfe422d46aa20152c65a538cca16852d723c853be1c37f9b34c18cd8e9995cafef9911571ac7f0f13c4492fe3fc47bbc1a99ead5c94c3baed8e2035951e6db131c5985db25c3ca5630fb3fa707f1d0e58dbee992d07b9ed90f7f89f031e6fd72421b13f6371a0a8131981bb53236900ba2248fbf1063441f86cca0553c2364735461814586e1ea85f9fb8880c1605e720bd279bce5ad30ee73b487ccb7bb4c73d97f04dfde388ec4f674430c640a03d71335c6206362160a924c354cd774b21155388abf84d19f25a37bc660e81dd7ea784cc6e410681413ac18a5faad81fc9e52dd1a8f4cc4f2741b4a478d6c46bdfed5beb07b9378e51c4c01713b891883d719386e65386907824d597f05417cd89bce365a16f73afef7162fc82bbc03955ac430318b0cef1455aa35be610bbee45059317fc3fa48c22d5463b401dd07955444207a8254e3c962b4b38a4829b25d1903adad7d187ac5cf85a53f9f3926eeb8f4b444c0d6ab24907c3db5d1d87943737483e70313707791e171601c328c104b8018d51ebd8bfe1541b3afc312cd9909a540fc97d13e66b5ad79caf76eda30f16b78dad81d1525f36bfbdf603579e6cbf5eb7fbedf74582b64c6e29c642380baac8cb0002cff3f443beb699cf865b5d98cb726b340117baff47e21569042e2c8a3e0e622f78e3c0116b585879f19ae5c9ca509e76d00deafec5041879433968a57e6eb5a1ecdfb3ba7492b895f4a2310688c3cbf074d80626a69c5d23c4cff7e44872860902c4fa4295af233242b95e62f3fe645243b1f18a948c6a314aa6cf09f4c18b2e8906a87fc7f96b3012e90f2f5dbb65a9989f062cba53449acceaf1dfe2682181f19cc8b2ad8310ab5bf5361f479f025845546595108169e6a3529330d86db02ca0361b3d5736fa0e1ad492ae46aee9e6bf83ad6f8440d01a9ede0b6632b1b225b9b9596b1ed21d2e93fc0bdaf550aab53bbef3572f4ec104632ec28e608e2b7d9e9f58ac37f7b15d2f42f23df3b4cc064701fc510dc41a5c05cd8093b0efdad942b9674aa7dfee2b6eeb4ed9a1c9ccccf277cafb59e823c42eb8d88dca085e820fbc5d424305da591970baac01d074fbd34d88d87dc9502fe115b7948f24bc190a67324de30c9adf0143778cb0a6b39c9a43ffbbccf55a0b420c9e7c349cf320916b03b62f0d633ead1a941af4fc7ac2bcdadb7886dba20cc8405a92b6440eec4a00c3ebb4aab76c684697d53583c79521e10e3baf203ed0d4b1a17912505fc1599abf18e106a225d4e8682658c49d54a8c31b61789754da777028e4b5fed4282345aee8a838d36b30706e46411a8349c206b1a3cf08c5bf8d7f7b471f315e156774b6b7327c6c48a8aa661accd0bf527507ad7fc249caea2e33faf3bb45a094c62866179c09f53725a667e4a38a6cfebfbe044ee75756dbde6e01f6675f4b9e1f51ae7ab95ffb7b628b682745b5f645d7926299b06ccc1c81152b837701e334ffc791379f0798d68b4ebe8316fa58cd20c5567a2ff8659efd2ddda58b12c62c705a656b04256f5b9637d668dcd313c32e7c69d8ca4776a67815c01279aaae67926095400b4f7196af0956d356723473b440376a7801de8c2c503ae057cb9cca6a1c23a3ead262819a2314a56776a293834b1543a55b47ecdc93f25ce7d3f3166b5132d35ae3d767b3769f86a01ba86cc72962694bfcc39056324040ae729c84d69ab95f36dfa411a4b38eb2d61199a379dd09d7489c531f9b3beb3e787cf", 0x1000, 0x3, 0x0, 0x3, r7}, &(0x7f00000025c0)={0x0, 0x0, 0x0, 0x3, 0x4, r8, &(0x7f00000024c0)="45eaa3519d8a5612384e5303eaa9161c9fb5f83532f3833182a46ec18aefba963aea41bd27f72e1d3ab7698100e4a0e13d48a4c078f7f57dfc8a43b55bf5327f99e047ec590712b55238f7bceacde9490902732b1c1e2fea671b51b4903196b6f52bc669de608128b4eeaf68e1a6702e0dfcf93dceb870b58271e69d7f09934ddb49e38af59425aa7440e870144411899f50770aee7496296aff136c9c9befce0afb80e195", 0xa5, 0x2, 0x0, 0x2, r9}])
mmap(&(0x7f00006ff000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0)
lseek(r1, 0x0, 0x4)

14:51:36 executing program 5:
r0 = request_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f0000000040)={'syz', 0x1}, &(0x7f0000000080)='cgroup\x00', 0x0)
keyctl$restrict_keyring(0x1d, r0, 0x0, 0x0)

14:51:36 executing program 2:
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
getpeername$netrom(r0, &(0x7f00000000c0)={{0x3, @bcast}, [@netrom, @default, @bcast, @netrom, @bcast, @bcast, @default]}, &(0x7f0000000000)=0x48)
creat(0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, &(0x7f0000000240))
r1 = creat(&(0x7f0000000340)='./bus\x00', 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fallocate(r1, 0x0, 0x0, 0x1000f2)
r2 = open(&(0x7f0000000180)='./bus\x00', 0x4002, 0x0)
sendfile(r2, r2, 0x0, 0x8000fffffffe)

14:51:36 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0x2, 0x0, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:51:36 executing program 5:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='\x12Og\xcc\xef\xfa\xeb\x11[^')
getdents64(r0, &(0x7f00000000c0)=""/31, 0x1f)
ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r0, 0x80045700, &(0x7f0000000040))

14:51:36 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r1}, {r1}], 0x2, 0x0, 0x0, 0x0)
openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control\x00', 0x0, 0x0)
io_setup(0x154, &(0x7f0000000100)=<r2=>0x0)
io_cancel(r2, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x8, 0x9, r0, &(0x7f0000000140)="fd81861c704e6a74888caeaf9eb98f6dc48285b887c16d19dfd40041247d9d42c927b4de528ad7a3e90624e47aafd9f40c5a517474ec44dda228562acf5b88a38487672ab97ca3ce242315d4917cae10ce1fa5699cb9fc", 0x57, 0x81, 0x0, 0x3, r1}, &(0x7f0000000200))

[  311.933268] audit: type=1800 audit(1551451896.582:53): pid=13486 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=17292 res=0
14:51:36 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0x5, 0x0, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  311.972709] audit: type=1326 audit(1551451896.622:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=13490 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45ac8a code=0x0
14:51:36 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$sock_int(r0, 0x1, 0x4, 0x0, &(0x7f0000000100))
r1 = getpid()
ptrace$setregs(0xf, r1, 0x3, &(0x7f0000000000)="22d69bcd81bd6b4035a33115838a5177c0c13c9db4a25c30d09004fd6a954b3a88c92aff0e45c5be83f5a770e74d8d7de42bd03b4a8e0e099451bf08609dfe083597ae6f76590d9e2328c426edecae5ff1a42a61f0f4ea35c297c960b4667612cb5f2157f19aaa121b552b628d3d623a6494642d81ab241ea916af9a4e050efbc044160be02dc91ee0dad49580e5d37d88173c4dc16088073fc64917c2c662dc5c0686fcb8bc7cf020ac7832891f7ca29108686d50930939fa90ee17fc80f22cc42b4f57d38e27f858c11ce6f41713071da9998b14ae2074abbe7fb9417c5d9663e436cab5635e7aecc0a504a07f63c3cf755874c91736")

14:51:36 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
mlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
r1 = syz_open_dev$vbi(&(0x7f00000000c0)='/dev/vbi#\x00', 0x1, 0x2)
clock_gettime(0x0, &(0x7f0000000d80)={<r2=>0x0, <r3=>0x0})
recvmmsg(r0, &(0x7f0000000cc0)=[{{&(0x7f0000000240)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0x80, &(0x7f0000000680)=[{&(0x7f00000002c0)=""/227, 0xe3}, {&(0x7f00000003c0)=""/134, 0x86}, {&(0x7f0000000480)=""/169, 0xa9}, {&(0x7f0000000540)=""/155, 0x9b}, {&(0x7f0000000600)=""/84, 0x54}, {&(0x7f00000001c0)=""/10, 0xa}], 0x6, &(0x7f0000000700)=""/93, 0x5d}, 0x6}, {{&(0x7f0000000780)=@ll={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @local}, 0x80, &(0x7f00000009c0)=[{&(0x7f0000000800)=""/158, 0x9e}, {&(0x7f00000008c0)=""/57, 0x39}, {&(0x7f0000000900)=""/183, 0xb7}], 0x3}, 0x1}, {{&(0x7f0000000a00)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000000c80)=[{&(0x7f0000000a80)=""/198, 0xc6}, {&(0x7f0000000b80)=""/205, 0xcd}], 0x2}, 0x9}], 0x3, 0x40000000, &(0x7f0000000dc0)={r2, r3+10000000})
getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000e00)={{{@in6=@dev, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}}, {{@in=@broadcast}, 0x0, @in=@dev}}, &(0x7f0000000f00)=0xe8)
setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000f40)={{{@in=@multicast2, @in=@loopback, 0x4e22, 0x7ff, 0x4e23, 0x5, 0x2, 0xa0, 0x20, 0x7e, r4, r5}, {0x401, 0x800000000000000, 0xe2, 0xb42, 0x400, 0x1, 0x8, 0x7}, {0x800, 0x71e3, 0x6, 0x8}, 0xada, 0x6e6bbb, 0x2, 0x1}, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4d5, 0x6c}, 0x2, @in=@local, 0x3506, 0x5, 0x1, 0x10001, 0x10000, 0x0, 0x1293}}, 0xe8)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)

14:51:36 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x40001, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000100)={'mangle\x00'}, &(0x7f0000000180)=0x54)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r2 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
lstat(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
stat(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0})
fchownat(r1, &(0x7f00000001c0)='./file0\x00', r3, r4, 0x800)
ppoll(&(0x7f0000000080)=[{r2}, {r2}], 0x2, 0x0, 0x0, 0x0)

[  312.215370] audit: type=1800 audit(1551451896.862:55): pid=13486 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=17292 res=0
14:51:37 executing program 0:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f0000000040)={0x4, &(0x7f0000000000)=[{0x7, 0x4, 0x1, 0x3}, {0x23e, 0xfff, 0x2, 0x7}, {0x1, 0xa7, 0x9, 0x80}, {0x100000000, 0x7, 0xfffffffffffffffb, 0x9}]})

14:51:37 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xe, 0x0, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:51:37 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000100)="041be761ce6b8f3b7cff868b6d8e5f779c258815915eb0277ad355e48e43ec843a6b44c28c19756bd2c222aa9119c19a3a138f031eaa76c20cd74f5ca61b696eba9f6989c629e07fbeb7b91bc7b739970e3424301b3106f8963ad4d813", 0x5d, 0xfffffffffffffffd)
keyctl$invalidate(0x15, r1)
r2 = getpgrp(0x0)
process_vm_readv(r2, &(0x7f0000000340)=[{&(0x7f0000000240)=""/209, 0xd1}], 0x1, &(0x7f00000008c0)=[{&(0x7f0000000380)=""/12, 0xc}, {&(0x7f00000003c0)=""/46, 0x2e}, {&(0x7f0000000940)=""/251, 0xfb}], 0x3, 0x0)

14:51:37 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000080)={'team0\x00'})
syz_open_dev$sg(&(0x7f0000000100)='/dev/sg#\x00', 0x3, 0x40000)
r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x20000, 0x0)
write$P9_RAUTH(r1, &(0x7f00000000c0)={0x14, 0x67, 0x2, {0x0, 0xfff, 0x6}}, 0x14)
ioctl$sock_SIOCBRDELBR(r1, 0x89a1, &(0x7f0000000040)='rose0\x00')

14:51:37 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r1}, {r1}], 0x2, 0x0, 0x0, 0x0)
dup2(r1, r1)

14:51:37 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
fsetxattr$security_smack_entry(r1, &(0x7f0000000040)='security.SMACK64IPOUT\x00', &(0x7f0000000100)='/dev/snd/pcmC#D#p\x00', 0x12, 0x2)
ioctl$FS_IOC_ENABLE_VERITY(r0, 0x6685)
ppoll(&(0x7f0000000080)=[{r1}, {r1}], 0x2, 0x0, 0x0, 0x0)

14:51:37 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xfffffffd, 0x0, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:51:37 executing program 3:
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
mkdir(&(0x7f0000000200)='./file1\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}]})
r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0)
ioctl$FIDEDUPERANGE(r1, 0xc0189436, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000000000000000001dffffff000000faff00", @ANYRES32=r0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'])

14:51:37 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
r2 = dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)
ioctl$FIBMAP(r2, 0x1, &(0x7f0000000040)=0x8000)
getsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000080)={{{@in=@multicast1, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in6=@dev}, 0x0, @in6=@initdev}}, &(0x7f0000000180)=0xe8)
stat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0})
write$FUSE_ATTR(r2, &(0x7f0000000280)={0x78, 0x0, 0x2, {0x3ff, 0x8, 0x0, {0x0, 0x100000001, 0x7fff, 0xffffffffffffffff, 0x3, 0x6dd, 0x3, 0x8001, 0xffff, 0xffffffffffffffff, 0x8, r3, r4, 0x8000000000000, 0x7ff}}}, 0x78)
write$P9_RSYMLINK(r2, &(0x7f0000000000)={0x14, 0x11, 0x1, {0x8, 0x1, 0x4}}, 0x14)

[  312.843363] audit: type=1326 audit(1551451897.492:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=13530 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45ac8a code=0x0
14:51:37 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
mlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
r1 = syz_open_dev$vbi(&(0x7f00000000c0)='/dev/vbi#\x00', 0x1, 0x2)
clock_gettime(0x0, &(0x7f0000000d80)={<r2=>0x0, <r3=>0x0})
recvmmsg(r0, &(0x7f0000000cc0)=[{{&(0x7f0000000240)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0x80, &(0x7f0000000680)=[{&(0x7f00000002c0)=""/227, 0xe3}, {&(0x7f00000003c0)=""/134, 0x86}, {&(0x7f0000000480)=""/169, 0xa9}, {&(0x7f0000000540)=""/155, 0x9b}, {&(0x7f0000000600)=""/84, 0x54}, {&(0x7f00000001c0)=""/10, 0xa}], 0x6, &(0x7f0000000700)=""/93, 0x5d}, 0x6}, {{&(0x7f0000000780)=@ll={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @local}, 0x80, &(0x7f00000009c0)=[{&(0x7f0000000800)=""/158, 0x9e}, {&(0x7f00000008c0)=""/57, 0x39}, {&(0x7f0000000900)=""/183, 0xb7}], 0x3}, 0x1}, {{&(0x7f0000000a00)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000000c80)=[{&(0x7f0000000a80)=""/198, 0xc6}, {&(0x7f0000000b80)=""/205, 0xcd}], 0x2}, 0x9}], 0x3, 0x40000000, &(0x7f0000000dc0)={r2, r3+10000000})
getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000e00)={{{@in6=@dev, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}}, {{@in=@broadcast}, 0x0, @in=@dev}}, &(0x7f0000000f00)=0xe8)
setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000f40)={{{@in=@multicast2, @in=@loopback, 0x4e22, 0x7ff, 0x4e23, 0x5, 0x2, 0xa0, 0x20, 0x7e, r4, r5}, {0x401, 0x800000000000000, 0xe2, 0xb42, 0x400, 0x1, 0x8, 0x7}, {0x800, 0x71e3, 0x6, 0x8}, 0xada, 0x6e6bbb, 0x2, 0x1}, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4d5, 0x6c}, 0x2, @in=@local, 0x3506, 0x5, 0x1, 0x10001, 0x10000, 0x0, 0x1293}}, 0xe8)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)

14:51:37 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = dup(r0)
sendmsg$nfc_llcp(r1, &(0x7f0000001600)={&(0x7f0000000100)={0x27, 0x1, 0x2, 0x7, 0x0, 0x40, "799f9b5d9a2ac5972e9c079534b0bc7cad70a4062c6b2d7691f5a96a1c29a51499db3cfa4e91057043953bc86d7ec45692e09da08806b2a36505fa17ee2c9f", 0x2c}, 0x60, &(0x7f00000014c0)=[{&(0x7f0000000180)="0c161d6e889c088c526ded051aade965ea9b7e82d423e97496d993f23e3326b9084915201536107ec41c4e23023f1775171b9c07a9fb78643b6c763a0c19c57b80adcc86855b792bf1c4f4a5790ed77399680906cb52810e0ff24f4b8093e2ff39ab2e29f751678d136687e9b005ea61fc8dbee59286e8cfc777", 0x7a}, {&(0x7f0000000200)="752a0280fc8ff5f070ea1fd5691bba09327b84e303cafd17841382dc9b6e2aecf5c28a91143feae3c54f7f5d546ad95b837c7c58009504aef9f35e9ea8be3780ef8a92a4c3b995f575f7a047ef454d6851862260cd57381509e6712b190c5b2271ec0035c198b17dd05f870a1c7d2daaadc934c11c5cd520d9747357875eb025ec216a6659a127ef1b8891f09e421b602f67f93c792ffc4388dd2d09f0b0b62cce8b3befc23e6889f908642470cea04d90a89aa64c27b7496c61dfd94cbfd3aa6969d1f2baeac02bbecf09e1ea7c4459b18262347c7c54860388c9a12955dccc55024e", 0xe3}, {&(0x7f0000000040)="77b7291bbebf32dd76be1124872108c17cf227e8de7fe68589cc2f4156ce629a19", 0x21}, {&(0x7f0000000300)="7da3176b21ff770993a99dd622c1c9799159d68f2b61c97c5fd86ed247a32fe352", 0x21}, {&(0x7f0000000340)="b773107a7ec0b7850f14e02e54df7fbca10b937573eb4cbb5864bf4a0b601a1661e81ccf260e02c577b47542da18497026d2cc75b172fc94f7140c38bc48a7a6dc323a780b14e8e13b417f9456c644b5e3f2f8eda7957347566160d2ac36b5335924200eeb7193da1bc78b7823bbb53670b768c59ca9f8f5dd6de78e0999376641abd639a76595d6d743c5f456f529e01135885815196aa2b997e70ce9e68cf025d9a58157fe911d569a1df5dede37c826f4cb2c8f7952eb05f08f8fdb378f2f6f89b6bbedeaee12f59ba09eb29753251caae4cb2cd13629d6b203a5adface0987c8e4a559716b694314", 0xea}, {&(0x7f0000000440)="e91a52783bc5f2894175245b7e3af56a554e7b0839383c16c7e2759d99243ef24418af6a4b560fb32aefe07c607c6d42bb67686da7f5f57201a9314dde4d8e1282d090f9d6131f50239df8b5e89e95184433047a584e5058b43df9ab7b", 0x5d}, {&(0x7f00000004c0)="57b6d292d2f5c50a1f53d3c40091fff1ab311e10676f7545a72a77f64f54bf7154f4ecb449aeb2b3ae2b29d091be2cbf1300029ec13d8a256900300ae65359ba23a69289b398d76f69fe4654a8a34cfe7373578abfffbd1a32763fc2930b5a6371443c1612fa10e8b19fb90c7123aee57d205229555cc56808a94f2e8ecdbc99cbe7455c3d15f2abaf28569cefa305c22266f472ac527f7179f8ed724314e27ffabaa1b4f132b598135b2c9501e4813a48665eab29bd272706bec9aa5e06049794ab2b485e3c87ada6e8592cc7b5e2fe25228e6d7c70de31bbeb6cd3a4495bed2840f0359de94bc4d49bc2304100cb322aeef28f71dfa6c8edf9c0b97f6130eeefd35f6543d5ad29c786849cda5e7a5878416e46a24c7486c2a463e7a42fe5df7068d329a4dde260916282dcb59a601f8b6a56d5d018d5c0b574a3dd45d49944088427d56a37effd22fdf845171f10a162c982c5c42ca3eb574b3988d43dfa134329574983aca6528d7acca02366b79119a49e603620e6817b8bbb8097e947699ab39109911af86f60fe86bc161dd755d03228f13276bd574086009a62e3fafaeb02772afb056899db1bb284594ffdc90beadf7a59738ab32a30b1c6b2f6c26071108c5377564da179f1c4ba39eee23b26c31ab5fe1929719bb8def4cd65677a524b3f3852479daf67e4c21fd649f756bb31c8b9194242bc303eded6a89b5db54c7c662d556369e83d12543ef474cc863d6bdc989e7feb750b3d241dc01951bf7028acba9db2009e75a221c4641271a146d9d57a1e9a4fe309c3af612a44ace2f01b642ce8ef68f95ead298b7cdaecdd780cfe7f24bb90a33a1ba8746da7346758345c55bb8937c33f2b0f3a1ad32fa545613abeb8f8f24e7d05701cf5e2d70b860658e70fe9d395ada55b4c3fc3a95a6a9d5253471c40626f91096d106fd7fafc63bcdc8a0ae5265687daa93dafe26e6e428d3729b91f9a0f1ade4690b3b36f0d4701f1756a5c3b53e33d22e961db3f81c33ae2af3cbf564ac81f5287f687ae226c1f58caf0c5d99af254cd98d22889e046bdeb8bd1b916a854570533b9c9f1105ce6baebceda55185cd3e0ba2ad5a51bab2790eb7d8b6fa607bcb344f80b603168b33ad5252c915d6469ecd2a31876e1ff96292a7be3bc8ae176c60ebfff99e1370e73636a5f247ecbf3f161f677d6d1e2abd50c8fb756f21e67a8edacc9dcb1d7724155d1e4582abeb883d3e7ffada8c67bffa23010f967a212b46affb2a00d188bdf9b9b5883b0ffe226b656026376dcdb28ffe4a989095082a120d808b2df9273bd8a3619625f68d7208c20103ac47e2981082ef63d718f10aee738c22597c58c10e3d00cac14dbbb02ac4745cc13aba737115cebd7c60e63d40c30cb76f312cdccfca8ab1f54d084356f5f4c58e14b5e52cf8748055f9b8db6b192cd138c5870b9f1f36a94325bd9b0543182d4dcefd7402e75820486c92386d67d8a47b6a7ff9fe6381e04616bc1f6a1273331244c1eb254fe97c84a3b5937523a1e6ac12137e870c72b4ba14c004d100515bacba9f027b5a5278f625da29c8cbeabc452370f00397577f568475c5b1db93307488d7010c14146ef954fdb799d24a670d5558018b1a2ce859b896777c7dba1f979e392aa79eb7e624760600c6a6239f27edb08c41868de083733dcfe7c0db680bede1297791bda537d08dc44c8c087686f20d4e40b3ff1356881ca2a8216dd0787d1834509d61e89b284f7b1e48453cbd36c93b721e5f1997d215aa298b68b3613466515e83c0a1bb15d3d95a5475a48bc9d27e85cb4ad9e8d3a45cb6694003b56198f9a73108e7aaf11a1696408a0901bdde04caa8ab0d5e8c3ec0ce7b2bd0b0af089afdba58e68cd80bd49ec28d5569e44a4e8a319d832bb9f09f1097ac3ffb07f0cc3ba2aded49ff8523406d9f72517b264dbf690fb3feb353d5cc66264c6707ac7fa7dc4e51efc25faa153281a6470fcc84535eed3a454ff3bae1cb59b886f6c7eab93955e5967124f7536c67582308856f514d80ffd2e3a51c102e2390ad42ab01553cfbed0269edcc9ab45ea6857302067685d730511358caf2bc76e302eea1f76151b3859d87b36342a34b6eb1f12b01fe0625acf8994abae07e7e7c9a7af95929cca6ffbe9ffc27b7ba1686bc88703f04b019f6a83897ecab5b5811ec7e51f301752f21f2e9ee82c0328b99800e32a736a7fbda2556b134db1a9d5b43cc315f2a8966277e44b98f93db329b01ed8bd865787c5e33852b62ca83981b6a1fc96736fec1f37cd4956bb84d68e50572139feb625be102f79a9a76589add315eef29251789582090ebc14da51a91a6e6f19ad339cc84689be1c9cc8875a3fb18eae1d43cdb71de0ae368de93a1f5da9a754ef73bfe0ffa6685f5f7b4c81412c21b00c9b3c67715ad0d7de80aea78b41e42be98bcbc5271883faf983df4d32f5c741e1a8af4d0954edae29d3d2384485af02d118e4a0d4e33ff3fd10cb2e30cfb2bc2a0a5fc4a12feaa1151040d965a5b073adfb7ad3a72fc6fe3e8832212749da1e7c0b26541c725fcd468a3c1df03e9bca2a6f09885ba1f9c86b42e13041698428344989096f274d1cf8d20475a820cf7a36d89a2fdf983fee31afc9e93df684eda5c362a2774076e75b7302813d54c9e5f3281d8bad721314bc4f8412e469e7bbac0f449f6d22d1e30eaf051ac9b0f53b9c1c024e7d45f61ba3c7975db30bf81ff553c10496c7470709c59eddf883557652361bff72bce99f4007ac39d0dcb66a0f19519380f8f89c6639727298f390fda69d977c53a7982d9d40e475170608dea9ae70eac24d13254d229d44bd2ebe0d76d07b53a209909ccbde6f5aa8b0045b9666773d08e632b42ac3864e5fb826a7d102195cf2db81aca3f8494aae9055c5c77dba4bfa460b8faa84729a7958694287da7f2c6652fe0ff90ef96d4cda5d11df45a76260d7d72ef39ff9cc50541aa30996a3589303d2fc24dfb9ce1c57b5621701489619de5bba6ad21734b2c4fa7439a662cc2600bf409c11f421482273f9fc461b3dba4b5b3f18e5091c13c8945a262ccce7f5d9351f94b884ba578cc5e8e3327e7932c9deef5857f0477b8cc87f777c18a43de87e73b04246547ff419c9e63e5653cdbb13a5231796fc91f116b42134d762c3faa1a001efe6458787e6234e1f3219856264ac07eee9fee38720b6124577b7748069afedd47cdcf54bdddb5044879833503f1e8506fecc034f04f3ce564777e37045922f7645c77a806832430d6a8bb7c3b25f2c52a0d58c93bb3f519342e1637d40051289d1a59041994aea37278981540127e3cc463df2fcdd2f2ac3e67c469fcad43ebece2a9b021044ad695b44887da4e80c65b91f73cdcb635d91d4efc5dfdd9a439cf43f7d8de377805ffb7f3f85ce06cbd92ee55fe3ed9d6905ce77deb314c682f9154a8697f1c8a3b0353c0f43f52df1992d2dda2607fbc07e625e1271b80f9f22412d3eff796e42d91f90e5b3cfdae7b3c383a948d90df203ca03c5e0d0cff4a8297a6678adc2c366d4458494ddaf4f070aaff67dc2823f506db05f7b7e08749e4c9d0adca71509d3490d7ebb8872748cb275604bc12f116c43fa551df080263240cea9baba130d20e9c86fdc0caccba1e8debb0b7d0fcfda89be334ff050a010c7b7dc947264eec17e052f76a28e27b0cd8ed34e4e101b658bc99211f0cc065226efedf7577495a100ee627853f498c40d2de3c1aae247c7c64d20092948e156b068afc99392e017dcce36d16e871fb6376e97e6cf6a51008b61d23e95c815c4467bbfbdf5cce210682f4eb6e107667bc5659ea03afa5e4709c840e13f1a0daa674a8490891efc08147b3d6d2b23e2b756f4f23974b214a5a64590a4f46cebdcd40ba61c42d6540d41844f201fe8b5fec53c43fad2d4ef904dc91ebab47167d4c1613cbb65a6b5bec99f793d6bd75f64e6c729d35b1e92227887f5fd2f39b4bbe0316a7a14a86e68c011b569c31497bc2fd1c0bf6edc48e582adc2117c0d9bb2e77065a12ecb2e02f30f2097fcf83f890fab3ffc4b84aa6579f28598259063a48dc2dab0299f54a2febe19d23075d3041e2a3ef1eb25cadd18e45ea80b836bdd8c87ad4cf4edefb2537d11d368559b812c3cfb6b09e42622f93f4b76d68111f15bc7b03031baa279890db5d36678945c0139779dec1f90c98daece198a20c634a56168afe5e863b98c9146e4ca4c7fc7c9db174ff3e7b0d1f8da5a1a086fbfd6f6d381d5b0f4121024e6cb5fabbf451ac134ef93b9abdc2284203763e6a1e1ca484bd434c2768425cc5d0d14e8a50a95019c8843b72525171cdb11324d0af9a09225c7a3419ef7b2b25d3bc5d716ec783e897a448706ab386b86f28639b8bcc137954a6d8232421c2b07429fc1cc14a662dded28246e1c9bb2528a9e9f70978b271a87e6125557f472f7ae0e0b9a1c151aed0d9be03b0c989c54dc0a5256a813d3c8e4f905f846b4a588c16a54d72554bb47932b5bc4c8797087cc01230866623908d16dcff7a6a42728b6ee05fe31de802f15ff404c202d431c1ea6a06ccabb4bee30cf1182c091b7ef27220e23e5d361892312912db02907ac9a6f2daba32f2f79a5aae2d4fe8c9f2eabc9a22825f6458dba514002f59d71f6246027c0848b9580f1e4609cbc4551d3d6196a4d1da730e7ec0f2e21be8ded0d3e4c2ef54f72df862c1262b42e39935a493c552fc24f94845e3c5555439ef743022f32c2f2c084e5a6bd1adb14edbcbaa7126eeeb682fe7a901c4271c290e64ac1f61128a1d6079e9852ced92de53b2c90f676ffd47d5351ede205a577d07b68f5dd47c055fd47846722444fa3cda952bea01eea12d7e4938853d54ddec861679a3d78f08a0cc421e9c2f68ac6bb88911fc9fa6392760d79051cf17a5c1f96adc0db7e68a3bfa15ae03e9e94ef1eec5def4e1c7371e9e589e01bf5db60d975169833a67a00715b0fd517ff81df03a7187f02c5c82dcf6b2be4ae8f08f6f8cceba5824bb31981bef5beeb0be27b7fab27ca8bd8bb1c85c50d1ede03f06649f320ed60393081c3099997d2f892da4a1e34f20998aebd194ef6d620f912852614ee7452ac1506b82316590e3167656784c2a2aeef78ddb3f573785f69f7fe990df41e8eb450b9ffced2ae5393c6968fedf35eaa9b1cbea27290e25078f3f149c14c5fdd016fa067a21bf42e80fd572a2db62eccf433389487c2c8ef28f0880f539cd8f758daac496d2e010a85176a09d0a4075b0a8d97ece9b2490d301226790e1330bf3991efba9094601871496ecf1745bccc769b7ebdacaff6c07aab2d8c73c86741a5c48644b2ca83e6143b8f05623781ed0bcbcebcb9ee3a30dcc7fa508b741aa30b2b2b66d83d99b4a535ac1e2082d9aa807d9299b0d3f4fe382b0fbf9bc9cd6af7a3766774f5dd2f61c4811d391b43fc831e04e34c2cab29ffa8bce2f6b8a31fb53cdeed92f3a1b8f4f89f2554bfb7177ad20c4b46dd6799102605d75ea922c96e73047334e758d9fc253c506de30d88dbd1f7eae6bae2dd745253849c2c3f8da0eb8e9d299fa24504a62d84a40b89b40cc3be35eb00574984c49b4e6d30e6608fe7f4bc792d7fe2ca3ddd44cafaae47e50e5daac4fd4b437c48a85053929a1884ab639f8b820418e75df861a59e09a6be0e0e420b7e7765bde919e9370c23038ccc98c54113d13a101e78d7df3169852cb89b6bd83a1d5834f204f16dfc75f9de95d793dda2b031baa38382e1aa3d14069ea138dfde59", 0x1000}], 0x7, &(0x7f0000001540)={0xa8, 0x11f, 0x1, "129393274afb1c8a18e9de698d5cf15511d20ac19ef734d24ee976848f5ff32144abaadeac64fb76bb68e8e20b4a1877a231c0ebf06b10f94103ca9453ca4104c8727c8ca5b0ff2834fb858bf9c98152c55cc9626f30715a4446b95c9500837e8dda704f9c72b88e35d83c5d05dd94ffbf9b578acd4172185d36ca137ce14b450f88b1ea2b20110fded5d86c9ae930f28d"}, 0xa8, 0x20000080}, 0x44090)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000001640)='/dev/mISDNtimer\x00', 0x101800, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r2}, {r2}], 0x2, 0x0, 0x0, 0x0)

14:51:37 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x2, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  313.021018] overlayfs: filesystem on './file0' not supported as upperdir
14:51:38 executing program 0:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f0000000040)={0x4, &(0x7f0000000000)=[{0x7, 0x4, 0x1, 0x3}, {0x23e, 0xfff, 0x2, 0x7}, {0x1, 0xa7, 0x9, 0x80}, {0x100000000, 0x7, 0xfffffffffffffffb, 0x9}]})

14:51:38 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
r2 = dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)
ioctl$FIBMAP(r2, 0x1, &(0x7f0000000040)=0x8000)
getsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000080)={{{@in=@multicast1, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in6=@dev}, 0x0, @in6=@initdev}}, &(0x7f0000000180)=0xe8)
stat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0})
write$FUSE_ATTR(r2, &(0x7f0000000280)={0x78, 0x0, 0x2, {0x3ff, 0x8, 0x0, {0x0, 0x100000001, 0x7fff, 0xffffffffffffffff, 0x3, 0x6dd, 0x3, 0x8001, 0xffff, 0xffffffffffffffff, 0x8, r3, r4, 0x8000000000000, 0x7ff}}}, 0x78)
write$P9_RSYMLINK(r2, &(0x7f0000000000)={0x14, 0x11, 0x1, {0x8, 0x1, 0x4}}, 0x14)

14:51:38 executing program 3:
socket(0x9, 0x80000, 0x200)
openat$pfkey(0xffffffffffffff9c, 0x0, 0x2000004002, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/unix\x00')
preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0)

14:51:38 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x80001000808913, &(0x7f0000000200)="0adc1f123c123f3188b0bc912295b0c9962970bfb2df20460065151943ce460773dfdc89f40d434a3e973e3d42c230a0e65f4fc5315a9874c2763fdc22c3df7774d2cbd62318ee4f9361b2b54931bcfe000000000000")
r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ubi_ctrl\x00', 0x80, 0x0)
setsockopt$inet6_tcp_buf(r1, 0x6, 0xe, &(0x7f0000000100)="2dcc73b829c160d801099ada44a3709efbd49575577f867581c14626b0e044e01c9296126976a6f55832cd40f6cbd59dd16d8989add4f391e1e8e2ea518c3fc0b4bec483ccbead65ae3f27753b250e9ac7002eb5bf59b44540494d2d522073a52e37d8161ac7941349e487b22c48676d0a10edeaa4c2805d2d049d3603019e8b4b417acc932c9ffcf36ebe5e8127214b80a94bb457c864bd", 0x98)
r2 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x40000000)
ppoll(&(0x7f0000000080)=[{r2}, {r2}], 0x2, 0x0, 0x0, 0x0)

14:51:38 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x3, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:51:38 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x3d, &(0x7f0000000100)="b0700000000000000000")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r1}, {r1}], 0x2, 0x0, 0x0, 0x0)

[  313.695095] audit: type=1326 audit(1551451898.342:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=13582 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45ac8a code=0x0
14:51:38 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r1}, {r1}], 0x2, 0x0, 0x0, 0x0)

14:51:38 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
r2 = dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)
ioctl$FIBMAP(r2, 0x1, &(0x7f0000000040)=0x8000)
getsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000080)={{{@in=@multicast1, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in6=@dev}, 0x0, @in6=@initdev}}, &(0x7f0000000180)=0xe8)
stat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0})
write$FUSE_ATTR(r2, &(0x7f0000000280)={0x78, 0x0, 0x2, {0x3ff, 0x8, 0x0, {0x0, 0x100000001, 0x7fff, 0xffffffffffffffff, 0x3, 0x6dd, 0x3, 0x8001, 0xffff, 0xffffffffffffffff, 0x8, r3, r4, 0x8000000000000, 0x7ff}}}, 0x78)
write$P9_RSYMLINK(r2, &(0x7f0000000000)={0x14, 0x11, 0x1, {0x8, 0x1, 0x4}}, 0x14)

14:51:38 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:51:38 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
mlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
r1 = syz_open_dev$vbi(&(0x7f00000000c0)='/dev/vbi#\x00', 0x1, 0x2)
clock_gettime(0x0, &(0x7f0000000d80)={<r2=>0x0, <r3=>0x0})
recvmmsg(r0, &(0x7f0000000cc0)=[{{&(0x7f0000000240)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0x80, &(0x7f0000000680)=[{&(0x7f00000002c0)=""/227, 0xe3}, {&(0x7f00000003c0)=""/134, 0x86}, {&(0x7f0000000480)=""/169, 0xa9}, {&(0x7f0000000540)=""/155, 0x9b}, {&(0x7f0000000600)=""/84, 0x54}, {&(0x7f00000001c0)=""/10, 0xa}], 0x6, &(0x7f0000000700)=""/93, 0x5d}, 0x6}, {{&(0x7f0000000780)=@ll={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @local}, 0x80, &(0x7f00000009c0)=[{&(0x7f0000000800)=""/158, 0x9e}, {&(0x7f00000008c0)=""/57, 0x39}, {&(0x7f0000000900)=""/183, 0xb7}], 0x3}, 0x1}, {{&(0x7f0000000a00)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000000c80)=[{&(0x7f0000000a80)=""/198, 0xc6}, {&(0x7f0000000b80)=""/205, 0xcd}], 0x2}, 0x9}], 0x3, 0x40000000, &(0x7f0000000dc0)={r2, r3+10000000})
getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000e00)={{{@in6=@dev, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}}, {{@in=@broadcast}, 0x0, @in=@dev}}, &(0x7f0000000f00)=0xe8)
setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000f40)={{{@in=@multicast2, @in=@loopback, 0x4e22, 0x7ff, 0x4e23, 0x5, 0x2, 0xa0, 0x20, 0x7e, r4, r5}, {0x401, 0x800000000000000, 0xe2, 0xb42, 0x400, 0x1, 0x8, 0x7}, {0x800, 0x71e3, 0x6, 0x8}, 0xada, 0x6e6bbb, 0x2, 0x1}, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4d5, 0x6c}, 0x2, @in=@local, 0x3506, 0x5, 0x1, 0x10001, 0x10000, 0x0, 0x1293}}, 0xe8)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)

14:51:38 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
r2 = dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)
ioctl$FIBMAP(r2, 0x1, &(0x7f0000000040)=0x8000)
getsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000080)={{{@in=@multicast1, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in6=@dev}, 0x0, @in6=@initdev}}, &(0x7f0000000180)=0xe8)
stat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0})
write$FUSE_ATTR(r2, &(0x7f0000000280)={0x78, 0x0, 0x2, {0x3ff, 0x8, 0x0, {0x0, 0x100000001, 0x7fff, 0xffffffffffffffff, 0x3, 0x6dd, 0x3, 0x8001, 0xffff, 0xffffffffffffffff, 0x8, r3, r4, 0x8000000000000, 0x7ff}}}, 0x78)
write$P9_RSYMLINK(r2, &(0x7f0000000000)={0x14, 0x11, 0x1, {0x8, 0x1, 0x4}}, 0x14)

14:51:38 executing program 3:
socket(0x9, 0x80000, 0x200)
openat$pfkey(0xffffffffffffff9c, 0x0, 0x2000004002, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/unix\x00')
preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0)

14:51:39 executing program 0:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f0000000040)={0x4, &(0x7f0000000000)=[{0x7, 0x4, 0x1, 0x3}, {0x23e, 0xfff, 0x2, 0x7}, {0x1, 0xa7, 0x9, 0x80}, {0x100000000, 0x7, 0xfffffffffffffffb, 0x9}]})

14:51:39 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = shmget(0x1, 0x2000, 0x4000000050, &(0x7f0000ffd000/0x2000)=nil)
getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000180)={{{@in6=@remote, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{}, 0x0, @in6=@initdev}}, &(0x7f0000000280)=0xe8)
stat(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0})
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000380)={{{@in=@loopback, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}}, {{@in=@multicast2}, 0x0, @in=@multicast1}}, &(0x7f0000000480)=0xe8)
getgroups(0xa, &(0x7f00000004c0)=[0xee01, 0xffffffffffffffff, <r5=>0xee00, 0x0, 0xee01, 0x0, 0xee01, 0xffffffffffffffff, 0x0, 0xee00])
r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/snapshot\x00', 0x101000, 0x0)
recvfrom$unix(r6, &(0x7f00000007c0)=""/104, 0x68, 0x20, &(0x7f0000000840)=@file={0x0, './file0\x00'}, 0x6e)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000000640)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000600)={<r7=>0xffffffffffffffff}, 0x0, 0x9}}, 0x20)
write$RDMA_USER_CM_CMD_ACCEPT(r6, &(0x7f0000000680)={0x8, 0x120, 0xfa00, {0x4, {0x200, 0x6, "3870b4417f8986fdf134162eeeec84cd31bd2881357aa3195c184cad8ef9062e48aead36bbc3f180dbf7e618cde557d7d04b2d4b28be27553e5a507f80d457fc634d5238304e20277e926a83341de130a2ba5edb7311854f21185e0f6e61017e25a3e6eddac1c29feaa2283149e7c0ef719679f593c7aea7cbe6c5286e0d51b3e5bc1619d9e3dfecab2a68c06357451faa497f6e44138ff740c7cc5296058a9782869ced76ec6ae9bbf7efa062b2ac6d60647544b8c0fcb3b17334f030a7c52421a32cdcc327e70633b02f166c6bec7d736be27248b090fae8d0e510a7898664d12ec0298f66d2fd9cd7fdb7e18e4319a025e5dac77ce622158b7e1f2f4f7b22", 0x52, 0x6, 0x9, 0x3, 0xcf2, 0x5, 0x200, 0x1}, r7}}, 0x128)
r8 = getpid()
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000500)=<r9=>0x0)
shmctl$IPC_SET(r1, 0x1, &(0x7f0000000540)={{0x0, r2, r3, r4, r5, 0x4, 0x8}, 0x992, 0x7fff, 0x0, 0x1, r8, r9, 0xffff})
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r10 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_SET_UNIQUE(r10, 0x40106410, &(0x7f0000000040)={0x7c, &(0x7f0000000100)="3a27a17377346e0b62f07bd064226e849c4cb6dea6c13efa1ce81e7590565b9fd59916b1cdd9efc5960ef216e1508497aedce8003858c528d4c3ae3101a367c21d79c0437a16c84a70e6f7f0c7acabce86fa6696635d3d08cac836276f53c4c4ff01abde2bffae4ffad8840b4c19ee69d278536a61bfe83e0d14e721"})
ppoll(&(0x7f0000000080)=[{r10}, {r10}], 0x2, 0x0, 0x0, 0x0)

14:51:39 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x5, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:51:39 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
r2 = dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)
ioctl$FIBMAP(r2, 0x1, &(0x7f0000000040)=0x8000)
getsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000080)={{{@in=@multicast1, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in6=@dev}, 0x0, @in6=@initdev}}, &(0x7f0000000180)=0xe8)
stat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0})
write$FUSE_ATTR(r2, &(0x7f0000000280)={0x78, 0x0, 0x2, {0x3ff, 0x8, 0x0, {0x0, 0x100000001, 0x7fff, 0xffffffffffffffff, 0x3, 0x6dd, 0x3, 0x8001, 0xffff, 0xffffffffffffffff, 0x8, r3, r4, 0x8000000000000, 0x7ff}}}, 0x78)

14:51:39 executing program 3:
socket(0x9, 0x80000, 0x200)
openat$pfkey(0xffffffffffffff9c, 0x0, 0x2000004002, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/unix\x00')
preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0)

[  314.532878] audit: type=1326 audit(1551451899.182:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=13627 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45ac8a code=0x0
[  314.568525] net_ratelimit: 18 callbacks suppressed
[  314.568562] protocol 88fb is buggy, dev hsr_slave_0
14:51:39 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
r2 = dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)
ioctl$FIBMAP(r2, 0x1, &(0x7f0000000040)=0x8000)
getsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000080)={{{@in=@multicast1, @in=@broadcast}}, {{@in6=@dev}, 0x0, @in6=@initdev}}, &(0x7f0000000180)=0xe8)
stat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200))

14:51:39 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000140)='/dev/snd/pcmC#D#p\x00', 0xffff, 0x10001)
ppoll(&(0x7f0000000080)=[{r1}, {r1}], 0x2, 0x0, 0x0, 0x0)

[  314.579023] protocol 88fb is buggy, dev hsr_slave_1
[  314.584571] protocol 88fb is buggy, dev hsr_slave_0
[  314.589707] protocol 88fb is buggy, dev hsr_slave_1
[  314.595223] protocol 88fb is buggy, dev hsr_slave_0
[  314.600645] protocol 88fb is buggy, dev hsr_slave_1
14:51:39 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
r2 = dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)
ioctl$FIBMAP(r2, 0x1, &(0x7f0000000040)=0x8000)
getsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000080)={{{@in=@multicast1, @in=@broadcast}}, {{@in6=@dev}, 0x0, @in6=@initdev}}, &(0x7f0000000180)=0xe8)

14:51:39 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x6, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:51:39 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
mlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
r1 = syz_open_dev$vbi(&(0x7f00000000c0)='/dev/vbi#\x00', 0x1, 0x2)
clock_gettime(0x0, &(0x7f0000000d80)={<r2=>0x0, <r3=>0x0})
recvmmsg(r0, &(0x7f0000000cc0)=[{{&(0x7f0000000240)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0x80, &(0x7f0000000680)=[{&(0x7f00000002c0)=""/227, 0xe3}, {&(0x7f00000003c0)=""/134, 0x86}, {&(0x7f0000000480)=""/169, 0xa9}, {&(0x7f0000000540)=""/155, 0x9b}, {&(0x7f0000000600)=""/84, 0x54}, {&(0x7f00000001c0)=""/10, 0xa}], 0x6, &(0x7f0000000700)=""/93, 0x5d}, 0x6}, {{&(0x7f0000000780)=@ll={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @local}, 0x80, &(0x7f00000009c0)=[{&(0x7f0000000800)=""/158, 0x9e}, {&(0x7f00000008c0)=""/57, 0x39}, {&(0x7f0000000900)=""/183, 0xb7}], 0x3}, 0x1}, {{&(0x7f0000000a00)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000000c80)=[{&(0x7f0000000a80)=""/198, 0xc6}, {&(0x7f0000000b80)=""/205, 0xcd}], 0x2}, 0x9}], 0x3, 0x40000000, &(0x7f0000000dc0)={r2, r3+10000000})
getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000e00)={{{@in6=@dev, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}}, {{@in=@broadcast}, 0x0, @in=@dev}}, &(0x7f0000000f00)=0xe8)
setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000f40)={{{@in=@multicast2, @in=@loopback, 0x4e22, 0x7ff, 0x4e23, 0x5, 0x2, 0xa0, 0x20, 0x7e, r4, r5}, {0x401, 0x800000000000000, 0xe2, 0xb42, 0x400, 0x1, 0x8, 0x7}, {0x800, 0x71e3, 0x6, 0x8}, 0xada, 0x6e6bbb, 0x2, 0x1}, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4d5, 0x6c}, 0x2, @in=@local, 0x3506, 0x5, 0x1, 0x10001, 0x10000, 0x0, 0x1293}}, 0xe8)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)

14:51:39 executing program 3:
socket(0x9, 0x80000, 0x200)
openat$pfkey(0xffffffffffffff9c, 0x0, 0x2000004002, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/unix\x00')
preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0)

14:51:39 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
r2 = dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)
ioctl$FIBMAP(r2, 0x1, &(0x7f0000000040)=0x8000)

[  314.968122] protocol 88fb is buggy, dev hsr_slave_0
[  314.973267] protocol 88fb is buggy, dev hsr_slave_1
14:51:39 executing program 0:
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f0000000040)={0x4, &(0x7f0000000000)=[{0x7, 0x4, 0x1, 0x3}, {0x23e, 0xfff, 0x2, 0x7}, {0x1, 0xa7, 0x9, 0x80}, {0x100000000, 0x7, 0xfffffffffffffffb, 0x9}]})

14:51:39 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)

14:51:39 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x7, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:51:39 executing program 3:
socket(0x9, 0x80000, 0x200)
openat$pfkey(0xffffffffffffff9c, 0x0, 0x2000004002, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000480), 0x2000000000000113, 0x0)

14:51:40 executing program 3:
socket(0x9, 0x80000, 0x200)
openat$pfkey(0xffffffffffffff9c, 0x0, 0x2000004002, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000480), 0x2000000000000113, 0x0)

[  315.377975] audit: type=1326 audit(1551451900.022:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=13667 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45ac8a code=0x0
14:51:40 executing program 3:
socket(0x9, 0x80000, 0x200)
openat$pfkey(0xffffffffffffff9c, 0x0, 0x2000004002, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000480), 0x2000000000000113, 0x0)

14:51:40 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)

14:51:40 executing program 3:
socket(0x9, 0x80000, 0x200)
openat$pfkey(0xffffffffffffff9c, 0x0, 0x2000004002, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/unix\x00')
preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0)

14:51:40 executing program 4:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
fsetxattr$security_smack_transmute(r0, &(0x7f0000000100)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000140)='TRUE', 0x4, 0x1)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r2 = syz_open_dev$sndpcmp(&(0x7f0000000240)='/dev/snd/pcmC#D#p\x00', 0x0, 0x3)
ppoll(&(0x7f0000000080)=[{r2}, {r2}], 0x2, 0x0, 0x0, 0x0)
r3 = dup(r2)
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r3, 0xc058534f, &(0x7f0000000280)={{0x5, 0xff}, 0x1, 0xff, 0x2e3, {0x5, 0x4}, 0x9, 0x8000})
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r3, 0x40505331, &(0x7f0000000180)={{0x8, 0x3}, {0x8e4, 0x4}, 0x9, 0x1, 0x80000000})

14:51:40 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
mlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
r1 = syz_open_dev$vbi(&(0x7f00000000c0)='/dev/vbi#\x00', 0x1, 0x2)
clock_gettime(0x0, &(0x7f0000000d80)={<r2=>0x0, <r3=>0x0})
recvmmsg(r0, &(0x7f0000000cc0)=[{{&(0x7f0000000240)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0x80, &(0x7f0000000680)=[{&(0x7f00000002c0)=""/227, 0xe3}, {&(0x7f00000003c0)=""/134, 0x86}, {&(0x7f0000000480)=""/169, 0xa9}, {&(0x7f0000000540)=""/155, 0x9b}, {&(0x7f0000000600)=""/84, 0x54}, {&(0x7f00000001c0)=""/10, 0xa}], 0x6, &(0x7f0000000700)=""/93, 0x5d}, 0x6}, {{&(0x7f0000000780)=@ll={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @local}, 0x80, &(0x7f00000009c0)=[{&(0x7f0000000800)=""/158, 0x9e}, {&(0x7f00000008c0)=""/57, 0x39}, {&(0x7f0000000900)=""/183, 0xb7}], 0x3}, 0x1}, {{&(0x7f0000000a00)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000000c80)=[{&(0x7f0000000a80)=""/198, 0xc6}, {&(0x7f0000000b80)=""/205, 0xcd}], 0x2}, 0x9}], 0x3, 0x40000000, &(0x7f0000000dc0)={r2, r3+10000000})
getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000e00)={{{@in6=@dev, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}}, {{@in=@broadcast}, 0x0, @in=@dev}}, &(0x7f0000000f00)=0xe8)
setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000f40)={{{@in=@multicast2, @in=@loopback, 0x4e22, 0x7ff, 0x4e23, 0x5, 0x2, 0xa0, 0x20, 0x7e, r4, r5}, {0x401, 0x800000000000000, 0xe2, 0xb42, 0x400, 0x1, 0x8, 0x7}, {0x800, 0x71e3, 0x6, 0x8}, 0xada, 0x6e6bbb, 0x2, 0x1}, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4d5, 0x6c}, 0x2, @in=@local, 0x3506, 0x5, 0x1, 0x10001, 0x10000, 0x0, 0x1293}}, 0xe8)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200))

14:51:40 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x8, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:51:40 executing program 3:
socket(0x9, 0x80000, 0x200)
openat$pfkey(0xffffffffffffff9c, 0x0, 0x2000004002, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/unix\x00')
preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0)

[  315.688142] protocol 88fb is buggy, dev hsr_slave_0
[  315.693259] protocol 88fb is buggy, dev hsr_slave_1
14:51:40 executing program 0:
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f0000000040)={0x4, &(0x7f0000000000)=[{0x7, 0x4, 0x1, 0x3}, {0x23e, 0xfff, 0x2, 0x7}, {0x1, 0xa7, 0x9, 0x80}, {0x100000000, 0x7, 0xfffffffffffffffb, 0x9}]})

14:51:40 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = syz_open_dev$usb(&(0x7f0000000680)='/dev/bus/usb/00#/00#\x00', 0x5, 0x40002)
getpeername$netrom(r1, &(0x7f00000006c0)={{0x3, @default}, [@bcast, @rose, @default, @remote, @rose, @netrom, @netrom, @netrom]}, &(0x7f0000000740)=0x48)
fsetxattr$trusted_overlay_redirect(r0, &(0x7f0000000180)='trusted.overlay.redirect\x00', &(0x7f00000001c0)='./file0\x00', 0x8, 0x1)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r2 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r2}, {r2}], 0x2, 0x0, 0x0, 0x0)
r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100)='IPVS\x00')
ioctl$VIDIOC_SUBDEV_S_SELECTION(r2, 0xc040563e, &(0x7f0000000140)={0x0, 0x0, 0x100, 0x0, {0xd4, 0x5792, 0x0, 0x3}})
sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000280)=ANY=[@ANYBLOB="880000008e5637cf4ff934e138810b3c42ada4b9040ec36050d9556a19a982b09e6624d3a45beb085db251a3a66924b7a1516864b241d0bc2b2c1205392836e73e707224d0a5d5f90abcc560e3eb35de46df55abd6c46ea9dea496caac9135de36fb114f", @ANYRES16=r3, @ANYBLOB="080227bd7000fcdbdf250f0000002800030008000400000000001400020062637366300000000000000000000000080007004e2100004c0003000800040006000000080001000100000014000600fe8000000000000000000000000000aa080003000300000014000600000000000000000000000000000000000800080000000000"], 0x3}, 0x1, 0x0, 0x0, 0x840}, 0x40)

14:51:40 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)

14:51:40 executing program 3:
socket(0x9, 0x80000, 0x200)
openat$pfkey(0xffffffffffffff9c, 0x0, 0x2000004002, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/unix\x00')
preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0)

14:51:40 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x9, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:51:40 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
ppoll(&(0x7f0000000080)=[{r1}, {r1}], 0x2, 0x0, 0x0, 0x0)

14:51:40 executing program 3:
socket(0x9, 0x80000, 0x200)
openat$pfkey(0xffffffffffffff9c, 0x0, 0x2000004002, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/unix\x00')
preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0)

[  316.244549] audit: type=1326 audit(1551451900.892:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=13716 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45ac8a code=0x0
14:51:40 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)

14:51:40 executing program 4:
io_setup(0xa0, &(0x7f0000000040)=<r0=>0x0)
io_pgetevents(r0, 0x6, 0x6, &(0x7f0000000100)=[{}, {}, {}, {}, {}, {}], &(0x7f00000001c0)={0x77359400}, &(0x7f0000000240)={&(0x7f0000000200)={0xd11}, 0x8})
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r2 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r2}, {r2}], 0x2, 0x0, 0x0, 0x0)

14:51:41 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
mlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
r1 = syz_open_dev$vbi(&(0x7f00000000c0)='/dev/vbi#\x00', 0x1, 0x2)
clock_gettime(0x0, &(0x7f0000000d80)={<r2=>0x0, <r3=>0x0})
recvmmsg(r0, &(0x7f0000000cc0)=[{{&(0x7f0000000240)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0x80, &(0x7f0000000680)=[{&(0x7f00000002c0)=""/227, 0xe3}, {&(0x7f00000003c0)=""/134, 0x86}, {&(0x7f0000000480)=""/169, 0xa9}, {&(0x7f0000000540)=""/155, 0x9b}, {&(0x7f0000000600)=""/84, 0x54}, {&(0x7f00000001c0)=""/10, 0xa}], 0x6, &(0x7f0000000700)=""/93, 0x5d}, 0x6}, {{&(0x7f0000000780)=@ll={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @local}, 0x80, &(0x7f00000009c0)=[{&(0x7f0000000800)=""/158, 0x9e}, {&(0x7f00000008c0)=""/57, 0x39}, {&(0x7f0000000900)=""/183, 0xb7}], 0x3}, 0x1}, {{&(0x7f0000000a00)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000000c80)=[{&(0x7f0000000a80)=""/198, 0xc6}, {&(0x7f0000000b80)=""/205, 0xcd}], 0x2}, 0x9}], 0x3, 0x40000000, &(0x7f0000000dc0)={r2, r3+10000000})
getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000e00)={{{@in6=@dev, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}}, {{@in=@broadcast}, 0x0, @in=@dev}}, &(0x7f0000000f00)=0xe8)
setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000f40)={{{@in=@multicast2, @in=@loopback, 0x4e22, 0x7ff, 0x4e23, 0x5, 0x2, 0xa0, 0x20, 0x7e, r4, r5}, {0x401, 0x800000000000000, 0xe2, 0xb42, 0x400, 0x1, 0x8, 0x7}, {0x800, 0x71e3, 0x6, 0x8}, 0xada, 0x6e6bbb, 0x2, 0x1}, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4d5, 0x6c}, 0x2, @in=@local, 0x3506, 0x5, 0x1, 0x10001, 0x10000, 0x0, 0x1293}}, 0xe8)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200))

14:51:41 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0xa, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:51:41 executing program 3:
socket(0x9, 0x80000, 0x200)
openat$pfkey(0xffffffffffffff9c, 0x0, 0x2000004002, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/unix\x00')
preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0)

14:51:41 executing program 0:
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f0000000040)={0x4, &(0x7f0000000000)=[{0x7, 0x4, 0x1, 0x3}, {0x23e, 0xfff, 0x2, 0x7}, {0x1, 0xa7, 0x9, 0x80}, {0x100000000, 0x7, 0xfffffffffffffffb, 0x9}]})

14:51:41 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
dup3(0xffffffffffffffff, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)

14:51:41 executing program 3:
socket(0x9, 0x80000, 0x200)
openat$pfkey(0xffffffffffffff9c, 0x0, 0x2000004002, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/unix\x00')
preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0)

14:51:41 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0xe, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:51:41 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
dup3(0xffffffffffffffff, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)

14:51:41 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
dup3(0xffffffffffffffff, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)

14:51:41 executing program 3:
socket(0x9, 0x80000, 0x200)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/unix\x00')
preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0)

[  317.104279] audit: type=1326 audit(1551451901.752:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=13758 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45ac8a code=0x0
14:51:41 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x10, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:51:41 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, &(0x7f00000002c0)={&(0x7f0000ff9000/0x3000)=nil, &(0x7f0000ff5000/0x2000)=nil, 0x3000, 0x1})
getpeername$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14)
setsockopt$inet_mreqn(r0, 0x0, 0x0, &(0x7f0000000280)={@rand_addr=0x82c7, @empty, r1}, 0xc)
r2 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000300)='TIPCv2\x00')
sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f0000000400)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x900}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x78, r3, 0x1, 0x70bd2a, 0x25dfdbff, {}, [@TIPC_NLA_NODE={0x28, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x40}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_SOCK={0x14, 0x2, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x9}]}, @TIPC_NLA_NET={0x28, 0x7, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x100000000}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x8}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xbf}]}]}, 0x78}, 0x1, 0x0, 0x0, 0xc0c0}, 0x800)
ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, &(0x7f0000000140)={&(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffb000/0x1000)=nil, 0x1000, 0x1})
ppoll(&(0x7f0000000080)=[{r2}, {r2}], 0x2, 0x0, 0x0, 0x0)
acct(0x0)
fsetxattr$security_smack_transmute(r2, &(0x7f0000000180)='security.SMACK64TRANSMUTE\x00', &(0x7f00000001c0)='TRUE', 0x4, 0x1)
ioctl$TUNSETSNDBUF(r2, 0x400454d4, &(0x7f0000000040)=0x7)

14:51:41 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
mlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
r1 = syz_open_dev$vbi(&(0x7f00000000c0)='/dev/vbi#\x00', 0x1, 0x2)
clock_gettime(0x0, &(0x7f0000000d80)={<r2=>0x0, <r3=>0x0})
recvmmsg(r0, &(0x7f0000000cc0)=[{{&(0x7f0000000240)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0x80, &(0x7f0000000680)=[{&(0x7f00000002c0)=""/227, 0xe3}, {&(0x7f00000003c0)=""/134, 0x86}, {&(0x7f0000000480)=""/169, 0xa9}, {&(0x7f0000000540)=""/155, 0x9b}, {&(0x7f0000000600)=""/84, 0x54}, {&(0x7f00000001c0)=""/10, 0xa}], 0x6, &(0x7f0000000700)=""/93, 0x5d}, 0x6}, {{&(0x7f0000000780)=@ll={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @local}, 0x80, &(0x7f00000009c0)=[{&(0x7f0000000800)=""/158, 0x9e}, {&(0x7f00000008c0)=""/57, 0x39}, {&(0x7f0000000900)=""/183, 0xb7}], 0x3}, 0x1}, {{&(0x7f0000000a00)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000000c80)=[{&(0x7f0000000a80)=""/198, 0xc6}, {&(0x7f0000000b80)=""/205, 0xcd}], 0x2}, 0x9}], 0x3, 0x40000000, &(0x7f0000000dc0)={r2, r3+10000000})
getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000e00)={{{@in6=@dev, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}}, {{@in=@broadcast}, 0x0, @in=@dev}}, &(0x7f0000000f00)=0xe8)
setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000f40)={{{@in=@multicast2, @in=@loopback, 0x4e22, 0x7ff, 0x4e23, 0x5, 0x2, 0xa0, 0x20, 0x7e, r4, r5}, {0x401, 0x800000000000000, 0xe2, 0xb42, 0x400, 0x1, 0x8, 0x7}, {0x800, 0x71e3, 0x6, 0x8}, 0xada, 0x6e6bbb, 0x2, 0x1}, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4d5, 0x6c}, 0x2, @in=@local, 0x3506, 0x5, 0x1, 0x10001, 0x10000, 0x0, 0x1293}}, 0xe8)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200))

14:51:41 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)

14:51:41 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/unix\x00')
preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0)

14:51:42 executing program 0:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f0000000040)={0x4, &(0x7f0000000000)=[{0x7, 0x4, 0x1, 0x3}, {0x23e, 0xfff, 0x2, 0x7}, {0x1, 0xa7, 0x9, 0x80}, {0x100000000, 0x7, 0xfffffffffffffffb, 0x9}]})

14:51:42 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control\x00', 0x0, 0x0)
ioctl$BLKROTATIONAL(r1, 0x127e, &(0x7f0000000100))
r2 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r2}, {r2}], 0x2, 0x0, 0x0, 0x0)

14:51:42 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x153, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:51:42 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)

14:51:42 executing program 3:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/unix\x00')
preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0)

14:51:42 executing program 4:
r0 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x7, 0x24000)
r1 = syz_open_dev$dmmidi(&(0x7f0000000100)='/dev/dmmidi#\x00', 0x100, 0x800)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000140)={r1})
ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000001c0)={0x0, 0x0, 0x9, 0x0, [], [{0x2, 0xe52, 0x2, 0x800, 0x6a9b, 0x80000001}, {0x9, 0x1, 0xfff, 0x6, 0x3892, 0xfffffffffffffff9}], [[], [], [], [], [], [], [], [], []]})
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r3 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r3}, {r3}], 0x2, 0x0, 0x0, 0x0)
openat$ion(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ion\x00', 0x40040, 0x0)

14:51:42 executing program 3:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/unix\x00')
preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0)

14:51:42 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)

[  317.963729] audit: type=1326 audit(1551451902.612:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=13805 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45ac8a code=0x0
14:51:42 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x218, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:51:42 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
prctl$PR_GET_ENDIAN(0x13, &(0x7f0000000040))
r1 = dup3(r0, r0, 0x80000)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r0, 0xc040564a, &(0x7f0000000240)={0x7fffffff, 0x0, 0x2004, 0x7000000, 0x10001, 0x48, 0x100000000})
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000100)={<r2=>0xffffffffffffffff}, 0x13f, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_BIND(r1, &(0x7f0000000180)={0x14, 0x88, 0xfa00, {r2, 0x1c, 0x0, @in={0x2, 0x4e23, @multicast1}}}, 0x90)
r3 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r3}, {r3}], 0x2, 0x0, 0x0, 0x0)

14:51:42 executing program 3:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/unix\x00')
preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0)

14:51:42 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
mlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
r1 = syz_open_dev$vbi(&(0x7f00000000c0)='/dev/vbi#\x00', 0x1, 0x2)
clock_gettime(0x0, &(0x7f0000000d80)={<r2=>0x0, <r3=>0x0})
recvmmsg(r0, &(0x7f0000000cc0)=[{{&(0x7f0000000240)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0x80, &(0x7f0000000680)=[{&(0x7f00000002c0)=""/227, 0xe3}, {&(0x7f00000003c0)=""/134, 0x86}, {&(0x7f0000000480)=""/169, 0xa9}, {&(0x7f0000000540)=""/155, 0x9b}, {&(0x7f0000000600)=""/84, 0x54}, {&(0x7f00000001c0)=""/10, 0xa}], 0x6, &(0x7f0000000700)=""/93, 0x5d}, 0x6}, {{&(0x7f0000000780)=@ll={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @local}, 0x80, &(0x7f00000009c0)=[{&(0x7f0000000800)=""/158, 0x9e}, {&(0x7f00000008c0)=""/57, 0x39}, {&(0x7f0000000900)=""/183, 0xb7}], 0x3}, 0x1}, {{&(0x7f0000000a00)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000000c80)=[{&(0x7f0000000a80)=""/198, 0xc6}, {&(0x7f0000000b80)=""/205, 0xcd}], 0x2}, 0x9}], 0x3, 0x40000000, &(0x7f0000000dc0)={r2, r3+10000000})
getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000e00)={{{@in6=@dev, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}}, {{@in=@broadcast}, 0x0, @in=@dev}}, &(0x7f0000000f00)=0xe8)
setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000f40)={{{@in=@multicast2, @in=@loopback, 0x4e22, 0x7ff, 0x4e23, 0x5, 0x2, 0xa0, 0x20, 0x7e, r4, r5}, {0x401, 0x800000000000000, 0xe2, 0xb42, 0x400, 0x1, 0x8, 0x7}, {0x800, 0x71e3, 0x6, 0x8}, 0xada, 0x6e6bbb, 0x2, 0x1}, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4d5, 0x6c}, 0x2, @in=@local, 0x3506, 0x5, 0x1, 0x10001, 0x10000, 0x0, 0x1293}}, 0xe8)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)

14:51:43 executing program 0:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f0000000040)={0x4, &(0x7f0000000000)=[{0x7, 0x4, 0x1, 0x3}, {0x23e, 0xfff, 0x2, 0x7}, {0x1, 0xa7, 0x9, 0x80}, {0x100000000, 0x7, 0xfffffffffffffffb, 0x9}]})

14:51:43 executing program 2:
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r0, 0xffffffffffffffff, 0x0)
ioctl$UI_SET_FFBIT(0xffffffffffffffff, 0x8008af00, 0x713000)

14:51:43 executing program 3:
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/unix\x00')
preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0)

14:51:43 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x240, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:51:43 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x20000, 0x0)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000140)='IPVS\x00')
sendmsg$IPVS_CMD_GET_SERVICE(r1, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x82000020}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES16=r2, @ANYBLOB="080827bd7000fddbdf250400000008000500020000002800020014000100ffffffff00000000000000000000000008000b000a00000008000b00020000000800040000000000240003000800040003000000080001000300000008000400e90f000008000400333d0000"], 0x70}, 0x1, 0x0, 0x0, 0xc0}, 0x10)
r3 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r3}, {r3}], 0x2, 0x0, 0x0, 0x0)

14:51:43 executing program 3:
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/unix\x00')
preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0)

14:51:43 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008914, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dlm-control\x00', 0x400000, 0x0)
getsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000180), &(0x7f00000001c0)=0x4)
r2 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ioctl$SG_SET_FORCE_PACK_ID(r1, 0x227b, &(0x7f0000000200))
r3 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer\x00', 0x8000, 0x0)
ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(r3, 0x800442d4, &(0x7f0000000100)=0x9)
ppoll(&(0x7f0000000080)=[{r2}, {r2}], 0x2, 0x0, 0x0, 0x0)

[  318.824172] audit: type=1326 audit(1551451903.472:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=13853 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45ac8a code=0x0
14:51:43 executing program 2:
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r0, 0xffffffffffffffff, 0x0)
ioctl$UI_SET_FFBIT(0xffffffffffffffff, 0x8008af00, 0x713000)

14:51:43 executing program 3:
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/unix\x00')
preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0)

14:51:43 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x300, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:51:43 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/unix\x00')
preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0)

14:51:43 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
mlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
r1 = syz_open_dev$vbi(&(0x7f00000000c0)='/dev/vbi#\x00', 0x1, 0x2)
clock_gettime(0x0, &(0x7f0000000d80)={<r2=>0x0, <r3=>0x0})
recvmmsg(r0, &(0x7f0000000cc0)=[{{&(0x7f0000000240)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0x80, &(0x7f0000000680)=[{&(0x7f00000002c0)=""/227, 0xe3}, {&(0x7f00000003c0)=""/134, 0x86}, {&(0x7f0000000480)=""/169, 0xa9}, {&(0x7f0000000540)=""/155, 0x9b}, {&(0x7f0000000600)=""/84, 0x54}, {&(0x7f00000001c0)=""/10, 0xa}], 0x6, &(0x7f0000000700)=""/93, 0x5d}, 0x6}, {{&(0x7f0000000780)=@ll={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @local}, 0x80, &(0x7f00000009c0)=[{&(0x7f0000000800)=""/158, 0x9e}, {&(0x7f00000008c0)=""/57, 0x39}, {&(0x7f0000000900)=""/183, 0xb7}], 0x3}, 0x1}, {{&(0x7f0000000a00)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000000c80)=[{&(0x7f0000000a80)=""/198, 0xc6}, {&(0x7f0000000b80)=""/205, 0xcd}], 0x2}, 0x9}], 0x3, 0x40000000, &(0x7f0000000dc0)={r2, r3+10000000})
getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000e00)={{{@in6=@dev, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}}, {{@in=@broadcast}, 0x0, @in=@dev}}, &(0x7f0000000f00)=0xe8)
setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000f40)={{{@in=@multicast2, @in=@loopback, 0x4e22, 0x7ff, 0x4e23, 0x5, 0x2, 0xa0, 0x20, 0x7e, r4, r5}, {0x401, 0x800000000000000, 0xe2, 0xb42, 0x400, 0x1, 0x8, 0x7}, {0x800, 0x71e3, 0x6, 0x8}, 0xada, 0x6e6bbb, 0x2, 0x1}, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4d5, 0x6c}, 0x2, @in=@local, 0x3506, 0x5, 0x1, 0x10001, 0x10000, 0x0, 0x1293}}, 0xe8)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)

14:51:44 executing program 0:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f0000000040)={0x4, &(0x7f0000000000)=[{0x7, 0x4, 0x1, 0x3}, {0x23e, 0xfff, 0x2, 0x7}, {0x1, 0xa7, 0x9, 0x80}, {0x100000000, 0x7, 0xfffffffffffffffb, 0x9}]})

14:51:44 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x80001, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r1, 0x28, 0x1, &(0x7f0000000100)=0x9, 0x8)
r2 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r2}, {r2}], 0x2, 0x0, 0x0, 0x0)

14:51:44 executing program 2:
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r0, 0xffffffffffffffff, 0x0)
ioctl$UI_SET_FFBIT(0xffffffffffffffff, 0x8008af00, 0x713000)

14:51:44 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/unix\x00')
preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0)

14:51:44 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x500, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:51:44 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/unix\x00')
preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0)

[  319.671264] audit: type=1326 audit(1551451904.322:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=13901 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45ac8a code=0x0
14:51:44 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)

14:51:44 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control\x00', 0x218000, 0x0)
sendto$x25(r1, &(0x7f0000000100)="fb91c7df13d6ab7da19919284e29a611de50717d3f77e17ee1496cd42f945b72aada9dd1663e89c95b03625d4e4cfe1fad07a60254ff46be7de8b5194b629b0794cd", 0x42, 0x0, &(0x7f0000000180)={0x9, @remote={[], 0x0}}, 0x12)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r2 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r2}, {r2}], 0x2, 0x0, 0x0, 0x0)
r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00')
sendmsg$IPVS_CMD_GET_CONFIG(r1, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x24, r3, 0x300, 0x70bd26, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x101}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xf3}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000000}, 0x40844)

14:51:44 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/unix\x00')
preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0)

14:51:44 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x600, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:51:44 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)

[  319.848144] net_ratelimit: 22 callbacks suppressed
[  319.848152] protocol 88fb is buggy, dev hsr_slave_0
[  319.858253] protocol 88fb is buggy, dev hsr_slave_1
14:51:44 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x2000, 0x0)
ioctl$PPPIOCDISCONN(r1, 0x7439)
r2 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r2}, {r2}], 0x2, 0x0, 0x0, 0x0)

[  320.328159] protocol 88fb is buggy, dev hsr_slave_0
[  320.333278] protocol 88fb is buggy, dev hsr_slave_1
14:51:45 executing program 0:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000040)={0x4, &(0x7f0000000000)=[{0x7, 0x4, 0x1, 0x3}, {0x23e, 0xfff, 0x2, 0x7}, {0x1, 0xa7, 0x9, 0x80}, {0x100000000, 0x7, 0xfffffffffffffffb, 0x9}]})

14:51:45 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
mlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
r1 = syz_open_dev$vbi(&(0x7f00000000c0)='/dev/vbi#\x00', 0x1, 0x2)
clock_gettime(0x0, &(0x7f0000000d80)={<r2=>0x0, <r3=>0x0})
recvmmsg(r0, &(0x7f0000000cc0)=[{{&(0x7f0000000240)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0x80, &(0x7f0000000680)=[{&(0x7f00000002c0)=""/227, 0xe3}, {&(0x7f00000003c0)=""/134, 0x86}, {&(0x7f0000000480)=""/169, 0xa9}, {&(0x7f0000000540)=""/155, 0x9b}, {&(0x7f0000000600)=""/84, 0x54}, {&(0x7f00000001c0)=""/10, 0xa}], 0x6, &(0x7f0000000700)=""/93, 0x5d}, 0x6}, {{&(0x7f0000000780)=@ll={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @local}, 0x80, &(0x7f00000009c0)=[{&(0x7f0000000800)=""/158, 0x9e}, {&(0x7f00000008c0)=""/57, 0x39}, {&(0x7f0000000900)=""/183, 0xb7}], 0x3}, 0x1}, {{&(0x7f0000000a00)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000000c80)=[{&(0x7f0000000a80)=""/198, 0xc6}, {&(0x7f0000000b80)=""/205, 0xcd}], 0x2}, 0x9}], 0x3, 0x40000000, &(0x7f0000000dc0)={r2, r3+10000000})
getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000e00)={{{@in6=@dev, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}}, {{@in=@broadcast}, 0x0, @in=@dev}}, &(0x7f0000000f00)=0xe8)
setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000f40)={{{@in=@multicast2, @in=@loopback, 0x4e22, 0x7ff, 0x4e23, 0x5, 0x2, 0xa0, 0x20, 0x7e, r4, r5}, {0x401, 0x800000000000000, 0xe2, 0xb42, 0x400, 0x1, 0x8, 0x7}, {0x800, 0x71e3, 0x6, 0x8}, 0xada, 0x6e6bbb, 0x2, 0x1}, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4d5, 0x6c}, 0x2, @in=@local, 0x3506, 0x5, 0x1, 0x10001, 0x10000, 0x0, 0x1293}}, 0xe8)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)

14:51:45 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/unix\x00')
preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0)

14:51:45 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)

14:51:45 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ioctl$sock_inet_SIOCDARP(r1, 0x8953, &(0x7f00000001c0)={{0x2, 0x4e20, @local}, {0x306}, 0x2, {0x2, 0x4e23, @loopback}, 'veth0_to_team\x00'})
setsockopt$TIPC_CONN_TIMEOUT(r1, 0x10f, 0x82, &(0x7f00000002c0)=0x5, 0x4)
ioctl$TUNGETIFF(r1, 0x800454d2, &(0x7f0000000240))
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000280)={0xfff, 0x0, 0x100000001, 0xb3b, 0x2})
ppoll(&(0x7f00000001c0), 0x297, 0x0, 0x0, 0x9e16)
ioctl$sock_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000040))
accept4$packet(r1, &(0x7f0000000080)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000100)=0x14, 0x80000)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'lapb0\x00', r2})

14:51:45 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x700, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:51:45 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)

14:51:45 executing program 0:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000040)={0x4, &(0x7f0000000000)=[{0x7, 0x4, 0x1, 0x3}, {0x23e, 0xfff, 0x2, 0x7}, {0x1, 0xa7, 0x9, 0x80}, {0x100000000, 0x7, 0xfffffffffffffffb, 0x9}]})

14:51:45 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/unix\x00')
preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0)

14:51:45 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = syz_open_dev$mice(&(0x7f0000000080)='/dev/input/mice\x00', 0x0, 0x1)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffff9c, 0x84, 0x6d, &(0x7f0000000100)={<r2=>0x0, 0xd1, "45fe108d3aa2370aba9daf200c4f3ca24a51189483cfd3b858156f9f8b4d4975b46ffa38b4ba1c50a1c137a28dab639803af60653100015bce031ead275489954a750bd23854c26592fe1ace53a96dcd1b2fb8772dff2c023eb45dedc4e4109ca8ccba52e5c2a30b37db9dc7875245499eba6c2984f7f2cb2a3a3755cbc781e9016aa227005feb08d71df606730452a976f61e53a12119bc908bbda5c7a9db2e99701494189d676fe034cfbf634164c0c729cf4c487781f7b2123140c126069c354fa93724ecc043cba67db515fc5c26e1"}, &(0x7f0000000200)=0xd9)
getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000000240)={r2, 0x5}, &(0x7f0000000280)=0x8)
r3 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000040)=[{r3, 0x40}, {r0, 0x80}], 0x200000000000000f, 0x0, 0x0, 0xfffffffffffffe4d)
setxattr$security_ima(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)='security.ima\x00', &(0x7f0000000380)=@v1={0x2, "0af97e950f6b42f374"}, 0xa, 0x2)
openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/thread-self/attr/exec\x00', 0x2, 0x0)
connect$l2tp(r1, &(0x7f00000003c0)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x0, 0x4, 0x0, 0x4, {0xa, 0x4e23, 0x69c4bc26, @rand_addr="a4a6f977c02f419228c41b79ddfb4e29", 0x4}}}, 0x32)

14:51:45 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x900, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:51:45 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)

14:51:45 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/unix\x00')
preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0)

[  320.808235] protocol 88fb is buggy, dev hsr_slave_0
[  320.813331] protocol 88fb is buggy, dev hsr_slave_1
[  320.818472] protocol 88fb is buggy, dev hsr_slave_0
[  320.823523] protocol 88fb is buggy, dev hsr_slave_1
[  320.828642] protocol 88fb is buggy, dev hsr_slave_0
[  320.833691] protocol 88fb is buggy, dev hsr_slave_1
14:51:45 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
mlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
syz_open_dev$vbi(&(0x7f00000000c0)='/dev/vbi#\x00', 0x1, 0x2)
clock_gettime(0x0, &(0x7f0000000d80)={<r1=>0x0, <r2=>0x0})
recvmmsg(r0, &(0x7f0000000cc0)=[{{&(0x7f0000000240)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0x80, &(0x7f0000000680)=[{&(0x7f00000002c0)=""/227, 0xe3}, {&(0x7f00000003c0)=""/134, 0x86}, {&(0x7f0000000480)=""/169, 0xa9}, {&(0x7f0000000540)=""/155, 0x9b}, {&(0x7f0000000600)=""/84, 0x54}, {&(0x7f00000001c0)=""/10, 0xa}], 0x6, &(0x7f0000000700)=""/93, 0x5d}, 0x6}, {{&(0x7f0000000780)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, 0x80, &(0x7f00000009c0)=[{&(0x7f0000000800)=""/158, 0x9e}, {&(0x7f00000008c0)=""/57, 0x39}, {&(0x7f0000000900)=""/183, 0xb7}], 0x3}, 0x1}, {{&(0x7f0000000a00)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000000c80)=[{&(0x7f0000000a80)=""/198, 0xc6}, {&(0x7f0000000b80)=""/205, 0xcd}], 0x2}, 0x9}], 0x3, 0x40000000, &(0x7f0000000dc0)={r1, r2+10000000})
getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000e00)={{{@in6=@dev, @in=@broadcast}}, {{@in=@broadcast}, 0x0, @in=@dev}}, &(0x7f0000000f00)=0xe8)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)

14:51:45 executing program 0:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000040)={0x4, &(0x7f0000000000)=[{0x7, 0x4, 0x1, 0x3}, {0x23e, 0xfff, 0x2, 0x7}, {0x1, 0xa7, 0x9, 0x80}, {0x100000000, 0x7, 0xfffffffffffffffb, 0x9}]})

14:51:45 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/unix\x00')
preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0)

14:51:45 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)

14:51:45 executing program 4:
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x101, 0x0)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(0xffffffffffffff9c, 0x84, 0x73, &(0x7f0000000100)={<r1=>0x0, 0x33, 0x30, 0x4, 0xfffffffffffffbff}, &(0x7f0000000140)=0x18)
getsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000180)={r1, 0x6, 0x5, 0x4c7b, 0x40, 0x7ff}, &(0x7f00000001c0)=0x14)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r3 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ioctl$SIOCX25GCALLUSERDATA(r3, 0x89e4, &(0x7f0000000200)={0x5a, "356795f9c2a46c1f2195b23990ad36a7ca78d71beb0b8867ad6abd108eb37990b80ae974005238e81a00afe02aad7b50d7cb31d6ed701e56a8899f9a6c165dc0d0542de6f8607ccf1893d162116a18015b49beb0e4f03415a59c83d616e3b86410642ee2c1de51a16a6e0bcbf40ea8f83add9427c089f455828670b883097ba4"})
ioctl$SG_IO(r3, 0x2285, &(0x7f0000000500)={0x0, 0xffffffffffffffff, 0x98, 0x7fff, @buffer={0x0, 0x8a, &(0x7f00000002c0)=""/138}, &(0x7f0000000380)="4209b616e93e31ef003dcc3b5cff8eba1afb156c7d564348f234b64964a4a956093c103fa7b7ef13a58643310f22c4fb5de6f92fcd4c06eeb2cb9e06222b911bf83cbff700d9f7ac83c56b55bdabfc7f73341c4c09100798876e2e74ec86b746df32f9405f61412fe22811045d8115eab5bedb01dbbe879f02d204b02ce7b38d7168170de410ee9f8168d501f0e805a5e25e111e02814cc6", &(0x7f0000000440)=""/98, 0xa57, 0x20, 0x3, &(0x7f00000004c0)})
ioctl$SIOCGSTAMPNS(r3, 0x8907, &(0x7f0000000580))
ppoll(&(0x7f0000000080)=[{r3}, {r3}], 0x2, 0x0, 0x0, 0x0)

14:51:46 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0xa00, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:51:46 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380), 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/unix\x00')
preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0)

14:51:46 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000280)='/dev/sequencer2\x00', 0xc00, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000002c0)={0x4})
r2 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={<r3=>0x0, r2, 0x0, 0x12, &(0x7f0000000040)='/dev/snd/pcmC#D#p\x00'}, 0x30)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
setsockopt$netlink_NETLINK_PKTINFO(r2, 0x10e, 0x3, &(0x7f00000001c0)=0x8, 0x4)
getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r2, 0x84, 0x74, &(0x7f0000000200)=""/59, &(0x7f0000000240)=0x3b)
sched_setaffinity(r3, 0x8, &(0x7f0000000100)=0x91)
pipe2(&(0x7f0000000180), 0x800)

14:51:46 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)

14:51:46 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0xe00, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:51:46 executing program 0:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)

14:51:46 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x0, 0x10000000000)
ppoll(&(0x7f0000000080)=[{r1}, {r1}], 0x2, 0x0, 0x0, 0x0)

[  321.642529] audit: type=1326 audit(1551451906.292:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=14025 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45ac8a code=0x0
14:51:46 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
mlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
syz_open_dev$vbi(&(0x7f00000000c0)='/dev/vbi#\x00', 0x1, 0x2)
clock_gettime(0x0, &(0x7f0000000d80)={<r1=>0x0, <r2=>0x0})
recvmmsg(r0, &(0x7f0000000cc0)=[{{&(0x7f0000000240)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0x80, &(0x7f0000000680)=[{&(0x7f00000002c0)=""/227, 0xe3}, {&(0x7f00000003c0)=""/134, 0x86}, {&(0x7f0000000480)=""/169, 0xa9}, {&(0x7f0000000540)=""/155, 0x9b}, {&(0x7f0000000600)=""/84, 0x54}, {&(0x7f00000001c0)=""/10, 0xa}], 0x6, &(0x7f0000000700)=""/93, 0x5d}, 0x6}, {{&(0x7f0000000780)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, 0x80, &(0x7f00000009c0)=[{&(0x7f0000000800)=""/158, 0x9e}, {&(0x7f00000008c0)=""/57, 0x39}, {&(0x7f0000000900)=""/183, 0xb7}], 0x3}, 0x1}, {{&(0x7f0000000a00)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000000c80)=[{&(0x7f0000000a80)=""/198, 0xc6}, {&(0x7f0000000b80)=""/205, 0xcd}], 0x2}, 0x9}], 0x3, 0x40000000, &(0x7f0000000dc0)={r1, r2+10000000})
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)

14:51:46 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380), 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/unix\x00')
preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0)

14:51:46 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)

14:51:46 executing program 4:
r0 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000040)='tasks\x00', 0x2, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f00000001c0)={&(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000100)="d75d96b8b0cf2f210cbc572c54028d1e9276f1f4256d057c404fdf245b0de02278d2fd941cc18afab33436fee692b65ae6d1487bf3cbe130b6888a89660bfa72a43b0904d56f74935c07192be23631a755783250830eda2948ef2e468d93a13460773ab58ff78e26995e89ad37a20b3fdbf196f4be65210319f869897b8b4d51247bde9449063b03caaba461dcd7b36a65c30e1e47f994337979eb3fdf832193baa76cb2", 0xa4, r0}, 0x68)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r2 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000240)={0x0, <r3=>0x0})
fcntl$lock(r0, 0x26, &(0x7f0000000280)={0x2, 0x4, 0x100, 0x7, r3})
ppoll(&(0x7f0000000080)=[{r2}, {r2}], 0x2, 0x0, 0x0, 0x0)

14:51:46 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x1802, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:51:46 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380), 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/unix\x00')
preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0)

14:51:46 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)

14:51:46 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = creat(&(0x7f0000000000)='./file0\x00', 0x130)
connect$caif(r1, &(0x7f0000000180)=@util={0x25, "887368fb86831e9d18c1998f4baa3832"}, 0x18)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
ioctl(r0, 0x10000, &(0x7f0000000100)="f86448b4666a5cadf50da3c8e2efa4df2db4f3430eb7c74ed8ef69347fda42e197559792a87cb3e6781215d751810153aec2fa052c058ceb6ec3ccab1253bf5471135cf55df16c22c5399380fb7c6c19c2d3243a7b6ae402bb38b77019986bdbbc49ee15c30ef6fb31080913e7db1305679735d1cfd5120aab7806")
r2 = syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r2}, {r2}], 0x2, 0x0, 0x0, 0x0)

14:51:47 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x2000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:51:47 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(0xffffffffffffffff, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)

14:51:47 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000100)='/dev/snd/pcmC#D#p\x00', 0x400000000002, 0x0)
ppoll(&(0x7f0000000080)=[{r1}, {r1}], 0x2, 0x0, 0x0, 0x0)

14:51:47 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{0x0}], 0x1, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/unix\x00')
preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0)

14:51:47 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(0xffffffffffffffff, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)

14:51:47 executing program 0:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)

14:51:47 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{0x0}], 0x1, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/unix\x00')
preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0)

14:51:47 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x3f00, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:51:47 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
mlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
syz_open_dev$vbi(&(0x7f00000000c0)='/dev/vbi#\x00', 0x1, 0x2)
clock_gettime(0x0, &(0x7f0000000d80))
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:51:47 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(0xffffffffffffffff, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)

[  323.108293] audit: type=1326 audit(1551451907.762:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=14087 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45ac8a code=0x0
14:51:47 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{0x0}], 0x1, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/unix\x00')
preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0)

14:51:47 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0)
r0 = syz_open_procfs(0x0, 0x0)
preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0)

14:51:47 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:51:47 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, 0xffffffffffffffff, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)

14:51:48 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000200)=[{r1, 0x100}, {r0, 0x20c2}], 0x19028a91557ec18c, 0x0, 0x0, 0x0)

14:51:48 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0)
r0 = syz_open_procfs(0x0, 0x0)
preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0)

14:51:48 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, 0xffffffffffffffff, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)

14:51:48 executing program 0:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)

14:51:48 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1, &(0x7f0000000100)="0a03019f71fa9e313b00043fed1eb595c5c6523ce4f66e8ab3ab84a348b76b5788c7f4b1f13fb9daed4ffea5cd49c42676babe70c97275f9bd45e41bb2535e5d0ba1056e89f65cbca3d74b1661ead0d313c54757c0220d3130f2932990fd9d6909adcd4d1a1e98487f807808ba4112da74f5f92859a71d")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r1}, {r1}], 0x2, 0x0, 0x0, 0x0)

14:51:48 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4002, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:51:48 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0)
r0 = syz_open_procfs(0x0, 0x0)
preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0)

14:51:48 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, 0xffffffffffffffff, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)

14:51:48 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
mlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
syz_open_dev$vbi(&(0x7f00000000c0)='/dev/vbi#\x00', 0x1, 0x2)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:51:48 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000240)='net/unix\x00')
preadv(0xffffffffffffffff, &(0x7f0000000480), 0x2000000000000113, 0x0)

14:51:48 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x40000, 0x0)
setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000100)={0x7fff, 0xdd, 0x1000, 0x6, 0x6, 0x100000000, 0x20, 0xecc, 0x3, 0xda, 0x2d5}, 0xb)
r2 = syz_open_dev$sndpcmp(&(0x7f0000000140)='/dev/snd/pcmC#D#p\x00', 0x9b1, 0x0)
ppoll(&(0x7f0000000080)=[{r2}, {r0}], 0x2, 0x0, 0x0, 0x0)
openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x0, 0x0)

[  324.047083] audit: type=1326 audit(1551451908.692:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=14139 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45ac8a code=0x0
14:51:48 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(0xffffffffffffffff, 0x8008af00, 0x713000)

14:51:48 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x5301, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:51:48 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000240)='net/unix\x00')
preadv(0xffffffffffffffff, &(0x7f0000000480), 0x2000000000000113, 0x0)

14:51:48 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(0xffffffffffffffff, 0x8008af00, 0x713000)

14:51:49 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x80fe, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:51:49 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000240)='net/unix\x00')
preadv(0xffffffffffffffff, &(0x7f0000000480), 0x2000000000000113, 0x0)

14:51:49 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(0xffffffffffffffff, 0x8008af00, 0x713000)

14:51:49 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
mlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:51:49 executing program 0:
r0 = syz_open_dev$sndseq(&(0x7f0000000180)='/dev/snd/seq\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(r0, 0xc05c5340, &(0x7f0000000280))

14:51:49 executing program 0:
r0 = perf_event_open(&(0x7f000001d000)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
read(r0, &(0x7f00000000c0)=""/74, 0x97)

14:51:49 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/unix\x00')
preadv(r0, 0x0, 0x0, 0x0)

[  324.968150] net_ratelimit: 18 callbacks suppressed
[  324.968159] protocol 88fb is buggy, dev hsr_slave_0
[  324.978328] protocol 88fb is buggy, dev hsr_slave_1
[  324.983430] protocol 88fb is buggy, dev hsr_slave_0
[  324.988556] protocol 88fb is buggy, dev hsr_slave_1
[  324.993655] protocol 88fb is buggy, dev hsr_slave_0
[  324.998756] protocol 88fb is buggy, dev hsr_slave_1
14:51:49 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
getsockopt$IP_VS_SO_GET_VERSION(r0, 0x0, 0x480, &(0x7f0000000040), &(0x7f0000000100)=0x40)
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r1)
getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000a80)={{{@in6=@empty, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in=@multicast1}, 0x0, @in6=@mcast2}}, &(0x7f0000000b80)=0xe8)
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000140)={<r3=>0x0, @in6={{0xa, 0x4e21, 0x702012a2, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x7}}, 0x33e6997, 0x0, 0x81, 0x9, 0x80}, &(0x7f0000000200)=0x98)
fremovexattr(r1, &(0x7f0000000280)=@known='trusted.overlay.nlink\x00')
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000240)={r3, 0x1, 0x30}, 0xc)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000bc0)={'team0\x00', r2})
ppoll(&(0x7f0000000080)=[{r1}, {r1}], 0x2, 0x0, 0x0, 0x0)

14:51:49 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x0)

14:51:49 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0xfe80, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:51:49 executing program 0:
mknod$loop(0x0, 0x0, 0xffffffffffffffff)
timer_create(0x0, 0x0, 0x0)
timer_gettime(0x0, 0x0)
r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xed}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
rmdir(&(0x7f0000000040)='./bus\x00')
socket$inet6(0xa, 0x3, 0x40003)
ptrace$pokeuser(0x6, 0x0, 0xa, 0x1000)
r1 = creat(&(0x7f0000000440)='./bus\x00', 0x4)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000280)={'veth1\x00'})
ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, 0x0)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0)
ioctl$PIO_UNISCRNMAP(r1, 0x4b6a, &(0x7f0000000c00))
r2 = socket$inet6(0xa, 0x0, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, 0x0, 0x0)
ioctl$TIOCLINUX5(0xffffffffffffffff, 0x541c, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000340)='net/ip6_flowlabel\x00n\xc01\x14\x894X\xed\xc1\xc9\xd8\xdcK\r\x8d\xae\x98&@\xd0\xe6\xbbQ\xd7\xffYn\x1c\x92\xde\x0e\xaa1\x91\x98\xe9\x1f\nMCi|+\xcdw\xf0\x176Z\xf1`\xac\xf3;\xd6d2\xeb\xe5\f\x0e\x8b\xda\xf7\xfc9\xfe\xff4\xef\'\xa19q\x93\"\x7fG3\xc1E\xe6e6\xc6\xc2u\x11% \xe7+0\x97\x84;\\\xda\xc4\x80\xc3\xb18N\xbfY%\x05\xf8\x85\x89\xfc\xd2\xd7')
sendfile(r0, r3, &(0x7f00000000c0)=0x202, 0xdd)

14:51:49 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/unix\x00')
preadv(r0, 0x0, 0x0, 0x0)

14:51:49 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x0)

14:51:49 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/unix\x00')
preadv(r0, 0x0, 0x0, 0x0)

14:51:49 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0x5, 0x101200)
ioctl$EVIOCSCLOCKID(r1, 0x400445a0, &(0x7f0000000100))
ioctl$KVM_GET_NR_MMU_PAGES(r1, 0xae45, 0x9)
r2 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r2}, {r2}], 0x2, 0x0, 0x0, 0x0)
readv(r1, &(0x7f00000011c0)=[{&(0x7f0000000140)=""/4096, 0x1000}, {&(0x7f0000001140)=""/81, 0x51}], 0x2)

[  325.368279] protocol 88fb is buggy, dev hsr_slave_0
[  325.373375] protocol 88fb is buggy, dev hsr_slave_1
14:51:50 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x0)

14:51:50 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
mlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:51:50 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0xff0f, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:51:50 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x80000100000890e, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
accept4$unix(r1, &(0x7f0000000100)=@abs, &(0x7f0000000040)=0x6e, 0x80000)
ppoll(&(0x7f0000000080)=[{r1}, {r1}], 0x2, 0x0, 0x0, 0x0)
r2 = syz_open_dev$swradio(&(0x7f0000000380)='/dev/swradio#\x00', 0x1, 0x2)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x900000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x1c, r3, 0x200, 0x70bd2b, 0x25dfdbfc, {}, ["", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000804}, 0x0)
ioctl$TUNSETFILTEREBPF(r1, 0x800454e1, &(0x7f0000000180)=r1)
ioctl$KVM_GET_FPU(r1, 0x81a0ae8c, &(0x7f0000000500))

14:51:50 executing program 3:
epoll_create1(0x0)
epoll_create1(0x0)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vga_arbiter\x00', 0x0, 0x0)
pipe(&(0x7f0000000180)={<r0=>0xffffffffffffffff})
write(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, 0x0)
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200), 0x0)
vmsplice(r0, &(0x7f0000000000), 0x0, 0x0)

14:51:50 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x100000080002, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
write(r0, &(0x7f0000000280)="1f0000001e0007f1e9f5ff02000400000000000400ffffffff0003728d0417", 0x1f)

14:51:50 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = creat(&(0x7f0000000040)='./file0\x00', 0x80)
ioctl$KVM_XEN_HVM_CONFIG(r1, 0x4038ae7a, &(0x7f0000000240)={0x40, 0xb7f, &(0x7f0000000100)="35559e44c776e33aabf4f9f9c22b6784b94a9f8a0befb9b5fc64ff3b62e92cf50070961a46d3214074f525c37de1e9b47f74783081b239496a0ffcf86bb76a197f013f1e16a2a68c1a0d78998bc7a6dd7e00b268998fa97c703b975adf8029b3380cdd4257d3c8b9e4d8ba75a1c946fac979ac388f13c28e509b9d90c8fba1370367586d6ad69e54a93d1f16e90bd9cb912b05d8b2d1594f50b7455efdc98e5c93502d16b259c5b1d53a100df07680c0c03a52854950623e8b7109c67295cc53ef05b5", &(0x7f0000000200)="8de1a034f1edeff4a9d9df5eb1a3e6b9265b2a433dd4282f2452e33004346bad98e0c541a24a016ce1a1d33ff4a1a5f3f6", 0xc3, 0x31})
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r2 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r2}, {r2}], 0x2, 0x0, 0x0, 0x0)

14:51:50 executing program 3:
r0 = socket(0x10, 0x1000040000000003, 0x0)
write(r0, &(0x7f0000000000)="22000000140093f0337c5c96aa8e03040208031301000000080002004111b8e376ab", 0x22)

[  325.643554] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.0'.
14:51:50 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
mlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:51:50 executing program 2:
syslog(0x2, 0xfffffffffffffffd, 0x147)

14:51:50 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x400100000001, 0x4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
r1 = dup2(r0, r0)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x131f64)
clone(0x2102001ff7, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
setsockopt$inet_mreqn(r1, 0x0, 0x24, 0xfffffffffffffffd, 0x33)
write$P9_RMKDIR(r1, 0x0, 0x0)

14:51:50 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x50000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  325.783119] netlink: 2 bytes leftover after parsing attributes in process `syz-executor.3'.
14:51:50 executing program 2:
syslog(0x2, 0xfffffffffffffffd, 0x147)

14:51:50 executing program 4:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r0}, {r0}], 0x2, 0x0, 0x0, 0x0)
getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000001140)={{{@in6=@mcast2, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}}, {{@in6=@empty}, 0x0, @in=@multicast1}}, &(0x7f0000001240)=0xe8)
fstat(r0, &(0x7f0000001280)={0x0, 0x0, 0x0, 0x0, <r2=>0x0})
syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f00000000c0)='./file0\x00', 0x200, 0x1, &(0x7f0000001100)=[{&(0x7f0000000100)="9f69d6f67994637d1694b85c1c96cb5e664a69344f944c0eb5d15389a9273b64ce17ee7a7fe55023528c0f7311cfaee2e0fd7dac25b257cf8c89cd1d3c602ba80adcc2ba11f23322a0667b6e8965e6b9206b94b74bb493e6c5f67fbdca64fee209740234d5074ad4a9e34c12640a8f4de17b5f1a8bf4465619ce735f63d7a4a9fb9c1bd56283571e6b0d84125206b90d9ecd9d4e44368cf90e7c53386e7ff75dd07416ca98a97352cd76493abf766be944aacb021d2cbe32de50fc0240717fe0439b3eda89864627aa6feb1182c844db44ebd56eefeaab2e494909ab1a3b2bfd33debba2557467d21bdb1f53516a3bfb42466e79dbefb30e36f3fa8537fef1226ac7267b98d71da174e178601f9aa7d6ada84e5ddcd7316a6a73aad7819a00907a412791bc5d07abbb7caf7445ab85fe455f5f9abac92028f4e6c3789b484a0c34bda009c186b5e14e50bf22bc8127a28b4487b6b30bb45f8a241fc60d1371d573d567f8b786177d12baf6ef54e5aad20349e8f85998852bbe5d62c08b958b41872be66f17845ffec1334e759e82ed474f88b6284efc0f1ec4498c84c5ba9f48b71a3dd9e59f150d22c1b56015b0d7ca268959ee850e4b3d98c73fc3e6f7067eabd3fb67a0adf4b9d31653645aaedc557f98447cf99f705201750117175b7b1635943b8db44de874bca5dc59d931ee84c2e4b3f5b26364dd52db9c59a6d6b48c5d80d2df83a26149da8ae2003a5c7222b04b675b6c86c7114b4dc0d711c28060fc09d2919ab0ff608ebd56dadcb605ae285a076834075f738c5d50ef69e65179f48108a121325bb1c11c15992a92ba1962f4edade835081d7f9a95478f6f61c70c623b014b1689caf342813c5dd971d720dc0ab78d0394cc4e66439f178f4978e9f2c367ddaabbd7b8ced1748f3a786c3f04d70b216e54eb888e518bd5ca2af8231242c81b821eaf8440b716e9ab74c0b34bd2898e7985da03a27f7fc41393e03f28be2ef6cfe3f420e4daa3cd7545e7fa0bee865be6040e884776b63cff58d7f19b6ea70051bddb608587541ed06819e4d3e280c34047f6f010de4ad8d08fbef9d9af4b9f26b531549c165bd011c0f9362983ef0b41d44099d78d2372b93db6bdef25f1e2b3ae7181375f439f569ec54cd278c27c46df49aa9768711507b4388ce4fd5cdd9bd97b4facb0a259a4e193bf62fbe390d54092a5bca24d971bb524e0886f868406d77cfef8fab4e136460f6f5abf17d87c80f33d9d1a03d75e6aec19476ec61494ae5049fedb884b9c8e8fd8488d7e31fed2b0be7b476cbcda46ac2ae00d9992d64fa33b47b10d0cfd6db63dabc9f6d4cfe2a8d4a407c4295a80e7961b44890fa5f69895fa92d3646ee6962a282118c67bfba15283a4653959b7cc12e17a050bbae5c541d7bc14382947a860a8c4bda3106f8224ec094d0fbd191f3421acc720d94d6ab8a670f3fbb09bb54852c7345aea634df9935ffc53d6906ccc3190249d00fba856ec3be7d24e0fbd4f026b1f905206afe7824f769e1a6cd35988602c1065ba9cef86f142a2038b771d3fdaafc041792b57eb0557790e303f1491427f86f21e1b1d88bcdca90a3d656f48e3dc0d4b1722cabfcf0c776297421942ec5ac8d8dd0fb19477f6badc0c934720b0a2ce74083bad9aed446f9c168210e0eaaeb08cb094cdd41571fe76f3a8a0178df6ce9af4cf3dd18f417d6ec5791878ac140c5d99d6eb56e1649e9b32a0c4a0d2d18ca47245ffd99aa963aee7cf89ee90fec28253b37023f7349fb1c5f6d1e9ec9c745fa66d54926292df63226abaa371df3fc2c0f4c3db02f3f8837ecd6b06ab3a40a5b4510c372535078f91dbde0681be033dde8331d3372c7298bd8b77bab8eb0ba10e84efcca377e72a250159bda96c704e2e66356fd76d46073451a73b08236d585babaccdd1ca1331c28450cc8b79d57573cdc86d47d5683907676997814ec05a32b8f2aaab2e96e7c0fb549539c590bbbd985a29036f631527e315910568a1a82187a719058dfd6e159877447d8d3ea7ef57e75e3c47e9512fd6e50cc47a83f11f55506f21ac8db39ad431109d12fca517f3c738867178c37d35d3d89085908d51d7730559b8c208874be83367e7663bf4bb43da62e546f13dbf18166cc1fc9533112fb88fb40ee55eefd7df827f72c402e2b506a06f8f4c195f16839945ae216a9598caa02c4e786b14e8af8fbae0373e494b9f0b8aa4ed25bb03ff1e4839fedf3007d63871862965cf6cf2c0c3a6f066505babe1dba12ed285a91d7b4c7de0d153533fbce62b60276873530329fdbac214511dc1cd7aaee60ad71800e56339c36d6127699aabf8a5d399f9bb1e4ebc0289a52e927d7ca5a50ffdc0b5ca18966ba41ba99fa189cfe9816c75bd16cd5b44110e985ca79189e532d751f33dcfb7d34643edb5b6551a914468288b4a6da20d3cdd0c4ccbb6cb180a1d14ecaa5d14c8e1b29744fdd30f069678c033595d6e9d026cebfb1395ce9bce6c98d6355c6e76a256301fd1825c744ea002c51d4eac2900e6442a8e2b028eff0764d55119679440b345471ddd54c631d8c297a6a248f756eb7a2f3ec7801930b4bb811c5e527c3e23e5486e388bbdafaa94fee1ca8cb25054fe0bd8224c2036b9598e34234d5ebbe3be3dc13ec4998d281bfcba0e3dd4942f5633b46aa92d926f1e8e44cfb10ccf4b7752c95c0b8ac51159d6042342bdf5409954db3269841d8e51e5c7c05d40f15649a679a7a2a6fecda62d261846fda014f217e6a8be2190bd75992a6e2907f0dee0626fd9540e35fe63cbc9b343859bb38ac31def5d81fadbe9764ca5a05b00e6883ae3b377c66da056da7d661bad230ab506a813fbf31b287d28d4017ff6441c7179f981aa671312ea2514dd4bc65e0093770822b1335a5a657d490f6d02797007f1b741c6d6bf0fa576d2f6315a5b7839b6bfe05b8a990a69472833f4206b5c4432f2474fcc01631ca3e758530dbf1985ca8f60764bd5c51656fb76fe9ee108e3b319be813cf7153cd801f8262f13c1832dcd0d5824af11c260abdc79d26d5ecf82812dd5bd1642ffd86f7b0dfb576e5601f6b782c78ec530a110030273c4cb790ada059839f00f4e158cb726ad9c9d382448a87a28501c48f3aa06e99950e0d0d94246d02794e4c09e97e5303d590e9faedd1ec05ee54eff482f0277b0e7c31c246f1695301bf49707c509a829012f7806b7885987c42d5521f213d1bfc8ccaa579078fd7d5f91e693f630459004dc78190b8267dd3f640628f5ccb1910a4bb649cd23b3f59b82e6b0eaec1caadf85bcd3a7835ad0f3d4fc50d4e7bf120df3bd378acee6f202593ec3a597d0f68c575758c8c0e21e399a3a51ff56cef564ef38564cecd5c5ebd78b34a4a89ffe85263272de1c4c80435ceb8df2688c66e35808a00a22d38afc72a96803f4d4cfbde78d0e4a01470572d2c31b37c1f74c1f3cb7c53a8274327122c4116c9db552c7c3d6512d2725cef2499e8239d915e2905adbf9630c4107516b180302e7db7ec8a6138543ec746296b273046d49f10089d060690be9a9856f3f24036b71bf6cf08117f857d89ab3bf6dda5ec7224999804ad5f2ae5a2f57556b5b7b3a381072d3bbe490004e998d3ad42b11022038366ee53fe8f25f909ddca22fd0dc38524d44940ed4382aa5aed184f932558a471d9068c09f861e4ac7704aae79b6ef94e21dc3f9654a86c2021a7f8212c4248d1512fed151da7228f63023c04e2f4b1d2df6f7674179fe1f2f205154d44412aa186e8c17eab3a4f20c8fe8d3be8423c3e8de1c0fc78066ac6d9466bad29cf714402b021a7f5599ce49698f76aa738bcfb665a4074626b1cd4af78878bf876a3b975aab76f00fae631de42f229f7b5f0929a31387a906bc30f11813ccc4e07bba48dc982994b218aa8aa4958be27f7b45496ee0d257208db0374b9fe135066ee58338698bf2fdef118bc30d836616eed0e637b86f1e9a288280739e5e058224d26152a49426d6d0752d72fa73c2f6335e91440e931d07b3be76ebdbeb5fd253e83a1061b97eeace5bc0a2698cbe3bfeb4484c096e7828dfa60ef5c66ba18d88af5dafc81a89dd48032194001379430ab492f28b18dcd34150675a374cb51be0dc2779ac4035652df4bab106013fc061bc899e2b60bf6d0e75e6e18c39a8a54436d0db9c5499966758afc7d2295f696deea198835ae24038b707e3a3e17601428033a69efb5432fb76b92283bd1d672769c0bd8d1d550c5b2fa779cfbd140808c6ec82acb392ccda462d63c17ccfb8b44b78306aa67496f91e1d5d67b1c2a376c7648526a60dd995c021590fb14dd2bbc0ad470ebab91922be04d56190bc402cd1604012b1d32bdb30d3ec8ca160ed5da29a086629d8134a330cdfe6ffe00ce833e762a5779e06b0382db510df57d192bfd8bb2859115685811a2d7cc854e18597359321fb1dd25837fb795041a6d99dfa831893581bd776d63df6bf1116997c41237732730b3c64de2c0a8a0728ed6e2d21bc8880795f0adbc63eab3857ca087e4df25fcae7ddb7d6e6318f05ef9739265493d5019f205869722e4ae5ee84f683009f69d43555692ee82ba4f210c11e70762b0edf7452512a960a7757012f1140d84dd477d1f9ff68be8f4c8d4137cbf0a509917434f87848da931e9319c7cdf5777a4aeafc0e644288acd312254d732d2c088d6cccbea6dfb8aad2ce38b80e531b59beffc9687d3fa233f7000c1c4a557474c8bbb88f5bcc49e7b85181dca7a67e3231fbdbf0bdd5d7a16ac97e5b5132a1c835fc982cb7e783cd9645e5c5b616f742471b560068104428b0e3de43b16bcfed0240964554d8ab99d856c3caabfe4d27adba2feb4da3483869820849f70d85320a4f7bbefadaca08f6e9da7bd6a83e8375066a48bbca7d30cb6a74557f51ca5761d7f2c684c6ccac9d3092774796d61cae5edfe7237afd7342c329f83888758cb846a876a5d08920775a0ef19e46e9236b4344a2470cdc9c0cb61762ec9bde03ae93e5e06fe6494ac9f532866e9ccc415d2b0a9b512710adbd7dfd86b56f8dfbd52d2a35c66c262b8d491468cea6d3cb03e19fc7355f013b67ef365f21cf10a877130c259724b971f00b0914e236d821275b8792d589300b64880a36281fd6e9d9a691d50fda323f532d6df523b5b8c86e42d52decd941927ee418a186645d06fc003579bf6ce6a5b86d240a1412ace19ed56b717628c4383b3943216c4606b45085cd7a1e59832f38498ef17cdf702baaa9562bf62890dae74dbb6d3bae6366dc875cf0c9d5f8faf81f4bf9edb4e4ec537ea94bfe7f401dee430a3072caaf6a75c93655bd6170bd85585da5395c00a700c3820d55d2db1428a0487c1ec00271a3e5a24f7d0e4b87d5648020e13a8d3dcd95719cb65518d950b88d6cadc230a243fc4b6305c3565a93ab02f409b60ff7d00a829363af97ca1e9e0b33d845d1e1aa7834f1f2cb6a7892681f479ff91ce51f490d0c8e56b406ff3243d505884069955c5400dbb01d4e9f7d4fd72c9f9a21d3d5b4f61898870652797ae02250be45343a017c0ca4831361b79d26f4a2bd1b06c669b2b961a0dda6c4896e608986759d5764c73ebf107d89bc15ebc7eb7938af2c768b4ff6fbedf8b7a5e0231ea7a52742d60d127af52720cd13718332f0aa813388c4010efda8ddd763fd65bca1e62ce9c3fe23a9181873b20db62fbff25c24a4b484f9069ad9408da255b3bf8e0bf77b817de71fdad1fe031c1e245d4378770e2d5e19fb3e16", 0x1000, 0x2}], 0x905080, &(0x7f0000001300)={[{@nonumtail='nnonumtail=1'}, {@nonumtail='nnonumtail=1'}, {@fat=@uid={'uid', 0x3d, r1}}, {@uni_xlateno='uni_xlate=0'}, {@shortname_win95='shortname=win95'}], [{@fowner_eq={'fowner', 0x3d, r2}}, {@hash='hash'}, {@subj_type={'subj_type', 0x3d, '/dev/snd/pcmC#D#p\x00'}}, {@obj_type={'obj_type', 0x3d, '/dev/snd/pcmC#D#p\x00'}}]})

14:51:50 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
mlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:51:50 executing program 3:
lsetxattr$trusted_overlay_origin(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)='trusted.overlay.origin\x00', &(0x7f0000000100)='y\x00', 0x2, 0x2)
seccomp(0x1, 0x0, &(0x7f0000007ff0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]})
syz_execute_func(&(0x7f00000000c0)="0faef24029450f6526673e45fe0ac46179fe60006a3e6509094d85d04e92d9f4c4027d085939d06323660ff7c6")
stat(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, <r0=>0x0})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
recvmmsg(r1, &(0x7f0000006000)=[{{0x0, 0x0, &(0x7f00000017c0)=[{&(0x7f0000000480)=""/80, 0x50}, {&(0x7f0000000000)=""/58, 0x3a}, {&(0x7f0000000080)=""/50, 0x32}, {&(0x7f0000000500)=""/160, 0xa0}, {0x0}, {&(0x7f00000016c0)=""/206, 0xce}], 0x6, &(0x7f0000001840)}, 0x8000}, {{&(0x7f0000001880)=@pppol2tpv3in6={0x18, 0x1, {0x0, <r2=>0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, 0x0, 0x0, &(0x7f0000002d40)=""/131, 0x83}, 0xa94}, {{&(0x7f0000002e00), 0x80, &(0x7f0000003000)=[{&(0x7f0000002e80)=""/48, 0x30}, {0x0}], 0x2, &(0x7f0000003040)=""/198, 0xc6}}, {{0x0, 0x0, &(0x7f00000042c0)=[{&(0x7f0000003140)=""/97, 0x61}, {0x0}, {&(0x7f0000004280)=""/64, 0x40}], 0x3, &(0x7f0000004300)=""/4096, 0x1000}, 0x8}, {{&(0x7f0000005500)=@hci, 0x80, 0x0}}], 0x5, 0x0, 0x0)
syz_genetlink_get_family_id$team(&(0x7f0000000140)='team\x00')
nanosleep(&(0x7f00000001c0), &(0x7f0000000680))
fcntl$setlease(r2, 0x400, 0x2)
setresuid(r0, r0, r0)
accept4(r2, &(0x7f00000005c0)=@pppol2tp={0x18, 0x1, {0x0, <r3=>0xffffffffffffffff, {0x2, 0x0, @dev}}}, &(0x7f0000000640)=0x80, 0x80000)
setsockopt$IP_VS_SO_SET_ADDDEST(r1, 0x0, 0x487, &(0x7f0000000340)={{0xff, @empty, 0x4e24, 0x4, 'none\x00', 0x20, 0x2, 0x30}, {@rand_addr=0xfffffffffffffffe, 0x4e24, 0x3, 0x101, 0xffffffff}}, 0x44)
rt_sigaction(0x3e, &(0x7f0000000840)={&(0x7f0000000740)="dc19420f582e66430f383ea30500000067670f1a8242b0860ec461b572e000c4e1181208f390c4630d48390ec46245938c6200000080c40280f316", {0x8}, 0x98000004, &(0x7f0000000780)="400f01ddc4a119f187f4000000c401fd5102f0450fc1848b771f509c6665f3f367260fafaa0e000000c0c62398c4e2a945b3b7986632f3400f70ddc0c48225062f"}, 0x0, 0x8, &(0x7f0000000880))
sendmsg(r2, &(0x7f0000000800)={&(0x7f0000000200)=@pptp={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}}, 0x80, &(0x7f00000003c0)=[{&(0x7f00000006c0)="1b56f4bc9920f79855e557e58c456a74f6d07df75ad892e8a25a7eab430dabc7d7892b7c5c486fc4e4c6274df46601a8112acf6aa65de54c198670b2cf0035bb0804ecb764f6e24ab4a6ea7a7b0ef767661a924ef65aa6", 0x57}], 0x1}, 0x4000)
fcntl$notify(r3, 0x402, 0x10)
r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180)='/dev/zero\x00', 0x4400, 0x0)
mmap$perf(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1000001, 0x2010, r4, 0x0)
pread64(r1, &(0x7f0000001900)=""/4096, 0x1000, 0x0)

14:51:50 executing program 2:
syslog(0x2, 0xfffffffffffffffd, 0x147)

14:51:50 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000140)="0adc1f123c123f3188b070")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x3, 0x0)
ppoll(&(0x7f0000000080)=[{r1}, {r1}], 0x2, 0x0, 0x0, 0x0)
ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000180)=<r2=>0x0)
sched_rr_get_interval(r2, &(0x7f0000000100))

14:51:50 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x100000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:51:50 executing program 2:
syslog(0x2, 0xfffffffffffffffd, 0x147)

[  326.088137] protocol 88fb is buggy, dev hsr_slave_0
[  326.093262] protocol 88fb is buggy, dev hsr_slave_1
14:51:50 executing program 2:
syslog(0x0, 0xfffffffffffffffd, 0x147)

14:51:50 executing program 3:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x2, 0x0)
write$binfmt_elf32(r1, &(0x7f0000000100)=ANY=[@ANYRES16], 0x2)
mmap$binder(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x4000001000002, 0x1013, r1, 0x0)
ioctl$int_in(r1, 0x800010c0045005, &(0x7f0000000040)=0xff)

14:51:51 executing program 0:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070")
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$bt_BT_VOICE(r1, 0x112, 0xb, &(0x7f0000000080)=0x3, 0x2)

14:51:51 executing program 2:
syslog(0x0, 0xfffffffffffffffd, 0x147)

14:51:51 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:51:51 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x1000000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:51:51 executing program 2:
syslog(0x0, 0xfffffffffffffffd, 0x147)

14:51:51 executing program 0:
r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_sys\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r2 = getpid()
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000004c0)={r2, r1, 0x0, 0x1, &(0x7f0000000200)='\x00'}, 0x30)
close(0xffffffffffffffff)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000340)={r1, 0x0, 0x0}, 0x10)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000)=0xffffffffffffffff, 0x4)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
r3 = socket$kcm(0x2, 0x5, 0x0)
setsockopt$sock_attach_bpf(r3, 0x84, 0xd, &(0x7f0000000180), 0x8)
bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x7eac8637, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000440)=ANY=[@ANYBLOB="787141ed015f50738c1225cedb17b5612e8d08a35a4420f70444e0e8bc98e67eab757cc44da16f875c4333c3a67b5c1f7186d18c421004000000ddff0000260028a6110dd350780718dbc2447164c35d1c15902e15"], 0x55)
ioctl$PERF_EVENT_IOC_PERIOD(r6, 0x4030582a, &(0x7f0000000040))
write$cgroup_pid(r5, &(0x7f0000000000), 0xfffffea6)
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0)
setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000280), 0x4)
write$cgroup_int(r6, &(0x7f00000002c0)=0x50b, 0x12)

14:51:51 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070")
r1 = socket$inet(0x10, 0x2, 0x0)
sendmsg(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000440)="240000001d0007041dfffd946f6105000700000c0c000000000002000800a3a20400ff7e", 0x24}], 0x1}, 0x0)

14:51:51 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uhid\x00', 0x0, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
readahead(r1, 0x3, 0x3)
write$binfmt_aout(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="cf0106679b00000080000000070000009a03000020000000000000000000000023c73e978a48563edbafca000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000074a1740d9be104fd697f45f285ce900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e6ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x32b)
ppoll(&(0x7f0000000080)=[{r2}, {r2}], 0x2, 0x0, 0x0, 0x0)

14:51:51 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x2000000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:51:51 executing program 2:

14:51:51 executing program 3:

14:51:51 executing program 2:

14:51:51 executing program 3:

14:51:51 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:51:51 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f0000000040)=0x7)
r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x40200, 0x0)
setsockopt$inet_udp_int(r2, 0x11, 0xb, &(0x7f0000000100)=0x401, 0x4)
setsockopt$X25_QBITINCL(r2, 0x106, 0x1, &(0x7f0000000140)=0x1, 0x4)

14:51:51 executing program 2:

14:51:51 executing program 0:

14:51:51 executing program 2:

14:51:51 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x3000000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:51:51 executing program 3:

14:51:51 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:51:51 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008911, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
keyctl$join(0x1, &(0x7f0000000040)={'syz', 0x1})
ppoll(&(0x7f0000000080)=[{r1}, {r1}], 0x2, 0x0, 0x0, 0x0)
ioctl$KVM_GET_LAPIC(r1, 0x8400ae8e, &(0x7f0000000100)={"766f236f597d6fc9d96a2d89c9afa23ddcc9127a8b5bb9f39ba01b90322bf48abe3245548798000531bad30d993ba864553bc5ce31bd2f038dbc12a307cb4362910f12f85cbb72a76b28004a94d1169c25881ebf0c3d6df6d61100fbcb8bcc0baef5a91951255893c85f488795af3b58d960d28bbce00561d5c0bad4665da1e95380752f7f50e201a01964af29090d8dff1deee3fcfaf65cfa082e0e4206137bf696fcb554d8c3c46bbdb51d1e2fc235b6dd636fa6b91151f90974047cdff6b0be8338e103ca4eb048488a06f55ab2d978160da5320f9959e202d9eeaadeccc5341548ef5320558a48546a064269546986c72c529f1640d97c62ae0a540b157bac455761815aaf09c4ab6bfe04a5ac383ac84e6471dfe3f1ff2885923692457e23f2b10fea4e420d000fac53ffcc00d6c3abddfc01cfc9e8b9e7d0d5ef114bba0295f75d2a6be518e5e10ec97781c879d6d4f104183099efdd3d4bcfc9b3063a875d3c6c6684e3e6f09830ba6c225854cfcef57d1849596a88ff9585cb3c6391f0becd91971655a801c6bacfe809fc53d7a828aca8212130c15d0be01307a08ab442a7af69d3f6375ef2b89bb7f07090ae02b9c3f4ec630c1baa9964e8ca7634f2803d4e11868b1d02ea3ffda2e2549825cb1e19e50133cef63ace58970316088ae291df37a1399362c4b53588646d249dfa4fa4b549239c10bba78de6f9226654f1456970196ecb524f26dc8f3200fa1eed507c8747441ec72e9cc169248352f7e1f1e29b8cfdd17a87f11ad706ab999f3f429b8966b6ad756f3a56b2630893d4035ff26667789bad13626f453213e2413f2d18bcc4641c7e50f2756b12e73fe9f9444b8187fa73590ac7147e6cf0e20399d8c8c71f777e860b2963e561ad168614237c16184e8a255c0c2fc073a1b8ccb58dfe4fc61ae364146ac19b2c6c8e63e9a185681bc98c58c1a7a0b22aa3c512d201b3edd7c9cc495fee832684fb1f85581c0ae94d7f2b6b64312e1424234f94c40cf92f16e860ddbdbfa65a44cba8199afb9d69c702d4e75beaf862a491152579c68dd92efd349b91d3f73b9cdf64ba99b0a37d780e8f5ac5d8c5bda82ed844b760ec22826b67d4c653a3bb86e3bf7d56ce5346d6f78d665135921b1bfefb68058724f234e5e0d353769bf9a3cbdfaee82f96bcdff0ff01e0767cbf07cd8f5b0055fe08a641f4fe5c1eb67b5aaec02798a0af726cce29c7ea4ff71b184b2107375eb62a6578f99cde9dfea7c4ea14d5b4a9c2160a2d788d335f282fe63771c16411244cdf000871f631fc410c2da44ec412b76a34dfffc572dde24263a6426255edb9b6020aa6caa4917053b8642b224f3e6838d0bdba657a195aa67fd8caee7ad6345342b8072a01eafc6b77b5140e6255a31085bfe927988ca8af5698a2504147a4bf8bf8c431f23bfdff022e45"})
socket$pppoe(0x18, 0x1, 0x0)

14:51:51 executing program 2:

14:51:51 executing program 0:

14:51:52 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:51:52 executing program 2:

14:51:52 executing program 3:

14:51:52 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4000000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:51:52 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r1}, {r0, 0x4}], 0x2, 0x0, 0x0, 0x0)

14:51:52 executing program 2:

14:51:52 executing program 0:

14:51:52 executing program 5:
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(0xffffffffffffffff, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)

14:51:52 executing program 2:

14:51:52 executing program 0:

14:51:52 executing program 5:
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(0xffffffffffffffff, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)

14:51:52 executing program 3:

14:51:52 executing program 4:
getsockname(0xffffffffffffff9c, &(0x7f0000000880)=@pppol2tpv3in6={0x18, 0x1, {0x0, <r0=>0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback}}}, &(0x7f0000000900)=0x80)
r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000940)='/dev/dsp\x00', 0x40, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000a00)={0x0, 0x18, 0xfa00, {0x1, &(0x7f00000009c0)={<r2=>0xffffffffffffffff}, 0x2, 0x8}}, 0x20)
write$RDMA_USER_CM_CMD_NOTIFY(r1, &(0x7f0000000a40)={0xf, 0x8, 0xfa00, {r2, 0x7}}, 0x10)
ioctl$sock_inet_udp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000980))
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/zero\x00', 0x14001, 0x0)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140)='TIPC\x00')
sendmsg$TIPC_CMD_GET_REMOTE_MNG(r4, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x40000)
ioctl(r3, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r6 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r6}, {r6}], 0x2, 0x0, 0x0, 0x0)
sendmsg$kcm(r4, &(0x7f0000000840)={&(0x7f0000000240)=@in={0x2, 0x4e21, @remote}, 0x80, &(0x7f0000000680)=[{&(0x7f00000002c0)="8a955764abb81b9f6a4303f91af9422836f3818df97404525d8a53174f3329cdb8a2e7c789128c387a0b742156778cc47bae1cd366762e54ee6fe37bdccf7cce505d50b8e849f42aa38f3ca7a06f40b07564b092b910dc439b67c5fa170687af4f44c68eddfebb53955fde11f7ec4da2ccde633731ab700c3081c99b61a56a2a6824fd925928d41be4fb8bf1c7afbf88175086d892ee28a3c741175a8016072a9cafba14d8530ee2cbb1e6827e46f20e0cf08e6b223fe5", 0xb7}, {&(0x7f0000000380)="e4657c35885b0e7d2b11ba1e3b51b737a2863ad97b574e8b4ab22d0c7027474903a487bfedc36063d9787fc39adecb82028aa20a5ded6fd6c7936f2b05a3bab2d9e08d8c4984de475a97c7f433cc3bd2227ccb5bfeee44f1e78cf7c6d41a9ad3498b1d0d2d28080a46f728f318d0310c7383", 0x72}, {&(0x7f0000000400)="1accb9835e4349195ac7d60cca1f5f1ecdb979", 0x13}, {&(0x7f0000000440)="e1d1dd151508832b4f3b4bf718479faf0461404babc79a5ecad5b8a912434d9060d4c758711c6ebd2d10b527dc7726b70de5f3c457c3f03643cc4eaa3ed4953372b79eb07e46dc52cbda492a2e96db749c8c7a5e475079aa7db2ca2ee2f51749e6a78cceea9055c2b9e6c4e50129d46f7ed2e7acb92cbcb7d288ab1636f278688db69ac891d43a088cba", 0x8a}, {&(0x7f0000000500)="15b7ba6975d3f30879e92bf964731b7f7e85b02d0e9f6c9f162cd4e88f531f87b706026670c76c31f65f2f32ebe217a9caf255ff5fe2", 0x36}, {&(0x7f0000000540)="df520039e9f2305c1e8e4d0352d4c66f923020d5a2dd0c2692588df9f8a479cd2e4ae239f570ad92cff52759e1390c0a00678dec", 0x34}, {&(0x7f0000000580)="63f1bbb92b877b4877769038d69160fd9e43e8725e26a9c38d1dab2107c6e04f7df358caa3cc834fa4e293a1f30cac2a9f3cc295b23152ac886ca2e6fbc8580fa4013843465ffe39781a68c20847fcc7123a0c62c7a50d94fa23accf9a2aa77ae67f2469c62f0a9aeff0e9eb2d282edf75af27262943f493e5a75b4a693608ab9006d32bd26847", 0x87}, {&(0x7f0000000640)="a8047554897a6e2323d89ae71c922c36e073b7236b42c86fe08f8559ce7ff94199eb817c", 0x24}], 0x8, &(0x7f0000000700)=ANY=[@ANYBLOB="a800000000000000130100000900000042dc132b02da9c8f5a11493b7953b475a52241f7d3a515ed313ab3e255a978b014da5c48661d42163cca9ebb8a774da96bac77242e27be549fc9b54041a71e54ed37a69a584a251293900624633b96ac0bc57a5c66e31bd21dc05de53a54280502d9bdb5d9bb9565371b3f99f9cc3f58cf741f835a5e606db92de53e9fcddac1efc1c9fc16f322c82fdb65e43dc52f3778b500c882db6e0098000000000000000a010000fd00000090c1c007019c1cdd3fdcbb15172573e81a9243ef19958485a911dad1354dbb0100000000000000fbed82b41102a2d56cff911280d14714b81e97bf0b7b0168745220935e0fa195da774b65626f7f02babce151021e3d0b6c0ae3a11ff9a4be4bb5af5fbab9a1f71b659fc070d8bc5029a0f82d2bae0b0e2cf9f5f5a50f6b482dcd57080000007a00"], 0x140}, 0x44051)

14:51:52 executing program 2:

14:51:52 executing program 0:

14:51:52 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x5000000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:51:52 executing program 3:

14:51:52 executing program 5:
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(0xffffffffffffffff, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)

14:51:52 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
pread64(r0, &(0x7f0000000100)=""/79, 0x4f, 0x0)
ppoll(&(0x7f0000000080)=[{0xffffffffffffffff, 0x3}, {}], 0x2, 0x0, 0x0, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0x5, 0x40000)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000040)=0x1)

14:51:52 executing program 2:

14:51:52 executing program 0:

14:51:52 executing program 3:

14:51:52 executing program 5:
r0 = socket$kcm(0xa, 0x0, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:51:52 executing program 2:

14:51:52 executing program 0:

14:51:52 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x6000000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:51:52 executing program 3:

14:51:52 executing program 2:

14:51:52 executing program 0:

14:51:52 executing program 3:

14:51:53 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r1}, {r1}], 0x2, 0x0, 0x0, 0x0)

14:51:53 executing program 5:
r0 = socket$kcm(0xa, 0x0, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:51:53 executing program 0:

14:51:53 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x7000000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:51:53 executing program 3:

14:51:53 executing program 2:

14:51:53 executing program 3:

14:51:53 executing program 2:

14:51:53 executing program 0:

14:51:53 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r1}, {r1}], 0x2, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0)='TIPCv2\x00')
timerfd_gettime(r1, &(0x7f0000000240))
fcntl$setpipe(r0, 0x407, 0x1)
fcntl$notify(r0, 0x402, 0x10)
timerfd_gettime(r1, &(0x7f0000000040))
init_module(&(0x7f0000000100)='/dev/snd/pcmC#D#p\x00', 0x12, &(0x7f0000000140)='(posix_acl_accesswlan1\x00')
ioctl$SNDRV_TIMER_IOCTL_TREAD(r1, 0x40045402, &(0x7f0000000180)=0x1)

14:51:53 executing program 5:
r0 = socket$kcm(0xa, 0x0, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:51:53 executing program 3:

14:51:53 executing program 2:

14:51:53 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x8000000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:51:53 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x200, 0x0)
ioctl$CAPI_CLR_FLAGS(r1, 0x80044325, &(0x7f0000000100))
connect$bt_l2cap(r0, &(0x7f0000000180)={0x1f, 0x7, {0x80, 0x100000001, 0x3ff, 0x1000, 0x9, 0x1}, 0x47, 0x140000000}, 0xe)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
fanotify_mark(r1, 0xa, 0x1000, r1, &(0x7f0000000140)='./file0\x00')
r2 = syz_open_dev$sndpcmp(&(0x7f00000001c0)='/dev/snd/pcmC#D#p\x00', 0x5, 0x8000)
ppoll(&(0x7f0000000080)=[{r2}, {r2}], 0x2, 0x0, 0x0, 0x0)

14:51:53 executing program 0:

14:51:53 executing program 3:

14:51:53 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:51:53 executing program 2:

14:51:53 executing program 3:

14:51:53 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x9000000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:51:53 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:51:53 executing program 0:

14:51:53 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")

14:51:53 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:51:54 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  329.400559] binder: 14555:14561 got transaction with unaligned buffers size, 116
[  329.412667] binder: 14555:14561 transaction failed 29201/-22, size 0-0 line 3079
[  329.426672] binder_alloc: binder_alloc_mmap_handler: 14555 20001000-20004000 already mapped failed -16
[  329.442805] binder: BINDER_SET_CONTEXT_MGR already set
[  329.449768] binder: 14555:14561 ioctl 40046207 0 returned -16
[  329.467969] binder_alloc: 14555: binder_alloc_buf, no vma
[  329.476725] binder: 14555:14563 transaction failed 29189/-3, size 0-0 line 3035
[  329.491364] binder: undelivered TRANSACTION_ERROR: 29189
[  329.497334] binder: undelivered TRANSACTION_ERROR: 29201
14:51:54 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r1}, {r1}], 0x2, 0x0, 0x0, 0x0)
getsockopt$inet_int(r0, 0x0, 0xe, &(0x7f0000000040), &(0x7f0000000100)=0x4)
set_thread_area(&(0x7f0000000140)={0x8, 0x20101800, 0x1000, 0x4, 0x26, 0x8, 0x7ff, 0x6, 0x7fff, 0xc3f})

14:51:54 executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000004c0)=@srh={0x0, 0x2, 0x4, 0x1, 0x0, 0x0, 0x0, [@loopback]}, 0x18)
sendmmsg(r0, &(0x7f00000092c0), 0x400000000000027, 0x0)

14:51:54 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, 0x0, 0x0)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:51:54 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0xa000000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:51:54 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:51:54 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, 0x0, 0x0)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:51:54 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r1}, {r1}], 0x2, 0x0, 0x0, 0x0)

[  330.002720] binder: 14575:14578 got transaction with unaligned buffers size, 116
[  330.029422] binder: 14575:14578 transaction failed 29201/-22, size 0-0 line 3079
[  330.046191] binder: undelivered TRANSACTION_ERROR: 29201
14:51:54 executing program 0:
mlock(&(0x7f0000ffd000/0x1000)=nil, 0x1000)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
mkdir(&(0x7f0000000640)='./file0\x00', 0x0)
perf_event_open(&(0x7f0000000000)={0x20000000000006, 0xfffffffffffffff4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xbe7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x20000200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x28)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f0000000000))

14:51:54 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  330.196356] binder: 14596:14600 got transaction with unaligned buffers size, 116
[  330.237094] binder: 14596:14600 transaction failed 29201/-22, size 0-0 line 3079
[  330.248137] net_ratelimit: 22 callbacks suppressed
[  330.248144] protocol 88fb is buggy, dev hsr_slave_0
[  330.258191] protocol 88fb is buggy, dev hsr_slave_1
[  330.276458] binder: undelivered TRANSACTION_ERROR: 29201
[  330.728182] protocol 88fb is buggy, dev hsr_slave_0
[  330.733246] protocol 88fb is buggy, dev hsr_slave_1
[  331.208120] protocol 88fb is buggy, dev hsr_slave_0
[  331.213176] protocol 88fb is buggy, dev hsr_slave_1
[  331.218269] protocol 88fb is buggy, dev hsr_slave_0
[  331.223296] protocol 88fb is buggy, dev hsr_slave_1
[  331.228386] protocol 88fb is buggy, dev hsr_slave_0
[  331.233426] protocol 88fb is buggy, dev hsr_slave_1
[  331.449026] Bluetooth: hci1: command 0x1003 tx timeout
[  331.455081] Bluetooth: hci1: sending frame failed (-49)
[  333.528878] Bluetooth: hci1: command 0x1001 tx timeout
[  333.534258] Bluetooth: hci1: sending frame failed (-49)
[  335.368247] net_ratelimit: 18 callbacks suppressed
[  335.373202] protocol 88fb is buggy, dev hsr_slave_0
[  335.378223] protocol 88fb is buggy, dev hsr_slave_1
[  335.383255] protocol 88fb is buggy, dev hsr_slave_0
[  335.388275] protocol 88fb is buggy, dev hsr_slave_1
[  335.393297] protocol 88fb is buggy, dev hsr_slave_0
[  335.398299] protocol 88fb is buggy, dev hsr_slave_1
[  335.608184] Bluetooth: hci1: command 0x1009 tx timeout
[  335.768127] protocol 88fb is buggy, dev hsr_slave_0
[  335.773288] protocol 88fb is buggy, dev hsr_slave_1
[  336.488268] protocol 88fb is buggy, dev hsr_slave_0
[  336.493419] protocol 88fb is buggy, dev hsr_slave_1
14:52:04 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")

14:52:04 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, 0x0, 0x0)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:52:04 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0xe000000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:52:04 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x4a, &(0x7f0000000180)=0x6f7bbbe1, 0x4)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e20}, 0x1c)
recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)

14:52:04 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000001400)='/proc/capi/capi20ncci\x00', 0x80, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000001440)={'vcan0\x00', <r2=>0x0})
bind$packet(r1, &(0x7f0000001480)={0x11, 0x2, r2, 0x1, 0x7fffffff}, 0x14)
r3 = getpgid(0xffffffffffffffff)
process_vm_writev(r3, &(0x7f0000000040)=[{&(0x7f0000000100)=""/235, 0xeb}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/116, 0x74}, {&(0x7f0000001280)=""/101, 0x65}], 0x4, &(0x7f00000013c0)=[{&(0x7f0000001300)=""/184, 0xb8}], 0x1, 0x0)
r4 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r4}, {r4}], 0x2, 0x0, 0x0, 0x0)

14:52:04 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:52:04 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(0xffffffffffffffff, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:52:04 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r1}, {r1}], 0x2, 0x0, 0x0, 0x0)
ioctl$TIOCGSID(r1, 0x5429, &(0x7f0000000340)=<r2=>0x0)
ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000380)=<r3=>0x0)
kcmp(r2, r3, 0x7, r0, r1)
getsockopt$inet_mreqn(r0, 0x0, 0x20, &(0x7f0000000040)={@loopback, @multicast1, <r4=>0x0}, &(0x7f0000000100)=0xc)
r5 = geteuid()
ioctl$sock_SIOCGSKNS(r0, 0x894c, &(0x7f00000003c0)=0x2)
ioctl$KVM_ARM_SET_DEVICE_ADDR(r1, 0x4010aeab, &(0x7f0000000300)={0x100000000, 0x3000})
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={<r6=>0x0}, &(0x7f0000000280)=0xc)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000400)={0x3, r1})
ptrace$setregs(0xf, r6, 0x9, &(0x7f00000002c0)="af2fd62ff575f143a025d89f46fbe2ba267927243a1729cf1ed18775940c787e343c0883244cc7eb2ae27675e474fa30c4de355c568d92fac876deb908")
setsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000140)={{{@in6=@initdev={0xfe, 0x88, [], 0x1, 0x0}, @in6=@mcast2, 0x4e20, 0xb0f, 0x4e21, 0x401, 0x0, 0x80, 0x20, 0x0, r4, r5}, {0x0, 0x8000, 0x5, 0x9, 0x0, 0x3d0bbe06, 0x1000, 0x6}, {0x800, 0x0, 0xf748, 0x3ff}, 0x3, 0x6e6bb2, 0x0, 0x0, 0x1, 0x3}, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4d6, 0xff}, 0x2, @in=@remote, 0x0, 0x1, 0x2, 0x101, 0x3ff, 0x1, 0x9}}, 0xe8)

[  339.829695] binder: 14611:14617 got transaction with unaligned buffers size, 116
[  339.858422] binder: 14611:14617 transaction failed 29201/-22, size 0-0 line 3079
14:52:04 executing program 0:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
mlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
syz_open_dev$vbi(&(0x7f00000000c0)='/dev/vbi#\x00', 0x1, 0x2)
clock_gettime(0x0, &(0x7f0000000d80))
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:52:04 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x10000000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:52:04 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(0xffffffffffffffff, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  339.937350] binder: undelivered TRANSACTION_ERROR: 29201
14:52:04 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = creat(&(0x7f0000000100)='./file0\x00', 0x100)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180)='TIPCv2\x00')
sendmsg$TIPC_NL_MEDIA_SET(r1, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0xa8, r2, 0x100, 0x70bd28, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x78, 0x1, [@TIPC_NLA_BEARER_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x400}, @TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_BEARER_NAME={0x14, 0x1, @l2={'eth', 0x3a, 'syzkaller0\x00'}}, @TIPC_NLA_BEARER_PROP={0x34, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xbc9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80000000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}]}, @TIPC_NLA_NET={0x1c, 0x7, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x8f1b}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x5}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0xfffffffffffffffd}]}]}, 0xa8}, 0x1, 0x0, 0x0, 0x40}, 0x40)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r3 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r3}, {r3}], 0x2, 0x0, 0x0, 0x0)
openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ubi_ctrl\x00', 0x100, 0x0)

[  340.658168] net_ratelimit: 22 callbacks suppressed
[  340.658176] protocol 88fb is buggy, dev hsr_slave_0
[  340.668252] protocol 88fb is buggy, dev hsr_slave_1
[  341.128182] protocol 88fb is buggy, dev hsr_slave_0
[  341.133313] protocol 88fb is buggy, dev hsr_slave_1
[  341.608117] protocol 88fb is buggy, dev hsr_slave_0
[  341.613199] protocol 88fb is buggy, dev hsr_slave_1
[  341.618290] protocol 88fb is buggy, dev hsr_slave_0
[  341.623314] protocol 88fb is buggy, dev hsr_slave_1
[  341.628397] protocol 88fb is buggy, dev hsr_slave_0
[  341.633425] protocol 88fb is buggy, dev hsr_slave_1
[  341.928143] Bluetooth: hci1: command 0x1003 tx timeout
[  341.933522] Bluetooth: hci1: sending frame failed (-49)
[  344.008203] Bluetooth: hci1: command 0x1001 tx timeout
[  344.013593] Bluetooth: hci1: sending frame failed (-49)
[  345.768140] net_ratelimit: 18 callbacks suppressed
[  345.768146] protocol 88fb is buggy, dev hsr_slave_0
[  345.778136] protocol 88fb is buggy, dev hsr_slave_1
[  345.783170] protocol 88fb is buggy, dev hsr_slave_0
[  345.788194] protocol 88fb is buggy, dev hsr_slave_1
[  345.793220] protocol 88fb is buggy, dev hsr_slave_0
[  345.798243] protocol 88fb is buggy, dev hsr_slave_1
[  346.088214] Bluetooth: hci1: command 0x1009 tx timeout
[  346.168155] protocol 88fb is buggy, dev hsr_slave_0
[  346.173221] protocol 88fb is buggy, dev hsr_slave_1
[  346.888171] protocol 88fb is buggy, dev hsr_slave_0
[  346.893250] protocol 88fb is buggy, dev hsr_slave_1
14:52:14 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")

14:52:14 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:52:14 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(0xffffffffffffffff, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:52:14 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x1394, 0x4000000001ffffd)
ppoll(&(0x7f0000000080)=[{r1}, {r1}], 0x2, 0x0, 0x0, 0x0)

14:52:14 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x18020000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:52:14 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x1802, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:52:14 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, 0x0, 0x0)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:52:14 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  350.050898] binder: 14660:14662 transaction failed 29189/-22, size 0-0 line 2896
[  350.064275] binder: undelivered TRANSACTION_ERROR: 29189
[  350.087839] Bluetooth: hci1: Frame reassembly failed (-84)
14:52:14 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0xe00, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:52:14 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, 0x0, 0x0)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  350.162316] binder: 14679:14681 transaction failed 29189/-22, size 0-0 line 2896
14:52:14 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x20000000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:52:14 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, 0x0, 0x0)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  350.214034] binder: undelivered TRANSACTION_ERROR: 29189
[  351.048278] net_ratelimit: 22 callbacks suppressed
[  351.048283] protocol 88fb is buggy, dev hsr_slave_0
[  351.058291] protocol 88fb is buggy, dev hsr_slave_1
[  351.528181] protocol 88fb is buggy, dev hsr_slave_0
[  351.533436] protocol 88fb is buggy, dev hsr_slave_1
[  352.008128] protocol 88fb is buggy, dev hsr_slave_0
[  352.013212] protocol 88fb is buggy, dev hsr_slave_1
[  352.018327] protocol 88fb is buggy, dev hsr_slave_0
[  352.023352] protocol 88fb is buggy, dev hsr_slave_1
[  352.028473] protocol 88fb is buggy, dev hsr_slave_0
[  352.033496] protocol 88fb is buggy, dev hsr_slave_1
[  352.088137] Bluetooth: hci1: command 0x1003 tx timeout
[  352.093668] Bluetooth: hci1: sending frame failed (-49)
[  354.168259] Bluetooth: hci1: command 0x1001 tx timeout
[  354.173648] Bluetooth: hci1: sending frame failed (-49)
[  356.168243] net_ratelimit: 18 callbacks suppressed
[  356.173394] protocol 88fb is buggy, dev hsr_slave_0
[  356.178531] protocol 88fb is buggy, dev hsr_slave_1
[  356.183668] protocol 88fb is buggy, dev hsr_slave_0
[  356.188679] protocol 88fb is buggy, dev hsr_slave_1
[  356.193899] protocol 88fb is buggy, dev hsr_slave_0
[  356.199049] protocol 88fb is buggy, dev hsr_slave_1
[  356.248205] Bluetooth: hci1: command 0x1009 tx timeout
[  356.568202] protocol 88fb is buggy, dev hsr_slave_0
[  356.573536] protocol 88fb is buggy, dev hsr_slave_1
[  357.288224] protocol 88fb is buggy, dev hsr_slave_0
[  357.293279] protocol 88fb is buggy, dev hsr_slave_1
14:52:24 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")

14:52:24 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:52:24 executing program 0 (fault-call:0 fault-nth:0):
syslog(0x2, 0xfffffffffffffffd, 0x147)

14:52:24 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:52:24 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x3f000000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:52:24 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0xa, 0x80)
ppoll(&(0x7f0000000080)=[{r1}, {r1}], 0x2, 0x0, 0x0, 0x0)

14:52:24 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:52:24 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.current\x00', 0x0, 0x0)
mq_timedreceive(r1, &(0x7f0000000100)=""/55, 0x37, 0x5, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f0000000140)={0xfe, 0x1000000, 0x5be, "c4d8e7c387946c3a0ffcb687e9f26b438c77210f2c0e9f500fcd05979402ea1039e7a0ebabc2d5095fcc44993efa892fef0c48c69c1f566f5317ed1831ca4d6f50b5252c6ea0a47116d552c42257b6f11b3749b475408783366277f40f131fe09bb9efdfd9d57949e213bf8dd062b746627a45a78b4d9948999ceb9c1a2b0c4762a78b9dd05f7875541fa992828156475464ae044e745c2ef5461006e22e5aed7cf197ab8435180f8265670f946e16f0d835726d5e68a26b034671671a3a4244a3290b7dc2376c63d3b595290265c1e2dbff6270aa406319e8092029bc1921bf9c24ff86a974c1de12e216fe18bd3c79fd6b843ed9847bf3ea50f4346c4c"})
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r2 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ioctl$EXT4_IOC_SWAP_BOOT(r1, 0x6611)
ppoll(&(0x7f0000000080)=[{r2}, {r2}], 0x2, 0x0, 0x0, 0x0)

14:52:24 executing program 0:
syslog(0x2, 0xfffffffffffffffd, 0x147)

[  360.286478] binder: 14709:14714 transaction failed 29189/-22, size 0-0 line 2896
[  360.303510] Bluetooth: hci1: Frame reassembly failed (-84)
[  360.312490] binder: undelivered TRANSACTION_ERROR: 29189
14:52:25 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:52:25 executing program 0:
syslog(0x3, 0xfffffffffffffffd, 0x147)

14:52:25 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  360.433548] binder_alloc: 14734: binder_alloc_buf, no vma
[  360.463359] binder: 14734:14735 transaction failed 29189/-3, size 0-0 line 3035
[  360.498030] binder: undelivered TRANSACTION_ERROR: 29189
[  361.448201] net_ratelimit: 22 callbacks suppressed
[  361.448208] protocol 88fb is buggy, dev hsr_slave_0
[  361.458260] protocol 88fb is buggy, dev hsr_slave_1
[  361.928147] protocol 88fb is buggy, dev hsr_slave_0
[  361.933226] protocol 88fb is buggy, dev hsr_slave_1
[  362.328355] Bluetooth: hci1: command 0x1003 tx timeout
[  362.333766] Bluetooth: hci1: sending frame failed (-49)
[  362.408148] protocol 88fb is buggy, dev hsr_slave_0
[  362.413514] protocol 88fb is buggy, dev hsr_slave_1
[  362.418594] protocol 88fb is buggy, dev hsr_slave_0
[  362.423606] protocol 88fb is buggy, dev hsr_slave_1
[  362.428679] protocol 88fb is buggy, dev hsr_slave_0
[  362.433751] protocol 88fb is buggy, dev hsr_slave_1
[  364.408162] Bluetooth: hci1: command 0x1001 tx timeout
[  364.413644] Bluetooth: hci1: sending frame failed (-49)
[  366.488252] Bluetooth: hci1: command 0x1009 tx timeout
[  366.568215] net_ratelimit: 18 callbacks suppressed
[  366.568220] protocol 88fb is buggy, dev hsr_slave_0
[  366.578456] protocol 88fb is buggy, dev hsr_slave_1
[  366.583516] protocol 88fb is buggy, dev hsr_slave_0
[  366.588719] protocol 88fb is buggy, dev hsr_slave_1
[  366.593761] protocol 88fb is buggy, dev hsr_slave_0
[  366.598806] protocol 88fb is buggy, dev hsr_slave_1
[  366.968151] protocol 88fb is buggy, dev hsr_slave_0
[  366.973361] protocol 88fb is buggy, dev hsr_slave_1
[  367.688193] protocol 88fb is buggy, dev hsr_slave_0
[  367.693498] protocol 88fb is buggy, dev hsr_slave_1
14:52:35 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x7, &(0x7f0000000100)="0adc1f123c123f3188b070")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r1, 0x1410}, {r1}], 0x2, 0x0, 0x0, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r0, 0x400c6615, &(0x7f0000000040))

14:52:35 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:52:35 executing program 0:
syslog(0x4, 0xfffffffffffffffd, 0x147)

14:52:35 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:52:35 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x40000000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:52:35 executing program 2:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000180))

14:52:35 executing program 0:
syslog(0x5, 0xfffffffffffffffd, 0x147)

[  370.530655] binder_alloc: 14755: binder_alloc_buf, no vma
[  370.536350] binder: 14755:14757 transaction failed 29189/-3, size 0-0 line 3035
14:52:35 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
signalfd4(r0, &(0x7f0000000380)={0x101}, 0x8, 0x80000)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r1}, {r1}], 0x2, 0x0, 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000300)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000040)={<r2=>0xffffffffffffffff}, 0x13f, 0x6}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY(r1, &(0x7f0000000340)={0x13, 0x10, 0xfa00, {&(0x7f0000000100), r2}}, 0x18)

14:52:35 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  370.580813] binder: undelivered TRANSACTION_ERROR: 29189
14:52:35 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:52:35 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  370.636355] Bluetooth: hci1: Frame reassembly failed (-84)
14:52:35 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x40020000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:52:35 executing program 0:
syslog(0x9, 0xfffffffffffffffd, 0x147)

[  370.710178] binder_alloc: 14777: binder_alloc_buf, no vma
[  370.716139] binder: 14777:14778 transaction failed 29189/-3, size 0-0 line 3035
[  370.747530] binder: undelivered TRANSACTION_ERROR: 29189
[  371.848201] net_ratelimit: 22 callbacks suppressed
[  371.848207] protocol 88fb is buggy, dev hsr_slave_0
[  371.858360] protocol 88fb is buggy, dev hsr_slave_1
[  372.328172] protocol 88fb is buggy, dev hsr_slave_0
[  372.333252] protocol 88fb is buggy, dev hsr_slave_1
[  372.648157] Bluetooth: hci1: command 0x1003 tx timeout
[  372.653634] Bluetooth: hci1: sending frame failed (-49)
[  372.808148] protocol 88fb is buggy, dev hsr_slave_0
[  372.813294] protocol 88fb is buggy, dev hsr_slave_1
[  372.818394] protocol 88fb is buggy, dev hsr_slave_0
[  372.823410] protocol 88fb is buggy, dev hsr_slave_1
[  372.828482] protocol 88fb is buggy, dev hsr_slave_0
[  372.833658] protocol 88fb is buggy, dev hsr_slave_1
[  374.728170] Bluetooth: hci1: command 0x1001 tx timeout
[  374.733602] Bluetooth: hci1: sending frame failed (-49)
[  376.808212] Bluetooth: hci1: command 0x1009 tx timeout
[  376.968159] net_ratelimit: 18 callbacks suppressed
[  376.968164] protocol 88fb is buggy, dev hsr_slave_0
[  376.978228] protocol 88fb is buggy, dev hsr_slave_1
[  376.983298] protocol 88fb is buggy, dev hsr_slave_0
[  376.988355] protocol 88fb is buggy, dev hsr_slave_1
[  376.993519] protocol 88fb is buggy, dev hsr_slave_0
[  376.998591] protocol 88fb is buggy, dev hsr_slave_1
[  377.368373] protocol 88fb is buggy, dev hsr_slave_0
[  377.373568] protocol 88fb is buggy, dev hsr_slave_1
[  378.088177] protocol 88fb is buggy, dev hsr_slave_0
[  378.093504] protocol 88fb is buggy, dev hsr_slave_1
14:52:45 executing program 2:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000180))

14:52:45 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = getpgid(0x0)
r2 = fcntl$getown(r0, 0x9)
kcmp(r1, r2, 0x0, r0, r0)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r3 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r3}, {r3}], 0x2, 0x0, 0x0, 0x0)

14:52:45 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:52:45 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:52:45 executing program 0:
syslog(0x9, 0xfffffffffffffffd, 0x147)

14:52:45 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x53010000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:52:45 executing program 0:
syslog(0x8, 0xfffffffffffffffd, 0x147)

14:52:45 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c12b070000000")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r1}, {r1}], 0x2, 0x0, 0x0, 0x0)

[  380.779546] binder: 14800:14801 transaction failed 29189/-22, size 0-0 line 2896
[  380.810133] Bluetooth: hci1: Frame reassembly failed (-84)
14:52:45 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:52:45 executing program 0:
syslog(0x9, 0xfffffffffffffffd, 0x147)

[  380.842722] binder: undelivered TRANSACTION_ERROR: 29189
14:52:45 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:52:45 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x91ffffff, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  380.981099] binder: 14831:14832 transaction failed 29189/-22, size 0-0 line 2896
[  381.018507] binder: undelivered TRANSACTION_ERROR: 29189
[  382.248205] net_ratelimit: 22 callbacks suppressed
[  382.253483] protocol 88fb is buggy, dev hsr_slave_0
[  382.258519] protocol 88fb is buggy, dev hsr_slave_1
[  382.728176] protocol 88fb is buggy, dev hsr_slave_0
[  382.733437] protocol 88fb is buggy, dev hsr_slave_1
[  382.888220] Bluetooth: hci1: command 0x1003 tx timeout
[  382.893924] Bluetooth: hci1: sending frame failed (-49)
[  383.208155] protocol 88fb is buggy, dev hsr_slave_0
[  383.213388] protocol 88fb is buggy, dev hsr_slave_1
[  383.218594] protocol 88fb is buggy, dev hsr_slave_0
[  383.223638] protocol 88fb is buggy, dev hsr_slave_1
[  383.228716] protocol 88fb is buggy, dev hsr_slave_0
[  383.233879] protocol 88fb is buggy, dev hsr_slave_1
[  384.968301] Bluetooth: hci1: command 0x1001 tx timeout
[  384.973876] Bluetooth: hci1: sending frame failed (-49)
[  387.048175] Bluetooth: hci1: command 0x1009 tx timeout
[  387.368257] net_ratelimit: 18 callbacks suppressed
[  387.368263] protocol 88fb is buggy, dev hsr_slave_0
[  387.378422] protocol 88fb is buggy, dev hsr_slave_1
[  387.383501] protocol 88fb is buggy, dev hsr_slave_0
[  387.388586] protocol 88fb is buggy, dev hsr_slave_1
[  387.393638] protocol 88fb is buggy, dev hsr_slave_0
[  387.398706] protocol 88fb is buggy, dev hsr_slave_1
[  387.768275] protocol 88fb is buggy, dev hsr_slave_0
[  387.773533] protocol 88fb is buggy, dev hsr_slave_1
[  388.488186] protocol 88fb is buggy, dev hsr_slave_0
[  388.493613] protocol 88fb is buggy, dev hsr_slave_1
14:52:55 executing program 2:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000180))

14:52:55 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:52:55 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = syz_open_dev$radio(&(0x7f0000000140)='/dev/radio#\x00', 0x3, 0x2)
getsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000180)={<r2=>0x0, 0x69386b74}, &(0x7f00000001c0)=0x8)
setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f0000000200)={r2, @in={{0x2, 0x4e24, @empty}}, 0x40, 0x8de2}, 0x90)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000100)=0x24, 0x4)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x200002, 0x0)
openat$cgroup_subtree(r3, 0x0, 0x2, 0x0)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="850000001100000000000000000000009500000000000000"], &(0x7f00000002c0)='syzkaller\x00', 0x9, 0x4ae, &(0x7f0000000340)=""/207}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r4, 0xffffffffa0008000, 0xe, 0x0, &(0x7f0000000040)="2504f2ff1f002c6176c5f3343dbe", 0x0, 0xf0ffff00000855}, 0x28)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r5 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r5}, {r5}], 0x2, 0x0, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r5, 0x84, 0xc, &(0x7f0000000040)=0xffff, 0x4)

14:52:55 executing program 0:
syslog(0xa, 0xfffffffffffffffd, 0x147)

14:52:55 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:52:55 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0xf5ffffff, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:52:55 executing program 0:
syslog(0x2, 0xfffffffffffffffd, 0x81000147)

14:52:55 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440), 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  391.025291] binder: 14841:14842 transaction failed 29189/-22, size 0-0 line 2896
[  391.046799] binder: undelivered TRANSACTION_ERROR: 29189
14:52:55 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_open_dev$vcsa(&(0x7f0000000200)='/dev/vcsa#\x00', 0x2, 0x101140)
capget(&(0x7f0000000180)={0x19980330, r1}, &(0x7f00000001c0)={0x0, 0x1ff, 0x40, 0x4a, 0x3, 0x6})
r3 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20ncci\x00', 0x240200, 0x0)
recvfrom$netrom(r3, &(0x7f0000000100)=""/40, 0x28, 0x2, 0x0, 0x0)
r4 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r4}, {r4}], 0x2, 0x0, 0x0, 0x0)
write$vhci(r2, &(0x7f0000000240)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2)

14:52:55 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  391.098600] Bluetooth: hci1: Frame reassembly failed (-84)
14:52:55 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0xfdffffff, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:52:55 executing program 0:
syslog(0x2, 0xfffffffffffffffd, 0xffffffff81000147)

[  392.648239] net_ratelimit: 22 callbacks suppressed
[  392.648245] protocol 88fb is buggy, dev hsr_slave_0
[  392.658420] protocol 88fb is buggy, dev hsr_slave_1
[  393.128177] protocol 88fb is buggy, dev hsr_slave_0
[  393.128231] Bluetooth: hci1: command 0x1003 tx timeout
[  393.133448] protocol 88fb is buggy, dev hsr_slave_1
[  393.145200] Bluetooth: hci1: sending frame failed (-49)
[  393.608140] protocol 88fb is buggy, dev hsr_slave_0
[  393.613451] protocol 88fb is buggy, dev hsr_slave_1
[  393.618535] protocol 88fb is buggy, dev hsr_slave_0
[  393.623671] protocol 88fb is buggy, dev hsr_slave_1
[  393.628781] protocol 88fb is buggy, dev hsr_slave_0
[  393.633798] protocol 88fb is buggy, dev hsr_slave_1
[  395.208331] Bluetooth: hci1: command 0x1001 tx timeout
[  395.213717] Bluetooth: hci1: sending frame failed (-49)
[  397.288416] Bluetooth: hci1: command 0x1009 tx timeout
[  397.768194] net_ratelimit: 18 callbacks suppressed
[  397.773190] protocol 88fb is buggy, dev hsr_slave_0
[  397.778246] protocol 88fb is buggy, dev hsr_slave_1
[  397.783320] protocol 88fb is buggy, dev hsr_slave_0
[  397.788377] protocol 88fb is buggy, dev hsr_slave_1
[  397.793446] protocol 88fb is buggy, dev hsr_slave_0
[  397.798671] protocol 88fb is buggy, dev hsr_slave_1
[  398.168161] protocol 88fb is buggy, dev hsr_slave_0
[  398.173283] protocol 88fb is buggy, dev hsr_slave_1
[  398.888192] protocol 88fb is buggy, dev hsr_slave_0
[  398.893263] protocol 88fb is buggy, dev hsr_slave_1
14:53:05 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")

14:53:05 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440), 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:53:05 executing program 4:
r0 = socket(0x4, 0x0, 0x7fff)
setsockopt$netrom_NETROM_T4(r0, 0x103, 0x6, &(0x7f0000000080)=0x1, 0x4)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r2 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000040)=[{r2, 0x8000000000000}, {r2}], 0x2, 0x0, 0x0, 0xfffffffffffffd14)

14:53:05 executing program 0:
r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x2, 0x2)
ioctl$RTC_AIE_OFF(r0, 0x7002)
syslog(0x2, 0xfffffffffffffffd, 0x147)

14:53:05 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:53:05 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0xfe800000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:53:05 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")

14:53:05 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440), 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:53:05 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:53:05 executing program 0:
syslog(0x2, 0xfffffffffffffffd, 0x147)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x88001, 0x0)
getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000180)={{{@in6=@mcast2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}}, {{@in6=@initdev}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8)
getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@broadcast, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in6=@mcast2}, 0x0, @in6=@local}}, &(0x7f00000003c0)=0xe8)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='9p\x00', 0x80000, &(0x7f0000000400)=ANY=[@ANYBLOB='tra.s=fd,rf]no=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r0, @ANYBLOB=',access=', @ANYRESDEC=r1, @ANYBLOB=',fowner>', @ANYRESDEC=r2, @ANYBLOB=',\x00'])
ioctl$CAPI_CLR_FLAGS(r0, 0x80044325, &(0x7f0000000480))
ioctl$DRM_IOCTL_RES_CTX(r0, 0xc0106426, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{}]})
r3 = syz_open_dev$usb(&(0x7f0000000100)='/dev/bus/usb/00#/00#\x00', 0x1800000, 0x2080)
ioctl$EXT4_IOC_MIGRATE(r3, 0x6609)

14:53:06 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ioctl$EVIOCSKEYCODE(r1, 0x40084504, &(0x7f0000000040)=[0x7233, 0x3])
ppoll(&(0x7f0000000080)=[{r1}, {r1}], 0x2, 0x0, 0x0, 0x0)

14:53:06 executing program 0:
syslog(0xb, 0xfffffffffffffffd, 0x0)

14:53:06 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:53:06 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0xfeffffff, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:53:06 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:53:06 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")

14:53:06 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$IP6T_SO_GET_REVISION_MATCH(r0, 0x29, 0x44, &(0x7f0000000040)={'TPROXY\x00'}, &(0x7f0000000100)=0x1e)
getsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000180), &(0x7f00000001c0)=0x4)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000240)='/dev/qat_adf_ctl\x00', 0x111000, 0x0)
getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000001b40)={{{@in=@empty, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{}, 0x0, @in6=@mcast1}}, &(0x7f0000001c40)=0xe8)
bind$packet(r1, &(0x7f0000001c80)={0x11, 0xf7, r2, 0x1, 0x5, 0x6, @remote}, 0x14)
fcntl$F_GET_RW_HINT(r0, 0x40b, &(0x7f0000000140))
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0x3, 0x2)
r3 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r3}, {r3}], 0x2, 0x0, 0x0, 0x0)

14:53:06 executing program 0:
syslog(0x9, 0xfffffffffffffffd, 0xfffffffffffffe78)
r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x43, 0x400000)
getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000040)={0x0, <r1=>0x0}, &(0x7f0000000080)=0xc)
ioctl$SIOCAX25DELUID(r0, 0x89e2, &(0x7f00000000c0)={0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, r1})
ioctl$TIOCSBRK(r0, 0x5427)

[  401.529028] binder: 14926:14930 got transaction with unaligned buffers size, 116
[  401.551398] binder: 14926:14930 transaction failed 29201/-22, size 0-0 line 3079
[  401.564718] binder: undelivered TRANSACTION_ERROR: 29201
14:53:06 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:53:06 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")

14:53:06 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0xff0f0000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:53:06 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r1}, {r1}], 0x2, 0x0, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000001840)={0x8, 0x4, 0x81, 0x80, 0x2}, 0x14)
r2 = fcntl$getown(r1, 0x9)
r3 = geteuid()
getgroups(0x7, &(0x7f0000001540)=[0x0, 0x0, 0xee00, 0x0, 0xffffffffffffffff, <r4=>0x0, 0xee01])
r5 = getpgid(0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000001580)={0x0, <r6=>0x0}, &(0x7f00000015c0)=0xc)
getresgid(&(0x7f0000001600), &(0x7f0000001640)=<r7=>0x0, &(0x7f0000001680))
sendmsg$unix(r1, &(0x7f0000001800)={&(0x7f0000000100)=@abs={0x1, 0x0, 0x4e22}, 0x6e, &(0x7f00000014c0)=[{&(0x7f0000000040)="6c46c497d7c12246199802d2ca4d8c5b66b25bc96ff0eaf3fca73466c780baf7b57290e2a281b5730d5dd174286cade6055b99efca99871b1b343535d7b206b9", 0x40}, {&(0x7f0000000180)="a66a89680ce4d84f5c340b83d7d04f2356e8f35f665fc349de52d666fa9ad196c12648cc0ba546173f993e46e84295f59f4a0da3a45a91b259d7c7bd525bb25a0512717f24796a5c02acae54e467a2c36ff02b2605f5c13b44f4c7c243013ee858178f020065b725829f2a3510ed3f4ca513144a2b0cdf86b1e789546f19e4ec5a53e957969ba2d564b3ccbe5a94394a954003549cb0caf718a17f0a422833264e7e17a8d2302ab865e61850687d6b2dc671e7de308235225c0fa1c7e894b4543641465d44fcf325e181b14eba99ac4b2d53f2a676bb41d804d8ce8033bc12eb747a2ec78d05f70fb0dd1d70f9e7ae1dd4a6dc1c7a86d8506e54041b0fc61e87fc1fd725935383c449bf08a4e4349968f48c2a94f3d8fd0fbaf854f36bba8e7152721cb8c0760427f491a448a38841bdb313fe7e475558747045910c4ef37b9ce52eee4d1729bc7ed5fd5ba25838b5a572813dd93b3346c6e2442c5d52381acb468def7908257708f4d210bff631ccbceff1ea88feedf94714b014df494b15f59d399b1c8429d8234b0ac7f773194635f963dafc81a79e1379e44ffdf9d3528ffc90ba9fd1832886a1a6592676634c90a65eb1128c22a615caabbb6482d84fd54cb9b52592ae17b73bfe59cb324b617316b4bb13fbc30140a9cc5600c65037fbdb0f6e14c30f1cefb82891f1d1d54a71f64cbdca84c7c7322e501175171abb143e5dbab839a4bdd09283456cd7946f60bbac73ba180c63334d825c49102af83040b5ae71ae8cdbd0da0884af5a1e1658e0425c0fb468ab6aef754b9cfe1619245f34c8718ca427cc9ddcf37712aa8c6b667fb60a684c5ff1558703140893fe5b0ffbe94abd1383a3fbeec7042ea15c71b33aed55d9cb6e565acb390a5ac7c88de337bdf62d450438e053f6fc21de41b540abdc407715db32fa12c81a5225744c486be2ff76eb04a0c0273834659c96c27f28b6bf9592be6c7b69699c28b54ba5a83561b277444829b5f5e0cc52c125f4e96004e0317135c89fc453c9e51737bbc7ff0c52ae9e9966f3758bb195009acd3bde640ac58d0734913833d31905fc99ef0df58ffbae7f2c1847a179f283478185263bea3a6fc71ae0334a2e018be9a6a1020ab8b60c3145b5ffd016e3bc762684325c242df064dfa8a988b86c6c0a8ad20e0aea14ab785b480ce54583ac34eeca3c5143f764f59521a2f7023d3031888b3ea4495dec10a8b15e2be848a1fbf3e83990dd22bb233d9b4fe133bfbc13aee4cff2adccdef363e7ff13dd939c847ba1e1b6044b86b9747e715f45ef9c7b27e32ef9f36a3393b02f55b4205208cbe6cd86441d33bdb2e6e5ed858a6c8067dd4f6fa2bfe40d9bb33e8b2860cef4713b9693bd5f9f708b5cd9c9d4291868b7c32e857d880a099581d366bcc6e22c4d311ea1fc8df94cb1124b43738484e88f975df57e358ded14a8dbea5fa9376696a2f8a12082b1a1c44ad7d3ab23524258933a3a4bcd99512602193aff7d7963ffff5b5d15057cb84dda110c0096671ab85135f247203349df1d08399a5a8db7dd00d78fd98eb1dbdda6ac5a82fd5f3ec0724b84f58be7b5358718660fcf97ad90ec35fff8bd56c11f5e2a0da83b1340d23ba896ab3e69fd8cfd4520ff3b51d515f3f140dfa6167748e2d8329b11f3adc0e4b06a5242a97352575171e971ef7b07e1a79a386140c925e938336abdb35164dbe1b7d00231b660add4adf1b32cc8f21a173cc57b8a5363f67f78968327968254725489eba4a4a96cb0d0c6f6085a1df76e0ac5f49de53c8f949b800fec5679959d01a07278fded72398377d9211baa0fbf14b514c84c5990114587875e830c3ed8595397c6faca7940b8a0fee5773742f33f1b7c3fce1ac6c66d03e494b11fc6ff67b0c4a3151f40509dbe959602e8f3309afc0cad3a7d71553b0db4608a50cd0ecc1fd43d3108f6ee4ed37580a6c04699876f2ffbafcf16bb6394115b805432ef3fb7afc98706d55efb248bf88967566e05bbd82fcedd34a6ced86ca75b60e702fc2bf3528ed390efbe781fbe279b8a2102ad4aa79f0874fa497427a1210493204ce3964d5072d647631bb25eaf444c157295f2be54f3fcfcb6e1b0703f77d6ea0aea91597eb74af592552a1fab1223362859d5715e1927de0f16b6938381012667fe302831956ce548bbd317b83d471be21ed4302be4d35fbf0ee35988f9fa7e61d399226300981b3aa5557cd0bfa2d295b9f3085257a44315e1b8669d3a65c771c72586d450ed2c8234e611e1e33e68fcf4a91155276a83c321437d269946e9afcf8af9c2e3585cb4e5451af62d486f2e4fd076017ce0ca997126b7d93afb81e455088121b1e850bae00e745a7fb08f04443368176218e15e918ba6b0db9c48b525ef210eebe66e40296623855c3777db8adccf30357fea71bbd75e7f9ae70f168d95ffdc2721da09180bd5310d399218093a586daf9de3ef9f2ef331eaede3c0b1fef04a51391cfcf1328685336916c9b10009a2618f7d90a448d8df90c38d886a0349c4b66a99c78106329b65299b5ec93efa4d1acd9f4f066e257b931fffebe54f8a90d9b98050733bab4ca3113644dd5eed85597f10b2beccecfe2531f75b815d97b2be0775090bea138494a96f8c65640bc364e488ad92213d8a76813f096f6da7ffc761eefb9d435f2735595a9ec497d65352f59de33c44c9273505a2c2c615cb407abc986a98579eee1b2e3a9c6195d79be87755549f74c093217f1840c9e8498757b3b5a0f3288d8ea40c3645c1d3299e8041217cf489f173536a0496b0c70ed72723cdbee63c7e1ec5336f7e468844cef3e2846f1b738b2a63fd794ac7d3c15e430d98077b97b75a8758f29e98e0cccd7ff808f568998ee66d356541bc048fdc32504ef6af636f746ab1c63bd211a25238b0b40def2327362e85757ff5178f6c246231bb02651d6ac8a89194dda4a47e8cd66f6101e37a23228d1c21d537dca4d04e1266ddde78ff215b5a5131f2bcb0d99c178cbf9f6e9586bb116ebd8e96a12f4a2d4381a9d97ad191635ddd9f998cd22620fddef7cb5821b3bb2d38e6fad6eb6e304239b81588ca079b5bb5ce6822e5bed17a23fff4d854e29f01c2e769278914fa8a3ab156a4d28a7b0deadb3d70f2db77d7e3714e26d48dbb06cfbb950df7dcf607c20f7f1fbcc299536726c98ab7f1bd3fe49e15b9194618c487c7aaf6b7449d657e8fce0bdbf302be7e2fea2477256c2a92214893f7d00d188db9efb8b3ee38315b8b1feb1ee511ef1e8c34c45c1dc20ace0de20a5b7ac853d1d1eec97313bacc18c5543570c09d7eb94d853f090852d0eaf5960858ab684292ceeef5b8a9d261948769ae8c3956cd22dfd93d344edfb6afb5bd08c2afe3c4547ab6721b73649892f13ad3be2119dbacb7dcb06ece9933b2a6256c99d07d48ad682f7245537793388a436e6a58f7988c256c5456fc20ee0f25b73abac1631cb94d8026295bc7dd6436838982c36f0566cdaace0b11c28cab783bcd251193ea7a91da04d1e1d6141a4298837f2f2b809da50ee70394c0324c8b36b5245e855f6932674447505c5597828d31e753e379595e63926d0c983dda3f23f08af333cba6c7b742d72cc55f5220afec9f2e15cfebb7586ff9d56b2dbb4cff7256227cc1b72d645be82adca9464c2ca73dcaf90edc159fe2acf882d540a4efb832e90a65527bacc84da20fcd68a2501e614b4900225f9b6eedc09e3afb236ed7e3f17b13d1b1bc0c8e82448e191f2928ba88eab6d6f7cdee23cf8054bbb928685933a00ff23c230113a08a9b98d011ed142b655bec51e6bc48b5b57877b3ad66fb867acdd068ca3ca26863fdcc8724d9951412940f75fd5ac340e7867cd2cb094493322c94fc6ed9183855433684f20d5e896f7189141eac2bf1dfb50be69bba373b5d6466987cfa5534d7faeb611400bcc0ba3b2ed1554c0219ca7f558b5be1148755a661c385eca76897d3ee30e3f57a05001ea6e437aa1e4e03a9d1a146847a5b34e48b80c5504cf0dd2d3c3a6bbc35ef76e3e881b71c4da569c1475c0645ee558f80d6870b57264a5e01650eafcaac34a888943d9f23eeb9cca2eeb03547ee6f63d7ba11174f5d26f2f9c61a0f8cbdf5e19a9f0676182a508c129cfc2985a382dcbb87c5c14101dd9b991910ef9829f7b25a5d787b2d09657174912fd869997c6df729db479e651a174900e161399f52549cada9a6fe8b811f12b38a90e78879d9670fc5e818cd27d97978b7a6892b5e6edee370addda8b26b07ea5cf08cdedcd21cd9b9866400a28517404e5406132fd3e989d2edd2f77623e620a29bcec21fdd7388aef87ea8caf72eb6d915dea5838dbb730c9290fd69f5424b2afd09070eef7bb081e9088bf5621eec6924c6b3a6dbd28a9a67c8e40c2229b973ef901bba4ee0164fc5ff6ca9fb0143d48dee99d1cfe9de391a7963be87384089ff3abee0004f4f4c80774fb3191fc29e9dd475043e4e8f13811025c853ad46c68d65af39b799c703625e4206f9d35fc8a366509c91b9d127a76d3a84b3db3e09c92182345d05d50941c8cf1832d916e14e39b4e37d8f56c54a355f0455126d6fb9452b1b65264e69b63480d0103931dcb34a70732faf5edcb40ce74e7b9533a02000bdcc6d611b0771c07e334e04d7fb4a04b74337bf6ec075ce1ab51bfdcbedb4508d8efca351540f8f3b5b73f06e457b31e2d5b4ece98609bbbf8f51730181e35971d7b021b8e2e6aac953ad2bc63e375c92767f798fce2d14fa6aaa6e0487245c02100a416b0695bdfdbc070e8ace74ac51d5f67cb26b9cc8183629518c9fb6a175ee7730ac6425c2e2fa927669247e7a3fbefea63387f69ec5535ceac00922172faae8c9cf5463cd0002f690e7b282c254261d9f1a7e1fb004acc7412f650e91bcdf1c6741dd7ecdb7988618eaedd375562abdf142742c2f819cbb218a4b293da817ba37a16e14a85b51fd1c2d7cfb763b0cb5052dc581e0850de3ac355a6157cd4c2fb7751f1eb6e983e795a5233949f76f26cbda96347a26efa7df34b065e381243b609bb55fdbe931ff1cdf2d2754a2e12baa4df8529b115a6e267bfe2c04aabc3cc4b2d29ed7e29909c92ba80b0eb8e0b6939265c08e5d355a9787b6ca16386493593216322db78082ebbd598e388bd5f9941458d98c3320a327b1259c36cc2e497e2babea44920f65df2aa27d5b2502aaeb3c3ef4232cd73ddda1672d85882f3aae271c90829328724854e5d0d6be0a7d7263371d48da232bb004d7439e7da20734eee07e8c5900ad0b15bd53a7638bc8fba05b57e28c3fd1c6a1ea289255567a0d3ec2eb7ce39bbb7ebf27209e41e7664a4a227e3970affe44e2bae1abb0f2a57c089024c4e67fe04275d9c1b2f35e0601de1c8d583b9c5f259e6e45bc7d5474fcd41b5f049359c9bec182e919c6feb49125e5ebbedf3e446c8b9873536f08087913032dd36b22949f032e499c77d96b9ba167de86255e2e3c6a4ba8c8db2642d29b04263fc2ab3a3293d1bb815970230119a8e44de3d37d4ed871a91bc688794be824e814e8a710116c2c567f0b801b33053466aad3e38367610dfcef33d52462ce22e9be76d903031bd8c4c0fc08a9ca7d55318aed3e9676d07941d2e6c84ce979f9f41a04e132b67e78849473741ebaa08aa896c283513aaacc5fc996dabc755fc61e39dd1eb63aeb2064685154fdad943460b1d03f857c88e13f50492ab1359eaeef7f3c6740e6f7657d36d2ce91c0fb28402870aec010a8836b7d9110", 0x1000}, {&(0x7f0000001180)="5dea45f0c1b54a1372e49be73b46b770004be1a14f7a5309eabf9231813656ff3a8d4610dd5a71e9870fae60240d353f94e3b3e04ecec9fa658616e9a691e1bbbf1dc80a0df3d35fa494a03801f11d68cf7e4c2f698b6ee2f9b53ca694d0beb77884ce7ee2f05d7c00c64cfdf232c6443abffa6e56ce8b109831013b4745ce06a40c4943dcadae0f6d1cb4d0ea69b6c88fb146f3d1718bb9e6effc258f61dbe0af83e90b702953d05fb1cca8e05d61415286283aa808e3dc1bae50c3bdf34a658bcf3ba528637cdc282884cc41c6f8b454ea4a111afc57a119a6ed978b03", 0xde}, {&(0x7f0000001280)="b7f4da4288d96159b8fd5ac79c156cbbf6c9a3681744be3a03fbd8d9027fa079b59a291e", 0x24}, {&(0x7f00000012c0)="fc2bce095a0c66a3363f7685c18856343b043af2614885795c7d2e7c5cce397b2a89017a98cb81787e74fef60e223d2bcb33c0a006a116c56359ca32c19144a3bc177a75efa86ffd4817596569339142a46012f5adfdc539c8d412a5f8274cf1cc137c3a5b26f5a4a236640cc24f7cf5ef533555056c45ca710e2b1c03f6d2ba5935a8dba7e3e735e42a31a8711917f9b736f7da13bc04baeece73f12d04055d7468486c49907a84c5fd66bc89be02c57a7a7855212b45852a666ecf4bb97410329bb9d1dff1f87ecb35a31e288f", 0xce}, {&(0x7f00000013c0)="185c5af0a3941b9d126123141d183065d9a2f54056807bfbafa43371b95952a22c9ec6a7b0150e61d6fbabd51e95bd42cf776ff793a30a4910771d7a5864a22dc6c2a9c5d06c2dc1701d953bfc737799a3558eef0edcb9da0e4d6e01d8561bba7ad32b2bcd6a2f68feb06537f519a2a901058e32c69c3f058cc978f2d23ac70e3aa98b3b3686cde78e081a1ab447032640474d3b646ec684a97562204b3136b15e44fe70b1263032e9464167343803059db35a623aabdaae24ee79ebccf03740701f4f6c899ea653ad353e9b4579bb8e576ef9cc3025d439", 0xd8}], 0x6, &(0x7f0000001880)=ANY=[@ANYBLOB="20000000000000000100000002000000", @ANYRES32=r2, @ANYRES32=r3, @ANYRES32=r4, @ANYBLOB="0000000018000000000000000100000001000000e883086032a896c0decb43b226d230", @ANYRES32=r1, @ANYBLOB="0000000038000000000000000100000001000000", @ANYRES32=r1, @ANYRES32=r1, @ANYRES32=r1, @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="0000000018000000000000000100000001000000", @ANYRES32=r1, @ANYRES32=r0, @ANYBLOB="20000000000000000100000001000000", @ANYRES32=r1, @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="18000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="20000000000000000100000002000000", @ANYRES32=r5, @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="0000000028000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB='\x00\x00\x00\x00'], 0x108, 0x20008840}, 0x4000)

14:53:06 executing program 0:
syslog(0x2, 0xfffffffffffffffd, 0x0)

[  401.692725] binder: 14947:14951 got transaction with unaligned buffers size, 116
[  401.730598] binder: 14947:14951 transaction failed 29201/-22, size 0-0 line 3079
[  401.764944] binder: undelivered TRANSACTION_ERROR: 29201
14:53:06 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")

14:53:06 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:53:06 executing program 4:
r0 = syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x7, 0x2000)
getsockopt$EBT_SO_GET_INFO(r0, 0x0, 0x80, &(0x7f0000000100)={'broute\x00\x00\x00\x10\x00'}, &(0x7f0000000180)=0x78)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r2 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r2}, {r2}], 0x2, 0x0, 0x0, 0x0)
ioctl$IOC_PR_CLEAR(r2, 0x401070cd, &(0x7f0000000200)={0x3f})
setsockopt$inet_opts(r2, 0x0, 0x4, &(0x7f0000000240)="7dd6cdb2e18e7040d8bb70912243e90f7fe5fee2dcc7bcbceb99e3d0", 0x1c)
openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/qat_adf_ctl\x00', 0x400, 0x0)

[  401.905930] binder: 14966:14968 got transaction with unaligned buffers size, 116
[  401.942882] binder: 14966:14968 transaction failed 29201/-22, size 0-0 line 3079
[  401.984856] binder: undelivered TRANSACTION_ERROR: 29201
14:53:06 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:53:06 executing program 0:
syslog(0x2, 0xfffffffffffffffd, 0xb6)
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x200800, 0x0)
setsockopt$netlink_NETLINK_PKTINFO(r0, 0x10e, 0x3, &(0x7f0000000040)=0x3, 0x4)

14:53:06 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")

14:53:06 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x2c, 0x200)
ioctl$PIO_CMAP(r1, 0x4b71, &(0x7f0000000100)={0x1, 0x6, 0x3, 0x1, 0x2, 0x1})
r2 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r2}, {r2}], 0x2, 0x0, 0x0, 0x0)

14:53:06 executing program 3:
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:53:06 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0xffffff91, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:53:06 executing program 0:
syz_init_net_socket$x25(0x9, 0x5, 0x0)
r0 = syz_open_dev$dmmidi(&(0x7f0000000080)='/dev/dmmidi#\x00', 0x5, 0x711280)
setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r0, 0x114, 0xa, &(0x7f00000000c0), 0x1)
r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x30000)
ioctl$SG_NEXT_CMD_LEN(r1, 0x2283, &(0x7f0000000040)=0x4f)
syslog(0x2, 0xfffffffffffffffd, 0x147)

14:53:06 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")

14:53:06 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = add_key$user(&(0x7f0000000040)='user\x00', &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000140)="d3782f9655aac30366c07c7c371190d5b1150259484f2edddb727f7c4ade4f9bfc20", 0x22, 0xfffffffffffffff9)
r2 = add_key(&(0x7f0000000200)='encrypted\x00', &(0x7f0000000240)={'syz', 0x1}, &(0x7f0000000280)="b58609d503ce9b2d2af34ec516e882275dee21b7727ab9da912128ab867581d693dd04ab342092a35496174a7d4809053b53708098b8069afdf1498344f77ee7f84520457ea96e75c6c72c52b931ad5e63ee88806658ee971eae014136003e11568c5c1b2963ded571ae0772d02ce1c80b1b7eb881a860067dea2ca5aca8d19362397c0883a43689fcfb5830139f5eaed797342c289b9a96f01d53d01d980ffd75440d4f0bc4a88ea8af4e2a0e6316caaae74cdf1ae9d441a3c7f73326350a6123277b1f1df64bd8ddfd70b6cd78269b8d6dcf2a1327a606daabc4362da8e26665f2d3986d418eba6b2a601ed208334cb0f1a2863c46e3250dc3903130", 0xfd, 0xfffffffffffffff9)
keyctl$search(0xa, r1, &(0x7f0000000180)='user\x00', &(0x7f00000001c0)={'syz', 0x2}, r2)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r3 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_AGP_ALLOC(r3, 0xc0206434, &(0x7f0000000380)={0x6, <r4=>0x0, 0x0, 0x6c})
ioctl$DRM_IOCTL_SG_ALLOC(r3, 0xc0106438, &(0x7f00000003c0)={0x9, r4})
ppoll(&(0x7f0000000080)=[{r3}, {r3}], 0x2, 0x0, 0x0, 0x0)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000440)='TIPCv2\x00')
sendmsg$TIPC_NL_BEARER_ADD(r3, &(0x7f0000000740)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000700)={&(0x7f0000000480)={0x274, r5, 0x8, 0x70bd2d, 0x25dfdbfb, {}, [@TIPC_NLA_LINK={0xf0, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffffffffffffffe1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}]}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7fff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x20}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}]}]}, @TIPC_NLA_MEDIA={0xe8, 0x5, [@TIPC_NLA_MEDIA_PROP={0x44, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xa80}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7fffffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1000}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80000001}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}, @TIPC_NLA_MEDIA_PROP={0x4c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffffffffffff8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6a4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3a12}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7fffffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}]}, @TIPC_NLA_NODE={0x28, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xfff}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x9}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x4}]}, @TIPC_NLA_SOCK={0x24, 0x2, [@TIPC_NLA_SOCK_ADDR={0x8}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x3}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8}]}, @TIPC_NLA_MON={0x14, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8}]}, @TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x1000}]}, @TIPC_NLA_NODE={0x1c, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x4}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x274}, 0x1, 0x0, 0x0, 0x4080}, 0x200448c4)
prctl$PR_MPX_ENABLE_MANAGEMENT(0x2b)

[  402.181335] binder: 14985:14987 got transaction with unaligned buffers size, 116
[  402.195929] binder: 14985:14987 transaction failed 29201/-22, size 0-0 line 3079
[  402.206616] binder: undelivered TRANSACTION_ERROR: 29201
14:53:06 executing program 3:
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:53:07 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")

14:53:07 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0xfffffff5, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  402.329728] binder: 15012:15013 got transaction with unaligned buffers size, 116
[  402.354621] binder: 15012:15013 transaction failed 29201/-22, size 0-0 line 3079
[  402.381694] binder: undelivered TRANSACTION_ERROR: 29201
14:53:07 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:53:07 executing program 0:
syslog(0x2, 0xfffffffffffffffd, 0x147)
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x2, 0x0)
setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f0000000000)=ANY=[@ANYBLOB="1f02b3ff77a72807443960891d12"], 0x8)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000040)={0x7, 0x7, 0x3f, 0xffffffffffff6b62, 0x2}, 0x14)
setsockopt$inet_MCAST_LEAVE_GROUP(r0, 0x0, 0x2d, &(0x7f0000000100)={0xfffffffffffffe01, {{0x2, 0x4e20, @multicast2}}}, 0x88)

14:53:07 executing program 3:
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:53:07 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
setxattr$security_selinux(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='security.selinux\x00', &(0x7f0000000180)='system_u:object_r:udev_helper_exec_t:s0\x00', 0x28, 0x0)
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
write$cgroup_type(r1, &(0x7f0000000040)='threaded\x00', 0x9)
ppoll(&(0x7f0000000080)=[{r1}, {r1}], 0x2, 0x0, 0x0, 0x0)

14:53:07 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")

14:53:07 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0xfffffffd, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  402.620858] binder: 15033:15039 got transaction with unaligned buffers size, 116
14:53:07 executing program 2:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000180))
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")

14:53:07 executing program 0:
syslog(0x2, 0xfffffffffffffffd, 0xfffffffffffffddc)

14:53:07 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000005c0)={<r2=>0x0}, &(0x7f0000000600)=0xc)
stat(&(0x7f0000000640)='./file0\x00', &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000700)={0x0, 0x0, <r4=>0x0}, &(0x7f0000000740)=0xc)
r5 = getpid()
fstat(r0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
r7 = getgid()
r8 = fcntl$getown(r0, 0x9)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000800)={0x0, <r9=>0x0}, &(0x7f0000000840)=0xc)
stat(&(0x7f0000000880)='./file0\x00', &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r10=>0x0})
sendmmsg$unix(r1, &(0x7f00000009c0)=[{&(0x7f0000000100)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000540)=[{&(0x7f0000000180)="25a0a59edcb5730859d7fd2ca57862184345b9b9258dc7c6d67de9546bb0a1cf4edae9839c1bc414827534c5e5b59cb9c9ba600f63e38ab9b9de992c5f5d647abfeebbd5b63ded6cecaf5cd6ecb8ca69b914662964f173202a73cdd328ba266b5574d52febde8ecd3481943f40abea8126d6e32ded088e078a0b5d98d09ecc6222240935880722554b5f4639fa811b1e557174b0dbaee5cdadecfd4cb0770d7cf0274c3bd1a1e06064d683f9b859f725feeb", 0xb2}, {&(0x7f0000000240)="dd97870d567818b46c2f1c3431dd628f66f931d7fee34b8f85289c6da99df82ddc9324dd3df4c9e23b305f80eef9ae5fe7d0031e6ffeb14d424a7c4129abe412aa16216a", 0x44}, {&(0x7f00000002c0)="0ede5f25cf4aebea33fc3a6bd6d7079924438aa76d61234c23a313001bbad1a0a83ed7395efb755e2030544ca54d0fb0bb90b22cebb8411b45afd77e3dfaf9c9463c1c3d776de12c0359ef4b6b45f779c53576c7fae7a839c82edecfa1be90ed9255998a400f96ece7c78871d3ee6b92ec34e7e851f2daa7b953335dbc130c0317b307904f3767d809c7a7877dcfbc0d57fb77980ad45f5cc8c9f6f5ee020f4837dbabc5e643992c166bcdd45121e21bd15fdba3f5187f69d8b3a20ba65f4827d484b9bb", 0xc4}, {&(0x7f0000000040)="c8c945", 0x3}, {&(0x7f00000003c0)="ed973a0bb7615fca5560eef86b40271e818e0184113f2c8b665390ddff95f05c93d727f0e646358f5eeff0f0d66d5f461c3068944559ed271c35cea3b390ae80f0005daea8960e9b6d91d8eef2302cd4206ccfba2ce89cf1de6b1f1a44f7de5d592ef2e92bb1e2d4d9e14de5eda10fa51e32e206db21de1826f4b181557285dbecafc342eda146706742cc9d80064e83313c73ef93e79c68a08584ee3c3738a79feb3665f56eddd0fac8bc7aae8e5feebd43d7438d0335c23a7577c27e68b5d3f1d8f1b9b36cd14aaf47cabb9481606617fc1b6bbc763786c5a9159ab635e3a44ad8fb00014465da4c6cfd1e8a", 0xed}, {&(0x7f00000004c0)="1ef50ad6f7ca3118cb476a486681d68c3a9f88d2bf06df913f86f0d0574c2c974b8667d8d81a8384d38be8f51bc18b8664bb89839f2f959d00172f3fc3cc42dc5ae0889ffd62365c", 0x48}], 0x6, &(0x7f0000000940)=[@cred={0x20, 0x1, 0x2, r2, r3, r4}, @rights={0x18, 0x1, 0x1, [r1, r1]}, @cred={0x20, 0x1, 0x2, r5, r6, r7}, @cred={0x20, 0x1, 0x2, r8, r9, r10}], 0x78, 0x4}], 0x1, 0x4001)
ppoll(&(0x7f0000000080)=[{r1}, {r1}], 0x2, 0x0, 0x0, 0x0)

[  402.666376] binder: 15033:15039 transaction failed 29201/-22, size 0-0 line 3079
[  402.689205] binder: undelivered TRANSACTION_ERROR: 29201
14:53:07 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:53:07 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0xfffffffe, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:53:07 executing program 0:
syslog(0x5, 0xfffffffffffffffd, 0xfffffffffffffeb6)

[  402.855282] binder: 15059:15062 got transaction with unaligned buffers size, 116
[  402.895097] binder: 15059:15062 transaction failed 29201/-22, size 0-0 line 3079
[  402.931756] binder: undelivered TRANSACTION_ERROR: 29201
14:53:07 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)

14:53:07 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070")
r1 = syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0xbb0, 0x4002)
clock_gettime(0x3, &(0x7f0000000000))
ppoll(&(0x7f0000000080)=[{r1}, {r1}], 0x2, 0x0, 0x0, 0x0)

14:53:07 executing program 0:
r0 = syz_open_dev$swradio(&(0x7f0000000040)='/dev/swradio#\x00', 0x1, 0x2)
ioctl$KDGKBDIACR(r0, 0x4b4a, &(0x7f0000000080)=""/242)
syslog(0x2, 0xfffffffffffffffd, 0x147)
syz_genetlink_get_family_id$net_dm(&(0x7f0000000000)='NET_DM\x00')

14:53:07 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:53:07 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x5000000000000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  403.048171] net_ratelimit: 22 callbacks suppressed
[  403.048179] protocol 88fb is buggy, dev hsr_slave_0
[  403.058330] protocol 88fb is buggy, dev hsr_slave_1
14:53:07 executing program 0:
syslog(0x2, 0xfffffffffffffffd, 0x147)
r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x41, 0x0)
ioctl$IMGETVERSION(r0, 0x80044942, &(0x7f0000000040))

[  403.091439] binder: 15077:15082 got transaction with unaligned buffers size, 116
[  403.108856] binder: 15077:15082 transaction failed 29201/-22, size 0-0 line 3079
[  403.125391] binder: undelivered TRANSACTION_ERROR: 29201
[  403.149415] QAT: Invalid ioctl
[  403.153442] QAT: Invalid ioctl
[  403.528160] protocol 88fb is buggy, dev hsr_slave_0
[  403.533277] protocol 88fb is buggy, dev hsr_slave_1
[  404.008140] protocol 88fb is buggy, dev hsr_slave_0
[  404.013210] protocol 88fb is buggy, dev hsr_slave_1
[  404.018283] protocol 88fb is buggy, dev hsr_slave_0
[  404.023299] protocol 88fb is buggy, dev hsr_slave_1
[  404.028383] protocol 88fb is buggy, dev hsr_slave_0
[  404.033411] protocol 88fb is buggy, dev hsr_slave_1
[  404.808123] Bluetooth: hci1: command 0x1003 tx timeout
[  404.813525] Bluetooth: hci1: sending frame failed (-49)
[  406.888174] Bluetooth: hci1: command 0x1001 tx timeout
[  406.893689] Bluetooth: hci1: sending frame failed (-49)
[  408.168152] net_ratelimit: 18 callbacks suppressed
[  408.173126] protocol 88fb is buggy, dev hsr_slave_0
[  408.178181] protocol 88fb is buggy, dev hsr_slave_1
[  408.183265] protocol 88fb is buggy, dev hsr_slave_0
[  408.188313] protocol 88fb is buggy, dev hsr_slave_1
[  408.193408] protocol 88fb is buggy, dev hsr_slave_0
[  408.198445] protocol 88fb is buggy, dev hsr_slave_1
[  408.568119] protocol 88fb is buggy, dev hsr_slave_0
[  408.573184] protocol 88fb is buggy, dev hsr_slave_1
[  408.968140] Bluetooth: hci1: command 0x1009 tx timeout
[  409.288211] protocol 88fb is buggy, dev hsr_slave_0
[  409.293308] protocol 88fb is buggy, dev hsr_slave_1
14:53:18 executing program 2:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000180))
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")

14:53:18 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:53:18 executing program 0:
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x10040, 0x0)
r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000)
ioctl$DRM_IOCTL_GET_MAP(r0, 0xc0286404, &(0x7f0000000000)={&(0x7f0000ffb000/0x4000)=nil, 0x6, 0x0, 0x14, &(0x7f0000ffa000/0x3000)=nil, 0x81})
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000040)=ANY=[@ANYBLOB="1280fe2b", @ANYRES32=<r1=>0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], &(0x7f0000000140)=0x7)
setsockopt$inet_sctp_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f00000000c0)={r1, 0x9}, 0x8)
syslog(0x2, 0xfffffffffffffffd, 0x147)

14:53:18 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x10000000000000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:53:18 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)

14:53:18 executing program 4:
creat(&(0x7f0000000280)='./bus\x00', 0x0)
pipe(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
fcntl$setpipe(r0, 0x407, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58)
r3 = accept4$alg(r2, 0x0, 0x0, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000040)=ANY=[], 0xfffffdea)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfffffffeffffffff, 0xffffffffffffffff, 0x0)
splice(r0, 0x0, r3, 0x0, 0x20000000003, 0x0)
r4 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0, 0x4002011, r4, 0x0)

[  413.404281] binder: 15106:15107 got transaction with unaligned buffers size, 116
[  413.436092] binder: 15106:15107 transaction failed 29201/-22, size 0-0 line 3079
[  413.448153] net_ratelimit: 22 callbacks suppressed
14:53:18 executing program 0:
r0 = pkey_alloc(0x0, 0x0)
pkey_free(r0)
syslog(0xffffffff, 0xfffffffffffffffd, 0xdd39)
r1 = accept(0xffffffffffffff9c, &(0x7f0000000bc0)=@un=@abs, &(0x7f0000000c40)=0x80)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f0000000c80)=[@in={0x2, 0x4e22, @multicast1}, @in={0x2, 0x4e23, @loopback}, @in={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x1, 0x0}}, @in={0x2, 0x5d443819, @local}, @in6={0xa, 0x4e20, 0x8, @dev={0xfe, 0x80, [], 0x18}, 0x9}, @in6={0xa, 0x4e24, 0x7ff, @remote, 0x81}], 0x78)

14:53:18 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x0, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  413.448160] protocol 88fb is buggy, dev hsr_slave_0
[  413.458194] protocol 88fb is buggy, dev hsr_slave_1
[  413.462800] binder: undelivered TRANSACTION_ERROR: 29201
[  413.515610] audit: type=1804 audit(1551451998.162:68): pid=15120 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir262492092/syzkaller.JzVt9C/331/bus" dev="sda1" ino=16754 res=1
14:53:18 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x100000000000000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:53:18 executing program 0:
syslog(0x2, 0xfffffffffffffffd, 0x147)
r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x115200)
fallocate(r0, 0xc, 0xfffffffffffffffb, 0x5)
r1 = dup2(0xffffffffffffff9c, 0xffffffffffffffff)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0xe})

14:53:18 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x0, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  413.559899] binder: 15124:15127 got transaction with unaligned buffers size, 116
[  413.567611] binder: 15124:15127 transaction failed 29201/-22, size 0-0 line 3079
[  413.583333] binder: undelivered TRANSACTION_ERROR: 29201
14:53:18 executing program 4:
creat(&(0x7f0000000280)='./bus\x00', 0x0)
pipe(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
fcntl$setpipe(r0, 0x407, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58)
r3 = accept4$alg(r2, 0x0, 0x0, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000040)=ANY=[], 0xfffffdea)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfffffffeffffffff, 0xffffffffffffffff, 0x0)
splice(r0, 0x0, r3, 0x0, 0x20000000003, 0x0)
r4 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0, 0x4002011, r4, 0x0)

[  413.683085] binder: 15137:15138 got transaction with unaligned buffers size, 116
[  413.713507] binder: 15137:15138 transaction failed 29201/-22, size 0-0 line 3079
[  413.737012] binder: undelivered TRANSACTION_ERROR: 29201
[  413.794205] audit: type=1804 audit(1551451998.442:69): pid=15147 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir262492092/syzkaller.JzVt9C/332/bus" dev="sda1" ino=16754 res=1
[  413.928178] protocol 88fb is buggy, dev hsr_slave_0
[  413.933321] protocol 88fb is buggy, dev hsr_slave_1
[  414.408149] protocol 88fb is buggy, dev hsr_slave_0
[  414.413222] protocol 88fb is buggy, dev hsr_slave_1
[  414.418253] protocol 88fb is buggy, dev hsr_slave_0
[  414.423261] protocol 88fb is buggy, dev hsr_slave_1
[  414.428289] protocol 88fb is buggy, dev hsr_slave_0
[  414.433296] protocol 88fb is buggy, dev hsr_slave_1
[  415.528311] Bluetooth: hci1: command 0x1003 tx timeout
[  415.533673] Bluetooth: hci1: sending frame failed (-49)
[  417.608311] Bluetooth: hci1: command 0x1001 tx timeout
[  417.613954] Bluetooth: hci1: sending frame failed (-49)
[  418.568194] net_ratelimit: 18 callbacks suppressed
[  418.568199] protocol 88fb is buggy, dev hsr_slave_0
[  418.578287] protocol 88fb is buggy, dev hsr_slave_1
[  418.583359] protocol 88fb is buggy, dev hsr_slave_0
[  418.588399] protocol 88fb is buggy, dev hsr_slave_1
[  418.593430] protocol 88fb is buggy, dev hsr_slave_0
[  418.598476] protocol 88fb is buggy, dev hsr_slave_1
[  418.968150] protocol 88fb is buggy, dev hsr_slave_0
[  418.973255] protocol 88fb is buggy, dev hsr_slave_1
[  419.688177] protocol 88fb is buggy, dev hsr_slave_0
[  419.688229] Bluetooth: hci1: command 0x1009 tx timeout
[  419.693294] protocol 88fb is buggy, dev hsr_slave_1
14:53:28 executing program 2:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000180))
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")

14:53:28 executing program 0:
r0 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vfio/vfio\x00', 0x2041, 0x0)
ioctl$TIOCMBIS(r0, 0x5416, &(0x7f0000000040)=0x4)
syslog(0x2, 0xfffffffffffffffd, 0x147)

14:53:28 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x0, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:53:28 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x200000000000000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:53:28 executing program 4:
creat(&(0x7f0000000280)='./bus\x00', 0x0)
pipe(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
fcntl$setpipe(r0, 0x407, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58)
r3 = accept4$alg(r2, 0x0, 0x0, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000040)=ANY=[], 0xfffffdea)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfffffffeffffffff, 0xffffffffffffffff, 0x0)
splice(r0, 0x0, r3, 0x0, 0x20000000003, 0x0)
r4 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0, 0x4002011, r4, 0x0)

14:53:28 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)

[  423.652460] binder: 15157:15159 got transaction with unaligned buffers size, 116
[  423.677711] Bluetooth: hci1: Frame reassembly failed (-84)
[  423.683648] binder: 15157:15159 transaction failed 29201/-22, size 0-0 line 3079
14:53:28 executing program 0:
syslog(0x0, 0xfffffffffffffffd, 0x0)
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x2, 0x0)
getsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f00000000c0), &(0x7f0000000100)=0xfffffffffffffe6b)

14:53:28 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  423.705660] binder: undelivered TRANSACTION_ERROR: 29201
14:53:28 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x300000000000000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  423.796486] audit: type=1804 audit(1551452008.442:70): pid=15173 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir262492092/syzkaller.JzVt9C/333/bus" dev="sda1" ino=17073 res=1
14:53:28 executing program 0:
syslog(0x2, 0xfffffffffffffffd, 0x147)
r0 = dup(0xffffffffffffff9c)
setsockopt$inet6_dccp_buf(r0, 0x21, 0xe, &(0x7f0000000080), 0x0)
getsockname$inet(r0, &(0x7f0000000000)={0x2, 0x0, @initdev}, &(0x7f0000000040)=0x10)
openat$ashmem(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ashmem\x00', 0x18041, 0x0)

14:53:28 executing program 4:
r0 = openat$capi20(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/capi20\x00', 0x0, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0x5)
ioctl$CAPI_MANUFACTURER_CMD(r0, 0xc0104320, &(0x7f0000000100)={0x2, &(0x7f0000000040)})

[  423.848133] net_ratelimit: 22 callbacks suppressed
[  423.848140] protocol 88fb is buggy, dev hsr_slave_0
[  423.858268] protocol 88fb is buggy, dev hsr_slave_1
[  423.867781] binder: 15177:15178 got transaction with unaligned buffers size, 116
[  423.882966] binder: 15177:15178 transaction failed 29201/-22, size 0-0 line 3079
14:53:28 executing program 4:
r0 = openat$capi20(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/capi20\x00', 0x0, 0x0)
ioctl$CAPI_MANUFACTURER_CMD(r0, 0xc0104320, &(0x7f0000000100)={0xb, &(0x7f0000000040)})

[  423.938463] binder: undelivered TRANSACTION_ERROR: 29201
[  424.046788] kcapi: driver "" not loaded.
[  424.328141] protocol 88fb is buggy, dev hsr_slave_0
[  424.333206] protocol 88fb is buggy, dev hsr_slave_1
[  424.808163] protocol 88fb is buggy, dev hsr_slave_0
[  424.813233] protocol 88fb is buggy, dev hsr_slave_1
[  424.818344] protocol 88fb is buggy, dev hsr_slave_0
[  424.823375] protocol 88fb is buggy, dev hsr_slave_1
[  424.828468] protocol 88fb is buggy, dev hsr_slave_0
[  424.833504] protocol 88fb is buggy, dev hsr_slave_1
[  425.688160] Bluetooth: hci1: command 0x1003 tx timeout
[  425.693577] Bluetooth: hci1: sending frame failed (-49)
[  427.768197] Bluetooth: hci1: command 0x1001 tx timeout
[  427.773613] Bluetooth: hci1: sending frame failed (-49)
[  428.968133] net_ratelimit: 18 callbacks suppressed
[  428.968138] protocol 88fb is buggy, dev hsr_slave_0
[  428.978154] protocol 88fb is buggy, dev hsr_slave_1
[  428.983206] protocol 88fb is buggy, dev hsr_slave_0
[  428.988265] protocol 88fb is buggy, dev hsr_slave_1
[  428.993317] protocol 88fb is buggy, dev hsr_slave_0
[  428.998373] protocol 88fb is buggy, dev hsr_slave_1
[  429.369119] protocol 88fb is buggy, dev hsr_slave_0
[  429.374206] protocol 88fb is buggy, dev hsr_slave_1
[  429.848156] Bluetooth: hci1: command 0x1009 tx timeout
[  430.088172] protocol 88fb is buggy, dev hsr_slave_0
[  430.093246] protocol 88fb is buggy, dev hsr_slave_1
14:53:38 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")

14:53:38 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:53:38 executing program 0:
syslog(0x0, 0xfffffffffffffffd, 0x0)

14:53:38 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x400000000000000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:53:38 executing program 4:
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
getpid()
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
socket$inet(0x2, 0x3, 0x7f)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x0, 0xfffffffffffffffc}, 0x4)
r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bind$inet(r2, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
connect$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast1}, 0x10)
write$binfmt_elf64(r4, &(0x7f0000000240)={{0x7f, 0x45, 0x4c, 0x46, 0xfffffffffffff001, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x2, 0x3cc, 0x40, 0x0, 0x2, 0xf79, 0x38, 0x0, 0xc159, 0x0, 0xb6}, [{0x0, 0x0, 0x5, 0x2, 0x8, 0x0, 0x8}], "6cc69e55f54988c68f6f223ea0cbb966cae36215c2501abd88ef"}, 0x92)
splice(r0, 0x0, r2, 0x0, 0x10005, 0x0)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0)

14:53:38 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200))
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)

14:53:38 executing program 0:
syslog(0x2, 0xfffffffffffffffd, 0x147)
r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x100000200000, 0x0)
ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000040)=0x5)

14:53:38 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")

[  433.908810] binder: 15203:15206 got transaction with unaligned buffers size, 116
[  433.925674] binder: 15203:15206 transaction failed 29201/-22, size 0-0 line 3079
[  433.944803] binder: undelivered TRANSACTION_ERROR: 29201
14:53:38 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:53:38 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x500000000000000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:53:38 executing program 0:

14:53:38 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")

[  434.102909] binder: 15225:15227 got transaction with unaligned buffers size, 116
[  434.134853] binder: 15225:15227 transaction failed 29201/-22, size 0-0 line 3079
14:53:38 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000))
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  434.148179] binder: undelivered TRANSACTION_ERROR: 29201
14:53:38 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")

[  434.212321] binder: 15237:15239 got transaction with unaligned buffers size, 116
[  434.226911] binder: 15237:15239 transaction failed 29201/-22, size 0-0 line 3079
[  434.235614] binder: undelivered TRANSACTION_ERROR: 29201
[  434.248129] net_ratelimit: 22 callbacks suppressed
[  434.248135] protocol 88fb is buggy, dev hsr_slave_0
14:53:38 executing program 0:
syslog(0x2, 0xfffffffffffffffd, 0x147)
r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x1, 0x2)
sendmsg$nl_crypto(r0, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000300)={&(0x7f0000000200)=@getstat={0xe0, 0x15, 0x0, 0x70bd26, 0x25dfdbfc, {{'authenc(vmac64(camellia-generic),ctr-aes-neonbs)\x00'}, [], [], 0x400, 0x2000}, ["", ""]}, 0xe0}, 0x1, 0x0, 0x0, 0xe2617c6e7de02379}, 0x8000)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffff9c, 0x84, 0x1d, &(0x7f0000000040)={0x2, [<r1=>0x0, 0x0]}, &(0x7f0000000080)=0xc)
ioctl$KVM_S390_VCPU_FAULT(r0, 0x4008ae52, &(0x7f0000000180)=0xffffffffffffffff)
setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f00000000c0)={r1, @in={{0x2, 0x4e20, @loopback}}}, 0x84)

[  434.253139] protocol 88fb is buggy, dev hsr_slave_1
14:53:38 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000))
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  434.380652] binder: 15250:15251 got transaction with unaligned buffers size, 116
[  434.391654] binder: 15250:15251 transaction failed 29201/-22, size 0-0 line 3079
[  434.416059] binder: undelivered TRANSACTION_ERROR: 29201
[  434.728640] protocol 88fb is buggy, dev hsr_slave_0
[  434.735548] protocol 88fb is buggy, dev hsr_slave_1
14:53:39 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")

14:53:39 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x600000000000000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:53:39 executing program 0:
syslog(0x2, 0xfffffffffffffffd, 0x147)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x109000, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000040)={{{@in6, @in=@loopback}}, {{@in6=@dev}, 0x0, @in=@loopback}}, &(0x7f0000000140)=0xe8)

14:53:39 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000))
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:53:39 executing program 4:
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
getpid()
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
socket$inet(0x2, 0x3, 0x7f)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x0, 0xfffffffffffffffc}, 0x4)
r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bind$inet(r2, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
connect$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast1}, 0x10)
write$binfmt_elf64(r4, &(0x7f0000000240)={{0x7f, 0x45, 0x4c, 0x46, 0xfffffffffffff001, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x2, 0x3cc, 0x40, 0x0, 0x2, 0xf79, 0x38, 0x0, 0xc159, 0x0, 0xb6}, [{0x0, 0x0, 0x5, 0x2, 0x8, 0x0, 0x8}], "6cc69e55f54988c68f6f223ea0cbb966cae36215c2501abd88ef"}, 0x92)
splice(r0, 0x0, r2, 0x0, 0x10005, 0x0)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0)

14:53:39 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200))
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)

14:53:39 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")

14:53:39 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
signalfd4(r0, &(0x7f0000000040)={0x5}, 0x8, 0x80800)
prctl$PR_GET_ENDIAN(0x13, &(0x7f0000000000))
syslog(0x2, 0xfffffffffffffffd, 0x147)

[  434.944494] binder: 15257:15259 got transaction with unaligned buffers size, 116
[  434.964724] binder: 15257:15259 transaction failed 29201/-22, size 0-0 line 3079
14:53:39 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c12")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  435.036092] binder: undelivered TRANSACTION_ERROR: 29201
14:53:39 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x700000000000000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:53:39 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, 0x0)
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")

14:53:39 executing program 0:
syslog(0x2, 0xfffffffffffffffd, 0x147)
r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/current\x00', 0x2, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x1)

[  435.144835] binder: 15284:15289 got transaction with unaligned buffers size, 116
14:53:39 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, 0x0)
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")

[  435.205960] binder: 15284:15289 transaction failed 29201/-22, size 0-0 line 3079
[  435.218191] protocol 88fb is buggy, dev hsr_slave_0
[  435.223400] protocol 88fb is buggy, dev hsr_slave_1
[  435.228527] protocol 88fb is buggy, dev hsr_slave_0
[  435.232440] binder: undelivered TRANSACTION_ERROR: 29201
[  435.233576] protocol 88fb is buggy, dev hsr_slave_1
[  435.233641] protocol 88fb is buggy, dev hsr_slave_0
[  435.249121] protocol 88fb is buggy, dev hsr_slave_1
14:53:39 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c12")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:53:39 executing program 0:
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000001180)={0xffffffffffffff9c, 0x10, &(0x7f0000001140)={&(0x7f0000000140)=""/4096, 0x1000, <r0=>0x0}}, 0x10)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000011c0)=r0, 0x4)
syslog(0xa, 0xfffffffffffffffd, 0xfffffccc)
r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x282, 0x0)
write$P9_RAUTH(r1, &(0x7f0000000100)={0x14, 0x67, 0x2, {0x20, 0x2, 0x3}}, 0x14)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={<r2=>0xffffffffffffffff}, 0x13f, 0x1009}}, 0x20)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000001240)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r1, &(0x7f0000001300)={&(0x7f0000001200)={0x10, 0x0, 0x0, 0x104020}, 0xc, &(0x7f00000012c0)={&(0x7f0000001280)={0x30, r3, 0x0, 0x70bd29, 0x25dfdbfe, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x5, 0x7fffffff, 0x5, 0x100000000}}}, ["", "", "", "", "", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x811}, 0x8000)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r1, &(0x7f00000000c0)={0x4, 0x8, 0xfa00, {r2, 0x6}}, 0x10)

14:53:40 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x800000000000000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  435.351795] binder: 15302:15303 got transaction with unaligned buffers size, 116
[  435.381119] binder: 15302:15303 transaction failed 29201/-22, size 0-0 line 3079
[  435.427718] binder: undelivered TRANSACTION_ERROR: 29201
14:53:40 executing program 4:
openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-monitor\x00', 0x50000, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x8000000000006, 0x0)
write$binfmt_aout(r0, &(0x7f00000002c0)=ANY=[], 0xfffffd6f)

14:53:40 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, 0x0)
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")

14:53:40 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200))
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)

14:53:40 executing program 0:
syslog(0x2, 0xfffffffffffffffd, 0x147)
r0 = creat(&(0x7f0000000000)='./file0\x00', 0x6)
getsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r0, 0x84, 0x8, &(0x7f0000000040), &(0x7f0000000080)=0x4)

14:53:40 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c12")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:53:40 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x900000000000000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:53:40 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0))
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")

[  435.976552] binder: 15322:15323 got transaction with unaligned buffers size, 116
[  436.015841] binder: 15322:15323 transaction failed 29201/-22, size 0-0 line 3079
14:53:40 executing program 0:
syslog(0x2, 0xfffffffffffffffd, 0x147)
r0 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x10001, 0x40000)
ioctl$NBD_DO_IT(r0, 0xab03)

[  436.040783] binder: undelivered TRANSACTION_ERROR: 29201
14:53:40 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:53:40 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0))
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")

14:53:40 executing program 0:
syslog(0xd, 0xfffffffffffffffd, 0x0)
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0x40000, 0x0)
fchmodat(r0, &(0x7f0000000040)='./file0\x00', 0x40)
ioctl$DRM_IOCTL_AGP_ALLOC(r0, 0xc0206434, &(0x7f0000000080)={0x2, <r1=>0x0, 0x0, 0x2})
ioctl$DRM_IOCTL_SG_FREE(r0, 0x40106439, &(0x7f00000000c0)={0xd44c, r1})

14:53:40 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0xa00000000000000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  436.199988] binder: 15345:15346 got transaction with unaligned buffers size, 116
[  436.278406] binder: 15345:15346 transaction failed 29201/-22, size 0-0 line 3079
[  436.308298] binder: undelivered TRANSACTION_ERROR: 29201
14:53:41 executing program 4:
io_setup(0x4, &(0x7f0000000040)=<r0=>0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
io_submit(r0, 0x2, &(0x7f0000002740)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x4, r1, &(0x7f0000000080)="282815d02b981c2d472fe969a56fe2d327c9a766b456db565ca7f98dc88de455ff3c3e", 0x23, 0x3}, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3, 0x0, 0x2}])

14:53:41 executing program 0:
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f00000000c0)={{{@in=@multicast2, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r0=>0x0}}, {{@in=@empty}, 0x0, @in6=@mcast2}}, &(0x7f00000001c0)=0xe8)
r1 = geteuid()
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f0000000200)={{{@in6=@mcast1, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in=@multicast2}, 0x0, @in=@dev}}, &(0x7f0000000300)=0xe8)
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='9p\x00', 0x0, &(0x7f0000000340)={'trans=unix,', {[{@access_client='access=client'}, {@msize={'msize', 0x3d, 0x5}}, {@cache_fscache='cache=fscache'}, {@nodevmap='nodevmap'}, {@cache_fscache='cache=fscache'}, {@access_uid={'access', 0x3d, r0}}, {@msize={'msize', 0x3d, 0xff}}, {@access_user='access=user'}], [{@fowner_eq={'fowner', 0x3d, r1}}, {@fowner_gt={'fowner>', r2}}, {@obj_type={'obj_type'}}, {@fscontext={'fscontext', 0x3d, 'system_u'}}, {@pcr={'pcr', 0x3d, 0x1a}}, {@fsname={'fsname'}}]}})
syslog(0x0, 0xfffffffffffffffd, 0x0)

14:53:41 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0))
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")

14:53:41 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:53:41 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0xe00000000000000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:53:41 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0)

14:53:41 executing program 0:

[  436.903517] binder: 15367:15370 got transaction with unaligned buffers size, 116
[  436.917111] binder: 15367:15370 transaction failed 29201/-22, size 0-0 line 3079
14:53:41 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")

14:53:41 executing program 0:
syslog(0x2, 0xfffffffffffffffd, 0x147)
r0 = semget$private(0x0, 0xa, 0x20)
r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x280083, 0x0)
getsockopt$IP_VS_SO_GET_INFO(r1, 0x0, 0x481, &(0x7f0000000080), &(0x7f00000000c0)=0xc)
semop(r0, &(0x7f0000000000)=[{0x4, 0x1ff, 0x800}], 0x1)

[  436.943965] binder: undelivered TRANSACTION_ERROR: 29201
14:53:41 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:53:41 executing program 4:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:53:41 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x1000000000000000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:53:41 executing program 0:
syslog(0x2, 0xfffffffffffffffd, 0x147)
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_refresh_period\x00', 0x2, 0x0)
connect$rxrpc(r0, &(0x7f0000000040)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e22, 0x1ff, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x7}}, 0x466)
getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000080)={0x0, 0x0, 0x8004, 0x101, 0x0, 0x7, 0x4, 0x401, <r1=>0x0}, &(0x7f00000000c0)=0x20)
getsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000100)={r1, 0x8, 0xfff8000000000000, 0x7f}, &(0x7f0000000140)=0x10)

14:53:41 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b0")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  437.099345] binder: BINDER_SET_CONTEXT_MGR already set
[  437.113648] binder: 15393:15399 ioctl 40046207 0 returned -16
14:53:41 executing program 4:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:53:41 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")

[  437.217814] binder: BINDER_SET_CONTEXT_MGR already set
14:53:41 executing program 0:
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x400440, 0x0)
fstat(0xffffffffffffff9c, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, <r1=>0x0})
setsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f00000000c0)={{{@in6=@ipv4={[], [], @broadcast}, @in6=@remote, 0x4e23, 0x95, 0x4e24, 0x0, 0xa, 0x20, 0x80, 0x7b, 0x0, r1}, {0x7, 0x7, 0x8000, 0xffffffff, 0x6, 0x0, 0x2, 0x4000000000}, {0x400, 0x100000000, 0xffffffff, 0x1ff}, 0x4, 0x6e6bba, 0x2, 0x1, 0x1}, {{@in=@remote, 0x4d3, 0xff}, 0xa, @in=@remote, 0x3504, 0x1, 0x3, 0x4, 0x1ff, 0x3f, 0x64c1}}, 0xe8)
syslog(0x2, 0xfffffffffffffffd, 0x147)

[  437.252158] binder: 15411:15412 ioctl 40046207 0 returned -16
14:53:42 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0)

14:53:42 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x1802000000000000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:53:42 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b0")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:53:42 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")

14:53:42 executing program 0:
r0 = fcntl$getown(0xffffffffffffff9c, 0x9)
sched_getparam(r0, &(0x7f0000000000))
syslog(0x2, 0xfffffffffffffffd, 0x147)

14:53:42 executing program 4:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  437.500679] binder: BINDER_SET_CONTEXT_MGR already set
14:53:42 executing program 0:
syslog(0xfffffffe, 0xfffffffffffffffd, 0x35)
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
bind$rose(r0, &(0x7f0000000000)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}}, 0x1c)

14:53:42 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b0")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:53:42 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")

[  437.523320] binder: 15432:15434 ioctl 40046207 0 returned -16
14:53:42 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:53:42 executing program 0:
syslog(0x2, 0xfffffffffffffffd, 0x24d)
r0 = socket$inet(0x2, 0x8000f, 0xf95)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000000)={{{@in=@initdev, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}}, {{@in=@dev}, 0x0, @in6=@remote}}, &(0x7f0000000100)=0xe8)
r2 = syz_open_dev$cec(&(0x7f00000001c0)='/dev/cec#\x00', 0x1, 0x2)
ioctl$PERF_EVENT_IOC_DISABLE(r2, 0x2401, 0x8)
fstat(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0})
openat$cgroup_int(r2, &(0x7f0000000200)='pids.max\x00', 0x2, 0x0)
ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc028ae92, &(0x7f0000000240)={0x5, 0xff})
ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(r0, 0x3)
fchown(r0, r1, r3)

14:53:42 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x2000000000000000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  437.662526] Bluetooth: hci1: Frame reassembly failed (-84)
14:53:42 executing program 0:
syslog(0x9, 0xfffffffffffffffd, 0x3e31ef743fa83ba2)

14:53:42 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:53:42 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:53:42 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0)

14:53:42 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x3f00000000000000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:53:42 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:53:42 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:53:42 executing program 0:
syslog(0x2, 0xfffffffffffffffd, 0x147)
r0 = shmget(0x1, 0x2000, 0x54000000, &(0x7f0000ffc000/0x2000)=nil)
r1 = open(&(0x7f00000000c0)='./file0\x00', 0x40, 0x2)
ioctl$KVM_SET_CLOCK(r1, 0x4030ae7b, &(0x7f0000000100)={0x8, 0x100})
shmctl$IPC_INFO(r0, 0x3, &(0x7f0000000000)=""/134)

[  439.368146] net_ratelimit: 18 callbacks suppressed
[  439.368151] protocol 88fb is buggy, dev hsr_slave_0
[  439.378298] protocol 88fb is buggy, dev hsr_slave_1
[  439.383348] protocol 88fb is buggy, dev hsr_slave_0
[  439.388430] protocol 88fb is buggy, dev hsr_slave_1
[  439.393467] protocol 88fb is buggy, dev hsr_slave_0
[  439.398496] protocol 88fb is buggy, dev hsr_slave_1
[  439.688133] Bluetooth: hci1: command 0x1003 tx timeout
[  439.693505] Bluetooth: hci1: sending frame failed (-49)
[  439.768136] protocol 88fb is buggy, dev hsr_slave_0
[  439.773179] protocol 88fb is buggy, dev hsr_slave_1
[  440.488211] protocol 88fb is buggy, dev hsr_slave_0
[  440.493321] protocol 88fb is buggy, dev hsr_slave_1
[  441.768221] Bluetooth: hci1: command 0x1001 tx timeout
[  441.773619] Bluetooth: hci1: sending frame failed (-49)
[  443.848196] Bluetooth: hci1: command 0x1009 tx timeout
[  444.648158] net_ratelimit: 22 callbacks suppressed
[  444.653214] protocol 88fb is buggy, dev hsr_slave_0
[  444.658286] protocol 88fb is buggy, dev hsr_slave_1
[  445.128172] protocol 88fb is buggy, dev hsr_slave_0
[  445.133241] protocol 88fb is buggy, dev hsr_slave_1
[  445.608163] protocol 88fb is buggy, dev hsr_slave_0
[  445.613339] protocol 88fb is buggy, dev hsr_slave_1
[  445.618422] protocol 88fb is buggy, dev hsr_slave_0
[  445.623441] protocol 88fb is buggy, dev hsr_slave_1
[  445.628463] protocol 88fb is buggy, dev hsr_slave_0
[  445.633463] protocol 88fb is buggy, dev hsr_slave_1
14:53:52 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")

14:53:52 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:53:52 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:53:52 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4000000000000000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:53:52 executing program 0:
syslog(0x2, 0xfffffffffffffffd, 0x45)
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x191a80, 0x0)
ioctl$CAPI_REGISTER(r0, 0x400c4301, &(0x7f00000002c0)={0x400, 0x3, 0x40})
r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20ncci\x00', 0x1c003, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r1, 0xc08c5335, &(0x7f00000001c0)={0x1f6, 0x5, 0xff, 'queue1\x00', 0x3})
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x18000, 0x0)
ioctl$UI_END_FF_UPLOAD(r2, 0x406855c9, &(0x7f0000000080)={0x8, 0x81b, {0x56, 0x85, 0x3, {0x3, 0x4}, {0x5, 0x9}, @rumble={0x6, 0x1}}, {0x53, 0x34d0, 0x6, {0x1, 0x100000000}, {0x80000001, 0x6}, @period={0x59, 0xe000000000000000, 0x7f32, 0x9, 0xb4, {0x9, 0x3e7ac0, 0x2, 0x8c}, 0x0, &(0x7f0000000040)}}})
getsockopt$inet_mreqn(r2, 0x0, 0x0, &(0x7f0000000040)={@rand_addr, @broadcast, <r3=>0x0}, &(0x7f0000000100)=0xc)
ioctl$sock_inet6_SIOCSIFADDR(r2, 0x8916, &(0x7f0000000140)={@local, 0x1f, r3})

14:53:52 executing program 5 (fault-call:3 fault-nth:0):
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:53:52 executing program 0:
syslog(0x1, 0xfffffffffffffffd, 0x0)

[  447.974759] binder_transaction: 10 callbacks suppressed
[  447.974772] binder: 15499:15500 transaction failed 29189/-22, size 0-0 line 2896
[  447.998640] FAULT_INJECTION: forcing a failure.
[  447.998640] name failslab, interval 1, probability 0, space 0, times 0
[  448.011862] Bluetooth: hci1: Frame reassembly failed (-84)
[  448.039158] binder_release_work: 10 callbacks suppressed
[  448.039164] binder: undelivered TRANSACTION_ERROR: 29189
[  448.042733] CPU: 0 PID: 15509 Comm: syz-executor.5 Not tainted 5.0.0-rc8+ #89
[  448.050069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  448.066657] Call Trace:
[  448.066679]  dump_stack+0x172/0x1f0
[  448.066697]  should_fail.cold+0xa/0x1b
[  448.076745]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[  448.081849]  ? lock_downgrade+0x810/0x810
14:53:52 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:53:52 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:53:52 executing program 0:
pipe(&(0x7f00000000c0)={<r0=>0xffffffffffffffff})
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x8e)
syslog(0x3, 0xfffffffffffffffd, 0x79b)

[  448.085994]  ? ___might_sleep+0x163/0x280
[  448.090147]  __should_failslab+0x121/0x190
[  448.094384]  should_failslab+0x9/0x14
[  448.098196]  kmem_cache_alloc_node+0x264/0x710
[  448.099117] binder_alloc: 15517: binder_alloc_buf, no vma
[  448.102781]  __alloc_skb+0xd5/0x5e0
[  448.102797]  ? skb_scrub_packet+0x440/0x440
[  448.102813]  ? __lock_acquire+0x53b/0x4700
[  448.102828]  alloc_skb_with_frags+0x93/0x580
[  448.116279]  sock_alloc_send_pskb+0x72d/0x8a0
[  448.116304]  ? sock_wmalloc+0x120/0x120
[  448.124913]  ? find_held_lock+0x35/0x130
[  448.124930]  ? ip6_dst_lookup_tail+0xa8a/0x1b30
[  448.124947]  ? ip6_mtu+0x2e6/0x460
[  448.145637]  sock_alloc_send_skb+0x32/0x40
[  448.145653]  __ip6_append_data.isra.0+0x214c/0x3600
[  448.145674]  ? ip_reply_glue_bits+0xc0/0xc0
[  448.152240] binder: 15517:15518 transaction failed 29189/-3, size 0-0 line 3035
[  448.154903]  ? dst_output+0x180/0x180
[  448.154919]  ? ip6_autoflowlabel.part.0+0x70/0x70
[  448.154937]  ip6_append_data+0x1e5/0x320
[  448.154954]  ? ip_reply_glue_bits+0xc0/0xc0
[  448.166680]  ? ip_reply_glue_bits+0xc0/0xc0
[  448.176549] binder_alloc: 15517: binder_alloc_buf, no vma
[  448.179335]  l2tp_ip6_sendmsg+0xb4b/0x1780
[  448.179352]  ? __might_fault+0x12b/0x1e0
[  448.179371]  ? l2tp_ip6_recv+0xf10/0xf10
[  448.179403]  ? ___might_sleep+0x163/0x280
[  448.189685] binder: undelivered TRANSACTION_ERROR: 29189
[  448.193571]  ? __might_sleep+0x95/0x190
[  448.193596]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[  448.193613]  inet_sendmsg+0x147/0x5d0
[  448.200171] binder: 15521:15523 transaction failed 29189/-3, size 0-0 line 3035
[  448.201862]  ? l2tp_ip6_recv+0xf10/0xf10
14:53:52 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:53:52 executing program 0:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cpuset.effective_mems\x00', 0x0, 0x0)
getsockopt$inet_int(r0, 0x0, 0x12, &(0x7f0000000040), &(0x7f0000000080)=0xffffffffffffff35)
syslog(0x2, 0xfffffffffffffffd, 0x147)

[  448.201875]  ? inet_sendmsg+0x147/0x5d0
[  448.201886]  ? ipip_gro_receive+0x100/0x100
[  448.201900]  sock_sendmsg+0xdd/0x130
[  448.218619] binder: undelivered TRANSACTION_ERROR: 29189
[  448.219453]  ___sys_sendmsg+0x3e2/0x930
[  448.219468]  ? copy_msghdr_from_user+0x430/0x430
[  448.265608]  ? lock_downgrade+0x810/0x810
[  448.269765]  ? kasan_check_read+0x11/0x20
[  448.273919]  ? __fget+0x367/0x540
[  448.273956]  ? iterate_fd+0x360/0x360
[  448.273974]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  448.281182]  ? proc_fail_nth_write+0x9d/0x1e0
[  448.281197]  ? __fget_light+0x1a9/0x230
[  448.281210]  ? __fdget+0x1b/0x20
[  448.281221]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  448.281234]  ? sockfd_lookup_light+0xcb/0x180
[  448.281249]  __sys_sendmmsg+0x1c3/0x4e0
[  448.312487]  ? __ia32_sys_sendmsg+0xb0/0xb0
[  448.316823]  ? __sb_end_write+0xd9/0x110
[  448.320507] binder_alloc: 15529: binder_alloc_buf, no vma
[  448.320880]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  448.331923]  ? fput+0x128/0x1a0
[  448.332246] binder: 15529:15531 transaction failed 29189/-3, size 0-0 line 3035
[  448.335207]  ? ksys_write+0x166/0x1f0
[  448.335226]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  448.335242]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  448.355921]  ? do_syscall_64+0x26/0x610
[  448.359897]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  448.365252]  ? do_syscall_64+0x26/0x610
[  448.365792] binder: undelivered TRANSACTION_ERROR: 29189
[  448.369223]  __x64_sys_sendmmsg+0x9d/0x100
[  448.369241]  do_syscall_64+0x103/0x610
[  448.369258]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  448.369269] RIP: 0033:0x457e29
[  448.369295] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  448.369301] RSP: 002b:00007f5aecb94c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  448.410250] RAX: ffffffffffffffda RBX: 00007f5aecb94c90 RCX: 0000000000457e29
[  448.410259] RDX: 00000000ffffff89 RSI: 0000000020008440 RDI: 0000000000000003
[  448.410268] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[  448.410276] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5aecb956d4
[  448.410284] R13: 00000000004c4ded R14: 00000000004d8b40 R15: 0000000000000004
[  449.768116] net_ratelimit: 18 callbacks suppressed
[  449.768121] protocol 88fb is buggy, dev hsr_slave_0
[  449.778118] protocol 88fb is buggy, dev hsr_slave_1
[  449.783158] protocol 88fb is buggy, dev hsr_slave_0
[  449.788207] protocol 88fb is buggy, dev hsr_slave_1
[  449.793241] protocol 88fb is buggy, dev hsr_slave_0
[  449.798303] protocol 88fb is buggy, dev hsr_slave_1
[  450.088243] Bluetooth: hci1: command 0x1003 tx timeout
[  450.094023] Bluetooth: hci1: sending frame failed (-49)
[  450.168106] protocol 88fb is buggy, dev hsr_slave_0
[  450.173136] protocol 88fb is buggy, dev hsr_slave_1
[  450.898123] protocol 88fb is buggy, dev hsr_slave_0
[  450.903270] protocol 88fb is buggy, dev hsr_slave_1
[  452.168209] Bluetooth: hci1: command 0x1001 tx timeout
[  452.173693] Bluetooth: hci1: sending frame failed (-49)
[  454.248217] Bluetooth: hci1: command 0x1009 tx timeout
[  455.048192] net_ratelimit: 22 callbacks suppressed
[  455.053199] protocol 88fb is buggy, dev hsr_slave_0
[  455.058313] protocol 88fb is buggy, dev hsr_slave_1
[  455.528180] protocol 88fb is buggy, dev hsr_slave_0
[  455.533294] protocol 88fb is buggy, dev hsr_slave_1
[  456.008180] protocol 88fb is buggy, dev hsr_slave_0
[  456.013268] protocol 88fb is buggy, dev hsr_slave_1
[  456.018481] protocol 88fb is buggy, dev hsr_slave_0
[  456.023526] protocol 88fb is buggy, dev hsr_slave_1
[  456.028648] protocol 88fb is buggy, dev hsr_slave_0
[  456.033690] protocol 88fb is buggy, dev hsr_slave_1
14:54:02 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")

14:54:02 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:54:02 executing program 0:
syslog(0x2, 0xfffffffffffffffd, 0x147)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x100, 0x0)
getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffff9c, 0x84, 0x77, &(0x7f0000000080)={<r1=>0x0, 0x0, 0x7, [0x5, 0x9, 0x100, 0xc121, 0x0, 0x421a, 0xd8d2]}, &(0x7f00000000c0)=0x16)
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f0000000100)=ANY=[@ANYRES32=r1, @ANYBLOB="350000009fe20d0f2870e8a483e2ee66bd55806e84cf6396326eff42ba748d718f24b4f81e8b243c1d02ce0000000000000000000000000000"], &(0x7f0000000140)=0x3d)
r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x10000, 0x0)
fanotify_mark(r2, 0x4, 0x1, r2, &(0x7f0000000180)='./file0\x00')
getsockopt$rose(r2, 0x104, 0x7, &(0x7f00000001c0), &(0x7f0000000200)=0x4)
ioctl$VIDIOC_LOG_STATUS(r2, 0x5646, 0x0)

14:54:02 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:54:02 executing program 5 (fault-call:3 fault-nth:1):
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:54:02 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4002000000000000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  458.200123] binder: 15540:15541 transaction failed 29189/-22, size 0-0 line 2896
[  458.213207] FAULT_INJECTION: forcing a failure.
[  458.213207] name failslab, interval 1, probability 0, space 0, times 0
[  458.233728] binder_alloc: 15547: binder_alloc_buf, no vma
[  458.238894] CPU: 0 PID: 15548 Comm: syz-executor.5 Not tainted 5.0.0-rc8+ #89
14:54:02 executing program 0:
chroot(&(0x7f0000000000)='./file0\x00')
syslog(0x2, 0xfffffffffffffffd, 0x147)

[  458.246576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  458.246582] Call Trace:
[  458.246604]  dump_stack+0x172/0x1f0
[  458.246623]  should_fail.cold+0xa/0x1b
[  458.262465] binder: undelivered TRANSACTION_ERROR: 29189
[  458.266063]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[  458.266078]  ? lock_downgrade+0x810/0x810
[  458.266094]  ? ___might_sleep+0x163/0x280
[  458.276458] binder: 15547:15550 transaction failed 29189/-3, size 0-0 line 3035
[  458.276661]  __should_failslab+0x121/0x190
14:54:02 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  458.291633] binder: undelivered TRANSACTION_ERROR: 29189
[  458.292379]  should_failslab+0x9/0x14
[  458.292396]  kmem_cache_alloc_node_trace+0x270/0x720
[  458.310939]  ? __alloc_skb+0xd5/0x5e0
[  458.314743]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[  458.320211]  __kmalloc_node_track_caller+0x3d/0x70
[  458.325229]  __kmalloc_reserve.isra.0+0x40/0xf0
[  458.325246]  __alloc_skb+0x10b/0x5e0
[  458.325275]  ? skb_scrub_packet+0x440/0x440
[  458.337952]  ? __lock_acquire+0x53b/0x4700
[  458.342204]  alloc_skb_with_frags+0x93/0x580
14:54:03 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x5301000000000000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  458.346626]  sock_alloc_send_pskb+0x72d/0x8a0
[  458.346642]  ? sock_wmalloc+0x120/0x120
[  458.346651]  ? find_held_lock+0x35/0x130
[  458.346661]  ? ip6_dst_lookup_tail+0xa8a/0x1b30
[  458.346672]  ? ip6_mtu+0x2e6/0x460
[  458.367396]  sock_alloc_send_skb+0x32/0x40
[  458.371614]  __ip6_append_data.isra.0+0x214c/0x3600
[  458.376621]  ? ip_reply_glue_bits+0xc0/0xc0
[  458.381057]  ? dst_output+0x180/0x180
[  458.381072]  ? ip6_autoflowlabel.part.0+0x70/0x70
[  458.381089]  ip6_append_data+0x1e5/0x320
[  458.381103]  ? ip_reply_glue_bits+0xc0/0xc0
[  458.381120]  ? ip_reply_glue_bits+0xc0/0xc0
[  458.381138]  l2tp_ip6_sendmsg+0xb4b/0x1780
[  458.389761]  ? __might_fault+0x12b/0x1e0
[  458.389790]  ? l2tp_ip6_recv+0xf10/0xf10
[  458.389817]  ? ___might_sleep+0x163/0x280
[  458.389833]  ? __might_sleep+0x95/0x190
[  458.389857]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[  458.402705]  inet_sendmsg+0x147/0x5d0
[  458.402722]  ? l2tp_ip6_recv+0xf10/0xf10
[  458.402736]  ? inet_sendmsg+0x147/0x5d0
[  458.411006]  ? ipip_gro_receive+0x100/0x100
[  458.419175]  sock_sendmsg+0xdd/0x130
[  458.419190]  ___sys_sendmsg+0x3e2/0x930
[  458.419205]  ? copy_msghdr_from_user+0x430/0x430
[  458.419226]  ? lock_downgrade+0x810/0x810
[  458.419243]  ? kasan_check_read+0x11/0x20
[  458.419262]  ? __fget+0x367/0x540
[  458.431838]  ? iterate_fd+0x360/0x360
[  458.431859]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  458.431875]  ? proc_fail_nth_write+0x9d/0x1e0
[  458.431894]  ? __fget_light+0x1a9/0x230
[  458.439900]  ? __fdget+0x1b/0x20
[  458.439915]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  458.439932]  ? sockfd_lookup_light+0xcb/0x180
[  458.439950]  __sys_sendmmsg+0x1c3/0x4e0
[  458.439968]  ? __ia32_sys_sendmsg+0xb0/0xb0
[  458.439999]  ? __sb_end_write+0xd9/0x110
[  458.440015]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  458.440026]  ? fput+0x128/0x1a0
[  458.440039]  ? ksys_write+0x166/0x1f0
[  458.440057]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  458.492010] binder_alloc: 15558: binder_alloc_buf, no vma
[  458.495109]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  458.495124]  ? do_syscall_64+0x26/0x610
[  458.515913] binder: 15558:15568 transaction failed 29189/-3, size 0-0 line 3035
14:54:03 executing program 0:
bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x6, 0x4, 0x4, 0xe3ed791, 0x0, 0xffffffffffffffff, 0x0, [0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc000000]}, 0x2c)
syslog(0x2, 0xfffffffffffffffd, 0x147)

14:54:03 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  458.517453]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  458.517470]  ? do_syscall_64+0x26/0x610
[  458.517490]  __x64_sys_sendmmsg+0x9d/0x100
[  458.517505]  do_syscall_64+0x103/0x610
[  458.538427] binder: undelivered TRANSACTION_ERROR: 29189
[  458.539597]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  458.539612] RIP: 0033:0x457e29
[  458.565027] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
14:54:03 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  458.574330] RSP: 002b:00007f5aecb94c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  458.574345] RAX: ffffffffffffffda RBX: 00007f5aecb94c90 RCX: 0000000000457e29
[  458.574357] RDX: 00000000ffffff89 RSI: 0000000020008440 RDI: 0000000000000003
[  458.601599] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[  458.601609] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5aecb956d4
[  458.601617] R13: 00000000004c4ded R14: 00000000004d8b40 R15: 0000000000000004
[  458.620788] binder_alloc: 15573: binder_alloc_buf, no vma
[  458.667941] binder: BINDER_SET_CONTEXT_MGR already set
[  458.675631] binder: 15577:15579 ioctl 40046207 0 returned -16
[  458.683356] binder_alloc: 15573: binder_alloc_buf, no vma
[  458.689132] binder: 15577:15579 transaction failed 29189/-3, size 0-0 line 3035
[  458.697152] binder: 15573:15576 transaction failed 29189/-3, size 0-0 line 3035
[  458.705748] binder: undelivered TRANSACTION_ERROR: 29189
[  458.718549] binder: undelivered TRANSACTION_ERROR: 29189
[  460.168195] net_ratelimit: 18 callbacks suppressed
[  460.168200] protocol 88fb is buggy, dev hsr_slave_0
[  460.178280] protocol 88fb is buggy, dev hsr_slave_1
[  460.183377] protocol 88fb is buggy, dev hsr_slave_0
[  460.188616] protocol 88fb is buggy, dev hsr_slave_1
[  460.193704] protocol 88fb is buggy, dev hsr_slave_0
[  460.198781] protocol 88fb is buggy, dev hsr_slave_1
[  460.568162] protocol 88fb is buggy, dev hsr_slave_0
[  460.573231] protocol 88fb is buggy, dev hsr_slave_1
[  460.578421] Bluetooth: hci1: command 0x1003 tx timeout
[  460.583770] Bluetooth: hci1: sending frame failed (-49)
[  461.288180] protocol 88fb is buggy, dev hsr_slave_0
[  461.293276] protocol 88fb is buggy, dev hsr_slave_1
[  462.648242] Bluetooth: hci1: command 0x1001 tx timeout
[  462.653651] Bluetooth: hci1: sending frame failed (-49)
[  464.728202] Bluetooth: hci1: command 0x1009 tx timeout
[  465.448238] net_ratelimit: 22 callbacks suppressed
[  465.448245] protocol 88fb is buggy, dev hsr_slave_0
[  465.458350] protocol 88fb is buggy, dev hsr_slave_1
[  465.928179] protocol 88fb is buggy, dev hsr_slave_0
[  465.933269] protocol 88fb is buggy, dev hsr_slave_1
[  466.408226] protocol 88fb is buggy, dev hsr_slave_0
[  466.413335] protocol 88fb is buggy, dev hsr_slave_1
[  466.418418] protocol 88fb is buggy, dev hsr_slave_0
[  466.423452] protocol 88fb is buggy, dev hsr_slave_1
[  466.436517] protocol 88fb is buggy, dev hsr_slave_0
[  466.441618] protocol 88fb is buggy, dev hsr_slave_1
14:54:13 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x5423, 0x0)
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")

14:54:13 executing program 0:
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000000)=<r0=>0x0)
ptrace$peekuser(0x3, r0, 0x2)
syslog(0x2, 0xfffffffffffffffd, 0xffffffffffffff39)

14:54:13 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:54:13 executing program 5 (fault-call:3 fault-nth:2):
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:54:13 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:54:13 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x91ffffff00000000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  469.100142] binder_alloc: 15592: binder_alloc_buf, no vma
[  469.104347] binder: BINDER_SET_CONTEXT_MGR already set
[  469.113347] FAULT_INJECTION: forcing a failure.
[  469.113347] name failslab, interval 1, probability 0, space 0, times 0
[  469.125006] CPU: 1 PID: 15598 Comm: syz-executor.5 Not tainted 5.0.0-rc8+ #89
[  469.125351] binder: 15591:15599 ioctl 40046207 0 returned -16
[  469.132290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  469.132325] Call Trace:
[  469.132352]  dump_stack+0x172/0x1f0
[  469.132373]  should_fail.cold+0xa/0x1b
[  469.132390]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[  469.132407]  ? sock_alloc_send_pskb+0x72d/0x8a0
[  469.132421]  ? sock_alloc_send_skb+0x32/0x40
[  469.132435]  ? __ip6_append_data.isra.0+0x214c/0x3600
[  469.132448]  ? ip6_append_data+0x1e5/0x320
[  469.147699]  ? l2tp_ip6_sendmsg+0xb4b/0x1780
[  469.147715]  ? inet_sendmsg+0x147/0x5d0
[  469.147732]  ? sock_sendmsg+0xdd/0x130
[  469.153932]  ? ___sys_sendmsg+0x3e2/0x930
[  469.153954]  __should_failslab+0x121/0x190
[  469.153971]  should_failslab+0x9/0x14
[  469.162938]  kmem_cache_alloc+0x47/0x6f0
[  469.162955]  ? check_preemption_disabled+0x48/0x290
[  469.162966]  ? lock_acquire+0x16f/0x3f0
[  469.162986]  skb_clone+0x150/0x3b0
[  469.163005]  dev_queue_xmit_nit+0x2f0/0x980
[  469.163020]  ? validate_xmit_xfrm+0x42d/0xf30
[  469.163042]  dev_hard_start_xmit+0xbb/0x980
[  469.163058]  ? check_preemption_disabled+0x48/0x290
[  469.163075]  __dev_queue_xmit+0x26e5/0x2fe0
[  469.163094]  ? netdev_pick_tx+0x300/0x300
[  469.177337]  ? __lock_acquire+0x53b/0x4700
[  469.177356]  ? nf_ct_deliver_cached_events+0x216/0x6e0
[  469.185987]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  469.186001]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  469.186017]  ? check_preemption_disabled+0x48/0x290
[  469.198005]  dev_queue_xmit+0x18/0x20
[  469.198019]  ? dev_queue_xmit+0x18/0x20
[  469.198033]  neigh_direct_output+0x16/0x20
[  469.198049]  ip6_finish_output2+0xb7c/0x2550
[  469.203842] binder: 15592:15594 transaction failed 29189/-3, size 0-0 line 3035
[  469.206066]  ? ip6_mtu+0x2e6/0x460
[  469.206087]  ? ip6_forward_finish+0x580/0x580
[  469.206107]  ? lock_downgrade+0x810/0x810
[  469.210469] binder_alloc: 15592: binder_alloc_buf, no vma
[  469.215162]  ? kasan_check_read+0x11/0x20
[  469.215188]  ip6_finish_output+0x577/0xc30
[  469.215202]  ? ip6_finish_output+0x577/0xc30
[  469.237271] binder: 15591:15602 transaction failed 29189/-3, size 0-0 line 3035
[  469.240817]  ip6_output+0x235/0x7f0
[  469.240836]  ? ip6_finish_output+0xc30/0xc30
[  469.240856]  ? ip6_fragment+0x3760/0x3760
[  469.240872]  ? ip6_autoflowlabel.part.0+0x70/0x70
[  469.253289] binder: undelivered TRANSACTION_ERROR: 29189
[  469.253563]  ip6_local_out+0xc4/0x1b0
[  469.267829] binder: undelivered TRANSACTION_ERROR: 29189
[  469.269970]  ip6_send_skb+0xbb/0x350
[  469.269989]  ip6_push_pending_frames+0xc8/0xf0
[  469.270008]  l2tp_ip6_sendmsg+0x13fc/0x1780
[  469.270023]  ? __might_fault+0x12b/0x1e0
[  469.270044]  ? l2tp_ip6_recv+0xf10/0xf10
[  469.270069]  ? ___might_sleep+0x163/0x280
[  469.270084]  ? __might_sleep+0x95/0x190
[  469.320754]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[  469.320774]  inet_sendmsg+0x147/0x5d0
[  469.320788]  ? l2tp_ip6_recv+0xf10/0xf10
[  469.320799]  ? inet_sendmsg+0x147/0x5d0
[  469.320814]  ? ipip_gro_receive+0x100/0x100
[  469.320829]  sock_sendmsg+0xdd/0x130
[  469.320844]  ___sys_sendmsg+0x3e2/0x930
[  469.353887]  ? copy_msghdr_from_user+0x430/0x430
[  469.353909]  ? lock_downgrade+0x810/0x810
[  469.353931]  ? kasan_check_read+0x11/0x20
[  469.376880]  ? __fget+0x367/0x540
[  469.376899]  ? iterate_fd+0x360/0x360
[  469.376918]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  469.418376]  ? proc_fail_nth_write+0x9d/0x1e0
[  469.418395]  ? __fget_light+0x1a9/0x230
[  469.418411]  ? __fdget+0x1b/0x20
[  469.418423]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  469.418438]  ? sockfd_lookup_light+0xcb/0x180
[  469.418454]  __sys_sendmmsg+0x1c3/0x4e0
[  469.418474]  ? __ia32_sys_sendmsg+0xb0/0xb0
[  469.418504]  ? __sb_end_write+0xd9/0x110
[  469.418518]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  469.418530]  ? fput+0x128/0x1a0
[  469.418545]  ? ksys_write+0x166/0x1f0
[  469.418562]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  469.439569]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  469.487564] binder: 15609:15611 transaction failed 29189/-22, size 0-0 line 2896
[  469.492185]  ? do_syscall_64+0x26/0x610
[  469.492201]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  469.492214]  ? do_syscall_64+0x26/0x610
[  469.492236]  __x64_sys_sendmmsg+0x9d/0x100
[  469.492254]  do_syscall_64+0x103/0x610
[  469.492271]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  469.492283] RIP: 0033:0x457e29
14:54:14 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:54:14 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:54:14 executing program 0:
r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x1, 0x2)
getsockopt$IP6T_SO_GET_INFO(r0, 0x29, 0x40, &(0x7f0000000040)={'nat\x00'}, &(0x7f00000000c0)=0x54)
syslog(0x2, 0xfffffffffffffffd, 0x147)
ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, &(0x7f0000000100)={'yam0\x00', {0x2, 0x4e22, @broadcast}})

[  469.492296] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  469.492304] RSP: 002b:00007f5aecb94c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  469.492318] RAX: ffffffffffffffda RBX: 00007f5aecb94c90 RCX: 0000000000457e29
[  469.492326] RDX: 00000000ffffff89 RSI: 0000000020008440 RDI: 0000000000000003
[  469.492333] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
14:54:14 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0xf5ffffff00000000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:54:14 executing program 0:
syslog(0x2, 0xfffffffffffffffd, 0x147)
r0 = request_key(&(0x7f0000000240)='\x04~\xb1\xe0\x8aUG\x00\x00\x00\x00\x00', &(0x7f0000000200)={'syz', 0x2}, &(0x7f0000000280)='%\xad\'\x1b,\t\x00', 0xfffffffffffffff8)
keyctl$set_timeout(0xf, r0, 0x200000000)
r1 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000)
ioctl$VHOST_SET_VRING_BUSYLOOP_TIMEOUT(r1, 0x4008af23, &(0x7f0000000080)={0x2, 0x1})
ioctl$EVIOCGLED(r1, 0x80404519, &(0x7f00000000c0)=""/104)
ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000000)={0x7, <r2=>0x0, 0xfffffffffffffffe, 0x574b})
ioctl$DRM_IOCTL_AGP_UNBIND(r1, 0x40106437, &(0x7f0000000040)={r2, 0x20})

[  469.492341] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5aecb956d4
[  469.492348] R13: 00000000004c4ded R14: 00000000004d8b40 R15: 0000000000000004
[  469.623559] binder_alloc: 15607: binder_alloc_buf, no vma
14:54:14 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f00000001c0)={'filter\x00', 0x7, 0x4, 0x5a0, 0x378, 0x378, 0x378, 0x4b8, 0x4b8, 0x4b8, 0x4, &(0x7f0000000180), {[{{@uncond, 0xf0, 0x218}, @unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0x5, 'system_u:object_r:system_dbusd_var_lib_t:s0\x00'}}}, {{@uncond, 0xf0, 0x160}, @unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x6, 0x5, 0x98d, 0x1, 0x0, "295deb94bdc6143389e649a037095129aa939b2d182e199c5c7c7275cbd21ef2e53c36301a74ab3e7a8fbacee453b72356312036658f9324220b2523c757877b"}}}, {{@uncond, 0xf0, 0x140}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast1, 0xd}}}], {{[], 0xc0, 0xe8}, {0x28}}}}, 0x5f0)
r1 = creat(&(0x7f00000007c0)='./file0\x00', 0x18)
setsockopt$bt_BT_RCVMTU(r1, 0x112, 0xd, &(0x7f0000000800)=0x7fffffff, 0x2)
ioctl$PPPIOCGL2TPSTATS(r1, 0x80487436, &(0x7f0000000880)="c899de713409106770394504c1d3ef464418c0d3ff7cf9aea9188ac498f41cb87af582e9cd6d901adb2f15523bb3f0b1ff14b9")
syslog(0x12, 0xfffffffffffffffd, 0xd65fb78dcf639ab8)
r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x0, 0x0)
setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000140)={&(0x7f00000009c0)=""/225, 0xfffffffffffffff9, 0x1800, 0xfffffffffffffffb}, 0x18)
ioctl$EVIOCSREP(r1, 0x40084503, &(0x7f0000000840)=[0xff, 0x4])

[  469.649046] binder: undelivered TRANSACTION_ERROR: 29189
[  469.654948] binder: 15607:15617 transaction failed 29189/-3, size 0-0 line 3035
[  469.688456] binder: undelivered TRANSACTION_ERROR: 29189
[  470.568203] net_ratelimit: 18 callbacks suppressed
[  470.568210] protocol 88fb is buggy, dev hsr_slave_0
[  470.578335] protocol 88fb is buggy, dev hsr_slave_1
[  470.583527] protocol 88fb is buggy, dev hsr_slave_0
[  470.588680] protocol 88fb is buggy, dev hsr_slave_1
[  470.593755] protocol 88fb is buggy, dev hsr_slave_0
[  470.598842] protocol 88fb is buggy, dev hsr_slave_1
[  470.968263] protocol 88fb is buggy, dev hsr_slave_0
[  470.973391] protocol 88fb is buggy, dev hsr_slave_1
[  471.288252] Bluetooth: hci1: command 0x1003 tx timeout
[  471.293657] Bluetooth: hci1: sending frame failed (-49)
[  471.688179] protocol 88fb is buggy, dev hsr_slave_0
[  471.693263] protocol 88fb is buggy, dev hsr_slave_1
[  473.368262] Bluetooth: hci1: command 0x1001 tx timeout
[  473.373681] Bluetooth: hci1: sending frame failed (-49)
[  475.448596] Bluetooth: hci1: command 0x1009 tx timeout
[  475.848226] net_ratelimit: 22 callbacks suppressed
[  475.848234] protocol 88fb is buggy, dev hsr_slave_0
[  475.858453] protocol 88fb is buggy, dev hsr_slave_1
[  476.328177] protocol 88fb is buggy, dev hsr_slave_0
[  476.333262] protocol 88fb is buggy, dev hsr_slave_1
[  476.808244] protocol 88fb is buggy, dev hsr_slave_0
[  476.813344] protocol 88fb is buggy, dev hsr_slave_1
[  476.818433] protocol 88fb is buggy, dev hsr_slave_0
[  476.823469] protocol 88fb is buggy, dev hsr_slave_1
[  476.828526] protocol 88fb is buggy, dev hsr_slave_0
[  476.833537] protocol 88fb is buggy, dev hsr_slave_1
14:54:23 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x5423, 0x0)
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")

14:54:23 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:54:23 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:54:23 executing program 0:
sync()
syslog(0x2, 0xfffffffffffffffd, 0x147)

14:54:23 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0xfdffffff00000000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:54:23 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  479.322063] binder: 15641:15642 transaction failed 29189/-22, size 0-0 line 2896
[  479.349060] binder: 15647:15648 transaction failed 29189/-22, size 0-0 line 2896
[  479.357972] binder: undelivered TRANSACTION_ERROR: 29189
14:54:24 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:54:24 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0xfe80000000000000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  479.384575] Bluetooth: hci1: Frame reassembly failed (-84)
[  479.387287] binder: undelivered TRANSACTION_ERROR: 29189
14:54:24 executing program 0:
syslog(0x2, 0xfffffffffffffffd, 0x147)
r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x101000, 0x22)
r1 = getpgrp(0x0)
ioctl$TIOCSPGRP(r0, 0x5410, &(0x7f0000000040)=r1)

14:54:24 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  479.496345] binder: 15659:15660 transaction failed 29189/-22, size 0-0 line 2896
[  479.531109] binder: undelivered TRANSACTION_ERROR: 29189
14:54:24 executing program 0:
r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x48000, 0x0)
setsockopt$kcm_KCM_RECV_DISABLE(r0, 0x119, 0x1, &(0x7f0000000040)=0x80002010, 0xfffffffffffffea1)
rt_sigprocmask(0x3, &(0x7f00000000c0)={0x4}, &(0x7f0000000100), 0x8)
syslog(0x0, 0xfffffffffffffffd, 0xdd)

14:54:24 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  479.545260] binder: 15665:15666 transaction failed 29189/-22, size 0-0 line 2896
[  479.559439] binder: undelivered TRANSACTION_ERROR: 29189
[  480.968129] net_ratelimit: 18 callbacks suppressed
[  480.968135] protocol 88fb is buggy, dev hsr_slave_0
[  480.978144] protocol 88fb is buggy, dev hsr_slave_1
[  480.983193] protocol 88fb is buggy, dev hsr_slave_0
[  480.988252] protocol 88fb is buggy, dev hsr_slave_1
[  480.993299] protocol 88fb is buggy, dev hsr_slave_0
[  480.998334] protocol 88fb is buggy, dev hsr_slave_1
[  481.368151] protocol 88fb is buggy, dev hsr_slave_0
[  481.373232] protocol 88fb is buggy, dev hsr_slave_1
[  481.448313] Bluetooth: hci1: command 0x1003 tx timeout
[  481.453700] Bluetooth: hci1: sending frame failed (-49)
[  482.088166] protocol 88fb is buggy, dev hsr_slave_0
[  482.093261] protocol 88fb is buggy, dev hsr_slave_1
[  483.528203] Bluetooth: hci1: command 0x1001 tx timeout
[  483.533598] Bluetooth: hci1: sending frame failed (-49)
[  485.608244] Bluetooth: hci1: command 0x1009 tx timeout
[  486.248206] net_ratelimit: 22 callbacks suppressed
[  486.253213] protocol 88fb is buggy, dev hsr_slave_0
[  486.258308] protocol 88fb is buggy, dev hsr_slave_1
[  486.728238] protocol 88fb is buggy, dev hsr_slave_0
[  486.733332] protocol 88fb is buggy, dev hsr_slave_1
[  487.208164] protocol 88fb is buggy, dev hsr_slave_0
[  487.213279] protocol 88fb is buggy, dev hsr_slave_1
[  487.218352] protocol 88fb is buggy, dev hsr_slave_0
[  487.223395] protocol 88fb is buggy, dev hsr_slave_1
[  487.228438] protocol 88fb is buggy, dev hsr_slave_0
[  487.233454] protocol 88fb is buggy, dev hsr_slave_1
14:54:34 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x5423, 0x0)
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")

14:54:34 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:54:34 executing program 0:
r0 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vfio/vfio\x00', 0x400, 0x0)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00')
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40004000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r1, 0x205, 0x70bd26, 0x25dfdbfc, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x20004800)
syslog(0x2, 0xfffffffffffffffd, 0x147)

14:54:34 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0xfeffffff00000000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:54:34 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:54:34 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x2, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:54:34 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:54:34 executing program 0:
r0 = creat(&(0x7f0000000140)='./file0\x00', 0x4)
getsockopt$inet_tcp_int(r0, 0x6, 0x34, &(0x7f0000000180), &(0x7f00000001c0)=0x4)
syslog(0x2, 0xfffffffffffffffd, 0x147)
r1 = socket(0x8, 0xf, 0xffff)
bind$bt_sco(r1, &(0x7f0000000100)={0x1f, {0x3, 0x7, 0x8, 0x80000001, 0x1c8, 0x8}}, 0x8)
ioctl$sock_x25_SIOCADDRT(r1, 0x890b, &(0x7f0000000000)={@null='               \x00', 0xf, 'ip6gre0\x00'})
ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000200))

[  489.609055] binder: 15683:15690 transaction failed 29189/-22, size 0-0 line 2896
[  489.640105] Bluetooth: hci1: Frame reassembly failed (-84)
[  489.650559] binder: undelivered TRANSACTION_ERROR: 29189
14:54:34 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:54:34 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0xff0f000000000000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:54:34 executing program 4:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:54:34 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  489.845836] binder: BINDER_SET_CONTEXT_MGR already set
[  489.851833] binder: 15712:15713 ioctl 40046207 0 returned -16
[  489.871756] binder: 15712:15713 transaction failed 29189/-22, size 0-0 line 2896
[  489.923254] binder: undelivered TRANSACTION_ERROR: 29189
[  491.368140] net_ratelimit: 18 callbacks suppressed
[  491.368146] protocol 88fb is buggy, dev hsr_slave_0
[  491.378365] protocol 88fb is buggy, dev hsr_slave_1
[  491.383434] protocol 88fb is buggy, dev hsr_slave_0
[  491.388504] protocol 88fb is buggy, dev hsr_slave_1
[  491.393628] protocol 88fb is buggy, dev hsr_slave_0
[  491.398695] protocol 88fb is buggy, dev hsr_slave_1
[  491.688151] Bluetooth: hci1: command 0x1003 tx timeout
[  491.693553] Bluetooth: hci1: sending frame failed (-49)
[  491.768127] protocol 88fb is buggy, dev hsr_slave_0
[  491.773198] protocol 88fb is buggy, dev hsr_slave_1
[  492.488193] protocol 88fb is buggy, dev hsr_slave_0
[  492.493292] protocol 88fb is buggy, dev hsr_slave_1
[  493.768183] Bluetooth: hci1: command 0x1001 tx timeout
[  493.773565] Bluetooth: hci1: sending frame failed (-49)
[  495.848344] Bluetooth: hci1: command 0x1009 tx timeout
[  496.648215] net_ratelimit: 22 callbacks suppressed
[  496.653207] protocol 88fb is buggy, dev hsr_slave_0
[  496.658292] protocol 88fb is buggy, dev hsr_slave_1
[  497.128162] protocol 88fb is buggy, dev hsr_slave_0
[  497.133365] protocol 88fb is buggy, dev hsr_slave_1
[  497.608213] protocol 88fb is buggy, dev hsr_slave_0
[  497.613335] protocol 88fb is buggy, dev hsr_slave_1
[  497.618443] protocol 88fb is buggy, dev hsr_slave_0
[  497.623459] protocol 88fb is buggy, dev hsr_slave_1
[  497.628531] protocol 88fb is buggy, dev hsr_slave_0
[  497.633549] protocol 88fb is buggy, dev hsr_slave_1
14:54:44 executing program 2:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000180))
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")

14:54:44 executing program 0:
syslog(0x2, 0xfffffffffffffffd, 0x147)
socketpair(0x8, 0x80007, 0x4, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
getpeername$packet(r0, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x1, 0x400000)

14:54:44 executing program 4:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:54:44 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:54:44 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0xffffffff00000000, 0x0, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:54:44 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x3, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:54:44 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)

[  499.824872] binder: BINDER_SET_CONTEXT_MGR already set
[  499.859492] Bluetooth: hci1: Frame reassembly failed (-84)
[  499.866399] binder: 15727:15736 ioctl 40046207 0 returned -16
14:54:44 executing program 0:
prctl$PR_GET_CHILD_SUBREAPER(0x25)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x802, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x7ffffffffd, 0x0)
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000080)=0x3, 0x4)
syslog(0x2, 0xfffffffffffffffd, 0x147)
r1 = semget$private(0x0, 0x3, 0x4)
semctl$SETALL(r1, 0x0, 0x11, &(0x7f00000000c0)=[0x2, 0x40])

[  499.879678] binder: 15727:15736 transaction failed 29189/-22, size 0-0 line 2896
[  499.897846] binder: undelivered TRANSACTION_ERROR: 29189
14:54:44 executing program 4:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  499.928354] binder: 15743:15744 ioctl c0306201 0 returned -14
14:54:44 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x2, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:54:44 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)

14:54:44 executing program 0:
syslog(0x2, 0xfffffffffffffffd, 0x147)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)

[  500.056629] binder_transaction: 9 callbacks suppressed
[  500.056640] binder: 15754:15758 got transaction with unaligned buffers size, 116
[  500.083584] binder: 15754:15758 transaction failed 29201/-22, size 0-0 line 3079
[  500.101971] binder: undelivered TRANSACTION_ERROR: 29201
[  500.114036] binder: BINDER_SET_CONTEXT_MGR already set
[  500.142685] binder: 15757:15760 ioctl 40046207 0 returned -16
[  500.153911] binder: 15757:15760 ioctl c0306201 0 returned -14
[  501.768149] net_ratelimit: 18 callbacks suppressed
[  501.768155] protocol 88fb is buggy, dev hsr_slave_0
[  501.778185] protocol 88fb is buggy, dev hsr_slave_1
[  501.783263] protocol 88fb is buggy, dev hsr_slave_0
[  501.788332] protocol 88fb is buggy, dev hsr_slave_1
[  501.793384] protocol 88fb is buggy, dev hsr_slave_0
[  501.798444] protocol 88fb is buggy, dev hsr_slave_1
[  501.928238] Bluetooth: hci1: command 0x1003 tx timeout
[  501.933604] Bluetooth: hci1: sending frame failed (-49)
[  502.168156] protocol 88fb is buggy, dev hsr_slave_0
[  502.173220] protocol 88fb is buggy, dev hsr_slave_1
[  502.888174] protocol 88fb is buggy, dev hsr_slave_0
[  502.893279] protocol 88fb is buggy, dev hsr_slave_1
[  504.008178] Bluetooth: hci1: command 0x1001 tx timeout
[  504.013590] Bluetooth: hci1: sending frame failed (-49)
[  506.088168] Bluetooth: hci1: command 0x1009 tx timeout
[  507.048200] net_ratelimit: 22 callbacks suppressed
[  507.048208] protocol 88fb is buggy, dev hsr_slave_0
[  507.058257] protocol 88fb is buggy, dev hsr_slave_1
[  507.528181] protocol 88fb is buggy, dev hsr_slave_0
[  507.533270] protocol 88fb is buggy, dev hsr_slave_1
[  508.008155] protocol 88fb is buggy, dev hsr_slave_0
[  508.013238] protocol 88fb is buggy, dev hsr_slave_1
[  508.018332] protocol 88fb is buggy, dev hsr_slave_0
[  508.023388] protocol 88fb is buggy, dev hsr_slave_1
[  508.028498] protocol 88fb is buggy, dev hsr_slave_0
[  508.033555] protocol 88fb is buggy, dev hsr_slave_1
14:54:54 executing program 2:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000180))
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")

14:54:54 executing program 4:
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:54:54 executing program 0:
syslog(0x2, 0xfffffffffffffffd, 0x147)
syz_open_dev$video4linux(&(0x7f0000000000)='/dev/v4l-subdev#\x00', 0xffffffff, 0x80)
r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control\x00', 0x200001, 0x0)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00')
sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8004000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0xa4, r1, 0x100, 0x70bd2a, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_DEST={0x4c, 0x2, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x8}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0xfffffffffffffff7}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x2}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x6}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x3}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0xffffffffffffffff}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x7}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e24}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x100000001}]}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, [@IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e24}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x2}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x65d}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e24}, @IPVS_DEST_ATTR_U_THRESH={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8}]}, 0xa4}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

14:54:54 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x3, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:54:54 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)

14:54:54 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x4, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  510.050270] binder: 15773:15774 got transaction with unaligned buffers size, 116
[  510.061530] binder: BINDER_SET_CONTEXT_MGR already set
[  510.079239] binder: 15771:15782 ioctl 40046207 0 returned -16
[  510.081110] binder: 15773:15774 transaction failed 29201/-22, size 0-0 line 3079
[  510.091865] binder: 15771:15782 ioctl c0306201 0 returned -14
14:54:54 executing program 0:
r0 = openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/attr/exec\x00', 0x2, 0x0)
fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000080)=@sha1={0x1, "aab8cee05d9f82a47e586e4cf9c722dfc50e0540"}, 0x15, 0x1)
syslog(0x2, 0xfffffffffffffffd, 0x147)

14:54:54 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

[  510.102405] Bluetooth: hci1: Frame reassembly failed (-84)
[  510.140501] binder: undelivered TRANSACTION_ERROR: 29201
14:54:54 executing program 4:
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:54:54 executing program 0:
r0 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x1, 0x2)
ioctl$VT_DISALLOCATE(r0, 0x5608)
setxattr$trusted_overlay_opaque(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='trusted.overlay.opaque\x00', &(0x7f00000000c0)='y\x00', 0x2, 0x1)
syslog(0x2, 0xfffffffffffffffd, 0xfffffffffffffcc2)

14:54:54 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x4, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:54:54 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

[  510.267422] binder: BINDER_SET_CONTEXT_MGR already set
[  510.303542] binder: 15799:15800 ioctl 40046207 0 returned -16
[  510.327108] binder: 15799:15808 transaction failed 29189/-22, size 0-0 line 2896
[  510.359358] binder: undelivered TRANSACTION_ERROR: 29189
[  512.168174] net_ratelimit: 18 callbacks suppressed
[  512.168286] Bluetooth: hci1: command 0x1003 tx timeout
[  512.173199] protocol 88fb is buggy, dev hsr_slave_0
[  512.183523] protocol 88fb is buggy, dev hsr_slave_1
[  512.188610] protocol 88fb is buggy, dev hsr_slave_0
[  512.193672] protocol 88fb is buggy, dev hsr_slave_1
[  512.198764] protocol 88fb is buggy, dev hsr_slave_0
[  512.203822] protocol 88fb is buggy, dev hsr_slave_1
[  512.209205] Bluetooth: hci1: sending frame failed (-49)
[  512.568142] protocol 88fb is buggy, dev hsr_slave_0
[  512.573228] protocol 88fb is buggy, dev hsr_slave_1
[  513.288226] protocol 88fb is buggy, dev hsr_slave_0
[  513.293387] protocol 88fb is buggy, dev hsr_slave_1
[  514.248466] Bluetooth: hci1: command 0x1001 tx timeout
[  514.253863] Bluetooth: hci1: sending frame failed (-49)
[  516.328287] Bluetooth: hci1: command 0x1009 tx timeout
[  517.448211] net_ratelimit: 22 callbacks suppressed
[  517.453330] protocol 88fb is buggy, dev hsr_slave_0
[  517.458413] protocol 88fb is buggy, dev hsr_slave_1
[  517.928158] protocol 88fb is buggy, dev hsr_slave_0
[  517.933246] protocol 88fb is buggy, dev hsr_slave_1
[  518.408200] protocol 88fb is buggy, dev hsr_slave_0
[  518.413457] protocol 88fb is buggy, dev hsr_slave_1
[  518.418574] protocol 88fb is buggy, dev hsr_slave_0
[  518.423935] protocol 88fb is buggy, dev hsr_slave_1
[  518.429034] protocol 88fb is buggy, dev hsr_slave_0
[  518.434059] protocol 88fb is buggy, dev hsr_slave_1
14:55:04 executing program 4:
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:55:04 executing program 0:
r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x0, 0x0)
write$capi20_data(r0, &(0x7f0000000040)={{0x10, 0xd, 0xff, 0x0, 0x0, 0x7}, 0xa9, "163c17f459434d0ccdce13649ecc84bb30e783ec0ee6ec09ca9ebd6a1be02e8ee18b8cef54ee23a3e8b597838b3ff6299c3f5fc8a8ac11a2a2d754e9578cc7504f27cad6073a64580ab970ddb464e9ed67ac35ed2d9d0eb26e9806bbce82697f3c42839753ab475adeff7cccde004b285026535076f99c6f897f14e1936f4077a25d84aafa19b64e79b1902ec1aba45aaedd2cb524cf264d97f8146d1c062759f92d83571ddc41326d"}, 0xbb)
syslog(0x2, 0xfffffffffffffffd, 0xfffffffffffffe54)

14:55:04 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

14:55:04 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x5, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:55:04 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x5, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:55:04 executing program 2:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000180))
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")

[  520.292002] binder: BINDER_SET_CONTEXT_MGR already set
[  520.297338] binder: 15820:15829 ioctl 40046207 0 returned -16
[  520.319117] binder_alloc: 15819: binder_alloc_buf failed to map pages in userspace, no vma
[  520.332054] Bluetooth: hci1: Frame reassembly failed (-84)
14:55:05 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000600), 0x0, 0x0, 0x0})

14:55:05 executing program 0:
syslog(0x0, 0xfffffffffffffffd, 0xfffffffffffffd2b)
r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x80040, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r0, 0xc10c5541, &(0x7f0000000040)={0x40, 0xc082, 0x1, 0x0, 0x0, [], [], [], 0x400, 0x67})

[  520.341826] binder: 15820:15829 transaction failed 29189/-3, size 0-0 line 3035
[  520.362403] binder: undelivered TRANSACTION_ERROR: 29189
14:55:05 executing program 4:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:55:05 executing program 0:
syslog(0xb, 0xfffffffffffffffd, 0xffffffffffffff30)

14:55:05 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x6, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:55:05 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000600), 0x0, 0x0, 0x0})

[  520.459232] binder: BINDER_SET_CONTEXT_MGR already set
[  520.495600] binder: 15847:15848 ioctl 40046207 0 returned -16
14:55:05 executing program 0:
openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x0, 0x0)

14:55:05 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000600), 0x0, 0x0, 0x0})

[  520.528756] binder_alloc: 15856: binder_alloc_buf failed to map pages in userspace, no vma
[  520.562391] binder: 15847:15859 transaction failed 29189/-3, size 0-0 line 3035
[  520.605150] binder: undelivered TRANSACTION_ERROR: 29189
14:55:05 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x7, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:55:05 executing program 4:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  520.695538] binder: BINDER_SET_CONTEXT_MGR already set
[  520.716530] binder: 15870:15871 ioctl 40046207 0 returned -16
[  520.736970] binder_alloc: 15866: binder_alloc_buf failed to map pages in userspace, no vma
[  520.753665] binder: 15870:15871 transaction failed 29189/-3, size 0-0 line 3035
[  520.772431] binder: undelivered TRANSACTION_ERROR: 29189
14:55:05 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x6, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  522.408271] Bluetooth: hci1: command 0x1003 tx timeout
[  522.413695] Bluetooth: hci1: sending frame failed (-49)
[  522.568168] net_ratelimit: 18 callbacks suppressed
[  522.568174] protocol 88fb is buggy, dev hsr_slave_0
[  522.578219] protocol 88fb is buggy, dev hsr_slave_1
[  522.583282] protocol 88fb is buggy, dev hsr_slave_0
[  522.588365] protocol 88fb is buggy, dev hsr_slave_1
[  522.593420] protocol 88fb is buggy, dev hsr_slave_0
[  522.598492] protocol 88fb is buggy, dev hsr_slave_1
[  522.968136] protocol 88fb is buggy, dev hsr_slave_0
[  522.973219] protocol 88fb is buggy, dev hsr_slave_1
[  523.688225] protocol 88fb is buggy, dev hsr_slave_0
[  523.693362] protocol 88fb is buggy, dev hsr_slave_1
[  524.488267] Bluetooth: hci1: command 0x1001 tx timeout
[  524.493672] Bluetooth: hci1: sending frame failed (-49)
[  526.568265] Bluetooth: hci1: command 0x1009 tx timeout
[  527.848213] net_ratelimit: 22 callbacks suppressed
[  527.853216] protocol 88fb is buggy, dev hsr_slave_0
[  527.858258] protocol 88fb is buggy, dev hsr_slave_1
[  528.328164] protocol 88fb is buggy, dev hsr_slave_0
[  528.333250] protocol 88fb is buggy, dev hsr_slave_1
[  528.808155] protocol 88fb is buggy, dev hsr_slave_0
[  528.813260] protocol 88fb is buggy, dev hsr_slave_1
[  528.818356] protocol 88fb is buggy, dev hsr_slave_0
[  528.823394] protocol 88fb is buggy, dev hsr_slave_1
[  528.828465] protocol 88fb is buggy, dev hsr_slave_0
[  528.833510] protocol 88fb is buggy, dev hsr_slave_1
14:55:15 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0})

14:55:15 executing program 0:
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x100000001fa, 0x0)
ioctl$sock_SIOCDELDLCI(r0, 0x8981, &(0x7f0000000040)={'bridge0\x00'})
syslog(0x2, 0xfffffffffffffffd, 0x147)

14:55:15 executing program 4:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:55:15 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x0, &(0x7f0000000080)="0adc1f123c123f3188b070")

14:55:15 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x8, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:55:15 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x7, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  530.538750] binder: 15889:15890 got transaction with unaligned buffers size, 116
[  530.546372] binder: 15889:15890 transaction failed 29201/-22, size 0-0 line 3079
[  530.571470] binder: BINDER_SET_CONTEXT_MGR already set
[  530.590555] binder: 15895:15898 ioctl 40046207 0 returned -16
[  530.603770] Bluetooth: hci1: Frame reassembly failed (-84)
[  530.611846] binder: release 15895:15898 transaction 132 out, still active
[  530.627994] binder: undelivered TRANSACTION_COMPLETE
14:55:15 executing program 0:
r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x1, 0x2)
write$eventfd(r0, &(0x7f0000000040)=0x10000, 0x8)
syslog(0x9, 0xfffffffffffffffd, 0xfffffffffffffef5)

14:55:15 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x9, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:55:15 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0})

[  530.652350] binder: undelivered TRANSACTION_ERROR: 29201
[  530.727194] binder: send failed reply for transaction 132, target dead
14:55:15 executing program 0:
syslog(0x2, 0xfffffffffffffffd, 0x147)
r0 = syz_open_dev$cec(&(0x7f0000000180)='/dev/cec#\x00', 0x2, 0x2)
ioctl$TIOCEXCL(r0, 0x540c)
getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000040)={{{@in=@multicast1, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}}, {{@in=@broadcast}, 0x0, @in6=@dev}}, &(0x7f0000000140)=0xe8)
getresgid(&(0x7f0000000000), &(0x7f00000001c0), &(0x7f0000000200)=<r2=>0x0)
fchown(r0, r1, r2)
accept$alg(r0, 0x0, 0x0)

14:55:15 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x0, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  530.770563] binder: release 15911:15912 transaction 134 out, still active
[  530.785508] binder: undelivered TRANSACTION_COMPLETE
[  530.837488] binder: BINDER_SET_CONTEXT_MGR already set
[  530.846521] binder: 15918:15919 ioctl 40046207 0 returned -16
[  530.874995] binder: send failed reply for transaction 134, target dead
14:55:15 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0})

14:55:15 executing program 0:
syslog(0x2, 0xfffffffffffffffd, 0x147)
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x101201, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_INTERVAL(r0, 0xc040564b, &(0x7f0000000040)={0x2, 0x0, 0x1004, 0x2, 0x10001, {0x100, 0x7ff}})
r1 = shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x4000)
shmdt(r1)

[  530.881462] binder: 15918:15919 transaction failed 29189/-22, size 0-0 line 2896
[  530.936800] binder: release 15927:15928 transaction 137 out, still active
[  530.950445] binder: undelivered TRANSACTION_COMPLETE
14:55:15 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0xa, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:55:15 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x0, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  530.982906] binder: undelivered TRANSACTION_ERROR: 29189
[  531.049994] binder: send failed reply for transaction 137, target dead
[  531.086961] binder: 15935:15937 got transaction with unaligned buffers size, 116
[  531.118790] binder: 15935:15937 transaction failed 29201/-22, size 0-0 line 3079
[  531.157427] binder: undelivered TRANSACTION_ERROR: 29201
[  532.648194] Bluetooth: hci1: command 0x1003 tx timeout
[  532.653613] Bluetooth: hci1: sending frame failed (-49)
[  532.968122] net_ratelimit: 18 callbacks suppressed
[  532.968128] protocol 88fb is buggy, dev hsr_slave_0
[  532.978258] protocol 88fb is buggy, dev hsr_slave_1
[  532.983315] protocol 88fb is buggy, dev hsr_slave_0
[  532.988402] protocol 88fb is buggy, dev hsr_slave_1
[  532.993463] protocol 88fb is buggy, dev hsr_slave_0
[  532.998526] protocol 88fb is buggy, dev hsr_slave_1
[  533.368164] protocol 88fb is buggy, dev hsr_slave_0
[  533.373233] protocol 88fb is buggy, dev hsr_slave_1
[  534.088202] protocol 88fb is buggy, dev hsr_slave_0
[  534.093363] protocol 88fb is buggy, dev hsr_slave_1
[  534.728236] Bluetooth: hci1: command 0x1001 tx timeout
[  534.733656] Bluetooth: hci1: sending frame failed (-49)
[  536.808274] Bluetooth: hci1: command 0x1009 tx timeout
[  538.248178] net_ratelimit: 22 callbacks suppressed
[  538.253159] protocol 88fb is buggy, dev hsr_slave_0
[  538.258257] protocol 88fb is buggy, dev hsr_slave_1
[  538.728163] protocol 88fb is buggy, dev hsr_slave_0
[  538.733252] protocol 88fb is buggy, dev hsr_slave_1
[  539.208164] protocol 88fb is buggy, dev hsr_slave_0
[  539.213281] protocol 88fb is buggy, dev hsr_slave_1
[  539.218366] protocol 88fb is buggy, dev hsr_slave_0
[  539.223407] protocol 88fb is buggy, dev hsr_slave_1
[  539.228544] protocol 88fb is buggy, dev hsr_slave_0
[  539.233585] protocol 88fb is buggy, dev hsr_slave_1
14:55:25 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x0, &(0x7f0000000080)="0adc1f123c123f3188b070")

14:55:25 executing program 3:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="ab553fec94248c32e27d04000000288a", 0x10)

14:55:25 executing program 0:
syslog(0x2, 0xfffffffffffffffd, 0x147)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000000)={<r0=>0xffffffffffffff9c})
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_SERVICE(r0, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x3000800}, 0xc, &(0x7f0000000200)={&(0x7f00000000c0)={0x12c, r1, 0x2, 0x70bd28, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DAEMON={0x4c, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @empty}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @local}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @rand_addr=0x7}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @rand_addr=0x8000}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @rand_addr=0x100000001}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x9}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_STATE={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xffffffff}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x400}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x1261}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x3}, @IPVS_CMD_ATTR_DEST={0x44, 0x2, [@IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x3}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x1000}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x81}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x8001}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x1}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x2}]}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x3}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x8}, @IPVS_DEST_ATTR_WEIGHT={0x8}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xffffffffffff1188}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x3}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x100000001}]}, @IPVS_CMD_ATTR_SERVICE={0x2c, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'fo\x00'}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0xb7}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x49}]}]}, 0x12c}}, 0x20000040)

14:55:25 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x0, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:55:25 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0xe, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:55:25 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x8, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:55:25 executing program 0:

[  540.796848] Bluetooth: hci1: Frame reassembly failed (-84)
[  540.797170] binder: 15946:15947 got transaction with unaligned buffers size, 116
[  540.806621] Bluetooth: hci1: Frame reassembly failed (-84)
[  540.833365] binder: 15946:15947 transaction failed 29201/-22, size 0-0 line 3079
14:55:25 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x10, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:55:25 executing program 0:
syslog(0x9, 0xfffffffffffffffd, 0x2e0)
socketpair(0x15, 0x80000, 0x9, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000380)='/dev/cachefiles\x00', 0x2000, 0x0)
ioctl$VIDIOC_SUBDEV_G_EDID(r1, 0xc0285628, &(0x7f0000000400)={0x0, 0x2, 0xd4a0, [], &(0x7f00000003c0)=0x3})
r2 = add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz', 0x1}, &(0x7f0000000100)="a4d25f3aba52e41a60f529f0a265a6938bc01c473467b98d8521d521eb89f846c5a0df14dc999516839c63c1c488bb64279b2c2548eee012a982724f86f5c697fb5726a46dad1e04a845f7b3f2c268a2c023d0fcf2499b8734dc2312127c5bd978b8931a0098a363aaafee5549f17ed8f46c288b82ae187468168d4c434b54fe920e2ec7e24eae0b848c859363c09cec20941cdd94ff0a5c28a2e5af09485065f177dc3d1b47389f0ec5d7e45bb9648520971daf61299167b0f72be17cd287a85817b45e17e855c7772a2ac4bdbb55123cb640df61df37ca9a04b028f5fc42c3dae800ec864639b22a", 0xe9, 0xfffffffffffffffe)
keyctl$KEYCTL_PKEY_VERIFY(0x1c, &(0x7f0000000200)={r2, 0xffffffffffffff7f, 0x1000000000}, 0x0, &(0x7f0000000240)="8b75072fc424b1f0555339e8cdcf60411e4cde97d1ad5eb17f1d365457822c416b0238c41c803dd6e61172774a77632562b69928aaf0398c55c44b15fea20ff23f583c6520d56a1e82baca9d2abfaebda5210c7ba30e5b9da2f071b1a0dd6591a2bffab6884ae65470c5c05d1d3379a0af554a3364e97e", &(0x7f00000002c0)="7e47659b39c8f4e800a269899f5c754e427e81b60d5f7b6dc75d04566135e0515072556e01251a15c61c6c7afde246ad6042c6580bc77f14de054b9389a2b4689d14885930e09051bed49d8bfbf6b559f775d7a2e58a86103b155574edb5565cefc6dfa440b25c0fbd5fef16b588fdedf81a8ce63b39f1a9eb29aa847f505ddad506c4")
setsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000040)=0x3f, 0x4)

[  540.864560] binder: undelivered TRANSACTION_ERROR: 29201
14:55:25 executing program 3:
io_setup(0x4007, &(0x7f0000000180))

14:55:25 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:55:25 executing program 0:
syslog(0xa, 0xfffffffffffffffd, 0x17)
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x40080, 0x0)
ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x2, {0xfffffffffffffc01, 0xffffffffffffff80, 0x3, 0x101, 0x3f, 0x1}})

[  541.033968] binder: 15983:15984 got transaction with unaligned buffers size, 116
[  541.050155] binder: 15983:15984 transaction failed 29201/-22, size 0-0 line 3079
[  541.080454] binder: undelivered TRANSACTION_ERROR: 29201
[  542.808182] Bluetooth: hci1: command 0x1003 tx timeout
[  542.813559] Bluetooth: hci1: sending frame failed (-49)
[  543.368179] net_ratelimit: 18 callbacks suppressed
[  543.368187] protocol 88fb is buggy, dev hsr_slave_0
[  543.378221] protocol 88fb is buggy, dev hsr_slave_1
[  543.383267] protocol 88fb is buggy, dev hsr_slave_0
[  543.388307] protocol 88fb is buggy, dev hsr_slave_1
[  543.393343] protocol 88fb is buggy, dev hsr_slave_0
[  543.398398] protocol 88fb is buggy, dev hsr_slave_1
[  543.768172] protocol 88fb is buggy, dev hsr_slave_0
[  543.773303] protocol 88fb is buggy, dev hsr_slave_1
[  544.488228] protocol 88fb is buggy, dev hsr_slave_0
[  544.493441] protocol 88fb is buggy, dev hsr_slave_1
[  544.888222] Bluetooth: hci1: command 0x1001 tx timeout
[  544.893594] Bluetooth: hci1: sending frame failed (-49)
[  546.968253] Bluetooth: hci1: command 0x1009 tx timeout
[  548.648201] net_ratelimit: 22 callbacks suppressed
[  548.653177] protocol 88fb is buggy, dev hsr_slave_0
[  548.658238] protocol 88fb is buggy, dev hsr_slave_1
[  549.128261] protocol 88fb is buggy, dev hsr_slave_0
[  549.133408] protocol 88fb is buggy, dev hsr_slave_1
[  549.608185] protocol 88fb is buggy, dev hsr_slave_0
[  549.613313] protocol 88fb is buggy, dev hsr_slave_1
[  549.618407] protocol 88fb is buggy, dev hsr_slave_0
[  549.623446] protocol 88fb is buggy, dev hsr_slave_1
[  549.628569] protocol 88fb is buggy, dev hsr_slave_0
[  549.633610] protocol 88fb is buggy, dev hsr_slave_1
14:55:35 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x0, &(0x7f0000000080)="0adc1f123c123f3188b070")

14:55:35 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000680)={0x14, 0x1d, 0xfffffffffffffffd, 0x0, 0x0, {0x7592da11}}, 0x14}}, 0x0)

14:55:35 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:55:35 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x153, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:55:35 executing program 0:
syslog(0x2, 0xfffffffffffffffd, 0xfd86)

14:55:35 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x9, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:55:35 executing program 0:
syslog(0x9, 0xfffffffffffffffd, 0x193)

14:55:35 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x800000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f0000104000/0x3000)=nil, 0x3000, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mlockall(0x5)
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='numa_maps\x00')
readv(r1, &(0x7f0000000300)=[{&(0x7f0000001400)=""/4096, 0x1000}], 0x1)

[  551.021699] binder: 16002:16010 got transaction with unaligned buffers size, 116
[  551.046391] binder: 16002:16010 transaction failed 29201/-22, size 0-0 line 3079
[  551.056208] binder: undelivered TRANSACTION_ERROR: 29201
14:55:35 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:55:35 executing program 0:
syslog(0x2, 0xfffffffffffffffd, 0x147)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x40000, 0x0)
clock_gettime(0x0, &(0x7f0000007640)={<r1=>0x0, <r2=>0x0})
recvmmsg(0xffffffffffffffff, &(0x7f00000073c0)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000040)=""/199, 0xc7}, {&(0x7f0000000140)=""/157, 0x9d}, {&(0x7f0000000200)=""/43, 0x2b}], 0x3, &(0x7f0000000280)=""/201, 0xc9}, 0xd8}, {{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000380)=""/92, 0x5c}, {&(0x7f0000000400)=""/126, 0x7e}, {&(0x7f0000000480)}, {&(0x7f00000004c0)=""/58, 0x3a}, {&(0x7f0000000500)=""/218, 0xda}, {&(0x7f0000000600)=""/23, 0x17}, {&(0x7f0000000640)=""/86, 0x56}, {&(0x7f00000006c0)=""/100, 0x64}, {&(0x7f0000000740)=""/223, 0xdf}], 0x9}, 0x1cd}, {{&(0x7f0000000900)=@rc, 0x80, &(0x7f0000001e40)=[{&(0x7f0000000980)=""/33, 0x21}, {&(0x7f00000009c0)=""/42, 0x2a}, {&(0x7f0000000a00)=""/182, 0xb6}, {&(0x7f0000000ac0)=""/192, 0xc0}, {&(0x7f0000000b80)=""/235, 0xeb}, {&(0x7f0000000c80)=""/32, 0x20}, {&(0x7f0000000cc0)=""/179, 0xb3}, {&(0x7f0000000d80)=""/161, 0xa1}, {&(0x7f0000000e40)=""/4096, 0x1000}], 0x9, &(0x7f0000001f00)=""/4096, 0x1000}, 0x7}, {{&(0x7f0000002f00)=@in={0x2, 0x0, @loopback}, 0x80, &(0x7f0000002fc0)=[{&(0x7f0000002f80)=""/33, 0x21}], 0x1}, 0x4}, {{&(0x7f0000003000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @empty}}, 0x80, &(0x7f00000030c0)=[{&(0x7f0000003080)=""/35, 0x23}], 0x1, &(0x7f0000003100)=""/79, 0x4f}, 0xffffffffffffff01}, {{&(0x7f0000003180)=@pptp={0x18, 0x2, {0x0, @multicast1}}, 0x80, &(0x7f0000004540)=[{&(0x7f0000003200)=""/146, 0x92}, {&(0x7f00000032c0)}, {&(0x7f0000003300)=""/170, 0xaa}, {&(0x7f00000033c0)=""/149, 0x95}, {&(0x7f0000003480)=""/4096, 0x1000}, {&(0x7f0000004480)=""/139, 0x8b}], 0x6, &(0x7f00000045c0)=""/4096, 0x1000}, 0xb48}, {{&(0x7f00000055c0)=@hci={0x1f, <r3=>0x0}, 0x80, &(0x7f00000056c0)=[{&(0x7f0000005640)=""/71, 0x47}], 0x1, &(0x7f0000005700)=""/120, 0x78}, 0x7}, {{&(0x7f0000005780)=@pppoe={0x18, 0x0, {0x0, @remote}}, 0x80, &(0x7f0000005d80)=[{&(0x7f0000005800)=""/244, 0xf4}, {&(0x7f0000005900)=""/85, 0x55}, {&(0x7f0000005980)=""/30, 0x1e}, {&(0x7f00000059c0)=""/235, 0xeb}, {&(0x7f0000005ac0)=""/133, 0x85}, {&(0x7f0000005b80)=""/18, 0x12}, {&(0x7f0000005bc0)=""/20, 0x14}, {&(0x7f0000005c00)=""/158, 0x9e}, {&(0x7f0000005cc0)=""/183, 0xb7}], 0x9, &(0x7f0000005e40)=""/4096, 0x1000}, 0x9}, {{0x0, 0x0, &(0x7f0000006ec0)=[{&(0x7f0000006e40)=""/3, 0x3}, {&(0x7f0000006e80)=""/60, 0x3c}], 0x2}, 0xd6de}, {{&(0x7f0000006f00)=@pppoe={0x18, 0x0, {0x0, @local}}, 0x80, &(0x7f0000007280)=[{&(0x7f0000006f80)=""/122, 0x7a}, {&(0x7f0000007000)=""/123, 0x7b}, {&(0x7f0000007080)=""/65, 0x41}, {&(0x7f0000007100)=""/88, 0x58}, {&(0x7f0000007180)=""/250, 0xfa}], 0x5, &(0x7f0000007300)=""/173, 0xad}, 0x1}], 0xa, 0x40000000, &(0x7f0000007680)={r1, r2+30000000})
ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f00000076c0)={@mcast1, 0x9, r3})
gettid()

14:55:35 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x218, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  551.225103] binder: 16027:16028 got transaction with unaligned buffers size, 116
14:55:35 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000))
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  551.265602] binder: 16027:16028 transaction failed 29201/-22, size 0-0 line 3079
[  551.300764] binder: undelivered TRANSACTION_ERROR: 29201
[  551.394873] binder: 16038:16040 got transaction with unaligned buffers size, 116
[  551.436306] binder: 16038:16040 transaction failed 29201/-22, size 0-0 line 3079
[  551.463545] binder: undelivered TRANSACTION_ERROR: 29201
[  553.128146] Bluetooth: hci1: command 0x1003 tx timeout
[  553.133740] Bluetooth: hci1: sending frame failed (-49)
[  553.768156] net_ratelimit: 18 callbacks suppressed
[  553.768162] protocol 88fb is buggy, dev hsr_slave_0
[  553.778228] protocol 88fb is buggy, dev hsr_slave_1
[  553.783299] protocol 88fb is buggy, dev hsr_slave_0
[  553.788425] protocol 88fb is buggy, dev hsr_slave_1
[  553.793499] protocol 88fb is buggy, dev hsr_slave_0
[  553.798607] protocol 88fb is buggy, dev hsr_slave_1
[  554.168568] protocol 88fb is buggy, dev hsr_slave_0
[  554.173628] protocol 88fb is buggy, dev hsr_slave_1
[  554.888215] protocol 88fb is buggy, dev hsr_slave_0
[  554.893311] protocol 88fb is buggy, dev hsr_slave_1
[  555.208187] Bluetooth: hci1: command 0x1001 tx timeout
[  555.213633] Bluetooth: hci1: sending frame failed (-49)
[  557.288185] Bluetooth: hci1: command 0x1009 tx timeout
[  559.048176] net_ratelimit: 22 callbacks suppressed
[  559.053226] protocol 88fb is buggy, dev hsr_slave_0
[  559.058352] protocol 88fb is buggy, dev hsr_slave_1
[  559.528193] protocol 88fb is buggy, dev hsr_slave_0
[  559.533311] protocol 88fb is buggy, dev hsr_slave_1
[  560.008163] protocol 88fb is buggy, dev hsr_slave_0
[  560.013298] protocol 88fb is buggy, dev hsr_slave_1
[  560.018394] protocol 88fb is buggy, dev hsr_slave_0
[  560.023447] protocol 88fb is buggy, dev hsr_slave_1
[  560.028529] protocol 88fb is buggy, dev hsr_slave_0
[  560.033609] protocol 88fb is buggy, dev hsr_slave_1
14:55:45 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x240, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:55:45 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x1000008912, 0x0)

14:55:45 executing program 0:
syslog(0x2, 0xfffffffffffffffd, 0x416)
prctl$PR_GET_SECCOMP(0x15)

14:55:45 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000))
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:55:45 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x800000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f0000104000/0x3000)=nil, 0x3000, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mlockall(0x5)
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='numa_maps\x00')
readv(r1, &(0x7f0000000300)=[{&(0x7f0000001400)=""/4096, 0x1000}], 0x1)

14:55:45 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0xa, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  561.270470] binder: 16047:16055 got transaction with unaligned buffers size, 116
[  561.287214] binder: 16047:16055 transaction failed 29201/-22, size 0-0 line 3079
14:55:45 executing program 0:
syslog(0x2, 0xfffffffffffffffd, 0x147)
r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x20600, 0x0)
ioctl$VIDIOC_SUBDEV_G_DV_TIMINGS(r0, 0xc0845658, &(0x7f0000000040)={0x0, @reserved})

[  561.315643] binder: undelivered TRANSACTION_ERROR: 29201
[  561.326912] Bluetooth: hci1: Frame reassembly failed (-84)
14:55:46 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x300, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:55:46 executing program 0:
accept4(0xffffffffffffff9c, &(0x7f0000000000)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @ipv4={[], [], @remote}}}}, &(0x7f0000000080)=0x80, 0x80000)
openat$vicodec1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video37\x00', 0x2, 0x0)
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/zero\x00', 0x0, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000500)={'sit0\x00', 0x4002})
r3 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000800)='task\x00\x1d+\x1f\x80\x93g\x93\xc3{\x7f\xe5\xab\xfc A\x06\x11eO\x98\x86 (\xff\xb6;\x048\xc9G\x931j\x7fQ\x9f\x17\xe8A\x83\xf7`g\x12\x19j0C\x01\x17,y\x9e\xe2\v\v>\xbf\xa9\x8c\xb7m\xa2a8\x98\x8dm\xcb\x9d7\x8b\x8ed\xdan\x14T\x8fd\xf7\xb7TNO&\xc7\x97J>\xf3\xd9\x81\xa3\xbdY\x8b\xb2\x19\x99\x19\xc0\x85\x04\xf7\xe0\x94\x84\x96\xff\n;\xfb\xfc\xb2\x80\xc7\x8b\x8d\xc7+A\xe0r\xddn\xf4U\xf3K\x9e\xb0\xea\x11IG\x1d[\x91h\x9c\x8cu\x92\xa2B\xaaJ\xad\x9f\xad\x19TwS\xb5\x8b\xf1\xfeZ<NMzh\x89\xfe7H\x96\xbb\x94f\x04\xa9\xd9\xd1\xf8\x91\v\xc7\xb3@\xf5\x88<\xbag\xec3BF\xa9\x0e\xb5\xa6\x91H\n\a\x00\x00\x00xf{\xc4\x9c\x91=\x96\x7f\xf4\xc3\xb45z\xb9\x19\xb7\x99\xe6>\xa6c\x1d\x1e\xac\xefFb\xb0$;]\xa4\xe0\xb3\xa7\xc6\x03\x8fV\x18\xbd\x1c1y}8\xeb\x8fC\x9fo\x93\xb4T\x1d>)K\x04\x96\x14\xae\f\xfcz1\xbd]\x98\x89\v-/~d\x8a\xeb\faU\x96\xa2\xd4\x05\xe8N)\xd8@\xf6p\x9b\x01\xba\xed\x87rAS\xac\xdevE\x12\xd7)\xd3\xca\v\xa1X\x12+]@\x01\r\x9a\x04\xac\x01\x0eUL\x80U`\xa6\xa8\x13\xf0y\xcd\xc2\x7fdY#q)\x98p\r\xd50\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00g\x94H\xb0\x03\xe8\xc0t\xfa\xa2\xd5\xd3\xab\xfc#:\xc8\xfd#EI8v\x1d\x95W\tO\x02)\x00\x0fj+:m\xd4\xba\xff\xc22\au\x88\xa6^Q\xb7\xdb\x82\x84\x84\xfa\rVW\xb2s\x80%=\xb8w\x05\x16\x80\xfd\xdb\x86\xfb\xc5\xc8\xf7i\xfd2\az\x92&\xd5\x9c$\x00^8\xc7[\x17\xc9\xd3I\x93\xc9\xd1\xf2\x12,_H\x95 \xb2\x8d\xce\x14\xadi\x04Yr{\xe8\x9a\x98D\b\xd3\x04\x99\xb1V\x83!\xef\xe3hX\xd6P{\x00\x1cE_\xcf\xee\a\xc8\xdd2\x8b\\J\xe1*\x92\x0f&r^oF\x90\x00\xadTK\n\x0f\x17{\x85=\x16A\xf9>\xd2\xa0vH\xafg5i\x9dC6\x18\xcb\xfe\x14\xe9\xb0\xf5\xa3\xc7\xa2\xe4U\xcd\xf0e\xe9=\xc5\x19\xe2')
ioctl$KDSKBMODE(0xffffffffffffffff, 0x4b45, &(0x7f0000000040)=0x9)
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
r6 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000011000)={0x0, 0x0, 0x6d, 0x20000000000014, 0x0, 0x0}, 0x1db)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000740)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f0000000340)={&(0x7f0000000100), 0xc, &(0x7f0000000300)={&(0x7f0000000780)=ANY=[@ANYBLOB="f9370101010000006ce305640e52ccd971026cd2c3616ea686bc501b723e201cf0a582754b08da3e8f53e4ee2a9e2a0207cde7a05352a046c648411b982361529ae41d0c8877101ee5cea06722de42589747726e818f52496c6ea0d9b86352f95e9dbf89517c9ae225b9339bfea64a7802af47b2"], 0x1}, 0x1, 0x0, 0x0, 0x10}, 0x8000)
setsockopt$IP_VS_SO_SET_ADD(r5, 0x0, 0x482, &(0x7f00000003c0)={0x84, @local, 0x0, 0x11, 'mh\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 ', 0x20000000000, 0x0, 0x800}, 0x2c)
ioctl$LOOP_SET_STATUS(r4, 0x4c02, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x12, 0x16, 0x8, "9b93d7a7e4fb39daab332f2646ffb445fad3e6c64c7d19642a6510b05534a93dd1a7783832ccacc5a22e5745656880afdcaa3e913561c539a8dd796454a735b0", "46e63151428224c434353aedc66eb25afeb82377b1c529267d29919b97a34529", [0x9, 0x3f]})
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
r8 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000300)='/dev/dsp\x00', 0x2, 0x0)
getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffff9c, 0x84, 0x0, &(0x7f0000000340)={0x0, 0x0, 0x6, 0x9}, &(0x7f0000000380)=0x10)
poll(&(0x7f0000000480)=[{r6}, {r8, 0x4208}, {r0, 0x401}, {r4, 0x2}, {r7, 0x109}], 0x5, 0x3ff)
dup2(r7, r8)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="1480b028"], 0x0, 0x0, 0x0})
r9 = shmget(0x2, 0x2000, 0x54000a06, &(0x7f0000002000/0x2000)=nil)
shmctl$IPC_RMID(r9, 0x0)
mmap$binder(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0xc1010, r3, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000400)={0x8, 0x0, &(0x7f0000000000)=ANY=[@ANYPTR=&(0x7f00000005c0)=ANY=[@ANYBLOB="4800000000000014579d716e7767204528000000000000003800000000000000233f2770a7eb38acb5e73fba4a8a551a745511c3"]], 0x0, 0x0, 0x0})
getrusage(0x0, &(0x7f0000000640))
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000200))
openat$full(0xffffffffffffff9c, &(0x7f0000000600)='/dev/full\x00', 0x10000, 0x0)

14:55:46 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000))
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  561.515480] binder: 16075:16077 got transaction with unaligned buffers size, 116
[  561.542784] binder: 16075:16077 transaction failed 29201/-22, size 0-0 line 3079
[  561.555936] binder: undelivered TRANSACTION_ERROR: 29201
14:55:46 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  561.587820] binder: BINDER_SET_CONTEXT_MGR already set
[  561.601224] binder: 16073:16076 ioctl 40046207 0 returned -16
14:55:46 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x500, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  561.633656] binder: 16083:16084 got transaction with unaligned buffers size, 116
[  561.659475] binder: 16083:16084 transaction failed 29201/-22, size 0-0 line 3079
[  561.681756] binder: undelivered TRANSACTION_ERROR: 29201
[  561.683303] binder: 16073:16076 unknown command 682655764
[  561.702387] binder: 16073:16076 ioctl c0306201 200000c0 returned -22
14:55:46 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  561.725080] binder: 16073:16076 unknown command 536872384
[  561.748325] binder: 16073:16076 ioctl c0306201 20000400 returned -22
[  561.792727] binder: 16090:16091 got transaction with unaligned buffers size, 116
[  561.812517] binder: BINDER_SET_CONTEXT_MGR already set
[  561.838521] binder: 16073:16076 ioctl 40046207 0 returned -16
[  561.840560] binder: 16073:16097 unknown command 682655764
[  561.881411] binder: 16073:16095 unknown command 536872384
[  561.881857] binder: 16090:16091 transaction failed 29201/-22, size 0-0 line 3079
[  561.886998] binder: 16073:16095 ioctl c0306201 20000400 returned -22
[  561.917053] binder: 16073:16097 ioctl c0306201 200000c0 returned -22
[  561.938762] binder: undelivered TRANSACTION_ERROR: 29201
[  563.368157] Bluetooth: hci1: command 0x1003 tx timeout
[  563.373550] Bluetooth: hci1: sending frame failed (-49)
[  564.168137] net_ratelimit: 18 callbacks suppressed
[  564.168143] protocol 88fb is buggy, dev hsr_slave_0
[  564.178187] protocol 88fb is buggy, dev hsr_slave_1
[  564.183240] protocol 88fb is buggy, dev hsr_slave_0
[  564.188311] protocol 88fb is buggy, dev hsr_slave_1
[  564.193454] protocol 88fb is buggy, dev hsr_slave_0
[  564.198520] protocol 88fb is buggy, dev hsr_slave_1
[  564.568161] protocol 88fb is buggy, dev hsr_slave_0
[  564.573332] protocol 88fb is buggy, dev hsr_slave_1
[  565.288273] protocol 88fb is buggy, dev hsr_slave_0
[  565.293379] protocol 88fb is buggy, dev hsr_slave_1
[  565.448228] Bluetooth: hci1: command 0x1001 tx timeout
[  565.453633] Bluetooth: hci1: sending frame failed (-49)
[  567.528268] Bluetooth: hci1: command 0x1009 tx timeout
[  569.448229] net_ratelimit: 22 callbacks suppressed
[  569.448236] protocol 88fb is buggy, dev hsr_slave_0
[  569.458293] protocol 88fb is buggy, dev hsr_slave_1
[  569.928155] protocol 88fb is buggy, dev hsr_slave_0
[  569.933247] protocol 88fb is buggy, dev hsr_slave_1
[  570.408181] protocol 88fb is buggy, dev hsr_slave_0
[  570.413373] protocol 88fb is buggy, dev hsr_slave_1
[  570.418458] protocol 88fb is buggy, dev hsr_slave_0
[  570.423471] protocol 88fb is buggy, dev hsr_slave_1
[  570.428523] protocol 88fb is buggy, dev hsr_slave_0
[  570.433541] protocol 88fb is buggy, dev hsr_slave_1
14:55:56 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x1000008912, 0x0)

14:55:56 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x800000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f0000104000/0x3000)=nil, 0x3000, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mlockall(0x5)
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='numa_maps\x00')
readv(r1, &(0x7f0000000300)=[{&(0x7f0000001400)=""/4096, 0x1000}], 0x1)

14:55:56 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x600, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:55:56 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:55:56 executing program 0:
syslog(0x2, 0xfffffffffffffffd, 0x147)
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x48c202, 0x0)
bind$bt_sco(r0, &(0x7f0000000040)={0x1f, {0x2, 0x40000, 0x4, 0x1, 0x7, 0xf03}}, 0x8)
getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f0000000080), &(0x7f00000000c0)=0x4)

14:55:56 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0xe, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  571.510794] binder: 16103:16104 got transaction with unaligned buffers size, 116
[  571.528670] binder: 16103:16104 transaction failed 29201/-22, size 0-0 line 3079
14:55:56 executing program 0:
syslog(0x9, 0xfffffffffffffffd, 0x0)

[  571.557758] Bluetooth: hci1: Frame reassembly failed (-84)
[  571.577619] binder: undelivered TRANSACTION_ERROR: 29201
14:55:56 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:55:56 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x700, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:55:56 executing program 0:
syslog(0xb, 0xfffffffffffffffd, 0xc9)
r0 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000040)={'syz', 0x1}, &(0x7f0000000080)="5d5d60731aeb6fec630c2f1704f3835d67809d6b009da6ba65c8064c6be8803aa8f358787dae4c372ed91bd8c107ea8b680a9d58d822f33ed58e25051ed6fb05e3e2a77b1326466e25e4e136c75422c7a16d94436aec8a722f5d73a257c170b6774a8ea09f54ae0a0ea25803f77609259c62de61032473ca43e47d4bc9902d5e2bfe4df4469de831d152f63305b66b09cdfc2b62c55ee0a72afe90ffb8a2723cc9d84e81e71b12dca5faf3b3f126db997fee722f566816657db4d4cb0c2b888ec3ed46a61396a29f625b88aaf2f8559ff800a50090fb6145991cca934bdf0fe036", 0xe1, 0xfffffffffffffff9)
r1 = add_key(&(0x7f0000000180)='pkcs7_test\x00', &(0x7f00000001c0)={'syz', 0x3}, &(0x7f0000000200)="936ccec7ed86c7aad31d91eaa2d6825b83b920e33644409b91f2df2723721fddbf2cee0e3d386fd0e899213ce165f0ce8811cb447b52400ab2851ca49ca4bc796f0cdcd632e939234ca31465ecaf5e185da85530a06b514b717199526bd88b0a7b44075eda26f72f971e922a5289096986953c36db0ac88871", 0x79, 0x0)
r2 = add_key(&(0x7f0000000280)='encrypted\x00', &(0x7f00000002c0)={'syz', 0x0}, &(0x7f0000000300)="ee8f9859eef67b5e4fa94abcd8b0de432f3e0929d62084ef2e118a562ede8fc45dfc769c55d583322bb9e0e37531a182bd2f235b4a6fed89217f07f3af58bd2da38d7b18e1e5a912f72414defd27268b63cee010c23c8dd8665ca22f7fb53546d2f6291dee01c114f641374a727095944acb00290668e94fa51e8e3e3d20b6bb755f8d23f689f1618def405fd19e6900495092ef7b845cde4386e883f9b236bae378ac545b95e8257e6e7228276117ec2f09ec2b056a275bca85b0eee12a5c9bcf68404a28a7c3db469b1284a84c17def588f2512a33486b8ca7d19bb7f970e0afff83ac4d36e96aef5ff3cec68a035eae2386", 0xf3, 0x0)
r3 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000640)='/proc/sys/net/ipv4/vs/snat_reroute\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f00000007c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000780)={<r4=>0xffffffffffffffff}, 0x2, 0xb}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r3, &(0x7f0000000800)={0xe, 0x18, 0xfa00, @ib_path={&(0x7f0000000680)=[{0x10, 0x0, [0x293, 0x101, 0x47f, 0x9, 0xffff, 0x7ab8, 0x9b03, 0x7fff, 0x0, 0xfffffffffffffe01, 0xb0, 0x1, 0x3, 0x2, 0x2, 0xffffffff80000001]}, {0x30, 0x0, [0x0, 0x1000, 0x7, 0x100, 0x8000, 0x1, 0x3, 0x0, 0x305, 0x0, 0x0, 0x100, 0x2, 0xfff, 0xa95]}, {0x0, 0x0, [0x2, 0x2, 0x10a, 0x19, 0x8000, 0x1ff, 0x8, 0x6, 0x80000000, 0x1, 0x4, 0x7, 0xa0a, 0x7, 0x24000000000, 0x9]}], r4, 0x1, 0x1, 0xd8}}, 0x20)
keyctl$dh_compute(0x17, &(0x7f0000000400)={r0, r1, r2}, &(0x7f0000000440)=""/149, 0x95, &(0x7f0000000600)={&(0x7f0000000500)={'sha224-arm64\x00'}, &(0x7f0000000540)="63a810013e4717d15687e3c036c0ccb09782e4570119b627cc3efbad3f04494e14042fba022c6b4137d0c453c270fa25509963f743187596a66b55a58f142414f19311c1ba7c29c1d4b5fdbefa15309b04853d7d478873fb4888a9410ca4d62d5f0e6eed3adaccadf98b6150072b7ad7ad9526bbfdec77bba017f19d6e2593026d7265cf4037d18d39a11be31baa6e668668bc76786390e35756c54f523ecb557c1b7e3e71a385561c8b235b0ebe64d57101f453958e260e6ad46ec1", 0xbc})

[  571.703470] binder: 16127:16128 got transaction with unaligned buffers size, 116
[  571.721391] binder: 16127:16128 transaction failed 29201/-22, size 0-0 line 3079
14:55:56 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  571.752401] binder: undelivered TRANSACTION_ERROR: 29201
14:55:56 executing program 0:
syslog(0x2, 0xfffffffffffffffd, 0x147)
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x10200, 0x0)
recvfrom$netrom(r0, &(0x7f0000000080)=""/236, 0xec, 0x0, &(0x7f0000000180)={{0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x7}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast]}, 0x48)
ioctl$IMHOLD_L1(r0, 0x80044948, &(0x7f0000000040)=0x3)

[  571.838799] binder: 16139:16140 got transaction with unaligned buffers size, 116
[  571.879593] binder: 16139:16140 transaction failed 29201/-22, size 0-0 line 3079
[  571.923403] binder: undelivered TRANSACTION_ERROR: 29201
[  573.618502] Bluetooth: hci1: command 0x1003 tx timeout
[  573.623998] Bluetooth: hci1: sending frame failed (-49)
[  574.568128] net_ratelimit: 18 callbacks suppressed
[  574.568134] protocol 88fb is buggy, dev hsr_slave_0
[  574.578536] protocol 88fb is buggy, dev hsr_slave_1
[  574.583581] protocol 88fb is buggy, dev hsr_slave_0
[  574.588614] protocol 88fb is buggy, dev hsr_slave_1
[  574.593684] protocol 88fb is buggy, dev hsr_slave_0
[  574.598750] protocol 88fb is buggy, dev hsr_slave_1
[  574.968142] protocol 88fb is buggy, dev hsr_slave_0
[  574.973236] protocol 88fb is buggy, dev hsr_slave_1
[  575.688260] protocol 88fb is buggy, dev hsr_slave_0
[  575.693390] protocol 88fb is buggy, dev hsr_slave_1
[  575.698707] Bluetooth: hci1: command 0x1001 tx timeout
[  575.704063] Bluetooth: hci1: sending frame failed (-49)
[  577.768240] Bluetooth: hci1: command 0x1009 tx timeout
[  579.848261] net_ratelimit: 22 callbacks suppressed
[  579.848268] protocol 88fb is buggy, dev hsr_slave_0
[  579.858306] protocol 88fb is buggy, dev hsr_slave_1
[  580.328192] protocol 88fb is buggy, dev hsr_slave_0
[  580.333482] protocol 88fb is buggy, dev hsr_slave_1
[  580.808138] protocol 88fb is buggy, dev hsr_slave_0
[  580.813222] protocol 88fb is buggy, dev hsr_slave_1
[  580.818291] protocol 88fb is buggy, dev hsr_slave_0
[  580.823314] protocol 88fb is buggy, dev hsr_slave_1
[  580.828395] protocol 88fb is buggy, dev hsr_slave_0
[  580.833409] protocol 88fb is buggy, dev hsr_slave_1
14:56:06 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x1000008912, 0x0)

14:56:06 executing program 0:
syslog(0x2, 0xfffffffffffffffd, 0x147)
r0 = syz_open_dev$media(&(0x7f00000000c0)='/dev/media#\x00', 0x1, 0x800)
ioctl$VIDIOC_G_CTRL(r0, 0xc008561b, &(0x7f0000000100)={0x5bf2, 0x7})
r1 = open(&(0x7f0000000000)='./file0\x00', 0x4000, 0x100)
setsockopt$ALG_SET_AEAD_AUTHSIZE(r1, 0x117, 0x5, 0x0, 0x100000000)
ioctl$KVM_GET_REG_LIST(r1, 0xc008aeb0, &(0x7f0000000140)={0x4, [0x7, 0x1ff, 0x2bca, 0x1]})
setsockopt$inet6_MRT6_ADD_MFC(r1, 0x29, 0xcc, &(0x7f0000000040)={{0xa, 0x4e22, 0x100, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x2}, {0xa, 0x4e20, 0x1, @dev={0xfe, 0x80, [], 0x25}, 0x7ff}, 0xc2, [0x4, 0xc017, 0x8, 0xfffffffffffffff7, 0x2, 0xb482, 0x8000, 0x101]}, 0x5c)

14:56:06 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x900, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:56:06 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:56:06 executing program 3:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x294)
connect$inet6(r0, &(0x7f0000000340), 0x1c)
r1 = dup2(r0, r0)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x131f64)
setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0x0)
clone(0x20407fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
setsockopt$sock_timeval(r1, 0x1, 0x14, &(0x7f0000000140), 0x10)
setsockopt$sock_int(r1, 0x1, 0x0, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000100)="2265162d6c36d2d553b535288f726cee2343cd3da80438bbe33926e61647fc7fcab63c030ef325ad0f899dcc3d1baefa9b3b5a978b1e8319bcc3c41f139590cb2be0b46092dbd2174e400b05", 0x4c}], 0x1, 0x0)

14:56:06 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x11, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:56:06 executing program 0:
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x40000, 0x0)
ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000040)={0xbc, 0x77777f7f, 0x3, 0xfff, 0x1, @discrete={0x20, 0x40000000000000}})
syslog(0x2, 0xfffffffffffffffd, 0x147)

[  581.752683] binder: 16155:16156 got transaction with unaligned buffers size, 116
[  581.768320] binder: 16155:16156 transaction failed 29201/-22, size 0-0 line 3079
[  581.792969] Bluetooth: hci1: Frame reassembly failed (-84)
[  581.826843] Bluetooth: hci1: Frame reassembly failed (-84)
14:56:06 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0xa00, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:56:06 executing program 0:
r0 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x7cf94556, 0x40)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000000040)={{0x1, 0x3f}, 'port1\x00', 0x21, 0x0, 0x3, 0x5, 0x5, 0x56, 0x100000000, 0x0, 0x2, 0x2})
syslog(0x2, 0xfffffffffffffffd, 0x147)

14:56:06 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f31")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  581.845836] binder: undelivered TRANSACTION_ERROR: 29201
14:56:06 executing program 0:
syslog(0xd, 0xfffffffffffffffd, 0x2e7)
io_setup(0x2, &(0x7f0000000000)=<r0=>0x0)
r1 = accept4$nfc_llcp(0xffffffffffffff9c, &(0x7f00000001c0), &(0x7f0000000240)=0x60, 0x800)
r2 = syz_open_dev$audion(&(0x7f0000001280)='/dev/audio#\x00', 0x1, 0x4100)
r3 = syz_open_dev$vivid(&(0x7f0000001300)='/dev/video#\x00', 0x0, 0x2)
r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000001440)='/dev/zero\x00', 0x400, 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
r6 = openat$audio(0xffffffffffffff9c, &(0x7f0000001500)='/dev/audio\x00', 0x400002, 0x0)
r7 = openat$cgroup_type(0xffffffffffffffff, &(0x7f0000001580)='cgroup.type\x00', 0x2, 0x0)
r8 = openat$audio(0xffffffffffffff9c, &(0x7f0000001680)='/dev/audio\x00', 0x800, 0x0)
r9 = socket$inet_dccp(0x2, 0x6, 0x0)
r10 = syz_open_dev$dmmidi(&(0x7f0000000080)='/dev/dmmidi#\x00', 0x17e6381, 0x400003ffffb)
io_submit(r0, 0x5, &(0x7f0000001880)=[&(0x7f00000012c0)={0x0, 0x0, 0x0, 0x6, 0xff, r1, &(0x7f0000000280)="d65d1607e434af662e305d8d4515a248106489f2643870cdbf1f8540ffcb25417558fd98d411d641406fd5b7850036ac70d53aae12d3dbcce499dad4e585c17dcd16d0f330747eb7c833b15acf64529a76ab27b576fa33cb077151159458b034df88b22bb369a5051f6fe1294053d052a3c7818d15c94c08df2cfefd103e9b13cb358086e92bcc71b220e6355904e178aa81eb744fa3d79047843f35870132feff553f427682fc07678f21bbda4ab14a08ee654c1f7aada96abc0e0011ef07291b5a79e9f6469a391ebd3ea554288625dc46b8528d70d3e419ec85d676d154287b664a52e91ebad7bdde80ea516976c0911ae854a5f563529d48391338229702613d856de895fadb419884de1ec5ea9a4b732e992b70c32d0e221f9ee782845f2da553875e3566dc644baf37246b86fa6e063ee11ecdc3be2e88f2f16fe8244fc7707719f68249264697c3c3a00079cb3b72422c22ada9d6049641dd7cb027509bf887bb63ee3b6676926570d49775fd1a9f5c9c7b5969bc38f73f526d8dc1f024c50af70f0469e28dea65031b9fa7bc581e2160c737419d665095ef466a71139c96d8fa39c073948ff39295161593894c308034f4a5d959db23f30960ae62c47b217e637063cd8423c525e0851b6578d05e22219175a241e3629857db4a23dfab98af24b7712c7f3d4d10be86ad5580ff7b8c8ccc705448d2aa08a954944eea81b7933c686b77530e03559e483b73c4a7dac59d7e1a93f2ae1350ba6f4956130b251f2380be63644e67ffb3a736b36ed6edd074438225ccd0801222c85e0c6fc27801101da7efdf9631369dfe9b4eb313d09ac050dd080803e0764263cad24f29517a2660d114d707612386f21ef938b524ebecf4d3bbfb85fcd2653bf9d8ea56173730ad529baa2c0daec453a33932c55e731dcaebd04d7b68bf4b89dd1c74d3281251d446ee09d117aa65539805e7bec34c4ff56d8c7b05e00926edc74a7212ff5b349d99abf9c9bc4d345d3101068cfcae932dbc6bacb122c3351e202f31ae51e50c4c5ee75461c998f15bbcc2ce60960cffc88f0274047d8298c0b8ac54d63ebd030ec978bcd7f465e3f406de56d9e603b3b71515e10f1d03678d50648f1e20c4bbe31853b1b0edb9a5e3f56f325ac378ac9454a27d51d43e7684fb5f2ed42040b993fd5ae3aa506a638c3e1f9d8aabcca60681f98c27cf446fbf959eaff0993e83554bb94aa088bf94084d641ec257eba69723ff22f926000b09777e26dd08ab49215aaf1f463533f7d0c1f347f195f856fe7010ca321eff1dad77f200a33c77699f141117e53f2c5f4b02a857e7155434ff7e1cf39f13f527157be9a0e0467faf3d31d3020d6b51ddbd63c564126e9bd78e0756e3f0080fbac11e2125cb97f3be98969ef9971626ded4c5dc884fcfb2ac438efc4ea4f7b9de5ccccf5f65399146bf3b239268961299ae5342f9855672b1a9e82253dfcbfdc59257cb5977584a7317849a39a635fe8883f2c835ee41415531855a3714484494f007d51acb09e82f1ec0d3e0ca6293c423da7c5ea961ac0d2ae7452d8db2fabff7da29a0551ee735127ed5088f7d6e8daa3359458ab536bc9de83e675ef1422edd5e616f44e17b6c64fa884e8af9daa742bce55414ae7defcc47267f9f5858fc55dd31b6c0f3a516fded4fa7fb68bcfdb9fb2a05d13dfdc847a81d15f85b818f291e52d2a9613cb50614562455c39ae8450fb39fc5cb327382f82c59fee0d08dd6964e1b7c499f492a29b182f19fcd625dfb50e6843fb4bea969e41a625661b0bcf13aafb1612187f33297ce664e5c0d7761b48e22b18886b44bb6297371bd0061f8c654f8e18b104b54e2ec0f2cff5af7935d575625eb783083304b5b696b1da8b2247686d34d8eb418d9bb01ac3a9f51b3d536b1d809b1bf2134d75d4cfa537cd02e529d6664bbd6a2a31c21f396eec5d631038758d19e4a275fe52693e5fbdd0ec278664e7019d5f19aee54179626244d91bb33bc8e0fc00677da22c86f5ea3a1eaba75546810ec262ad1cf0abbe53a757bbc618d9aac97f779777740d77b9357ab1b9e0fc0521400f3bd9db7ef89dd8e3d14299407d3d905374f4b55cfa35fc43591a8711554cd3117738f32d7a04fcadd3fb074a09dba3af3e4a1f0bd7ada50fcf323fca953d2bb81c9598eb6adb3654821c506962005102637e15b757288610294d5a160c5b7874ec394c44e7b63265dd8c394b81917a138d2f41fe7c17918b928ee4ae3840fcf7cc762824840e3853a73463880911db0677eb3ba8b966c21123a6f421fc8ece2b39c6e70e6a8a7bec9b4a90f180da3f9f583e81fb92845902fa85bd2cce822e560061a241c68eea644b0b9a8a3a29e2f28ae3798ac872dfa675dc51cecacd093e6413cb58c92381f00941c226192f83154b883c9c9b3c06416d0da49c2ac2a6c0009f4e5ce82afed9d35d1d4cc5d3b526751afdfe6cde83efd82f6a5016bce6254c14925fc1160451949402560e19bf4b0b7cbe72e2d7e80809e33568b9d8b09e2ef4c5dee76760556cd3120c4f0fcefd07924db1edfcb0537f28202bb9c355b347cfb7b43bb813c00c75f0715e2bee4e14da364512512b142d92263dde242c9232972c18245bdcafe3d68a2088dedf3eadf1ec43204311d35ebd468bf73c4b47ecdcd0fc703f820af35ebf8c9d314a30b260e2b7047a16e13c2953420636285e505b0e87ab0bca2e786ce474afc6b5330bc708642c51a121cca84063757ba78eb295b7138fd3a03301835cecdabcd056b448e3709086367729dfb80dd38359c4e76ac1ab88e89f1679d28ace80dd38a51279cd9e0ab907165038342eea14ed641bb6846060b1a7af9303e85b5c172453c7689b8849fb34b008e9ea9354c08c6c580c187cc69a2f93de12bcd0322950581593024d981ce2120f5ddf173d9f0efad6d311464fb6d091a61878ad595a26cab80d1ca1fa380b6cea838745ce314d557707f7b05a0eff0f1f24ec201981d36adc51a2f3c5c95b9be213a11f6db486ebd436ed471e5697a3ffbf16a89c483ebec602843815065fab484d64cbe815b6367a0ea5da7d46dfe46d6574e4e37049a58d92597aaf4c875cbd6d0b2cb59cce81b923eb8c6254b558563030498540822f69ee4e708a41f4c3ea05b5497ba8e80a2d9b575e0b0c72d1b1bad138e81312b1f37956542fe1eb999c270f5950bf234906c4bb941cf51d5221eac27e48cd17785785315cd330582d7bf4d2b3185545987792b154bbcbfb4e01cb0003c2e7e5c7f494a8a3b8ccdb8ca172aed792d8f950e753efea6886e6b57f1c9a94fae2b58405d4d18e24d3a6b8b100688f6a4f8f62df4a6cedc80e899000ece9856f8d7c48c2358ada88321708e2449d9608ca2ff25fa2209a5b261eb87ef42ff02f3cb18e7e21e8cb43deaa06dc2fdad07be20b867e7dc6cff038c65c1148cec2e7c663cb00b043c82b985afd769393531900028c4ca9ba7dc67bec7b33379d940b84db6c83a5670bdf84380405acbc2785c0987efc4aeabea01c5ce8129992528ab5e9aa7b00526bc811edbefb150cd76f1071631d01f1015fea1063f680abaf1015e23f001f28e7e5ce26ea0a725e37e9f05bca0e0ea8c130737359b0c8d1ad7ff8ac09d16b0351eae243151db9d8e3871cacdd22b630318c47e3556f3c412fb4db8e1bcab4f1faa37fad46fda33b84a9e856d13a9a35323fdc7339cca96bb4968ea346db6ad2a6e8fcbe8279eb704e55fbe9d454eab25164a7d5e51b9f14cfcf5912359561efc8a73d382e064e1b5d8f2e2798519f7838822460402f44cd342aa2acb3838b2fc0f7fb95b0efa89e9cf4352bdad2f8609dc72aa77a2262b3acd4fc7aeeddffad70372217ce9ed4570b588260bfa360fc8562772827c32c55487fb47f5e7180730fc4ffb7a53587657a7830fc53a910dacfa2a8065b146ff9e057b8c5ff05667c904de746ddc101bd514bee979b62fbab8b4c9b167d2a3abbd3787c1fb5b85c7f230325375d6f76125d565802d99528b91e6e6db3f4dffee2b0f699cea046890a601377d18f8c6e8591ded82484d086491eefb0d1df21b0217441b150ae567bf7087287f9ef3e9f5c7409ec172ae99ccf8e72d43ab04d89ef33263bb3de68fd8e6b2e40347767ca76b7a8b8ba0999754c584f9df2b74aa0d3064034a23d6d331d9d1c28ed115087c42773ba058c0de078e7cf818ba69dc93dfe1a708dfe106dd2f8cfde2389becff8cc76f4eeda810e89f8a655ea86c2bed476380a10eed19c3c30540c8e0457adfcd12a8b3afddc484063389b5bd8ee044a5d40dc0bfd13ecd906680da58ceeb7b302f06a4512a8cfd4431c2a627a056e95b8d6174b2b40c9f77b1f74af2c29d66231a400eb0c00931b2f3f601d59f6f1c89d033ff27dd9e79481205c1cbf19dcc651d1680cdba2478a6a5a33dbd800280da5a7c10724a4097e3edd06aadc417fe81b64ad8b6ebcff3d278be5e1bab8004cdc6cb5e5f885fceeaa70b5f9587a266d664fc318e694a92f1aa3019593b3a8fa2b9326c484be8b6fefd7fcd4e05a86258cfe9705ecd7a2654d698f62a9cabc4c6aa61700e0e6d08761e48e0405821e1783ea0454d2d8c2bf47a0a5c34f28d38fb815992a743c70c73135de83f0c4de1c53a46fa2728e49c4ce64c45cad4914d22773d73ece78fc09486ede4c4b817c914e827cb6eee5848aa0310f77c7efa26497ff6b49230246401b7523f8f15e6c69fe3b46c6ee8c3d5f69f247ac72488f2ed1f6236f6c8c7392d02ef70552d15c7c40de0f939b8eb4a7372936a7312f03bd2e1a976712321ee7d8519101ace9bd7959844f6c6a104f94bac9f383c5070d536087845333bb3c22405cc3434120ca5d93246f8f7b114f0b4d0834bac9576ce764001e635f7faf194282848121f2394ac8f3b7bba51b079a5fa0a9dc06a08c0a774e4f356c68debae7d5636e913917304646cd41ea7db66efa461f4e519f61513dcfadd2cdd0673ded87d52d2b099f9b3870df92b3f988c916df3895cea1a7e45c98569d1fa59bd6d0e741e5bd350d3c55d189534cbef1e3c8c9ea74ea14bf7abbcf006ad74cc87d4a8e64893687d86edb8cee35ca219c4ee6716faabbb022d292084c25a87ac86db376704bf4104550495d31113ba4cce6db6b8acfe3572ba9cd1cd9fcb78867cb1f44ceb395e8e206ad885faa0fe21661f402b41b170b8f665f60cf6aad3417caa43f791fbd9b694ef761628063d6c65b51b06a1d3a42f96760d326dd6962a5c03b9924e3c4962dceb8cc1cfa05a70a0963765e6c914a0fdef29a0adc5fae894677664b761d8688977f14d9bde26ba5f636cdb71e16a185e3ad0c3cb5c7d75c50dfb03f77b8780cd790f0d89477670f71d0ef2d68d0d403bb2e5f3564513f6978a103a418f044d734d2f3ae3374b21ae9406059fba0797177e27cd26a4a1d3653c846ddf006f82c3364b013e3439a0c001df041a3b21a17908474a762623ae8cd74c505507f89cc767701aabea3f24f86d277d32d8518e27cd4209c0f9a37ae0545a9b7c6416ff87a2c39d3c8e23c0307fc1ebc9693385d7a0608c172bc562231e727fbb56973757da19637bdf6da8371bcebdbeb683cba4b351ac0df1cd779a68a48b5bcfe86cf3a356066c26c2e19ecf962405602c8534bd940333f2c248ed25af487fb464ec3596341f664fc9f3344106aea108d1ad9e91ef3780d691e8df642fa01084ee10f29181c9bb7d716e2a969046b08cf156f60e7bf643804167041f465704f6b0a2", 0x1000, 0x0, 0x0, 0x1, r2}, &(0x7f0000001480)={0x0, 0x0, 0x0, 0x2, 0x3, r3, &(0x7f0000001340)="099e7953f8f78495a030292d1b3aac7e997f31d7cbd41a5400154076b5beb040f9cbd5ac402177e291edd9eca644fd9207e245d80529255385e5d73d8be8c2b76df302e91db00eaa4392c94ab05aab95d8660a7f32e7b9738f6e44e9ba4489518a346c2b7759c561775fdbbe028bf4836f82d27dffbbd9d03a8763c0c73e9be45020518a9041a208c571f6d2e4ac3e92921b825d64ee4df00c438fa4311429682d51f0f9f06c5b512ca22bc93a91459e773898aa7abe659d15a8173dbe43f79dfa6bd0", 0xc3, 0xffffffffffffffff, 0x0, 0x3, r4}, &(0x7f0000001540)={0x0, 0x0, 0x0, 0x2, 0x2, r5, &(0x7f00000014c0)="d314203be735cd02b664249a3c065c", 0xf, 0xfff, 0x0, 0x0, r6}, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x1, 0x856, r7, &(0x7f00000015c0)="553b51340c64b18d94c411cbd11137c7f291980c81ffe09c40a37b520c7cdf5f4efe3cdad20259a07344f545d0fe84511aad74dd8145a0d460c1badae46a0d69d1619dda89742314212dd1910bc6fd278461abecb5abce8ee2a61344475c64421ff03fec9cb6a190c845cb63ae84f5a4ddbe547ee5ec91e9c6ed51995bba69943747daad0d479127c4356a901e0a37e3c9606c35f74f2e466319efc2b5090b35dd5f4285c69f5c21a728dd", 0xab, 0x7, 0x0, 0x0, r8}, &(0x7f0000001840)={0x0, 0x0, 0x0, 0x7, 0x3d, r9, &(0x7f0000001700)="fac09754e181b3b12b1eb5a4949e4388c9dd16e00d69bd3c3736fa33c9d86ddba605bd23e6316fd27a9cf13ab10c8f5211e4904c6f87f8dcba9ba2147c1747e7cfff30b8fb76827cf7345b7bd56e961e7cd5fb344b5b38bc8e763fd9fbe723589db52dcbfade3614751e73ec3931cfb32ca5b44c1aba2961d7fa509a29bda9cb2c7387c9959bf6b21aab7db10afab98b44f0c5bad5f3e2678bea82d24526fa8ce342d6ba66af3a0cd895ad5edea13ab5245efd18d34b5c555b958315fff3e5c27b47d884a156893b95464e", 0xcb, 0x8, 0x0, 0x1, r10}])

[  581.944582] binder: 16179:16183 got transaction with unaligned buffers size, 116
[  581.976042] binder: 16179:16183 transaction failed 29201/-22, size 0-0 line 3079
[  581.992308] binder: undelivered TRANSACTION_ERROR: 29201
14:56:06 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f31")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  582.104930] binder: 16196:16197 got transaction with unaligned buffers size, 116
[  582.124113] binder: 16196:16197 transaction failed 29201/-22, size 0-0 line 3079
[  582.144031] binder: undelivered TRANSACTION_ERROR: 29201
[  583.848356] Bluetooth: hci1: command 0x1003 tx timeout
[  583.853741] Bluetooth: hci1: sending frame failed (-49)
[  584.968177] net_ratelimit: 18 callbacks suppressed
[  584.973169] protocol 88fb is buggy, dev hsr_slave_0
[  584.978232] protocol 88fb is buggy, dev hsr_slave_1
[  584.983317] protocol 88fb is buggy, dev hsr_slave_0
[  584.988366] protocol 88fb is buggy, dev hsr_slave_1
[  584.993443] protocol 88fb is buggy, dev hsr_slave_0
[  584.998480] protocol 88fb is buggy, dev hsr_slave_1
[  585.368149] protocol 88fb is buggy, dev hsr_slave_0
[  585.373245] protocol 88fb is buggy, dev hsr_slave_1
[  585.928263] Bluetooth: hci1: command 0x1001 tx timeout
[  585.933659] Bluetooth: hci1: sending frame failed (-49)
[  586.088179] protocol 88fb is buggy, dev hsr_slave_0
[  586.093278] protocol 88fb is buggy, dev hsr_slave_1
[  588.008204] Bluetooth: hci1: command 0x1009 tx timeout
[  590.248198] net_ratelimit: 22 callbacks suppressed
[  590.253191] protocol 88fb is buggy, dev hsr_slave_0
[  590.258270] protocol 88fb is buggy, dev hsr_slave_1
[  590.728191] protocol 88fb is buggy, dev hsr_slave_0
[  590.733308] protocol 88fb is buggy, dev hsr_slave_1
[  591.208153] protocol 88fb is buggy, dev hsr_slave_0
[  591.213219] protocol 88fb is buggy, dev hsr_slave_1
[  591.218323] protocol 88fb is buggy, dev hsr_slave_0
[  591.223390] protocol 88fb is buggy, dev hsr_slave_1
[  591.228489] protocol 88fb is buggy, dev hsr_slave_0
[  591.233513] protocol 88fb is buggy, dev hsr_slave_1
14:56:16 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0xe00, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:56:16 executing program 0:
mount$9p_tcp(&(0x7f0000000000)='127.0.0.1\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='9p\x00', 0x6040, &(0x7f00000000c0)={'trans=tcp,', {'port', 0x3d, 0x4e20}, 0x2c, {[], [{@subj_role={'subj_role', 0x3d, ':ppp1\\^[/'}}, {@smackfshat={'smackfshat', 0x3d, '&'}}]}})
syslog(0x2, 0xfffffffffffffffd, 0x147)

14:56:16 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f31")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:56:16 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x34, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:56:16 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080))

14:56:16 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ptmx\x00', 0x0, 0x0)
read(r0, &(0x7f0000000180)=""/11, 0x8c0d351c)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000))
r1 = dup2(r0, r0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000480)=0x100000001, 0x4)
connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c)
r3 = dup2(r2, r2)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000440), 0x131f64)
syz_execute_func(&(0x7f0000000100)="3666440f50f564ff0941c3c4e2c9975842c441fc5335a4f89dad66420fe2e33e0f1110c48542ff9dcccc19c4c3f9152e06")
clone(0x2102401ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
sendto$unix(r3, 0x0, 0x0, 0x20003ff8, &(0x7f0000000200)=@abs={0x1}, 0x6e)
ioctl$TUNSETNOCSUM(r1, 0x400454c8, 0x0)

14:56:16 executing program 0:
syslog(0x0, 0xfffffffffffffffd, 0xfffffffffffffff9)

[  592.009361] binder: 16206:16211 got transaction with unaligned buffers size, 116
[  592.030415] Bluetooth: hci1: Frame reassembly failed (-84)
14:56:16 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x1802, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  592.061700] binder: 16206:16211 transaction failed 29201/-22, size 0-0 line 3079
14:56:16 executing program 0:
syslog(0x9, 0xfffffffffffffffd, 0x0)
r0 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00')
sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20040000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5400c0cd292095c80000", @ANYRES16=r0, @ANYBLOB="000826bd7000fcdbdf251200000014000500080001006962000008000100657468001c00090008000200ff03000008000200b60e00000800010006000000100004000c00070008000200b6000000"], 0x54}}, 0x4000)

[  592.113737] binder: undelivered TRANSACTION_ERROR: 29201
14:56:16 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:56:16 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:56:16 executing program 0:
syslog(0x2, 0xfffffffffffffffd, 0xfffffffffffffed1)
syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)

14:56:16 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x2000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:56:17 executing program 0:
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000001c0)={<r0=>0xffffffffffffffff})
getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(0xffffffffffffff9c, 0x84, 0x73, &(0x7f0000000200)={<r1=>0x0, 0x4, 0x0, 0x0, 0x5}, &(0x7f0000000240)=0x18)
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000040)={r1, 0xfc}, 0x2)
syslog(0x2, 0xfffffffffffffffd, 0x147)

14:56:17 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:56:17 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x5c, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  594.088212] Bluetooth: hci1: command 0x1003 tx timeout
[  594.093594] Bluetooth: hci1: sending frame failed (-49)
[  595.368153] net_ratelimit: 18 callbacks suppressed
[  595.368159] protocol 88fb is buggy, dev hsr_slave_0
[  595.378379] protocol 88fb is buggy, dev hsr_slave_1
[  595.383468] protocol 88fb is buggy, dev hsr_slave_0
[  595.388638] protocol 88fb is buggy, dev hsr_slave_1
[  595.393801] protocol 88fb is buggy, dev hsr_slave_0
[  595.398919] protocol 88fb is buggy, dev hsr_slave_1
[  595.768152] protocol 88fb is buggy, dev hsr_slave_0
[  595.773457] protocol 88fb is buggy, dev hsr_slave_1
[  596.168186] Bluetooth: hci1: command 0x1001 tx timeout
[  596.174399] Bluetooth: hci1: sending frame failed (-49)
[  596.488224] protocol 88fb is buggy, dev hsr_slave_0
[  596.493323] protocol 88fb is buggy, dev hsr_slave_1
[  598.248198] Bluetooth: hci1: command 0x1009 tx timeout
[  600.648174] net_ratelimit: 22 callbacks suppressed
[  600.653140] protocol 88fb is buggy, dev hsr_slave_0
[  600.658185] protocol 88fb is buggy, dev hsr_slave_1
[  601.128167] protocol 88fb is buggy, dev hsr_slave_0
[  601.133238] protocol 88fb is buggy, dev hsr_slave_1
[  601.608236] protocol 88fb is buggy, dev hsr_slave_0
[  601.613351] protocol 88fb is buggy, dev hsr_slave_1
[  601.618436] protocol 88fb is buggy, dev hsr_slave_0
[  601.623470] protocol 88fb is buggy, dev hsr_slave_1
[  601.628661] protocol 88fb is buggy, dev hsr_slave_0
[  601.633716] protocol 88fb is buggy, dev hsr_slave_1
14:56:26 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080))

14:56:26 executing program 3:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
r1 = dup2(r0, r0)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x131f64)
clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, 0x0, &(0x7f0000000000))
nanosleep(&(0x7f00000000c0)={0x77359400}, 0x0)

14:56:26 executing program 0:
syslog(0x2, 0xfffffffffffffffd, 0x147)
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x204903, 0x0)
ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f0000000040))

14:56:26 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:56:26 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x3f00, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:56:26 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x60, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  602.206967] binder_alloc: 16268: binder_alloc_buf, no vma
[  602.234491] binder: 16268:16269 transaction failed 29189/-3, size 0-0 line 3035
14:56:26 executing program 0:
syslog(0x2, 0xfffffffffffffffd, 0x147)
openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x20000, 0x0)

14:56:26 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  602.269124] binder: undelivered TRANSACTION_ERROR: 29189
14:56:27 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x4000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  602.368054] binder_alloc: 16290: binder_alloc_buf, no vma
14:56:27 executing program 0:
syslog(0x2, 0xfffffffffffffffd, 0x147)
mincore(&(0x7f0000ffb000/0x4000)=nil, 0x4000, &(0x7f0000000000)=""/81)

[  602.408527] binder: 16290:16291 transaction failed 29189/-3, size 0-0 line 3035
14:56:27 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  602.487450] binder: undelivered TRANSACTION_ERROR: 29189
14:56:27 executing program 0:
syslog(0x2, 0xfffffffffffffffd, 0x147)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000040)=0x1)

[  602.550758] binder_alloc: 16302: binder_alloc_buf, no vma
[  602.568490] binder: 16302:16303 transaction failed 29189/-3, size 0-0 line 3035
[  602.621870] binder: undelivered TRANSACTION_ERROR: 29189
[  604.328144] Bluetooth: hci1: command 0x1003 tx timeout
[  604.333511] Bluetooth: hci1: sending frame failed (-49)
[  605.768161] net_ratelimit: 18 callbacks suppressed
[  605.773146] protocol 88fb is buggy, dev hsr_slave_0
[  605.778211] protocol 88fb is buggy, dev hsr_slave_1
[  605.783293] protocol 88fb is buggy, dev hsr_slave_0
[  605.788342] protocol 88fb is buggy, dev hsr_slave_1
[  605.793416] protocol 88fb is buggy, dev hsr_slave_0
[  605.798485] protocol 88fb is buggy, dev hsr_slave_1
[  606.168214] protocol 88fb is buggy, dev hsr_slave_0
[  606.173327] protocol 88fb is buggy, dev hsr_slave_1
[  606.408332] Bluetooth: hci1: command 0x1001 tx timeout
[  606.413746] Bluetooth: hci1: sending frame failed (-49)
[  606.888211] protocol 88fb is buggy, dev hsr_slave_0
[  606.893502] protocol 88fb is buggy, dev hsr_slave_1
[  608.488190] Bluetooth: hci1: command 0x1009 tx timeout
[  611.048207] net_ratelimit: 22 callbacks suppressed
[  611.048216] protocol 88fb is buggy, dev hsr_slave_0
[  611.058360] protocol 88fb is buggy, dev hsr_slave_1
[  611.528165] protocol 88fb is buggy, dev hsr_slave_0
[  611.533250] protocol 88fb is buggy, dev hsr_slave_1
[  612.008371] protocol 88fb is buggy, dev hsr_slave_0
[  612.013458] protocol 88fb is buggy, dev hsr_slave_1
[  612.018529] protocol 88fb is buggy, dev hsr_slave_0
[  612.023563] protocol 88fb is buggy, dev hsr_slave_1
[  612.028617] protocol 88fb is buggy, dev hsr_slave_0
[  612.033721] protocol 88fb is buggy, dev hsr_slave_1
14:56:37 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080))

14:56:37 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x4002, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:56:37 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:56:37 executing program 0:
syslog(0x0, 0xfffffffffffffffd, 0x12f)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='attr/sockcreate\x00')
openat$cgroup(r0, &(0x7f0000000040)='syz0\x00', 0x200002, 0x0)

14:56:37 executing program 3:
ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, 0x0)
r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./file0\x00', 0x0)
sched_setaffinity(0x0, 0x375, &(0x7f0000000140)=0x5)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmsg$TIPC_NL_PUBL_GET(0xffffffffffffffff, 0x0, 0x4000811)
getsockopt$ARPT_SO_GET_REVISION_TARGET(r0, 0x0, 0x63, 0x0, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000280)='tmpfs\x00', 0x0, 0x0)
r1 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r2=>0x0, <r3=>0x0}, &(0x7f0000cab000)=0xc)
chown(&(0x7f00000001c0)='./file0\x00', r2, 0x0)
lsetxattr$system_posix_acl(0x0, 0x0, &(0x7f0000000940)={{}, {}, [], {}, [{}, {}], {0x10, 0x2}}, 0x34, 0x1)
chdir(&(0x7f0000000340)='./file0\x00')
symlink(&(0x7f0000000400)='./file0/file0\x00', &(0x7f00000006c0)='./file0\x00')
fsetxattr$security_ima(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setfsgid(r3)
clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, &(0x7f0000000380), 0xffffffffffffffff)
lstat(&(0x7f0000000600)='./file0/file0\x00', &(0x7f0000000540))
getpeername$inet6(0xffffffffffffffff, &(0x7f0000000000), &(0x7f00000000c0)=0xfffffffffffffcbc)

14:56:37 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0xfc, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:56:37 executing program 0:
syslog(0x1, 0xfffffffffffffffd, 0x0)

[  612.462744] binder_alloc: 16316: binder_alloc_buf, no vma
[  612.471357] binder: 16316:16324 transaction failed 29189/-3, size 0-0 line 3035
[  612.490083] binder: undelivered TRANSACTION_ERROR: 29189
14:56:37 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:56:37 executing program 3:
ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, 0x0)
r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./file0\x00', 0x0)
sched_setaffinity(0x0, 0x375, &(0x7f0000000140)=0x5)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmsg$TIPC_NL_PUBL_GET(0xffffffffffffffff, 0x0, 0x4000811)
getsockopt$ARPT_SO_GET_REVISION_TARGET(r0, 0x0, 0x63, 0x0, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000280)='tmpfs\x00', 0x0, 0x0)
r1 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r2=>0x0, <r3=>0x0}, &(0x7f0000cab000)=0xc)
chown(&(0x7f00000001c0)='./file0\x00', r2, 0x0)
lsetxattr$system_posix_acl(0x0, 0x0, &(0x7f0000000940)={{}, {}, [], {}, [{}, {}], {0x10, 0x2}}, 0x34, 0x1)
chdir(&(0x7f0000000340)='./file0\x00')
symlink(&(0x7f0000000400)='./file0/file0\x00', &(0x7f00000006c0)='./file0\x00')
fsetxattr$security_ima(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setfsgid(r3)
clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, &(0x7f0000000380), 0xffffffffffffffff)
lstat(&(0x7f0000000600)='./file0/file0\x00', &(0x7f0000000540))
getpeername$inet6(0xffffffffffffffff, &(0x7f0000000000), &(0x7f00000000c0)=0xfffffffffffffcbc)

14:56:37 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x5301, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:56:37 executing program 0:
syslog(0x2, 0xfffffffffffffffd, 0x147)
r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0x4000, 0x0)
setsockopt$netlink_NETLINK_PKTINFO(r0, 0x10e, 0x3, &(0x7f0000000040)=0x3, 0x1d)

[  612.617669] binder_alloc: 16342: binder_alloc_buf, no vma
[  612.652953] binder: 16342:16344 transaction failed 29189/-3, size 0-0 line 3035
14:56:37 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  612.677271] binder: undelivered TRANSACTION_ERROR: 29189
[  612.769177] binder_alloc: 16355: binder_alloc_buf, no vma
[  612.776215] binder: 16355:16357 transaction failed 29189/-3, size 0-0 line 3035
[  612.793277] binder: undelivered TRANSACTION_ERROR: 29189
[  614.568264] Bluetooth: hci1: command 0x1003 tx timeout
[  614.573644] Bluetooth: hci1: sending frame failed (-49)
[  616.168163] net_ratelimit: 18 callbacks suppressed
[  616.168169] protocol 88fb is buggy, dev hsr_slave_0
[  616.178227] protocol 88fb is buggy, dev hsr_slave_1
[  616.183288] protocol 88fb is buggy, dev hsr_slave_0
[  616.188372] protocol 88fb is buggy, dev hsr_slave_1
[  616.193427] protocol 88fb is buggy, dev hsr_slave_0
[  616.198538] protocol 88fb is buggy, dev hsr_slave_1
[  616.568179] protocol 88fb is buggy, dev hsr_slave_0
[  616.573285] protocol 88fb is buggy, dev hsr_slave_1
[  616.648256] Bluetooth: hci1: command 0x1001 tx timeout
[  616.653662] Bluetooth: hci1: sending frame failed (-49)
[  617.288214] protocol 88fb is buggy, dev hsr_slave_0
[  617.293375] protocol 88fb is buggy, dev hsr_slave_1
[  618.728195] Bluetooth: hci1: command 0x1009 tx timeout
[  621.448253] net_ratelimit: 22 callbacks suppressed
[  621.453252] protocol 88fb is buggy, dev hsr_slave_0
[  621.458420] protocol 88fb is buggy, dev hsr_slave_1
[  621.928166] protocol 88fb is buggy, dev hsr_slave_0
[  621.933261] protocol 88fb is buggy, dev hsr_slave_1
[  622.408239] protocol 88fb is buggy, dev hsr_slave_0
[  622.413430] protocol 88fb is buggy, dev hsr_slave_1
[  622.418704] protocol 88fb is buggy, dev hsr_slave_0
[  622.423748] protocol 88fb is buggy, dev hsr_slave_1
[  622.428812] protocol 88fb is buggy, dev hsr_slave_0
[  622.433853] protocol 88fb is buggy, dev hsr_slave_1
14:56:47 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:56:47 executing program 0:
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x802, 0x0)
accept4$tipc(r0, &(0x7f0000000040), &(0x7f0000000080)=0x10, 0x0)
syslog(0x2, 0xfffffffffffffffd, 0x147)

14:56:47 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c12")

14:56:47 executing program 3:
ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, 0x0)
r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./file0\x00', 0x0)
sched_setaffinity(0x0, 0x375, &(0x7f0000000140)=0x5)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmsg$TIPC_NL_PUBL_GET(0xffffffffffffffff, 0x0, 0x4000811)
getsockopt$ARPT_SO_GET_REVISION_TARGET(r0, 0x0, 0x63, 0x0, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000280)='tmpfs\x00', 0x0, 0x0)
r1 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r2=>0x0, <r3=>0x0}, &(0x7f0000cab000)=0xc)
chown(&(0x7f00000001c0)='./file0\x00', r2, 0x0)
lsetxattr$system_posix_acl(0x0, 0x0, &(0x7f0000000940)={{}, {}, [], {}, [{}, {}], {0x10, 0x2}}, 0x34, 0x1)
chdir(&(0x7f0000000340)='./file0\x00')
symlink(&(0x7f0000000400)='./file0/file0\x00', &(0x7f00000006c0)='./file0\x00')
fsetxattr$security_ima(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setfsgid(r3)
clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, &(0x7f0000000380), 0xffffffffffffffff)
lstat(&(0x7f0000000600)='./file0/file0\x00', &(0x7f0000000540))
getpeername$inet6(0xffffffffffffffff, &(0x7f0000000000), &(0x7f00000000c0)=0xfffffffffffffcbc)

14:56:47 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x80fe, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:56:47 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x103, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:56:47 executing program 3:
ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, 0x0)
r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./file0\x00', 0x0)
sched_setaffinity(0x0, 0x375, &(0x7f0000000140)=0x5)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmsg$TIPC_NL_PUBL_GET(0xffffffffffffffff, 0x0, 0x4000811)
getsockopt$ARPT_SO_GET_REVISION_TARGET(r0, 0x0, 0x63, 0x0, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000280)='tmpfs\x00', 0x0, 0x0)
r1 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r2=>0x0, <r3=>0x0}, &(0x7f0000cab000)=0xc)
chown(&(0x7f00000001c0)='./file0\x00', r2, 0x0)
lsetxattr$system_posix_acl(0x0, 0x0, &(0x7f0000000940)={{}, {}, [], {}, [{}, {}], {0x10, 0x2}}, 0x34, 0x1)
chdir(&(0x7f0000000340)='./file0\x00')
symlink(&(0x7f0000000400)='./file0/file0\x00', &(0x7f00000006c0)='./file0\x00')
fsetxattr$security_ima(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setfsgid(r3)
clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, &(0x7f0000000380), 0xffffffffffffffff)
lstat(&(0x7f0000000600)='./file0/file0\x00', &(0x7f0000000540))
getpeername$inet6(0xffffffffffffffff, &(0x7f0000000000), &(0x7f00000000c0)=0xfffffffffffffcbc)

[  622.700144] binder: 16375:16379 transaction failed 29189/-22, size 0-0 line 2896
[  622.727977] Bluetooth: hci1: Frame reassembly failed (-84)
[  622.743678] binder: undelivered TRANSACTION_ERROR: 29189
14:56:47 executing program 0:
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(aes)\x00'}, 0x58)
dup2(r0, r1)

14:56:47 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:56:47 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0xfe80, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  622.863441] binder: 16396:16397 transaction failed 29189/-22, size 0-0 line 2896
14:56:47 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cpuset.effective_mems\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
write$cgroup_int(r0, &(0x7f0000000080), 0x2001007f)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)

[  622.931140] binder: undelivered TRANSACTION_ERROR: 29189
14:56:47 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:56:47 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0xff0f, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  623.041901] binder: 16413:16414 transaction failed 29189/-22, size 0-0 line 2896
[  623.077387] binder: undelivered TRANSACTION_ERROR: 29189
14:56:47 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  624.728161] Bluetooth: hci1: command 0x1003 tx timeout
[  624.733691] Bluetooth: hci1: sending frame failed (-49)
[  626.568201] net_ratelimit: 18 callbacks suppressed
[  626.573196] protocol 88fb is buggy, dev hsr_slave_0
[  626.578271] protocol 88fb is buggy, dev hsr_slave_1
[  626.583367] protocol 88fb is buggy, dev hsr_slave_0
[  626.588430] protocol 88fb is buggy, dev hsr_slave_1
[  626.593512] protocol 88fb is buggy, dev hsr_slave_0
[  626.598569] protocol 88fb is buggy, dev hsr_slave_1
[  626.808255] Bluetooth: hci1: command 0x1001 tx timeout
[  626.813664] Bluetooth: hci1: sending frame failed (-49)
[  626.968188] protocol 88fb is buggy, dev hsr_slave_0
[  626.973296] protocol 88fb is buggy, dev hsr_slave_1
[  627.688214] protocol 88fb is buggy, dev hsr_slave_0
[  627.693335] protocol 88fb is buggy, dev hsr_slave_1
[  628.888211] Bluetooth: hci1: command 0x1009 tx timeout
[  631.848204] net_ratelimit: 22 callbacks suppressed
[  631.848212] protocol 88fb is buggy, dev hsr_slave_0
[  631.858436] protocol 88fb is buggy, dev hsr_slave_1
[  632.328200] protocol 88fb is buggy, dev hsr_slave_0
[  632.333327] protocol 88fb is buggy, dev hsr_slave_1
[  632.808218] protocol 88fb is buggy, dev hsr_slave_0
[  632.813465] protocol 88fb is buggy, dev hsr_slave_1
[  632.818547] protocol 88fb is buggy, dev hsr_slave_0
[  632.823587] protocol 88fb is buggy, dev hsr_slave_1
[  632.828640] protocol 88fb is buggy, dev hsr_slave_0
[  632.833670] protocol 88fb is buggy, dev hsr_slave_1
14:56:57 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x50000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:56:57 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_open_procfs(0x0, 0x0)

14:56:57 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c12")

14:56:57 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:56:57 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x1f4, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:56:57 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0)
read(r0, &(0x7f0000000300)=""/11, 0xb)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000400))
r1 = socket$inet6(0xa, 0x1, 0x0)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
recvmmsg(r1, &(0x7f00000017c0)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000540)=""/135, 0x87}], 0x1}}], 0x1, 0x0, 0x0)
r2 = dup2(r0, r0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, 0x0)
r3 = fcntl$dupfd(r1, 0x0, r1)
read(r1, &(0x7f0000000240)=""/185, 0xb9)
shutdown(r3, 0x0)

14:56:57 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:56:57 executing program 0:
socketpair$unix(0x1, 0x800000000003, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x0, 0x0)
ioctl$RTC_PIE_OFF(r1, 0x7006)

[  632.976035] Bluetooth: hci1: Frame reassembly failed (-84)
14:56:57 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)

14:56:57 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x100000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:56:57 executing program 3:

14:56:57 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)

14:56:57 executing program 0:

[  633.255051] binder: 16469:16470 ioctl c0306201 0 returned -14
14:56:57 executing program 3:

[  633.381230] binder: 16480:16482 ioctl c0306201 0 returned -14
[  635.048160] Bluetooth: hci1: command 0x1003 tx timeout
[  635.053757] Bluetooth: hci1: sending frame failed (-49)
[  636.968193] net_ratelimit: 18 callbacks suppressed
[  636.973527] protocol 88fb is buggy, dev hsr_slave_0
[  636.978595] protocol 88fb is buggy, dev hsr_slave_1
[  636.983883] protocol 88fb is buggy, dev hsr_slave_0
[  636.988937] protocol 88fb is buggy, dev hsr_slave_1
[  636.994169] protocol 88fb is buggy, dev hsr_slave_0
[  636.999201] protocol 88fb is buggy, dev hsr_slave_1
[  637.128301] Bluetooth: hci1: command 0x1001 tx timeout
[  637.133726] Bluetooth: hci1: sending frame failed (-49)
[  637.368190] protocol 88fb is buggy, dev hsr_slave_0
[  637.373415] protocol 88fb is buggy, dev hsr_slave_1
[  638.088251] protocol 88fb is buggy, dev hsr_slave_0
[  638.093539] protocol 88fb is buggy, dev hsr_slave_1
[  639.208200] Bluetooth: hci1: command 0x1009 tx timeout
[  642.248203] net_ratelimit: 22 callbacks suppressed
[  642.253313] protocol 88fb is buggy, dev hsr_slave_0
[  642.258408] protocol 88fb is buggy, dev hsr_slave_1
[  642.728186] protocol 88fb is buggy, dev hsr_slave_0
[  642.733357] protocol 88fb is buggy, dev hsr_slave_1
14:57:07 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c12")

14:57:07 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x1000000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:57:07 executing program 3:

14:57:07 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)

14:57:07 executing program 0:

14:57:07 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x300, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:57:07 executing program 0:

[  643.174407] binder: 16491:16499 ioctl c0306201 0 returned -14
[  643.208146] protocol 88fb is buggy, dev hsr_slave_0
[  643.213271] protocol 88fb is buggy, dev hsr_slave_1
[  643.218400] protocol 88fb is buggy, dev hsr_slave_0
14:57:07 executing program 3:
socketpair$unix(0x1, 0x0, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
r1 = syz_open_dev$mice(0x0, 0x0, 0x0)
bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r2 = request_key(&(0x7f00000002c0)='keyring\x00', 0x0, 0x0, 0xfffffffffffffffd)
setsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f00000004c0)={0x0, 0x1f, 0x6, 0x3c2b}, 0x14)
syz_genetlink_get_family_id$team(&(0x7f0000000080)='team\x00')
getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f00000039c0)={0x0, @rand_addr, @broadcast}, &(0x7f0000003a00)=0xc)
getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, 0x0, &(0x7f0000003b40))
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000003e40)={'vcan0\x00'})
getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000003e80)={{{@in=@loopback, @in=@empty}}, {{@in=@broadcast}, 0x0, @in6=@mcast1}}, &(0x7f0000003f80)=0xe8)
r3 = accept4$packet(r1, &(0x7f0000003fc0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x0, 0x80000)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, &(0x7f00000046c0))
getsockopt$inet_mreqn(r1, 0x0, 0x20, &(0x7f00000052c0)={@initdev, @initdev}, 0x0)
getsockname$packet(r3, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000006500)=0xffffffffffffff58)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, 0x0)
getpeername$packet(0xffffffffffffffff, 0x0, 0x0)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, &(0x7f0000006c00))
getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000007100)={{{@in=@remote, @in=@initdev}}, {{@in6=@mcast1}, 0x0, @in6=@loopback}}, &(0x7f0000007200)=0xe8)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, &(0x7f0000007400))
getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000007440)={{{@in6=@ipv4={[], [], @multicast1}, @in6=@loopback}}, {{@in=@multicast2}, 0x0, @in6=@empty}}, &(0x7f0000007540)=0xe8)
getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000007600)={{{@in=@remote, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}}, {{@in=@initdev}, 0x0, @in6}}, &(0x7f0000007700)=0xe8)
getpeername$packet(r1, &(0x7f0000007740)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000007780)=0x14)
sendmsg$TEAM_CMD_PORT_LIST_GET(r1, &(0x7f0000007f40)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20300}, 0xc, &(0x7f0000007f00)={&(0x7f00000077c0)=ANY=[@ANYBLOB, @ANYRES32=r4, @ANYRES32=r5], 0x3}, 0x1, 0x0, 0x0, 0x10}, 0x4000)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000180)={0x100, 0x2, 0x1000}, 0x4)
getegid()
keyctl$chown(0x4, r2, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
listen(r0, 0x7)
r6 = fcntl$dupfd(r0, 0xfffffffffffffffc, r0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, 0x0)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
r8 = accept4(r0, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r7, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
close(r8)

[  643.223466] protocol 88fb is buggy, dev hsr_slave_1
[  643.228594] protocol 88fb is buggy, dev hsr_slave_0
[  643.233662] protocol 88fb is buggy, dev hsr_slave_1
[  643.245966] Bluetooth: hci1: Frame reassembly failed (-84)
14:57:07 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

[  643.271250] Bluetooth: hci1: Frame reassembly failed (-84)
14:57:07 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x2000000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:57:08 executing program 0:
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup\x00', 0x200002, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
readlinkat(r1, &(0x7f0000000080)='./file1\x00', &(0x7f0000000280)=""/93, 0x5d)

14:57:08 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

[  645.288317] Bluetooth: hci1: command 0x1003 tx timeout
[  645.293880] Bluetooth: hci1: sending frame failed (-49)
[  647.368179] net_ratelimit: 18 callbacks suppressed
[  647.373199] protocol 88fb is buggy, dev hsr_slave_0
[  647.378315] protocol 88fb is buggy, dev hsr_slave_1
[  647.383401] protocol 88fb is buggy, dev hsr_slave_0
[  647.388511] protocol 88fb is buggy, dev hsr_slave_1
[  647.393598] protocol 88fb is buggy, dev hsr_slave_0
[  647.398648] protocol 88fb is buggy, dev hsr_slave_1
[  647.403832] Bluetooth: hci1: command 0x1001 tx timeout
[  647.409242] Bluetooth: hci1: sending frame failed (-49)
[  647.848201] protocol 88fb is buggy, dev hsr_slave_0
[  647.853319] protocol 88fb is buggy, dev hsr_slave_1
[  648.488230] protocol 88fb is buggy, dev hsr_slave_0
[  648.493371] protocol 88fb is buggy, dev hsr_slave_1
[  649.448442] Bluetooth: hci1: command 0x1009 tx timeout
[  652.648200] net_ratelimit: 22 callbacks suppressed
[  652.648209] protocol 88fb is buggy, dev hsr_slave_0
[  652.658529] protocol 88fb is buggy, dev hsr_slave_1
[  653.128196] protocol 88fb is buggy, dev hsr_slave_0
[  653.133403] protocol 88fb is buggy, dev hsr_slave_1
14:57:18 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188")

14:57:18 executing program 0:
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup\x00', 0x200002, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
readlinkat(r1, &(0x7f0000000080)='./file1\x00', &(0x7f0000000280)=""/93, 0x5d)

14:57:18 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x3000000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:57:18 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

14:57:18 executing program 3:
r0 = socket(0x10, 0x2, 0xc)
perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
write(r0, &(0x7f0000000000)="1f0000000104ff00fd4354c007110000f305010008000100010423dcffdf00", 0x1f)
write(r0, &(0x7f0000000080)="1f0000000104fffffd3b54c007110000f30501000b000500000000000000cf", 0x1f)

14:57:18 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x301, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:57:18 executing program 0:
inotify_init1(0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000600)='/dev/rfkill\x00', 0x0, 0x0)
pipe(&(0x7f0000000440))
openat$vnet(0xffffffffffffff9c, &(0x7f0000000240)='/dev/vhost-net\x00', 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pselect6(0x3aa, &(0x7f00000000c0), 0x0, &(0x7f0000000100)={0x1b7}, &(0x7f0000000200), 0x0)

[  653.421634] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.3'.
[  653.449130] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  653.462241] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.3'.
14:57:18 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000600), 0x0, 0x0, 0x0})

[  653.493424] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
14:57:18 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x4000000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:57:18 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000600), 0x0, 0x0, 0x0})

14:57:18 executing program 3:
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uhid\x00', 0x400000002, 0x0)
write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000000)=""/11, 0xb}, 0x11c)
write$UHID_DESTROY(r0, &(0x7f0000000100), 0x4)

[  653.608143] protocol 88fb is buggy, dev hsr_slave_0
[  653.613302] protocol 88fb is buggy, dev hsr_slave_1
[  653.618453] protocol 88fb is buggy, dev hsr_slave_0
[  653.623533] protocol 88fb is buggy, dev hsr_slave_1
[  653.628690] protocol 88fb is buggy, dev hsr_slave_0
[  653.633755] protocol 88fb is buggy, dev hsr_slave_1
[  653.645438] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  653.657687] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  653.683988] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
14:57:18 executing program 0:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x6, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  653.715918] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  653.732797] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  653.761349] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  653.782745] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  653.804007] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  653.820051] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  653.826945] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  653.855077] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  653.893443] hid-generic 0000:0000:0000.0003: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz1
[  653.945209] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  653.961265] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  653.968013] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  653.987690] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  653.995074] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  654.002203] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  654.009330] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  654.016110] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  654.023251] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  654.030633] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  654.037423] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  654.055626] hid-generic 0000:0000:0000.0004: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz1
[  655.528275] Bluetooth: hci1: command 0x1003 tx timeout
[  655.533672] Bluetooth: hci1: sending frame failed (-49)
[  657.608279] Bluetooth: hci1: command 0x1001 tx timeout
[  657.613680] Bluetooth: hci1: sending frame failed (-49)
[  657.768186] net_ratelimit: 18 callbacks suppressed
[  657.773282] protocol 88fb is buggy, dev hsr_slave_0
[  657.778359] protocol 88fb is buggy, dev hsr_slave_1
[  657.783448] protocol 88fb is buggy, dev hsr_slave_0
[  657.788520] protocol 88fb is buggy, dev hsr_slave_1
[  657.793602] protocol 88fb is buggy, dev hsr_slave_0
[  657.798641] protocol 88fb is buggy, dev hsr_slave_1
[  658.248200] protocol 88fb is buggy, dev hsr_slave_0
[  658.253302] protocol 88fb is buggy, dev hsr_slave_1
[  658.888202] protocol 88fb is buggy, dev hsr_slave_0
[  658.893333] protocol 88fb is buggy, dev hsr_slave_1
[  659.688171] Bluetooth: hci1: command 0x1009 tx timeout
[  663.048185] net_ratelimit: 22 callbacks suppressed
[  663.053166] protocol 88fb is buggy, dev hsr_slave_0
[  663.058230] protocol 88fb is buggy, dev hsr_slave_1
[  663.528164] protocol 88fb is buggy, dev hsr_slave_0
[  663.533307] protocol 88fb is buggy, dev hsr_slave_1
14:57:28 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188")

14:57:28 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000600), 0x0, 0x0, 0x0})

14:57:28 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x5000000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:57:28 executing program 3 (fault-call:6 fault-nth:0):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:57:28 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x3e8, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:57:28 executing program 0 (fault-call:4 fault-nth:0):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)

14:57:28 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0})

[  663.663560] FAULT_INJECTION: forcing a failure.
[  663.663560] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  663.678389] binder: BINDER_SET_CONTEXT_MGR already set
[  663.701687] binder: 16585:16592 ioctl 40046207 0 returned -16
[  663.721881] Bluetooth: hci1: Frame reassembly failed (-84)
[  663.729172] FAULT_INJECTION: forcing a failure.
[  663.729172] name failslab, interval 1, probability 0, space 0, times 0
[  663.754311] CPU: 0 PID: 16590 Comm: syz-executor.0 Not tainted 5.0.0-rc8+ #89
[  663.761640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  663.771028] Call Trace:
[  663.773644]  dump_stack+0x172/0x1f0
[  663.777671]  should_fail.cold+0xa/0x1b
[  663.781592]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[  663.786723]  ? ___might_sleep+0x163/0x280
[  663.790905]  should_fail_alloc_page+0x50/0x60
[  663.795423]  __alloc_pages_nodemask+0x1a1/0x710
[  663.800107]  ? mark_held_locks+0x100/0x100
[  663.804452]  ? __alloc_pages_slowpath+0x2900/0x2900
[  663.809490]  ? __lock_acquire+0x53b/0x4700
[  663.813737]  ? pmd_val+0x85/0x100
[  663.817201]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  663.822747]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  663.828304]  alloc_pages_vma+0xdd/0x540
[  663.832296]  __handle_mm_fault+0x1dd4/0x3f20
[  663.836729]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  663.841578]  ? find_held_lock+0x35/0x130
[  663.845661]  ? handle_mm_fault+0x322/0xb30
[  663.849925]  ? kasan_check_read+0x11/0x20
[  663.854088]  handle_mm_fault+0x43f/0xb30
[  663.858163]  __do_page_fault+0x5da/0xd60
[  663.862241]  do_page_fault+0x71/0x581
[  663.866051]  page_fault+0x1e/0x30
[  663.869510] RIP: 0010:copy_user_generic_unrolled+0x89/0xc0
[  663.875149] Code: 38 4c 89 47 20 4c 89 4f 28 4c 89 57 30 4c 89 5f 38 48 8d 76 40 48 8d 7f 40 ff c9 75 b6 89 d1 83 e2 07 c1 e9 03 74 12 4c 8b 06 <4c> 89 07 48 8d 76 08 48 8d 7f 08 ff c9 75 ee 21 d2 74 10 89 d1 8a
[  663.894057] RSP: 0018:ffff8880aa2d7be8 EFLAGS: 00010202
[  663.899427] RAX: ffffed101545af98 RBX: 0000000000000008 RCX: 0000000000000001
[  663.906703] RDX: 0000000000000000 RSI: ffff8880aa2d7cb8 RDI: 0000000000713000
[  663.913980] RBP: ffff8880aa2d7c20 R08: 000000013d000000 R09: ffffed101545af98
[  663.921255] R10: ffffed101545af97 R11: ffff8880aa2d7cbf R12: 0000000000713000
[  663.928532] R13: ffff8880aa2d7cb8 R14: 0000000000713008 R15: 00007ffffffff000
[  663.935836]  ? _copy_to_user+0xf7/0x120
[  663.939828]  vhost_vsock_dev_ioctl+0x283/0xb70
[  663.944418]  ? __f_unlock_pos+0x19/0x20
[  663.948404]  ? find_held_lock+0x35/0x130
[  663.952472]  ? vhost_vsock_flush+0xc0/0xc0
[  663.956714]  ? __fget+0x340/0x540
[  663.960172]  ? find_held_lock+0x35/0x130
[  663.964239]  ? __fget+0x340/0x540
[  663.967712]  ? vhost_vsock_flush+0xc0/0xc0
[  663.971956]  do_vfs_ioctl+0xd6e/0x1390
[  663.975857]  ? ioctl_preallocate+0x210/0x210
[  663.980271]  ? __fget+0x367/0x540
[  663.983738]  ? iterate_fd+0x360/0x360
[  663.987550]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  663.993096]  ? fput+0x128/0x1a0
[  663.996390]  ? security_file_ioctl+0x93/0xc0
[  664.000808]  ksys_ioctl+0xab/0xd0
[  664.004272]  __x64_sys_ioctl+0x73/0xb0
[  664.008145] protocol 88fb is buggy, dev hsr_slave_0
[  664.008193] protocol 88fb is buggy, dev hsr_slave_1
[  664.013168]  do_syscall_64+0x103/0x610
[  664.018359] protocol 88fb is buggy, dev hsr_slave_0
[  664.022113]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  664.027166] protocol 88fb is buggy, dev hsr_slave_1
[  664.032277] RIP: 0033:0x457e29
[  664.032291] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  664.032299] RSP: 002b:00007f81c3893c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  664.037504] protocol 88fb is buggy, dev hsr_slave_0
[  664.040590] RAX: ffffffffffffffda RBX: 00007f81c3893c90 RCX: 0000000000457e29
[  664.040598] RDX: 0000000000713000 RSI: 000000008008af00 RDI: 0000000000000003
[  664.040605] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[  664.040612] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f81c38946d4
[  664.040620] R13: 00000000004c2570 R14: 00000000004d4fd0 R15: 0000000000000005
[  664.056438] binder: release 16597:16600 transaction 200 out, still active
[  664.059642] protocol 88fb is buggy, dev hsr_slave_1
[  664.075694] CPU: 1 PID: 16599 Comm: syz-executor.3 Not tainted 5.0.0-rc8+ #89
[  664.109942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  664.109947] Call Trace:
[  664.109970]  dump_stack+0x172/0x1f0
[  664.109988]  should_fail.cold+0xa/0x1b
[  664.129185]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[  664.129200]  ? lock_downgrade+0x810/0x810
[  664.129216]  ? ___might_sleep+0x163/0x280
[  664.129235]  __should_failslab+0x121/0x190
[  664.145285] binder: undelivered TRANSACTION_COMPLETE
[  664.148754]  should_failslab+0x9/0x14
[  664.148770]  kmem_cache_alloc_trace+0x2d1/0x760
[  664.148782]  ? kasan_check_read+0x11/0x20
[  664.148799]  ? do_raw_spin_unlock+0x57/0x270
[  664.157106] binder: send failed reply for transaction 200, target dead
[  664.158027]  ? _raw_spin_unlock+0x2d/0x50
[  664.158048]  binder_get_thread+0x1db/0x7c0
[  664.203399]  ? __might_sleep+0x95/0x190
[  664.207362]  binder_ioctl+0x1e2/0x1b79
[  664.211259]  ? kasan_check_read+0x11/0x20
[  664.215397]  ? binder_thread_write+0x2820/0x2820
[  664.220146]  ? mark_held_locks+0x100/0x100
[  664.224372]  ? proc_fail_nth_write+0x9d/0x1e0
[  664.228858]  ? proc_cwd_link+0x1d0/0x1d0
[  664.232910]  ? __f_unlock_pos+0x19/0x20
[  664.236874]  ? find_held_lock+0x35/0x130
[  664.240928]  ? __fget+0x340/0x540
[  664.244370]  ? find_held_lock+0x35/0x130
[  664.248422]  ? __fget+0x340/0x540
[  664.251869]  ? binder_thread_write+0x2820/0x2820
[  664.256625]  do_vfs_ioctl+0xd6e/0x1390
[  664.260514]  ? ioctl_preallocate+0x210/0x210
[  664.264918]  ? __fget+0x367/0x540
[  664.268374]  ? iterate_fd+0x360/0x360
[  664.272164]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  664.277693]  ? fput+0x128/0x1a0
[  664.280975]  ? security_file_ioctl+0x93/0xc0
[  664.285378]  ksys_ioctl+0xab/0xd0
[  664.288828]  __x64_sys_ioctl+0x73/0xb0
[  664.292708]  do_syscall_64+0x103/0x610
[  664.296596]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  664.301785] RIP: 0033:0x457e29
[  664.304974] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
14:57:28 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x6000000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  664.323866] RSP: 002b:00007fbbb7071c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  664.331565] RAX: ffffffffffffffda RBX: 00007fbbb7071c90 RCX: 0000000000457e29
[  664.338825] RDX: 0000000020000780 RSI: 00000000c0306201 RDI: 0000000000000004
[  664.346082] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000
[  664.353355] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbbb70726d4
[  664.360635] R13: 00000000004bf15a R14: 00000000004d0b00 R15: 0000000000000006
14:57:29 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0})

[  664.369737] binder: 16585:16599 ioctl c0306201 20000780 returned -12
14:57:29 executing program 3 (fault-call:6 fault-nth:1):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:57:29 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0})

14:57:29 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x7000000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  664.514999] binder: BINDER_SET_CONTEXT_MGR already set
[  664.528518] binder: BINDER_SET_CONTEXT_MGR already set
[  664.533930] binder: 16616:16617 ioctl 40046207 0 returned -16
[  664.543404] binder: 16619:16620 ioctl 40046207 0 returned -16
[  664.555263] FAULT_INJECTION: forcing a failure.
[  664.555263] name failslab, interval 1, probability 0, space 0, times 0
[  664.567672] binder_alloc: 16609: binder_alloc_buf, no vma
[  664.580080] binder: 16619:16620 transaction failed 29189/-3, size 0-0 line 3035
[  664.590663] binder: send failed reply for transaction 202 to 16609:16610
[  664.598523] CPU: 1 PID: 16623 Comm: syz-executor.3 Not tainted 5.0.0-rc8+ #89
[  664.605822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  664.611901] binder: undelivered TRANSACTION_COMPLETE
[  664.615175] Call Trace:
[  664.615202]  dump_stack+0x172/0x1f0
[  664.615223]  should_fail.cold+0xa/0x1b
[  664.615241]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[  664.626848] binder: undelivered TRANSACTION_ERROR: 29189
[  664.630409]  ? lock_downgrade+0x810/0x810
[  664.630428]  ? ___might_sleep+0x163/0x280
[  664.630449]  __should_failslab+0x121/0x190
[  664.630465]  should_failslab+0x9/0x14
[  664.630479]  kmem_cache_alloc_trace+0x2d1/0x760
[  664.630489]  ? kasan_check_read+0x11/0x20
[  664.630505]  ? do_raw_spin_unlock+0x57/0x270
[  664.641046]  ? _raw_spin_unlock+0x2d/0x50
[  664.641065]  binder_transaction+0x886/0x6890
[  664.641080]  ? mark_held_locks+0x100/0x100
[  664.641096]  ? __might_fault+0x12b/0x1e0
[  664.649365]  ? find_held_lock+0x35/0x130
[  664.649389]  ? binder_deferred_func+0xea0/0xea0
[  664.649415]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  664.649430]  ? _copy_from_user+0xdd/0x150
[  664.649446]  binder_thread_write+0x87e/0x2820
[  664.649461]  ? fs_reclaim_acquire+0x20/0x20
[  664.668194] binder: undelivered TRANSACTION_ERROR: 29189
[  664.670667]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  664.691522]  ? binder_transaction+0x6890/0x6890
[  664.691539]  ? __might_fault+0x12b/0x1e0
[  664.691559]  ? lock_downgrade+0x810/0x810
[  664.701756]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  664.701772]  ? _copy_from_user+0xdd/0x150
[  664.701788]  binder_ioctl+0x13b9/0x1b79
[  664.701804]  ? kasan_check_read+0x11/0x20
[  664.756200]  ? binder_thread_write+0x2820/0x2820
[  664.760945]  ? mark_held_locks+0x100/0x100
[  664.765168]  ? proc_fail_nth_write+0x9d/0x1e0
[  664.769650]  ? proc_cwd_link+0x1d0/0x1d0
[  664.773714]  ? __f_unlock_pos+0x19/0x20
[  664.777676]  ? find_held_lock+0x35/0x130
[  664.781728]  ? __fget+0x340/0x540
[  664.785174]  ? binder_thread_write+0x2820/0x2820
[  664.789916]  do_vfs_ioctl+0xd6e/0x1390
[  664.793794]  ? ioctl_preallocate+0x210/0x210
[  664.798203]  ? __fget+0x367/0x540
[  664.801645]  ? iterate_fd+0x360/0x360
[  664.805432]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  664.810956]  ? fput+0x128/0x1a0
[  664.814225]  ? security_file_ioctl+0x93/0xc0
[  664.818627]  ksys_ioctl+0xab/0xd0
[  664.822069]  __x64_sys_ioctl+0x73/0xb0
[  664.825959]  do_syscall_64+0x103/0x610
[  664.829845]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  664.835035] RIP: 0033:0x457e29
[  664.838239] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  664.857136] RSP: 002b:00007fbbb7071c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  664.864839] RAX: ffffffffffffffda RBX: 00007fbbb7071c90 RCX: 0000000000457e29
[  664.872103] RDX: 0000000020000780 RSI: 00000000c0306201 RDI: 0000000000000004
[  664.879357] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000
[  664.886661] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbbb70726d4
[  664.893961] R13: 00000000004bf15a R14: 00000000004d0b00 R15: 0000000000000006
[  664.903389] binder: 16616:16623 transaction failed 29201/-12, size 0-0 line 2975
[  664.917450] binder: undelivered TRANSACTION_ERROR: 29201
[  665.768159] Bluetooth: hci1: command 0x1003 tx timeout
[  665.773551] Bluetooth: hci1: sending frame failed (-49)
[  667.848176] Bluetooth: hci1: command 0x1001 tx timeout
[  667.853579] Bluetooth: hci1: sending frame failed (-49)
[  668.168151] net_ratelimit: 18 callbacks suppressed
[  668.168157] protocol 88fb is buggy, dev hsr_slave_0
[  668.178185] protocol 88fb is buggy, dev hsr_slave_1
[  668.183256] protocol 88fb is buggy, dev hsr_slave_0
[  668.188324] protocol 88fb is buggy, dev hsr_slave_1
[  668.193367] protocol 88fb is buggy, dev hsr_slave_0
[  668.198406] protocol 88fb is buggy, dev hsr_slave_1
[  668.648139] protocol 88fb is buggy, dev hsr_slave_0
[  668.653292] protocol 88fb is buggy, dev hsr_slave_1
[  669.288157] protocol 88fb is buggy, dev hsr_slave_0
[  669.293288] protocol 88fb is buggy, dev hsr_slave_1
[  669.928235] Bluetooth: hci1: command 0x1009 tx timeout
[  673.448237] net_ratelimit: 22 callbacks suppressed
[  673.453247] protocol 88fb is buggy, dev hsr_slave_0
[  673.458403] protocol 88fb is buggy, dev hsr_slave_1
14:57:38 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188")

14:57:38 executing program 0 (fault-call:4 fault-nth:1):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)

14:57:38 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x500, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:57:38 executing program 4 (fault-call:6 fault-nth:0):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:57:38 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x8000000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:57:38 executing program 3 (fault-call:6 fault-nth:2):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  673.892443] FAULT_INJECTION: forcing a failure.
[  673.892443] name failslab, interval 1, probability 0, space 0, times 0
[  673.908270] binder: BINDER_SET_CONTEXT_MGR already set
[  673.914429] binder: 16633:16639 ioctl 40046207 0 returned -16
[  673.921607] FAULT_INJECTION: forcing a failure.
[  673.921607] name failslab, interval 1, probability 0, space 0, times 0
[  673.928149] protocol 88fb is buggy, dev hsr_slave_0
[  673.935141] CPU: 0 PID: 16637 Comm: syz-executor.3 Not tainted 5.0.0-rc8+ #89
[  673.938024] protocol 88fb is buggy, dev hsr_slave_1
[  673.945241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  673.945248] Call Trace:
[  673.945271]  dump_stack+0x172/0x1f0
[  673.945291]  should_fail.cold+0xa/0x1b
[  673.945310]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[  673.945324]  ? lock_downgrade+0x810/0x810
[  673.945339]  ? ___might_sleep+0x163/0x280
[  673.983143]  __should_failslab+0x121/0x190
[  673.987393]  should_failslab+0x9/0x14
[  673.991200]  kmem_cache_alloc_trace+0x2d1/0x760
[  673.995999]  ? lockdep_init_map+0x10c/0x5b0
[  674.000336]  binder_transaction+0x965/0x6890
[  674.004751]  ? mark_held_locks+0x100/0x100
[  674.009000]  ? __might_fault+0x12b/0x1e0
[  674.013066]  ? find_held_lock+0x35/0x130
[  674.017147]  ? binder_deferred_func+0xea0/0xea0
[  674.021851]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  674.027399]  ? _copy_from_user+0xdd/0x150
[  674.031562]  binder_thread_write+0x87e/0x2820
[  674.036065]  ? fs_reclaim_acquire+0x20/0x20
[  674.040398]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  674.045950]  ? binder_transaction+0x6890/0x6890
[  674.050625]  ? __might_fault+0x12b/0x1e0
[  674.054698]  ? lock_downgrade+0x810/0x810
[  674.058867]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  674.064411]  ? _copy_from_user+0xdd/0x150
[  674.068568]  binder_ioctl+0x13b9/0x1b79
[  674.072549]  ? kasan_check_read+0x11/0x20
[  674.076711]  ? binder_thread_write+0x2820/0x2820
[  674.081482]  ? mark_held_locks+0x100/0x100
[  674.085728]  ? proc_fail_nth_write+0x9d/0x1e0
[  674.090231]  ? proc_cwd_link+0x1d0/0x1d0
[  674.094295]  ? __f_unlock_pos+0x19/0x20
[  674.098272]  ? find_held_lock+0x35/0x130
[  674.102338]  ? __fget+0x340/0x540
[  674.105824]  ? binder_thread_write+0x2820/0x2820
[  674.110595]  do_vfs_ioctl+0xd6e/0x1390
[  674.114488]  ? ioctl_preallocate+0x210/0x210
[  674.118900]  ? __fget+0x367/0x540
[  674.122359]  ? iterate_fd+0x360/0x360
[  674.126161]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  674.131702]  ? fput+0x128/0x1a0
[  674.135000]  ? security_file_ioctl+0x93/0xc0
[  674.139418]  ksys_ioctl+0xab/0xd0
[  674.142877]  __x64_sys_ioctl+0x73/0xb0
[  674.146772]  do_syscall_64+0x103/0x610
[  674.150674]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  674.155863] RIP: 0033:0x457e29
[  674.159054] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  674.177960] RSP: 002b:00007fbbb7092c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  674.185679] RAX: ffffffffffffffda RBX: 00007fbbb7092c90 RCX: 0000000000457e29
14:57:38 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b0")

[  674.192951] RDX: 0000000020000780 RSI: 00000000c0306201 RDI: 0000000000000004
[  674.200223] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[  674.207498] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbbb70936d4
[  674.214769] R13: 00000000004bf15a R14: 00000000004d0b00 R15: 0000000000000006
[  674.222123] CPU: 1 PID: 16639 Comm: syz-executor.4 Not tainted 5.0.0-rc8+ #89
[  674.229422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  674.238778] Call Trace:
[  674.241384]  dump_stack+0x172/0x1f0
[  674.245023]  should_fail.cold+0xa/0x1b
[  674.248921]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[  674.254133]  ? lock_downgrade+0x810/0x810
[  674.258291]  ? ___might_sleep+0x163/0x280
[  674.262456]  __should_failslab+0x121/0x190
[  674.266702]  should_failslab+0x9/0x14
[  674.270509]  kmem_cache_alloc_trace+0x2d1/0x760
[  674.275185]  ? kasan_check_read+0x11/0x20
[  674.279344]  ? do_raw_spin_unlock+0x57/0x270
[  674.283757]  ? _raw_spin_unlock+0x2d/0x50
[  674.287926]  binder_get_thread+0x1db/0x7c0
[  674.292167]  ? __might_sleep+0x95/0x190
[  674.296148]  binder_ioctl+0x1e2/0x1b79
[  674.296166]  ? kasan_check_read+0x11/0x20
[  674.296184]  ? binder_thread_write+0x2820/0x2820
[  674.296200]  ? mark_held_locks+0x100/0x100
[  674.308959]  ? proc_fail_nth_write+0x9d/0x1e0
[  674.317663]  ? proc_cwd_link+0x1d0/0x1d0
[  674.321726]  ? __f_unlock_pos+0x19/0x20
[  674.321742]  ? find_held_lock+0x35/0x130
[  674.321756]  ? __fget+0x340/0x540
[  674.329762]  ? find_held_lock+0x35/0x130
[  674.329778]  ? __fget+0x340/0x540
[  674.329805]  ? binder_thread_write+0x2820/0x2820
[  674.329821]  do_vfs_ioctl+0xd6e/0x1390
[  674.340761]  ? ioctl_preallocate+0x210/0x210
[  674.353762]  ? __fget+0x367/0x540
[  674.353781]  ? iterate_fd+0x360/0x360
[  674.353804]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  674.366555]  ? fput+0x128/0x1a0
[  674.369851]  ? security_file_ioctl+0x93/0xc0
[  674.373021] binder: 16636:16637 transaction failed 29201/-12, size 0-0 line 2986
[  674.374263]  ksys_ioctl+0xab/0xd0
[  674.374282]  __x64_sys_ioctl+0x73/0xb0
[  674.374301]  do_syscall_64+0x103/0x610
14:57:39 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x9000000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  674.374328]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  674.389224] binder: undelivered TRANSACTION_ERROR: 29201
[  674.393032] RIP: 0033:0x457e29
[  674.393048] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  674.393056] RSP: 002b:00007fb603002c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  674.393071] RAX: ffffffffffffffda RBX: 00007fb603002c90 RCX: 0000000000457e29
[  674.393080] RDX: 0000000020000780 RSI: 00000000c0306201 RDI: 0000000000000004
[  674.393089] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[  674.393097] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb6030036d4
[  674.393104] R13: 00000000004bf15a R14: 00000000004d0b00 R15: 0000000000000006
[  674.398828] binder: 16633:16639 ioctl c0306201 20000780 returned -12
[  674.426048] protocol 88fb is buggy, dev hsr_slave_0
[  674.426099] protocol 88fb is buggy, dev hsr_slave_1
[  674.426175] protocol 88fb is buggy, dev hsr_slave_0
14:57:39 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x5c8, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:57:39 executing program 3 (fault-call:6 fault-nth:3):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:57:39 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)

[  674.426211] protocol 88fb is buggy, dev hsr_slave_1
[  674.426280] protocol 88fb is buggy, dev hsr_slave_0
[  674.426333] protocol 88fb is buggy, dev hsr_slave_1
14:57:39 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0xa000000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  674.607818] FAULT_INJECTION: forcing a failure.
[  674.607818] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  674.630378] CPU: 1 PID: 16671 Comm: syz-executor.3 Not tainted 5.0.0-rc8+ #89
[  674.637700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  674.647063] Call Trace:
[  674.649669]  dump_stack+0x172/0x1f0
[  674.653319]  should_fail.cold+0xa/0x1b
14:57:39 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x2, 0x713000)

[  674.657224]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[  674.662341]  ? ___might_sleep+0x163/0x280
[  674.666509]  should_fail_alloc_page+0x50/0x60
[  674.671018]  __alloc_pages_nodemask+0x1a1/0x710
[  674.675703]  ? __alloc_pages_slowpath+0x2900/0x2900
[  674.680734]  ? __lock_is_held+0xb6/0x140
[  674.684810]  ? check_preemption_disabled+0x48/0x290
[  674.689835]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  674.695384]  alloc_pages_current+0x107/0x210
[  674.699811]  binder_update_page_range+0x325/0x1f00
[  674.704777]  ? binder_shrink_count+0xc0/0xc0
[  674.709192]  ? find_held_lock+0x35/0x130
[  674.713269]  binder_alloc_new_buf+0xba7/0x1480
[  674.717877]  binder_transaction+0xf6a/0x6890
[  674.722302]  ? mark_held_locks+0x100/0x100
[  674.726545]  ? __might_fault+0x12b/0x1e0
[  674.730627]  ? binder_deferred_func+0xea0/0xea0
[  674.735318]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  674.740863]  ? _copy_from_user+0xdd/0x150
[  674.745021]  binder_thread_write+0x87e/0x2820
[  674.749526]  ? fs_reclaim_acquire+0x20/0x20
[  674.753865]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  674.759421]  ? binder_transaction+0x6890/0x6890
[  674.764100]  ? __might_fault+0x12b/0x1e0
[  674.768175]  ? lock_downgrade+0x810/0x810
[  674.772343]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  674.777887]  ? _copy_from_user+0xdd/0x150
[  674.782050]  binder_ioctl+0x13b9/0x1b79
[  674.786037]  ? kasan_check_read+0x11/0x20
[  674.790197]  ? binder_thread_write+0x2820/0x2820
[  674.794963]  ? mark_held_locks+0x100/0x100
[  674.799207]  ? proc_fail_nth_write+0x9d/0x1e0
[  674.803711]  ? proc_cwd_link+0x1d0/0x1d0
[  674.807793]  ? __f_unlock_pos+0x19/0x20
[  674.811950]  ? find_held_lock+0x35/0x130
[  674.816021]  ? __fget+0x340/0x540
[  674.819495]  ? binder_thread_write+0x2820/0x2820
[  674.824257]  do_vfs_ioctl+0xd6e/0x1390
[  674.828161]  ? ioctl_preallocate+0x210/0x210
[  674.832577]  ? __fget+0x367/0x540
[  674.836038]  ? iterate_fd+0x360/0x360
[  674.839848]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  674.845389]  ? fput+0x128/0x1a0
[  674.848681]  ? security_file_ioctl+0x93/0xc0
[  674.853097]  ksys_ioctl+0xab/0xd0
14:57:39 executing program 4 (fault-call:6 fault-nth:1):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  674.856547]  __x64_sys_ioctl+0x73/0xb0
[  674.860431]  do_syscall_64+0x103/0x610
[  674.860531]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  674.860542] RIP: 0033:0x457e29
[  674.860556] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  674.860563] RSP: 002b:00007fbbb7092c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  674.860577] RAX: ffffffffffffffda RBX: 00007fbbb7092c90 RCX: 0000000000457e29
[  674.860585] RDX: 0000000020000780 RSI: 00000000c0306201 RDI: 0000000000000004
[  674.860593] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[  674.860601] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbbb70936d4
[  674.860609] R13: 00000000004bf15a R14: 00000000004d0b00 R15: 0000000000000006
[  674.872967] binder_alloc: 16670: binder_alloc_buf failed for page at 000000004d95c914
[  674.923250] binder: BINDER_SET_CONTEXT_MGR already set
[  674.948954] binder: 16670:16671 transaction failed 29201/-12, size 0-0 line 3035
14:57:39 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x600, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:57:39 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x5421, 0x713000)

[  674.975359] binder: 16678:16679 ioctl 40046207 0 returned -16
[  674.975587] FAULT_INJECTION: forcing a failure.
[  674.975587] name failslab, interval 1, probability 0, space 0, times 0
[  674.998168] binder: undelivered TRANSACTION_ERROR: 29201
14:57:39 executing program 3 (fault-call:6 fault-nth:4):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:57:39 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0xe000000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  675.045695] CPU: 0 PID: 16684 Comm: syz-executor.4 Not tainted 5.0.0-rc8+ #89
[  675.053032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  675.062392] Call Trace:
[  675.064994]  dump_stack+0x172/0x1f0
[  675.068641]  should_fail.cold+0xa/0x1b
[  675.072543]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[  675.077653]  ? lock_downgrade+0x810/0x810
[  675.081809]  ? ___might_sleep+0x163/0x280
[  675.085967]  __should_failslab+0x121/0x190
[  675.090301]  should_failslab+0x9/0x14
[  675.094109]  kmem_cache_alloc_trace+0x2d1/0x760
[  675.098790]  ? kasan_check_read+0x11/0x20
[  675.102945]  ? do_raw_spin_unlock+0x57/0x270
[  675.107357]  ? _raw_spin_unlock+0x2d/0x50
[  675.107376]  binder_transaction+0x886/0x6890
[  675.107392]  ? mark_held_locks+0x100/0x100
[  675.120148]  ? __might_fault+0x12b/0x1e0
[  675.120164]  ? find_held_lock+0x35/0x130
[  675.120192]  ? binder_deferred_func+0xea0/0xea0
[  675.120219]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  675.120236]  ? _copy_from_user+0xdd/0x150
[  675.128332]  binder_thread_write+0x87e/0x2820
[  675.128347]  ? fs_reclaim_acquire+0x20/0x20
[  675.128361]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  675.128384]  ? binder_transaction+0x6890/0x6890
[  675.128399]  ? __might_fault+0x12b/0x1e0
[  675.128420]  ? lock_downgrade+0x810/0x810
[  675.128442]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  675.128458]  ? _copy_from_user+0xdd/0x150
[  675.128473]  binder_ioctl+0x13b9/0x1b79
[  675.128489]  ? kasan_check_read+0x11/0x20
[  675.128505]  ? binder_thread_write+0x2820/0x2820
[  675.128519]  ? mark_held_locks+0x100/0x100
[  675.128532]  ? proc_fail_nth_write+0x9d/0x1e0
[  675.128545]  ? proc_cwd_link+0x1d0/0x1d0
[  675.128560]  ? __f_unlock_pos+0x19/0x20
[  675.128572]  ? find_held_lock+0x35/0x130
[  675.128584]  ? __fget+0x340/0x540
[  675.128607]  ? binder_thread_write+0x2820/0x2820
[  675.128622]  do_vfs_ioctl+0xd6e/0x1390
[  675.128640]  ? ioctl_preallocate+0x210/0x210
[  675.128654]  ? __fget+0x367/0x540
[  675.128672]  ? iterate_fd+0x360/0x360
[  675.128685]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  675.128699]  ? fput+0x128/0x1a0
[  675.128730]  ? security_file_ioctl+0x93/0xc0
[  675.128753]  ksys_ioctl+0xab/0xd0
[  675.128770]  __x64_sys_ioctl+0x73/0xb0
[  675.128788]  do_syscall_64+0x103/0x610
[  675.128807]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  675.128820] RIP: 0033:0x457e29
[  675.128834] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  675.128842] RSP: 002b:00007fb602fe1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  675.128856] RAX: ffffffffffffffda RBX: 00007fb602fe1c90 RCX: 0000000000457e29
[  675.128865] RDX: 0000000020000780 RSI: 00000000c0306201 RDI: 0000000000000004
[  675.128873] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000
[  675.128881] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb602fe26d4
[  675.128889] R13: 00000000004bf15a R14: 00000000004d0b00 R15: 0000000000000006
[  675.153244] FAULT_INJECTION: forcing a failure.
[  675.153244] name failslab, interval 1, probability 0, space 0, times 0
[  675.169099] CPU: 0 PID: 16696 Comm: syz-executor.3 Not tainted 5.0.0-rc8+ #89
[  675.197223] binder: 16678:16684 transaction failed 29201/-12, size 0-0 line 2975
[  675.198090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  675.198097] Call Trace:
[  675.198118]  dump_stack+0x172/0x1f0
[  675.198138]  should_fail.cold+0xa/0x1b
[  675.198154]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[  675.198169]  ? lock_downgrade+0x810/0x810
[  675.198187]  ? ___might_sleep+0x163/0x280
[  675.198207]  __should_failslab+0x121/0x190
[  675.198224]  should_failslab+0x9/0x14
[  675.209327] binder: undelivered TRANSACTION_ERROR: 29201
[  675.210733]  kmem_cache_alloc_trace+0x2d1/0x760
[  675.210751]  ? find_held_lock+0x35/0x130
[  675.247259]  binder_alloc_new_buf+0x5e9/0x1480
[  675.255097]  binder_transaction+0xf6a/0x6890
[  675.255114]  ? mark_held_locks+0x100/0x100
[  675.290104]  ? __might_fault+0x12b/0x1e0
[  675.290132]  ? binder_deferred_func+0xea0/0xea0
[  675.290158]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  675.290173]  ? _copy_from_user+0xdd/0x150
[  675.290190]  binder_thread_write+0x87e/0x2820
[  675.305146]  ? fs_reclaim_acquire+0x20/0x20
[  675.305159]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  675.305182]  ? binder_transaction+0x6890/0x6890
[  675.466208]  ? __might_fault+0x12b/0x1e0
[  675.470266]  ? lock_downgrade+0x810/0x810
[  675.474407]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  675.479939]  ? _copy_from_user+0xdd/0x150
[  675.484087]  binder_ioctl+0x13b9/0x1b79
[  675.488049]  ? kasan_check_read+0x11/0x20
[  675.492195]  ? binder_thread_write+0x2820/0x2820
[  675.496944]  ? mark_held_locks+0x100/0x100
[  675.501188]  ? proc_fail_nth_write+0x9d/0x1e0
[  675.505680]  ? proc_cwd_link+0x1d0/0x1d0
[  675.509736]  ? __f_unlock_pos+0x19/0x20
[  675.513705]  ? find_held_lock+0x35/0x130
[  675.517758]  ? __fget+0x340/0x540
[  675.521217]  ? binder_thread_write+0x2820/0x2820
[  675.525969]  do_vfs_ioctl+0xd6e/0x1390
[  675.529846]  ? ioctl_preallocate+0x210/0x210
[  675.534238]  ? __fget+0x367/0x540
[  675.537680]  ? iterate_fd+0x360/0x360
[  675.541485]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  675.547015]  ? fput+0x128/0x1a0
[  675.550400]  ? security_file_ioctl+0x93/0xc0
[  675.554796]  ksys_ioctl+0xab/0xd0
[  675.558246]  __x64_sys_ioctl+0x73/0xb0
[  675.562136]  do_syscall_64+0x103/0x610
[  675.566018]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  675.571189] RIP: 0033:0x457e29
[  675.574364] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  675.593554] RSP: 002b:00007fbbb7092c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  675.601253] RAX: ffffffffffffffda RBX: 00007fbbb7092c90 RCX: 0000000000457e29
[  675.608687] RDX: 0000000020000780 RSI: 00000000c0306201 RDI: 0000000000000004
[  675.616040] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[  675.623295] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbbb70936d4
[  675.630549] R13: 00000000004bf15a R14: 00000000004d0b00 R15: 0000000000000006
[  675.639823] binder_alloc: binder_alloc_new_buf_locked: 16693 failed to alloc new buffer struct
[  675.648777] binder: 16693:16696 transaction failed 29201/-12, size 0-0 line 3035
[  675.658845] binder: undelivered TRANSACTION_ERROR: 29201
[  676.568199] Bluetooth: hci1: command 0x1003 tx timeout
[  676.573589] Bluetooth: hci1: sending frame failed (-49)
[  678.568187] net_ratelimit: 18 callbacks suppressed
[  678.568192] protocol 88fb is buggy, dev hsr_slave_0
[  678.578240] protocol 88fb is buggy, dev hsr_slave_1
[  678.583308] protocol 88fb is buggy, dev hsr_slave_0
[  678.588416] protocol 88fb is buggy, dev hsr_slave_1
[  678.593603] protocol 88fb is buggy, dev hsr_slave_0
[  678.598672] protocol 88fb is buggy, dev hsr_slave_1
[  678.648175] Bluetooth: hci1: command 0x1001 tx timeout
[  678.653576] Bluetooth: hci1: sending frame failed (-49)
[  679.048214] protocol 88fb is buggy, dev hsr_slave_0
[  679.053341] protocol 88fb is buggy, dev hsr_slave_1
[  679.768277] protocol 88fb is buggy, dev hsr_slave_0
[  679.773377] protocol 88fb is buggy, dev hsr_slave_1
[  680.728186] Bluetooth: hci1: command 0x1009 tx timeout
[  683.928385] net_ratelimit: 22 callbacks suppressed
[  683.933385] protocol 88fb is buggy, dev hsr_slave_0
[  683.938476] protocol 88fb is buggy, dev hsr_slave_1
[  684.328180] protocol 88fb is buggy, dev hsr_slave_0
[  684.333262] protocol 88fb is buggy, dev hsr_slave_1
14:57:49 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b0")

14:57:49 executing program 4 (fault-call:6 fault-nth:2):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:57:49 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x700, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:57:49 executing program 3 (fault-call:6 fault-nth:5):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:57:49 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x5450, 0x713000)

14:57:49 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x10000000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  684.786786] binder: 16709:16719 got transaction with unaligned buffers size, 116
[  684.794579] binder: BINDER_SET_CONTEXT_MGR already set
[  684.802311] Bluetooth: hci1: Frame reassembly failed (-84)
[  684.807239] binder: 16709:16719 transaction failed 29201/-22, size 0-0 line 3079
[  684.808240] protocol 88fb is buggy, dev hsr_slave_0
[  684.816413] binder: 16710:16717 ioctl 40046207 0 returned -16
[  684.820788] protocol 88fb is buggy, dev hsr_slave_1
[  684.831884] protocol 88fb is buggy, dev hsr_slave_0
14:57:49 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  684.837001] protocol 88fb is buggy, dev hsr_slave_1
[  684.837811] binder: undelivered TRANSACTION_ERROR: 29201
[  684.842124] protocol 88fb is buggy, dev hsr_slave_0
[  684.852600] protocol 88fb is buggy, dev hsr_slave_1
[  684.864805] FAULT_INJECTION: forcing a failure.
[  684.864805] name failslab, interval 1, probability 0, space 0, times 0
[  684.895425] CPU: 0 PID: 16717 Comm: syz-executor.4 Not tainted 5.0.0-rc8+ #89
[  684.902748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  684.912109] Call Trace:
[  684.914718]  dump_stack+0x172/0x1f0
[  684.918360]  should_fail.cold+0xa/0x1b
[  684.922264]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[  684.927383]  ? lock_downgrade+0x810/0x810
[  684.931547]  ? ___might_sleep+0x163/0x280
[  684.935713]  __should_failslab+0x121/0x190
[  684.939980]  should_failslab+0x9/0x14
[  684.943791]  kmem_cache_alloc_trace+0x2d1/0x760
[  684.948472]  ? lockdep_init_map+0x10c/0x5b0
[  684.952809]  binder_transaction+0x965/0x6890
[  684.957228]  ? mark_held_locks+0x100/0x100
[  684.961470]  ? __might_fault+0x12b/0x1e0
[  684.965542]  ? find_held_lock+0x35/0x130
[  684.969622]  ? binder_deferred_func+0xea0/0xea0
[  684.974311]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  684.979864]  ? _copy_from_user+0xdd/0x150
[  684.984021]  binder_thread_write+0x87e/0x2820
[  684.988527]  ? kmem_cache_alloc_trace+0x5a4/0x760
[  684.993383]  ? binder_transaction+0x6890/0x6890
[  684.998059]  ? __might_fault+0x12b/0x1e0
[  685.002134]  ? lock_downgrade+0x810/0x810
[  685.006302]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  685.011849]  ? _copy_from_user+0xdd/0x150
[  685.016010]  binder_ioctl+0x13b9/0x1b79
[  685.019994]  ? kasan_check_read+0x11/0x20
[  685.024155]  ? binder_thread_write+0x2820/0x2820
[  685.028941]  ? mark_held_locks+0x100/0x100
[  685.033185]  ? proc_fail_nth_write+0x9d/0x1e0
[  685.037691]  ? proc_cwd_link+0x1d0/0x1d0
[  685.041765]  ? __f_unlock_pos+0x19/0x20
[  685.045736]  ? find_held_lock+0x35/0x130
[  685.049786]  ? __fget+0x340/0x540
[  685.053321]  ? binder_thread_write+0x2820/0x2820
[  685.058070]  do_vfs_ioctl+0xd6e/0x1390
[  685.061954]  ? ioctl_preallocate+0x210/0x210
[  685.066352]  ? __fget+0x367/0x540
[  685.069808]  ? iterate_fd+0x360/0x360
[  685.073656]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  685.079180]  ? fput+0x128/0x1a0
[  685.082449]  ? security_file_ioctl+0x93/0xc0
[  685.086855]  ksys_ioctl+0xab/0xd0
[  685.090332]  __x64_sys_ioctl+0x73/0xb0
[  685.091119] binder: 16727:16729 got transaction with unaligned buffers size, 116
[  685.094230]  do_syscall_64+0x103/0x610
[  685.094252]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  685.094264] RIP: 0033:0x457e29
[  685.094278] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  685.094285] RSP: 002b:00007fb603002c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  685.102083] binder: 16727:16729 transaction failed 29201/-22, size 0-0 line 3079
[  685.105690] RAX: ffffffffffffffda RBX: 00007fb603002c90 RCX: 0000000000457e29
[  685.105699] RDX: 0000000020000780 RSI: 00000000c0306201 RDI: 0000000000000004
[  685.105708] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[  685.105717] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb6030036d4
[  685.105726] R13: 00000000004bf15a R14: 00000000004d0b00 R15: 0000000000000006
[  685.114455] binder: 16710:16717 transaction failed 29201/-12, size 0-0 line 2986
14:57:49 executing program 4 (fault-call:6 fault-nth:3):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:57:49 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x5451, 0x713000)

[  685.151666] binder: undelivered TRANSACTION_ERROR: 29201
14:57:49 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x18020000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:57:49 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x900, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:57:49 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0x2, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  685.246059] binder: BINDER_SET_CONTEXT_MGR already set
[  685.289315] binder: 16731:16735 ioctl 40046207 0 returned -16
[  685.329721] binder_alloc: 16727: binder_alloc_buf, no vma
[  685.333242] binder: BINDER_SET_CONTEXT_MGR already set
[  685.340282] binder: 16731:16749 transaction failed 29189/-3, size 0-0 line 3035
[  685.376684] binder: undelivered TRANSACTION_ERROR: 29189
[  685.387417] binder: 16747:16748 ioctl 40046207 0 returned -16
[  685.404350] binder: undelivered TRANSACTION_ERROR: 29201
[  685.428980] binder_alloc: binder_alloc_mmap_handler: 16747 20001000-20004000 already mapped failed -16
[  686.808196] Bluetooth: hci1: command 0x1003 tx timeout
[  686.813595] Bluetooth: hci1: sending frame failed (-49)
[  688.888203] Bluetooth: hci1: command 0x1001 tx timeout
[  688.893725] Bluetooth: hci1: sending frame failed (-49)
[  688.968200] net_ratelimit: 18 callbacks suppressed
[  688.968205] protocol 88fb is buggy, dev hsr_slave_0
[  688.978233] protocol 88fb is buggy, dev hsr_slave_1
[  688.983285] protocol 88fb is buggy, dev hsr_slave_0
[  688.988346] protocol 88fb is buggy, dev hsr_slave_1
[  688.993404] protocol 88fb is buggy, dev hsr_slave_0
[  688.998445] protocol 88fb is buggy, dev hsr_slave_1
[  689.448223] protocol 88fb is buggy, dev hsr_slave_0
[  689.453449] protocol 88fb is buggy, dev hsr_slave_1
[  690.168182] protocol 88fb is buggy, dev hsr_slave_0
[  690.173330] protocol 88fb is buggy, dev hsr_slave_1
[  690.968193] Bluetooth: hci1: command 0x1009 tx timeout
[  694.328204] net_ratelimit: 22 callbacks suppressed
[  694.328210] protocol 88fb is buggy, dev hsr_slave_0
[  694.338271] protocol 88fb is buggy, dev hsr_slave_1
[  694.728229] protocol 88fb is buggy, dev hsr_slave_0
[  694.733344] protocol 88fb is buggy, dev hsr_slave_1
14:57:59 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b0")

14:57:59 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x5452, 0x713000)

14:57:59 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:57:59 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x20000000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:57:59 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0x5421, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:57:59 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0xa00, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  695.025734] binder: 16762:16770 got transaction with unaligned buffers size, 116
[  695.043545] binder: BINDER_SET_CONTEXT_MGR already set
[  695.050257] binder: 16769:16772 ioctl 40046207 0 returned -16
[  695.052744] binder: 16762:16770 transaction failed 29201/-22, size 0-0 line 3079
[  695.057866] binder_alloc: binder_alloc_mmap_handler: 16769 20001000-20004000 already mapped failed -16
[  695.080254] binder: BINDER_SET_CONTEXT_MGR already set
[  695.085743] binder: 16769:16772 ioctl 40046207 0 returned -16
[  695.093538] Bluetooth: hci1: Frame reassembly failed (-84)
14:57:59 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0x5450, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:57:59 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x5460, 0x713000)

[  695.120802] binder: undelivered TRANSACTION_ERROR: 29201
14:57:59 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0x2, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:57:59 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x3f000000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  695.208177] protocol 88fb is buggy, dev hsr_slave_0
[  695.213292] protocol 88fb is buggy, dev hsr_slave_1
[  695.218464] protocol 88fb is buggy, dev hsr_slave_0
[  695.223534] protocol 88fb is buggy, dev hsr_slave_1
[  695.226734] binder: BINDER_SET_CONTEXT_MGR already set
[  695.228677] protocol 88fb is buggy, dev hsr_slave_0
[  695.239030] protocol 88fb is buggy, dev hsr_slave_1
[  695.239619] binder_alloc: binder_alloc_mmap_handler: 16788 20001000-20004000 already mapped failed -16
[  695.258204] binder: 16787:16790 ioctl 40046207 0 returned -16
[  695.268023] binder_alloc: binder_alloc_mmap_handler: 16787 20001000-20004000 already mapped failed -16
[  695.282282] binder: BINDER_SET_CONTEXT_MGR already set
[  695.297554] binder: 16788:16789 ioctl 40046207 0 returned -16
[  695.310481] binder: BINDER_SET_CONTEXT_MGR already set
[  695.316454] binder: 16787:16790 ioctl 40046207 0 returned -16
14:58:00 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x40049409, 0x713000)

14:58:00 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0x5421, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  695.463887] binder_alloc: binder_alloc_mmap_handler: 16803 20001000-20004000 already mapped failed -16
[  695.481251] binder: BINDER_SET_CONTEXT_MGR already set
[  695.486753] binder: 16803:16805 ioctl 40046207 0 returned -16
[  697.128330] Bluetooth: hci1: command 0x1003 tx timeout
[  697.133750] Bluetooth: hci1: sending frame failed (-49)
[  699.208210] Bluetooth: hci1: command 0x1001 tx timeout
[  699.213613] Bluetooth: hci1: sending frame failed (-49)
[  699.368150] net_ratelimit: 18 callbacks suppressed
[  699.373275] protocol 88fb is buggy, dev hsr_slave_0
[  699.378338] protocol 88fb is buggy, dev hsr_slave_1
[  699.383512] protocol 88fb is buggy, dev hsr_slave_0
[  699.388532] protocol 88fb is buggy, dev hsr_slave_1
[  699.393811] protocol 88fb is buggy, dev hsr_slave_0
[  699.398848] protocol 88fb is buggy, dev hsr_slave_1
[  699.848172] protocol 88fb is buggy, dev hsr_slave_0
[  699.853425] protocol 88fb is buggy, dev hsr_slave_1
[  700.568208] protocol 88fb is buggy, dev hsr_slave_0
[  700.573284] protocol 88fb is buggy, dev hsr_slave_1
[  701.288259] Bluetooth: hci1: command 0x1009 tx timeout
[  704.728229] net_ratelimit: 22 callbacks suppressed
[  704.733229] protocol 88fb is buggy, dev hsr_slave_0
[  704.738315] protocol 88fb is buggy, dev hsr_slave_1
[  705.128188] protocol 88fb is buggy, dev hsr_slave_0
[  705.133275] protocol 88fb is buggy, dev hsr_slave_1
14:58:09 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0xe00, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:58:09 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x40000000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:58:09 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0x5451, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:58:09 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0x5450, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:58:09 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x4004af61, 0x713000)

14:58:09 executing program 2:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x17aad410a23842a9)
timer_create(0x0, 0x0, 0x0)
perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x4)
recvmsg(r0, &(0x7f00000007c0)={&(0x7f0000000040)=@pppol2tpv3in6={0x18, 0x1, {0x0, <r2=>0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast1}}}, 0x80, 0x0}, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0)
getresuid(0x0, 0x0, 0x0)
ioctl$KDGETKEYCODE(0xffffffffffffffff, 0x4b4c, 0x0)
r3 = dup3(r1, r2, 0x0)
write(r3, 0x0, 0x0)

[  705.275170] binder: BINDER_SET_CONTEXT_MGR already set
[  705.282544] binder_alloc: binder_alloc_mmap_handler: 16814 20001000-20004000 already mapped failed -16
[  705.297793] binder: 16812:16823 ioctl 40046207 0 returned -16
[  705.306513] binder: BINDER_SET_CONTEXT_MGR already set
[  705.317091] binder: 16814:16824 ioctl 40046207 0 returned -16
14:58:10 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0x5451, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:58:10 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x4008af00, 0x713000)

[  705.323619] binder_alloc: binder_alloc_mmap_handler: 16812 20001000-20004000 already mapped failed -16
14:58:10 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0x5452, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:58:10 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x40020000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  705.467680] binder_alloc: binder_alloc_mmap_handler: 16838 20001000-20004000 already mapped failed -16
[  705.488333] binder: BINDER_SET_CONTEXT_MGR already set
[  705.504232] binder: BINDER_SET_CONTEXT_MGR already set
[  705.509783] binder: 16841:16844 ioctl 40046207 0 returned -16
14:58:10 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x4008af60, 0x713000)

[  705.515867] binder: 16838:16839 ioctl 40046207 0 returned -16
[  705.530715] binder_alloc: binder_alloc_mmap_handler: 16841 20001000-20004000 already mapped failed -16
14:58:10 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0x5452, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  705.608191] protocol 88fb is buggy, dev hsr_slave_0
[  705.613314] protocol 88fb is buggy, dev hsr_slave_1
[  705.618486] protocol 88fb is buggy, dev hsr_slave_0
[  705.623549] protocol 88fb is buggy, dev hsr_slave_1
[  705.628704] protocol 88fb is buggy, dev hsr_slave_0
[  705.633763] protocol 88fb is buggy, dev hsr_slave_1
[  705.690817] binder_alloc: binder_alloc_mmap_handler: 16855 20001000-20004000 already mapped failed -16
[  705.746962] binder: BINDER_SET_CONTEXT_MGR already set
[  705.765128] binder: 16855:16856 ioctl 40046207 0 returned -16
14:58:10 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x1100, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:58:10 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x53010000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:58:10 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0x5460, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:58:10 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x4020940d, 0x713000)

14:58:10 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0x5460, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  705.868013] binder: BINDER_SET_CONTEXT_MGR already set
[  705.873652] binder_alloc: binder_alloc_mmap_handler: 16865 20001000-20004000 already mapped failed -16
[  705.884074] binder: 16869:16871 ioctl 40046207 0 returned -16
[  705.892073] binder: BINDER_SET_CONTEXT_MGR already set
[  705.893677] binder_alloc: binder_alloc_mmap_handler: 16869 20001000-20004000 already mapped failed -16
[  705.910221] binder: 16865:16867 ioctl 40046207 0 returned -16
14:58:10 executing program 2:

14:58:10 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0x40046205, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:58:10 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0xc0045878, 0x713000)

14:58:10 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0x40046205, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:58:10 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x91ffffff, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  706.158675] binder_alloc: binder_alloc_mmap_handler: 16889 20001000-20004000 already mapped failed -16
[  706.193456] binder: BINDER_SET_CONTEXT_MGR already set
14:58:10 executing program 2:

[  706.222151] binder: BINDER_SET_CONTEXT_MGR already set
[  706.228173] binder: 16890:16894 ioctl 40046207 0 returned -16
14:58:10 executing program 2:

14:58:10 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x3400, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:58:10 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0xc0045878, 0x713000)

[  706.271695] binder: 16889:16891 ioctl 40046207 0 returned -16
14:58:10 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0xf5ffffff, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  706.318442] binder_alloc: binder_alloc_mmap_handler: 16890 20001000-20004000 already mapped failed -16
14:58:11 executing program 2:

14:58:11 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0x40046207, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:58:11 executing program 2:

14:58:11 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0x40046207, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:58:11 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0xc0189436, 0x713000)

[  706.486358] binder: BINDER_SET_CONTEXT_MGR already set
[  706.505758] binder: 16918:16920 ioctl 40046207 20000780 returned -16
14:58:11 executing program 2:

[  706.537464] binder_alloc: binder_alloc_mmap_handler: 16918 20001000-20004000 already mapped failed -16
14:58:11 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0xfdffffff, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  706.585189] binder: BINDER_SET_CONTEXT_MGR already set
14:58:11 executing program 2:

[  706.637680] binder: BINDER_SET_CONTEXT_MGR already set
[  706.647531] binder: 16929:16931 ioctl 40046207 0 returned -16
14:58:11 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0xc020660b, 0x713000)

[  706.684117] binder: 16918:16920 ioctl 40046207 0 returned -16
[  706.684192] binder: BINDER_SET_CONTEXT_MGR already set
[  706.712143] binder: 16918:16934 ioctl 40046207 20000780 returned -16
[  706.724115] binder: BINDER_SET_CONTEXT_MGR already set
[  706.787929] binder: BINDER_SET_CONTEXT_MGR already set
[  706.788515] binder: 16929:16938 ioctl 40046207 0 returned -16
[  706.805446] binder: 16929:16951 ioctl 40046207 20000780 returned -16
14:58:11 executing program 2:

14:58:11 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0x40046208, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:58:11 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0xfe800000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:58:11 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x400000)

14:58:11 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0x40046208, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:58:11 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x3f00, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:58:11 executing program 2:

14:58:11 executing program 2:

14:58:11 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0x40049409, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  707.042603] binder: BINDER_SET_CONTEXT_MGR already set
[  707.050636] binder: BINDER_SET_CONTEXT_MGR already set
[  707.056125] binder: 16957:16963 ioctl 40046207 0 returned -16
[  707.064726] binder: 16959:16965 ioctl 40046207 0 returned -16
14:58:11 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0x40049409, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:58:11 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x50a000)

14:58:11 executing program 2:

14:58:11 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0xfeffffff, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  707.180732] binder: BINDER_SET_CONTEXT_MGR already set
14:58:11 executing program 2:

[  707.238264] binder: 16980:16981 ioctl 40046207 0 returned -16
[  707.264867] binder: BINDER_SET_CONTEXT_MGR already set
14:58:11 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0x4020940d, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:58:12 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0x4020940d, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  707.295556] binder: 16986:16987 ioctl 40046207 0 returned -16
14:58:12 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x70a000)

[  707.432503] binder: BINDER_SET_CONTEXT_MGR already set
[  707.463052] binder: 17003:17005 ioctl 40046207 0 returned -16
14:58:12 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x4000, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:58:12 executing program 2:

14:58:12 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0xff0f0000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:58:12 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0045878, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:58:12 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0045878, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:58:12 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x740000)

[  707.686304] binder: BINDER_SET_CONTEXT_MGR already set
14:58:12 executing program 2:

14:58:12 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0045878, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  707.707749] binder: 17023:17025 ioctl 40046207 0 returned -16
[  707.708329] binder: BINDER_SET_CONTEXT_MGR already set
[  707.747363] binder: 17021:17022 ioctl 40046207 0 returned -16
14:58:12 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0xffffff91, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:58:12 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x940000)

14:58:12 executing program 2:
perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x4000, 0x0)
ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, 0x0)
socket(0x13, 0x0, 0x0)
getsockopt$IP6T_SO_GET_INFO(0xffffffffffffffff, 0x29, 0x40, 0x0, &(0x7f0000000340))

[  707.827318] binder: BINDER_SET_CONTEXT_MGR already set
[  707.844174] binder: 17037:17038 ioctl 40046207 0 returned -16
14:58:12 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0045878, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  707.978257] binder: BINDER_SET_CONTEXT_MGR already set
[  707.994485] binder: 17052:17054 ioctl 40046207 0 returned -16
14:58:12 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x5c00, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:58:12 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0046209, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:58:12 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0046209, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:58:12 executing program 2:
syz_mount_image$ext4(&(0x7f0000000040)='ext2\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000300)="803f8e15d67d00001b000300e60100006cff9906000000000020000001100000004000000040000080000800000400000000be5a0000ffff53ef23e8ea0f90f72d4cf1bc6cd060f04c5d70dd19b538028c31f363c5aeba929b939bc9dc2d79584da0", 0x62, 0x400}], 0x0, 0x0)

14:58:12 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0xfffffff5, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  708.281752] EXT4-fs (loop2): couldn't mount as ext2 due to feature incompatibilities
[  708.336412] binder: BINDER_SET_CONTEXT_MGR already set
[  708.359026] binder: 17067:17081 ioctl 40046207 0 returned -16
[  708.370546] EXT4-fs (loop2): couldn't mount as ext2 due to feature incompatibilities
14:58:13 executing program 2:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x76, 0x4)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e23, @multicast2}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000140)='vegas\x00', 0x6)
sendmsg$TIPC_NL_SOCK_GET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0x1}}, 0x0)
write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0x590)

14:58:13 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0xfffffffd, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:58:13 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0xfffffffe, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:58:13 executing program 2:

[  708.857873] binder: BINDER_SET_CONTEXT_MGR already set
[  708.866612] binder: BINDER_SET_CONTEXT_MGR already set
[  708.874812] binder: 17067:17071 ioctl 40046207 0 returned -16
[  708.883194] binder: 17068:17069 ioctl 40046207 0 returned -16
[  709.768152] net_ratelimit: 18 callbacks suppressed
[  709.768160] protocol 88fb is buggy, dev hsr_slave_0
[  709.778227] protocol 88fb is buggy, dev hsr_slave_1
[  709.783307] protocol 88fb is buggy, dev hsr_slave_0
[  709.788375] protocol 88fb is buggy, dev hsr_slave_1
[  709.793461] protocol 88fb is buggy, dev hsr_slave_0
[  709.798531] protocol 88fb is buggy, dev hsr_slave_1
[  710.248183] protocol 88fb is buggy, dev hsr_slave_0
[  710.253280] protocol 88fb is buggy, dev hsr_slave_1
[  710.741077] device bridge_slave_1 left promiscuous mode
[  710.744584] IPVS: ftp: loaded support on port[0] = 21
[  710.747455] bridge0: port 2(bridge_slave_1) entered disabled state
[  710.813457] device bridge_slave_0 left promiscuous mode
[  710.819187] bridge0: port 1(bridge_slave_0) entered disabled state
[  710.968384] protocol 88fb is buggy, dev hsr_slave_0
[  710.973488] protocol 88fb is buggy, dev hsr_slave_1
[  713.801713] device hsr_slave_1 left promiscuous mode
[  713.854754] device hsr_slave_0 left promiscuous mode
[  713.904076] team0 (unregistering): Port device team_slave_1 removed
[  713.917920] team0 (unregistering): Port device team_slave_0 removed
[  713.932189] bond0 (unregistering): Releasing backup interface bond_slave_1
[  713.996135] bond0 (unregistering): Releasing backup interface bond_slave_0
[  714.097779] bond0 (unregistering): Released all slaves
[  714.260210] chnl_net:caif_netlink_parms(): no params data found
[  714.287002] bridge0: port 1(bridge_slave_0) entered blocking state
[  714.293600] bridge0: port 1(bridge_slave_0) entered disabled state
[  714.300784] device bridge_slave_0 entered promiscuous mode
[  714.307530] bridge0: port 2(bridge_slave_1) entered blocking state
[  714.313953] bridge0: port 2(bridge_slave_1) entered disabled state
[  714.321130] device bridge_slave_1 entered promiscuous mode
[  714.336571] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  714.345483] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  714.361385] team0: Port device team_slave_0 added
[  714.367247] team0: Port device team_slave_1 added
[  714.421050] device hsr_slave_0 entered promiscuous mode
[  714.468689] device hsr_slave_1 entered promiscuous mode
[  714.576581] bridge0: port 2(bridge_slave_1) entered blocking state
[  714.582991] bridge0: port 2(bridge_slave_1) entered forwarding state
[  714.589680] bridge0: port 1(bridge_slave_0) entered blocking state
[  714.596019] bridge0: port 1(bridge_slave_0) entered forwarding state
[  714.624359] 8021q: adding VLAN 0 to HW filter on device bond0
[  714.635770] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  714.645094] bridge0: port 1(bridge_slave_0) entered disabled state
[  714.663869] bridge0: port 2(bridge_slave_1) entered disabled state
[  714.683399] 8021q: adding VLAN 0 to HW filter on device team0
[  714.699927] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  714.707940] bridge0: port 1(bridge_slave_0) entered blocking state
[  714.714354] bridge0: port 1(bridge_slave_0) entered forwarding state
[  714.741523] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  714.750156] bridge0: port 2(bridge_slave_1) entered blocking state
[  714.756521] bridge0: port 2(bridge_slave_1) entered forwarding state
[  714.764443] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  714.773270] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  714.788746] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  714.795876] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  714.803822] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  714.812405] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  714.835379] 8021q: adding VLAN 0 to HW filter on device batadv0
[  714.928180] net_ratelimit: 18 callbacks suppressed
[  714.928188] protocol 88fb is buggy, dev hsr_slave_0
[  714.938243] protocol 88fb is buggy, dev hsr_slave_1
[  715.048149] protocol 88fb is buggy, dev hsr_slave_0
[  715.053234] protocol 88fb is buggy, dev hsr_slave_1
[  715.128160] protocol 88fb is buggy, dev hsr_slave_0
[  715.133263] protocol 88fb is buggy, dev hsr_slave_1
[  715.168162] protocol 88fb is buggy, dev hsr_slave_0
[  715.173269] protocol 88fb is buggy, dev hsr_slave_1
[  715.288466] protocol 88fb is buggy, dev hsr_slave_0
[  715.293734] protocol 88fb is buggy, dev hsr_slave_1
[  716.538925] device bridge_slave_1 left promiscuous mode
[  716.544424] bridge0: port 2(bridge_slave_1) entered disabled state
[  716.609231] device bridge_slave_0 left promiscuous mode
[  716.614716] bridge0: port 1(bridge_slave_0) entered disabled state
[  716.741975] device hsr_slave_1 left promiscuous mode
[  716.799646] device hsr_slave_0 left promiscuous mode
[  716.865162] team0 (unregistering): Port device team_slave_1 removed
[  716.877372] team0 (unregistering): Port device team_slave_0 removed
[  716.889892] bond0 (unregistering): Releasing backup interface bond_slave_1
[  716.945656] bond0 (unregistering): Releasing backup interface bond_slave_0
[  717.074421] bond0 (unregistering): Released all slaves
[  717.197121] IPVS: ftp: loaded support on port[0] = 21
[  717.263217] chnl_net:caif_netlink_parms(): no params data found
[  717.294248] bridge0: port 1(bridge_slave_0) entered blocking state
[  717.300947] bridge0: port 1(bridge_slave_0) entered disabled state
[  717.307816] device bridge_slave_0 entered promiscuous mode
[  717.317746] bridge0: port 2(bridge_slave_1) entered blocking state
[  717.325065] bridge0: port 2(bridge_slave_1) entered disabled state
[  717.332282] device bridge_slave_1 entered promiscuous mode
[  717.348559] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  717.357312] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  717.375730] team0: Port device team_slave_0 added
[  717.382083] team0: Port device team_slave_1 added
[  717.450537] device hsr_slave_0 entered promiscuous mode
[  717.488459] device hsr_slave_1 entered promiscuous mode
[  717.616473] bridge0: port 2(bridge_slave_1) entered blocking state
[  717.622880] bridge0: port 2(bridge_slave_1) entered forwarding state
[  717.629521] bridge0: port 1(bridge_slave_0) entered blocking state
[  717.635886] bridge0: port 1(bridge_slave_0) entered forwarding state
[  717.664478] 8021q: adding VLAN 0 to HW filter on device bond0
[  717.677698] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  717.685868] bridge0: port 1(bridge_slave_0) entered disabled state
[  717.693286] bridge0: port 2(bridge_slave_1) entered disabled state
[  717.713640] 8021q: adding VLAN 0 to HW filter on device team0
[  717.723948] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  717.732517] bridge0: port 1(bridge_slave_0) entered blocking state
[  717.738914] bridge0: port 1(bridge_slave_0) entered forwarding state
[  717.760324] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  717.767960] bridge0: port 2(bridge_slave_1) entered blocking state
[  717.774353] bridge0: port 2(bridge_slave_1) entered forwarding state
[  717.783273] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  717.791427] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  717.805936] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  717.816500] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  717.828258] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  717.835391] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  717.845187] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  717.869174] 8021q: adding VLAN 0 to HW filter on device batadv0
[  717.876158] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  719.478985] device bridge_slave_1 left promiscuous mode
[  719.484483] bridge0: port 2(bridge_slave_1) entered disabled state
[  719.539034] device bridge_slave_0 left promiscuous mode
[  719.544517] bridge0: port 1(bridge_slave_0) entered disabled state
[  719.692435] device hsr_slave_1 left promiscuous mode
[  719.724902] device hsr_slave_0 left promiscuous mode
[  719.784558] team0 (unregistering): Port device team_slave_1 removed
[  719.808168] team0 (unregistering): Port device team_slave_0 removed
[  719.829838] bond0 (unregistering): Releasing backup interface bond_slave_1
[  719.873702] bond0 (unregistering): Releasing backup interface bond_slave_0
[  719.976794] bond0 (unregistering): Released all slaves
[  720.125545] IPVS: ftp: loaded support on port[0] = 21
[  720.178147] net_ratelimit: 30 callbacks suppressed
[  720.178154] protocol 88fb is buggy, dev hsr_slave_0
[  720.183156] protocol 88fb is buggy, dev hsr_slave_1
[  720.193232] protocol 88fb is buggy, dev hsr_slave_0
[  720.198287] protocol 88fb is buggy, dev hsr_slave_1
[  720.217157] chnl_net:caif_netlink_parms(): no params data found
[  720.244909] bridge0: port 1(bridge_slave_0) entered blocking state
[  720.251401] bridge0: port 1(bridge_slave_0) entered disabled state
[  720.258402] device bridge_slave_0 entered promiscuous mode
[  720.265072] bridge0: port 2(bridge_slave_1) entered blocking state
[  720.271527] bridge0: port 2(bridge_slave_1) entered disabled state
[  720.278642] device bridge_slave_1 entered promiscuous mode
[  720.294232] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  720.303200] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  720.323480] team0: Port device team_slave_0 added
[  720.330060] team0: Port device team_slave_1 added
[  720.399685] device hsr_slave_0 entered promiscuous mode
[  720.438446] device hsr_slave_1 entered promiscuous mode
[  720.572339] bridge0: port 2(bridge_slave_1) entered blocking state
[  720.578859] bridge0: port 2(bridge_slave_1) entered forwarding state
[  720.585423] bridge0: port 1(bridge_slave_0) entered blocking state
[  720.591827] bridge0: port 1(bridge_slave_0) entered forwarding state
[  720.620528] 8021q: adding VLAN 0 to HW filter on device bond0
[  720.633633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  720.642262] bridge0: port 1(bridge_slave_0) entered disabled state
[  720.649678] bridge0: port 2(bridge_slave_1) entered disabled state
[  720.658158] protocol 88fb is buggy, dev hsr_slave_0
[  720.663220] protocol 88fb is buggy, dev hsr_slave_1
[  720.677882] 8021q: adding VLAN 0 to HW filter on device team0
[  720.696519] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  720.704790] bridge0: port 1(bridge_slave_0) entered blocking state
[  720.711193] bridge0: port 1(bridge_slave_0) entered forwarding state
[  720.741039] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  720.749448] bridge0: port 2(bridge_slave_1) entered blocking state
[  720.755798] bridge0: port 2(bridge_slave_1) entered forwarding state
[  720.763735] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  720.777755] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  720.786279] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  720.803473] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  720.820977] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  720.832514] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  720.841848] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  720.867893] 8021q: adding VLAN 0 to HW filter on device batadv0
[  720.928200] protocol 88fb is buggy, dev hsr_slave_0
[  720.933336] protocol 88fb is buggy, dev hsr_slave_1
[  721.048217] protocol 88fb is buggy, dev hsr_slave_0
[  721.053319] protocol 88fb is buggy, dev hsr_slave_1
[  722.218968] device bridge_slave_1 left promiscuous mode
[  722.224463] bridge0: port 2(bridge_slave_1) entered disabled state
[  722.288899] device bridge_slave_0 left promiscuous mode
[  722.294352] bridge0: port 1(bridge_slave_0) entered disabled state
[  722.420580] device hsr_slave_1 left promiscuous mode
[  722.475708] device hsr_slave_0 left promiscuous mode
[  722.534520] team0 (unregistering): Port device team_slave_1 removed
[  722.546519] team0 (unregistering): Port device team_slave_0 removed
[  722.558566] bond0 (unregistering): Releasing backup interface bond_slave_1
[  722.587158] bond0 (unregistering): Releasing backup interface bond_slave_0
[  722.688007] bond0 (unregistering): Released all slaves
[  722.860358] IPVS: ftp: loaded support on port[0] = 21
[  722.922600] chnl_net:caif_netlink_parms(): no params data found
[  723.009950] bridge0: port 1(bridge_slave_0) entered blocking state
[  723.016463] bridge0: port 1(bridge_slave_0) entered disabled state
[  723.023523] device bridge_slave_0 entered promiscuous mode
[  723.039709] bridge0: port 2(bridge_slave_1) entered blocking state
[  723.046144] bridge0: port 2(bridge_slave_1) entered disabled state
[  723.054234] device bridge_slave_1 entered promiscuous mode
[  723.072255] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  723.081526] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  723.100070] team0: Port device team_slave_0 added
[  723.106315] team0: Port device team_slave_1 added
[  723.166143] device hsr_slave_0 entered promiscuous mode
[  723.248428] device hsr_slave_1 entered promiscuous mode
[  723.367209] bridge0: port 2(bridge_slave_1) entered blocking state
[  723.373634] bridge0: port 2(bridge_slave_1) entered forwarding state
[  723.380309] bridge0: port 1(bridge_slave_0) entered blocking state
[  723.386665] bridge0: port 1(bridge_slave_0) entered forwarding state
[  723.402058] bridge0: port 1(bridge_slave_0) entered disabled state
[  723.413188] bridge0: port 2(bridge_slave_1) entered disabled state
[  723.466567] 8021q: adding VLAN 0 to HW filter on device bond0
[  723.486241] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  723.494605] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  723.510599] 8021q: adding VLAN 0 to HW filter on device team0
[  723.526030] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  723.534569] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  723.548579] bridge0: port 1(bridge_slave_0) entered blocking state
[  723.554941] bridge0: port 1(bridge_slave_0) entered forwarding state
[  723.580088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  723.589195] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  723.596851] bridge0: port 2(bridge_slave_1) entered blocking state
[  723.603248] bridge0: port 2(bridge_slave_1) entered forwarding state
[  723.617233] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  723.634566] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  723.643209] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  723.656982] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  723.672357] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  723.683069] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  723.694554] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  723.702451] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  723.710679] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  723.718588] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  723.726088] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  723.733857] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  723.741529] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  723.758808] 8021q: adding VLAN 0 to HW filter on device batadv0
[  723.765308] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  724.838700] device bridge_slave_1 left promiscuous mode
[  724.844169] bridge0: port 2(bridge_slave_1) entered disabled state
[  724.938903] device bridge_slave_0 left promiscuous mode
[  724.944350] bridge0: port 1(bridge_slave_0) entered disabled state
[  725.070726] device hsr_slave_1 left promiscuous mode
[  725.112938] device hsr_slave_0 left promiscuous mode
[  725.184531] team0 (unregistering): Port device team_slave_1 removed
[  725.196583] team0 (unregistering): Port device team_slave_0 removed
[  725.208675] bond0 (unregistering): Releasing backup interface bond_slave_1
[  725.243566] bond0 (unregistering): Releasing backup interface bond_slave_0
[  725.355616] bond0 (unregistering): Released all slaves
[  725.506493] IPVS: ftp: loaded support on port[0] = 21
[  725.528191] net_ratelimit: 32 callbacks suppressed
[  725.528198] protocol 88fb is buggy, dev hsr_slave_0
[  725.538315] protocol 88fb is buggy, dev hsr_slave_1
[  725.572749] chnl_net:caif_netlink_parms(): no params data found
[  725.603367] bridge0: port 1(bridge_slave_0) entered blocking state
[  725.610051] bridge0: port 1(bridge_slave_0) entered disabled state
[  725.616867] device bridge_slave_0 entered promiscuous mode
[  725.624127] bridge0: port 2(bridge_slave_1) entered blocking state
[  725.630574] bridge0: port 2(bridge_slave_1) entered disabled state
[  725.637384] device bridge_slave_1 entered promiscuous mode
[  725.656363] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  725.665274] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  725.682733] team0: Port device team_slave_0 added
[  725.688938] team0: Port device team_slave_1 added
[  725.760033] device hsr_slave_0 entered promiscuous mode
[  725.808525] device hsr_slave_1 entered promiscuous mode
[  725.922946] bridge0: port 2(bridge_slave_1) entered blocking state
[  725.928175] protocol 88fb is buggy, dev hsr_slave_0
[  725.929357] bridge0: port 2(bridge_slave_1) entered forwarding state
[  725.934356] protocol 88fb is buggy, dev hsr_slave_1
[  725.940961] bridge0: port 1(bridge_slave_0) entered blocking state
[  725.952215] bridge0: port 1(bridge_slave_0) entered forwarding state
[  726.008439] 8021q: adding VLAN 0 to HW filter on device bond0
[  726.027141] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  726.035060] bridge0: port 1(bridge_slave_0) entered disabled state
[  726.049144] bridge0: port 2(bridge_slave_1) entered disabled state
[  726.061576] 8021q: adding VLAN 0 to HW filter on device team0
[  726.079922] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  726.087911] bridge0: port 1(bridge_slave_0) entered blocking state
[  726.094327] bridge0: port 1(bridge_slave_0) entered forwarding state
[  726.124574] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  726.132791] bridge0: port 2(bridge_slave_1) entered blocking state
[  726.139191] bridge0: port 2(bridge_slave_1) entered forwarding state
[  726.153522] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  726.173696] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  726.183697] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  726.195678] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  726.205493] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  726.217638] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  726.232209] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  726.253438] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  726.266590] 8021q: adding VLAN 0 to HW filter on device batadv0
[  726.338166] protocol 88fb is buggy, dev hsr_slave_0
[  726.343298] protocol 88fb is buggy, dev hsr_slave_1
[  726.408202] protocol 88fb is buggy, dev hsr_slave_0
[  726.413299] protocol 88fb is buggy, dev hsr_slave_1
[  726.418422] protocol 88fb is buggy, dev hsr_slave_0
[  726.423584] protocol 88fb is buggy, dev hsr_slave_1
14:58:31 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0xff600000)

14:58:31 executing program 2:

14:58:31 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x5000000000000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:58:31 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc018620b, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:58:31 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc018620b, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:58:31 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x6000, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  726.530079] binder: BINDER_SET_CONTEXT_MGR already set
[  726.541093] binder: 17154:17156 ioctl 40046207 0 returned -16
[  726.548847] binder_alloc_mmap_handler: 13 callbacks suppressed
[  726.548861] binder_alloc: binder_alloc_mmap_handler: 17157 20001000-20004000 already mapped failed -16
[  726.556384] binder_alloc: binder_alloc_mmap_handler: 17154 20001000-20004000 already mapped failed -16
14:58:31 executing program 2:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x500, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  726.583829] binder: BINDER_SET_CONTEXT_MGR already set
[  726.612931] binder: 17157:17158 ioctl 40046207 0 returned -16
[  726.620538] binder: BINDER_SET_CONTEXT_MGR already set
[  726.641223] binder: 17154:17156 ioctl 40046207 0 returned -16
14:58:31 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc018620c, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:58:31 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x10000000000000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:58:31 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x7fffffffefff)

14:58:31 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc018620c, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  726.772526] binder: 17177 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[  726.772538] binder: 17177:17178 ioctl c018620c 20000780 returned -22
[  726.866038] binder: BINDER_SET_CONTEXT_MGR already set
[  726.892425] binder: 17188:17189 ioctl 40046207 0 returned -16
[  726.900368] binder_alloc: binder_alloc_mmap_handler: 17177 20001000-20004000 already mapped failed -16
[  726.911221] binder: 17188 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[  726.911235] binder: 17188:17193 ioctl c018620c 20000780 returned -22
14:58:31 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x100000000000000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:58:31 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0xffffffffff600000)

[  726.952875] binder: 17177 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[  726.952889] binder: 17177:17178 ioctl c018620c 20000780 returned -22
14:58:31 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0189436, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  727.062482] binder_alloc: binder_alloc_mmap_handler: 17188 20001000-20004000 already mapped failed -16
14:58:31 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x200000000000000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  727.132954] binder: 17188 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[  727.132977] binder: 17188:17193 ioctl c018620c 20000780 returned -22
14:58:31 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)

[  727.258881] binder_alloc: binder_alloc_mmap_handler: 17207 20001000-20004000 already mapped failed -16
14:58:31 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0189436, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  727.315358] binder: BINDER_SET_CONTEXT_MGR already set
[  727.339028] binder: 17207:17208 ioctl 40046207 0 returned -16
[  727.403918] binder_alloc: binder_alloc_mmap_handler: 17219 20001000-20004000 already mapped failed -16
14:58:32 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x80fe, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  727.508375] binder: BINDER_SET_CONTEXT_MGR already set
[  727.513723] binder: 17219:17221 ioctl 40046207 0 returned -16
14:58:32 executing program 2:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0x500, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:58:32 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x300000000000000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:58:32 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc020660b, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:58:32 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vhost-vsock\x00', 0x2, 0x0)
fstat(r0, &(0x7f00000000c0))
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0)
r3 = dup3(r2, r0, 0x80000)
ioctl$sock_SIOCGIFBR(r0, 0x8940, &(0x7f0000000080)=@add_del={0x2, &(0x7f0000000040)='veth0\x00'})
ioctl$KVM_ASSIGN_SET_INTX_MASK(r3, 0x4040aea4, &(0x7f0000000280)={0x5, 0x4, 0x9, 0x2, 0x800})
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)
ioctl$KDSKBSENT(r1, 0x4b49, &(0x7f0000000180)="2b8d844aea011b4c142570aeef69a313d3a677da4e9bf5e910f54cf9a71d0d885d85fac4f10b7a9dfa69fe9f395d528b52b73feb20662f37ce3ba2dddceecc5a3ddff18183c83550ce7b1905")

14:58:32 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc020660b, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  727.667991] binder_alloc: binder_alloc_mmap_handler: 17233 20001000-20004000 already mapped failed -16
[  727.705858] binder: BINDER_SET_CONTEXT_MGR already set
[  727.716287] binder: 17237:17243 ioctl 40046207 0 returned -16
[  727.726565] binder: BINDER_SET_CONTEXT_MGR already set
[  727.745361] binder_alloc: binder_alloc_mmap_handler: 17237 20001000-20004000 already mapped failed -16
[  727.752327] binder: 17233:17236 ioctl 40046207 0 returned -16
[  727.781921] binder: BINDER_SET_CONTEXT_MGR already set
14:58:32 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x400000000000000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  727.804227] binder: 17237:17243 ioctl 40046207 0 returned -16
14:58:32 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306202, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:58:32 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000040)={0xffffffffffffff9c, 0x10, &(0x7f0000000000)={&(0x7f0000000180)=""/4096, 0x1000, <r1=>0x0}}, 0x10)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000080)=r1, 0x4)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vhost-vsock\x00', 0x2, 0x0)
r3 = dup3(r2, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)
ioctl$UI_SET_FFBIT(r3, 0x4004556b, 0x7f)

14:58:32 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306202, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  727.963751] binder: 17258:17260 ioctl c0306202 20000780 returned -22
[  728.001415] binder: BINDER_SET_CONTEXT_MGR already set
[  728.006850] binder: 17265:17266 ioctl 40046207 0 returned -16
14:58:32 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x500000000000000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  728.014312] binder: 17265:17266 ioctl c0306202 20000780 returned -22
[  728.021541] binder_alloc: binder_alloc_mmap_handler: 17258 20001000-20004000 already mapped failed -16
[  728.032937] binder_alloc: binder_alloc_mmap_handler: 17265 20001000-20004000 already mapped failed -16
[  728.047737] binder: BINDER_SET_CONTEXT_MGR already set
[  728.054632] binder: 17265:17269 ioctl c0306202 20000780 returned -22
[  728.061466] binder: 17258:17260 ioctl 40046207 0 returned -16
[  728.067500] binder: 17258:17268 ioctl c0306202 20000780 returned -22
[  728.074303] binder: BINDER_SET_CONTEXT_MGR already set
[  728.098262] binder: 17265:17266 ioctl 40046207 0 returned -16
14:58:32 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x3)
ioctl$sock_inet_udp_SIOCINQ(r0, 0x541b, &(0x7f0000000000))
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)

14:58:33 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0xc0fe, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:58:33 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306203, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:58:33 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306203, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:58:33 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x600000000000000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:58:33 executing program 2 (fault-call:4 fault-nth:0):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")

14:58:33 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x400000, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffff9c, &(0x7f0000000100)={0x10, 0x30, 0xfa00, {&(0x7f00000000c0)={<r2=>0xffffffffffffffff}, 0x3, {0xa, 0x4e23, 0xffffffffffffffae, @empty, 0x1fc00000000000}}}, 0x38)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f0000000140)={0x11, 0x10, 0xfa00, {&(0x7f0000000080), r2}}, 0x18)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
r4 = dup3(r3, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000180)=0x1, 0x4)
ioctl$KVM_CREATE_PIT2(r4, 0x4040ae77, &(0x7f0000000000)={0x3})

[  728.525376] binder: 17286:17288 ioctl c0306203 20000780 returned -22
[  728.544631] binder: BINDER_SET_CONTEXT_MGR already set
[  728.553624] binder: 17287:17291 ioctl 40046207 0 returned -16
[  728.562558] binder: 17287:17291 ioctl c0306203 20000780 returned -22
14:58:33 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306209, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  728.572154] binder: BINDER_SET_CONTEXT_MGR already set
[  728.577558] binder: 17286:17299 ioctl c0306203 20000780 returned -22
[  728.583303] binder: 17287:17301 ioctl c0306203 20000780 returned -22
[  728.585553] binder: 17287:17291 ioctl 40046207 0 returned -16
[  728.604561] Bluetooth: hci1: Frame reassembly failed (-84)
14:58:33 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/raw6\x00')
ioctl$VIDIOC_ENUMAUDOUT(r1, 0xc0345642, &(0x7f0000000040)={0x3, "9914e4c3005d4a07ad80fb44bf5c0b31a21ed9a8aac5036f50f9f417e5dfb704", 0x1, 0x1})
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r1, 0x81785501, &(0x7f0000000080)=""/185)
r2 = dup3(r0, r0, 0x80000)
ioctl$KVM_SET_NESTED_STATE(r2, 0x4080aebf, &(0x7f0000000340)={0x1, 0x0, 0x2080, {0x2000, 0x2, 0x2}, [], "b76337807c3ffe3fba38277e954b9253f525026e9270467c6a4aba39e052bc71bc97b78b60a26d769c3cadd0835579c5ec748a7b1d193129567caa672473b2cb36ae1267c22c31015d9356802873082a1df86c42f81cacb412c96668413fc791575f1b106b28a53f582e1e908d37f946559a1e94993a6e84d3b5aa9c619794dfe7f09be51d4906b1ec125934dea382126f8aebca103099ea7ce434e70fcddb270d88e43c430cec048225da10f905671536de803e844d17ac401843a74aff60c2dc4bab57d0ff1d33ca7003564f286d7cbd7cd4375dc0f945eebc67ad9dd91c297f1aa120d7c712611bcd0023e9d7f9f5b71044786ffccf70fb74adc3a8cc0c2834023a5e54ef76479e7ccb60325e170e00233461e5d05ca4aa94ab53e76d50910d4c1ebdaf50b1133dee8958a5ee514fee55b35c42c4fd7d3a7e76d2e8433e9839399b61f8ad5c168d5899ab7c1bdfcf8802391604b24ea9e5df24a42d378325f8cc9b7a441b6b8281041d8b42721a4362e88eac49145b3e499a0e2dd2022dd73309ba4d5813f80f512ea1be723fcf8a1003cae79e327e07ac4d9185196b04ab218b0710ded0b9a0501a0fa15a638e47b3741c001c72939e5d262ade17e628211397ec675b005bada585491c9940bc356a1ee9a56f0665daaf405ec8a7794ccbd903421bcf2df0c954651d451f21d2d06744835f72e6602645decd5e6df1857af0fbd0a083a19fed49a41f73c6181c051c4ce71a155982190f52ee17dfe1c1560347ff7193f56d4a8f3e2d06a4f61aee144d284d1c3a3412c6dbc31ee47474bce4713c62af755cc73f3eb2dfc1dc24512987f007e31c72baa834ee89db65a89733bf83b65603f108e20d5eb9f0c08b794afa3a2deb8a98d5cc3c3dfdddffe3d7da1974ee4eb78bf77af66b91824bc71a4cbe85d8678a3d4e8bfc96c632250b0538236b8d13cf34dc9a03cdbaf8229522a38dcdff2d8a84cc6ab78250e021f5e6a7cf848729c1b2eccc7bb7b815102c7dbb322c86a2ca842f634f21abb32e1fa425060406ef76b752ed09743c6b298bbb56c5cd524c69186cae894d2d12fa48df594c80c66b5feae34b20eec763d506bc58713a54ee9a4ddf058d4b697226dbf851c7a4b819338c4c8913a83d404c5d7ed2d87e5c328d3b5c06f7eccbdfc0209a09b56eff152e9b50dfc7feacf5de692bcc28eaab5f7ee5573ced025bacce04585463e644f65a631036749520e8f273a9bb67216886b2a79c9d8d614526405199c668b8e97e9c9dd6c35594e2ec2e4fd12c8e76b6b34c34c576f1c854d4c1e40154e7207d85c3a1caa725a712e111f59308723a7040627919bbbea7fbf27b478dee3f08121b980d06d18742c5c2fb6557cf357cce9b84fffb87daa88aba43e86087757f84999ad9d65d040e94eb83b82fa8f0eea2396d7d649f7f8e8ea770d5ac465dd6ab23060a6987bd2aa790a142fc53754d9c39fffd480975fe06ae8cf6195445d896554a48f2644faae5aa2f5c46173b6d13be7f0e3c8ce8dc4fb68c17378215f34e8a225790c1243c0bedb29188df8c15e0e67554e12ead256b9d7b595a279dc96d4cfe6b2ffb5b60c874c8d320a53b7dfc9e79747362248c7402a94976f0bad8b55df4fd37dbcb94053c412f66e7eeb6d424b2af64b18673795660eb344369f1262c0f13730328d08a30f8120d8844ee039af87d49ff95af83788aa828538b299073326b5b26197897bb7df59288296df49cb46dd9420e8520c4a6d240714324ca86277c7af2f26b2bd5815d341f0d4ee70fd6e965d2f4ca41baf689f153137e02726d4a17676d3986b03d93793a145d0436a7d37420090e0bc98688e9ccd8fd765eebebcac4c12e1417da0ab24b80cb7b60d979ab4286fa5e14c9d3814c1b415c8976d2fb450124477942486efd50673fb8a28f05190f514f053592ead45f53803fd059a0021d758940a337b2cb61f2b70799de71bd47c5d2ef4fc125e849f397302ac5fe870b62ccc060281b4e6e170b429950032ec79674c55cdc381c55eecb02c0038e2bb0336957c08bb75c2e1450a411664f6005847d58355166716f89e55efd09b4be94b59776eb33639074f3af431bce08e9875f9ed70d16bbfb4013eb913a8b312fd7f1714f1478ffcee8fad717baecf26bbb4740ecba83b21b3f8ad3aab0a1908b7a06ac52af8991648d84be64eb8706d60e692b02f8ca81b84326799d43aea4fc63cfd1072edd571f48a799fa5ee772a56c4be858ff3a9228cb0565163aafd7b0511ae6e1ccf97b723bbe7aca07db717bd390ccb84eef8fccd4fc8a45c20b16c344b6e2f14732e66022fc8c803d1963160123231537bc8bf7a4f84702508c43c0672c6f014b95d860555db2173f6752e6635a1959d898aa3141bda12d9a2912286bd3832657e4bbc53136d44157a2313c501bd0e5b11ab254259b614f104162abc1cef8452c55f6a2ef6c275ed3716bd94a09b740bf61231e682a51a34053a9d47d8c9be00773feaab114379e409e3cb8a35048d23a48bc68c00e26e72a2ef01b3c457739fec70bf60a4325cc28faa1253afe7e37fbd8dd1d8d1df8f0cf47ad204ea625a9f78a53ab2537c32d0b1df1b282849378d96e4f9a43132dc077d8d9651097216ab633599f76b2143bff9f82cb7a92d4dc6bbd4d8ef03d30e8141f42deb45a40094bc82aa429d8323218372b20d25080697931febf5d985b786b07dd2444153afd1fe9080bc31f58207bfbcfc9bbc54039d5cde2f3a1b2e729e93bac530aaad35ca24695fb98817643bd9f43217abad9b9b941b91b19b276a59af7a44eb2d95c741c63e61446dda3fb2e82fea97094be4706513e4096879c5123d1f8773b17c91868dbb09235736cebf44482716af152f7bd3f9053987d17f8a1cec9edeb0da8095df2a5ea7d10b3384e7a8ff59fb99eac8a65397b7ff0a122d5dcb836dbd1746a6a5f6851113c6113bed830357fed7d32c0b28593be10c8fdb83c4cc8a4f3d3a8f1d93c37951b2ae8ac694494ac5183dced684f982a4a5dc4dd902bfdd227e58466fd22da13aea11c6f1af55148e05c39d3cd816dcba27576e1bc348fefa457ae47d0504766f693b95fdeac49702c6e3938b111d310283693d053ab21e3a1a70d33503f1db21c7cee045bb680e3d763224b311269f723c6384ed46288d85cab20eb9fa1db18a632b4befd0da572d5ef9330a85a8b0c8edff387714265d6e0950adddfb1949d499edbb976b75bd15570a1b0130cf250d6a10615066ced44ee18a9dc7805c28a6dbe6e9ad20b1a08bbf259241047ca86de60c379b02550c497ffca02810828e7a64e759341b5033f931233cc8e7dd17c63e0a16768acadc21acd84a6be5c37a8f6ae089bf5f4ef18edc50df1ae42fd46bb0255179c8580da248a82a3f95e5adc4f1685bf7eb665fb515ee15c431aaff80b9f71631d3a43f76d8953c42678a6a48ed08093d26fb613831c311c966b945a94b60a923943bde19297246d9251878525643533531f26b4b87d12cb80df305be305910d473a6bdb24e0aeeb75d63c422a55df707af435d858c52552ea5eff74731e9ebb9b2251bbacd30f7d39b41dab65ae5bef573afd2a171a6bd7c0d252478472881666c9c206a5b112e8450fa473c61a5fa65927e6a81da7d1eb95941e74011259653f21bdf3652f0fbc0a258da82ad98e45775995e482df051b41c19eaf83f872468cb8f11a08ab7b0e7c20b345e94ed4e6e9d9179f15118ac43612f5b4bfef50d765e2e0fcc0f623ff9698bf0df9f350cfa692253a78d114e8dd74de4a7e72eb6278b591366fbbc940c5952ceb591f5d499453b931759f490649ba37b76c8c89bde09b14aae62b0e0a59ce00af857d6374d6cdf00e656e848dbd2b7bd1e2ea42c65e50f14e993ce30fed5bf2dffcff74ac0299824b385db47b6ce3a1dfb7a1369ca40ae4d930070df5a332c5f5072c7e7c68e5937e29e60cc18e0cc546e1f87fae9a791e9ed1244dbb17de856fc37277e4cde7ad9969c8fd44fbaf06c73afe693309e10043543e93718d70acc4a7b5d05773e49393e2f960b81696311c871d61ff88dd2f767a8cbde4cdd65fe74e5fb1e8fee78a478baa5b8e1a6e708ae7ef64da52d61d05b8bfee03c9f89c62732d8a22e27feb9bee1a1a3447611f9d6ebd6d00f4f756bc3943d496f1055b8498f3052d177bf42548a38857be96118fccfb86c6f64116d4fffa46076381622e6675277eb2cfb4016ff41cbc4c5614bcb1db9400fa57a81499e8127dec1707cbe768a9c07cc34c43ac7a9927299c53fe7e6e6392e64690efd48c22daf312872fb03834090c5a1d67f66124a360378d5aac12beb7c026c725154e549e121692eaaa172bd2cdc12dd61ce4efce9a483968745480be1e38c2d17917b3721a38f2311d196fe3283eba590979907ed08ce41fe245716c7ac5a04066f277996c344197cae20cb83a85084690e5647db7201de35ad77617b2c0ed2ff89e93a19ebfe136a44696bd02397f3bad8aaa8397e86d9e74cd93c944a07351cbfed62459d5094977fd02e5598adbd99c3f5f165790b4df7c0b3991e50995fdd0c3b1047772dbfadea0e16f9f0de12be68abe7d1a5835221db64c8d6192cb74f793f4b3550b640db001aa3a931f9121e5aed1eff2ca61853dd3ca21750efabcff75bb5ebc5588ad1edbb7f7e6a077058e1e926b952bcaf4bb39f515a420040493046b7e7261e612d710879485b0352d949adb11c98ee875d4ecdd8a22bf0fc71300f3dd298d273668e9008257a083fa2f2e921f56bc17a9d254b613ee0d18eb60166e34b09682ec4c61c1d9520d44c92772b305a6317a238f4991a7325824da6bdea17b5c3d8fe156d1bb43fe5f5a56f8f5e28e51a5871b350d7a9f9f037dd37940fb37f444ac1453452407aed833554a2cb6ecbb8af19167d8fd8bc28900566559242cecb677033f2ef437796f5020a82c52cb73e7fcc3ea427b3446bd1399ead48d8876b6baa84fa7d92f0c4c2eba8f12c73b1474a9d3ca1d029f31e9dcca64ba44c2f54d4efa784300e29c6a34425f87cc7af5cee554a8a4a2ae39fc747600d525f5ecf7593069e3b8a7e4582274f9b0c0b8d4861e98ee6b1181eb2dc4ce15a718c729d159d0dd7ead5a4d6f02bc42ac271d7a7c8ca5a4cb7ce7c9e890578651088632deecc7e1075dc26e0c750e4c84bacf6b3df02eff0b188200193359187b11c51c381c253abb1c5f695f2f41be5bac3bc395a50436d690da7bc031d46dab68fdc643d6a435a4f1a3de5a5c864c0abfccc4d9648f59c4b29ecc4e199a48c1c52221fc22bb7473913711cacf913cc9d7dc4c099ad2dab545a6f8669f49be3bcef08b551ea10980007e6ec5f8c02394572571e3542f76e3711dcf7f9df9b8653720101dbd21d0cd035c290dc37909c3d09c52aa2dcb06b2d5e6eb32670506108b44ecd1c8c4f58a1441bc1a275b00bf523f4d221977e6b6711939b0cd1a08ed6316c33994ce9a98a6a4a17d4faa7ce7970a928b5796a3a79f2369482b0232fd0be4730229aa815cc3628840ee1f7519bd9eb1fcd2a801d71c02e273100912b8022c315250c73f86a09e323546c8f4f48dda5304adf11218463e1e79264241b138d5c9ebcc0dee3759e87affbb610200cabebadeeda9f9ebb8e0b0f645bd9dbb3e6f6246c5b0f01b9e04ac1018400cfbc76c549c20b205051bc38f35a43a6fdd453319dcebf1a396f9440652bd983ea1ca1f95127153af8420a081eb9971011fcc4c691df7a8749aea1ff602d5e8266f52f2ab01", "cd58c5e52a6428d22ef0bc53caad6cf9faea4e563c520f3159dcff2ce994b30770bf5bffcfb4112f8e47c8f608cb691fbfe57d66676b5c2ccf29788a6d0d5eec9d38d88e7d47b364c0aa8c58e185cfd9a48a3c8d9d8b8a89ff7801b25856d24f230afd5efdb7eef49b0eaa960b2c3c8cb97e015b05e80ab9d370d7b24feb3e3350088cccf7035c6f0cbbb6acacd48b6fbf7294ad213568ef69ceb252559070d96a1e22d10a5742b30b87fd9ca6a6cfb157ad27ec26059241578baaad5275c4bb099d9f1ddf6a30bc1dc0e4a471c15a6e21658423bf7662951b1909c9bee021c73470750438272b43a79f91636cb6a6f8a127fffade71e67cc0eb9025cead516d2739b76d0f9d1daaeb9273efcdbd23988b05698fb5bba0f2aa0a3cc6ed9c88213fa1e2b5f585114b004a67544a8a9e3307ef2d21f790d7a687b4b8ab4b37414d90ddb4fd046124c263f03a95488ede2ceff962e651f65177345cfc3785ac8b82ae8a766ff5a2919a154364d27a1d4b5d6365c7188658b8ad46db5ccdaf8213f2fdd3b8b1291ff0f81de93411461d86d7daf5a9091ba27f4307164e41034378330fe3dcdcd8236866fa4d41b57cff11cc9dcda763bf29cc5b71a939f96f4ea8a6cd59909bfd2f174a4483bdfcfe1ab44b5ba7d0d464a75e2449f814e85262d473b46084fe4901b814cef1e3f495ccce58211deb74c099292b0e6559705015b092b181d8f6409b0fa2ba2f4dd6ea7e9d6d0c2be5c78550a9187257e6100f7fc328b44f959f34f02a7e38de2318b1de401f1a83a735728dc4b21520df79c59e392254a77018ba6991f672d31ed6a3f3acdc38afd4b7d2ec879314559b3b446d88ac85b4de8c4a79c97f68f1afc7e4f1a6866cfde0b2c105d4eb77146f4d672d24bc1cbf6497cc978746f50ed2649819a1d3d77a39201c854bbf219574a11ea50a230fb2832751cf0640ed946e2fc7d31d1cbd4c71796763ad67defcff9a0c4e4e35d79a2ca41bae1e686a1c3f4425abda6125ceb5968307e9ebba1c360ce83c4e0553e773c7d7c0176be000a5c1bdded294e6480ea533b2f021e28044388505a5397744eef6cb024d35b30b02ff1620c60740d96dfffbd2dd662d64dda04baf3aa70bab49c532b60cc7d956fc58d26aede48d397254169785469841a8e1f9d3a6758f8f88df5c9dd16b51a6834c306b97da4a54a24f8aa1e551e103f8ec83f560d315ef1de454f0977325884469f9680613b1ee449448eb6c748aa4b79d646d13e6274eb2d638d350d435de68bad805612bab49e15c27a33e0efbaeba1d9cd96732b08c773d814047aeaf5b2bbd30fcd1f91c7198d41ea3473b9deacbf4dc5355cca733bb661cf8fec2aa43ce7ab758abb29a9eb2b2fdd35c6444c6e9efc7399ed735de80deb573ff06d5ee2d7d2a6e1428fafdf18e6a57041f822e42a8043511e177c224e7c99b19eb6e2436c03896d242071ea8ae20985dbfdeec05714ebec69460d1746b2e131c21eaeb61dbbb00fa964edb7fad6d90da56c0ed3f4fbaa6dda2451137bc55cfab54377b363daec82bc7927b04487986c9e0d1aa16d462e0fe495b234ae2eb9943a0802fdae26b21626dfefbb7a334fe0809cb0c9853e9bc90bb63468e7884736aa452adbd697ca58c2e69ce842464fc8566f515582e591128b6d31c629bc6b89ab1e119855e1148b59fe185444a2a08d45c034b97702bb8a856aefbfee34ee822af2c4cb1b0e583d9c1c988e67d6bf0e475d71a9036a8db14c872ff367e4a841a5273162b8109690c76526efe9d640033219c4a904c22359123da7d25425d7097f2b3f05e0a7b2252cf2ee83c8b4a7703f7e76ebf420f86cbaadd34c3c35d3e00c8db1e312a1d2820ec631667f87217fed73d20f7491809054e7dc1a3576d84fcbb5765aefc2d8c3ac3ea53b76b6f46f08ed47bb3bb435302a20c8171cf4bc7bb7debd3aa2df428e73e22c92245b5c80071045ecf2591a5c86e1847c0e95941c5e15fc7646abed7a11ef4d59ba51009b902e6fa8fb63c221a1cbef2aee0c23668d70d78618899f1ec730a766ced3dac097cb4da050953721bcb8eff69983ac17bf9e448b490d831cc5a45f28f46cebb5cad53e4ea161df969000f7c5f1f50bcc519543fd5683c0907c011535c5d22889315012d34c75b709bbd03caac7fddabafe37cc707c049f42eae95735244e5a4ac34dc7fe43a5dd0eef903e94f58844839ad3ab6e8779abb3966498fe6c097b9a2458ec40df964bc0055cae3f41c6c721ed4c56b9d22b82c31ff4c6e500dae72a47eea9a0eb3323f6eb2860e3a810688315fb30b3cec52169609c1b42f9167a9869a69f045f8ecbbbd480f97345158d1eaea5c66398a268c3b164997f42d7a349886ce9e171e109b79e7302b92f074bb5ef17d1d383d7e68eaad97c23b28678c163982244dc369983a489654595786804c8aab8ebc702ab6df19c645a29d9742ca47057c9c9e4d69ec2fa1d46b13b9395faf5a104e66bba927d2cf93a1c31cd522ba2eac6d2f7a64c0dbdc74ef2215bc39752f878c460f110f7d424714d688b108b22f14373279f24bdca99356a02c0853d9818e2fcabd3792b882e967bb4968bd10c8cbec9052ae83ab657f0e3145b20c165bba461762703353c4c881581d9f93ba1e56b7c0574a500c7c71b1ae7e4664576f48a489d5840e9d9bc29a85f8097f19cd724d4b731ec0743d84778ccf687161b89a1b63210ca8205e778fa76856a8280b54b051942bdab9d8edef62b276eff0eb7d9a44ab4b5f633ae79601376549336d31d97c91800af62e089186ef2309010d2c5142ec50d65c11b9990e2087f151e87bb44e16f324f861862efcdf5d242a0f69e65a75ef87e1053c7a7b1d733b46a9e9c68a89d5c5e5c57e7464f984ad30339035072067d7ca5249612ccf1f39ee4f3590dfb82bdd9e7dabe04f9804abecfbe4a51064454c91cf39da255b88b5a7be6ca44cc32738a134e108b7780e8211509e34289a5a6f95ffc1dc31bad9c80d449082a287fe2d361d70485e04cd831082261600b486f8e580ceb596532b7a40d75482015ac37e1186ea1b1fcd32b7bacfb5e9e707ac84090424450f4672ad0025c6937f1f226272045294fb19872b6e93a877687dc62b272729fb9dd456f4d98af930cd831afde67275699d8968c4fc3eaa1d2b922789ccaa5e99f93075bd73f253253efdaa99e6f3460af2e00a724eb72206dadb510a6e8f56b4a83177e3f3c82688f7f6eed6b70c972dee377b65b963e22745f274825da700a6dcf010be2f5480549ea05aaf6e1faba0e8ac1baae47d0ca5bb969845a3e31f487791634bb1699782f2795175ed663b4d945ebb3710b80cd25ff6ebf90735d5a4258d9bc9b1bebecdae8d5b364c09eee4f2eef44ef795d0d691b3967c6f7d3247d0100c80b324ba5890f20063a279d66fe29ea704fcce061e4039ed7c00fbeea664878b438085bc463c968a58ea8812568ac1538809bb6cddf6ef5276263b85aab19bad4149c54b68ceb2cdd3a798d8d77ae339ae64222e83055192b799a80dfb61a70881916f8bf59049529bc75022eb6961a1d7760d0eb6474ba5cbf75d82ed734889327da267739b06b50ae35c7eb9661f2167cf70636a34435551119fa399645380aed3eb3c5eb8c5fd6ab165398695fffa11cb5ba5c241ef76b7c127b9b9c06f9e6d9260315bbbaebb90a62a121c28d4b68d5a1b50f1f7e200327a29e0b76b089a01e1f97f975c34bcd0bf86aa399ea93acbfc41f3c6ed16652688956a1ab31127e29e2c25b08fbc9135f91a5d81dfd4bcf87b97cacabdd53e9132dc53fbcb6a544ec3687352e267718fb0e204a51e730a9c931eb9e5e197052057ac654410638960cd993d0e64f41d89949783e4af7e1ebdc36fdc4b1d55abb353764e6f2aa55e7985b8a530dec9d0a33e83c32cc8935fc351475872fc3dce5c9fec963231dc0fa2fd3ca18ed669ad18cf4af17e07fa74f8c62619d0f16131dc320c571c8dbd14fbf2c8a130ee4f403bc487094122cd187dec7d0868f0e04fc9150fff32b60bbd6d041f81e4c0eb885dab0832ab9acbe1ed24b5670c360db82920fcdebb4d9fb7a95680a347e7e6b8b83f1256cfeee66d5365c421c48ad0b71978bf2c862aae68691f7d96916647c6d345333553c7cfbc0c5fabd2e046270134181863d51343206d61121abd430e4b2cf86e29e85a86a26406cf3bd249ce6179c486872932b93cbb5b52ec68723ccd51294690573204b281f69d70cec2fb718c06c6de54f5bbfed2e27dc86c3e1eb84e2c29e6310dd1aa5a488bd7e569cb45d19f2c2a27b453d7df480e8d95088796b8e5b24220f38465185d691a987e29dfd45355f5a319b43cbdbd118ee882bf34d9750be4d100c76b781d204ca6828007dae4d1826be92b4fa9ec787399b2437b171a38fa689458e2337b12d5c82f65b680bb2ef5a5f423fd5f908c280212ec189b859fb645da6e07861ab9ebd88a3d38ca58e3abbb236f95403ea222d989883a687eb145c28624c033c5c540d780ddff87fafeedf6c2663d4f6c91078e8e01b8a85f2b358ba9cad07b88b104129f4441c656d82594f0f488845e85679707059e20ff6fc025d36c8439fd4e19d97ed76256e69460446959e751ad1b4e008b53316aa76448be29b2b37a69ac4886427dafea2a8025b19b62206dc2bcdeba4ddb5af6b3a4d2489bbef06bfe01f36f2c0da7ee644af752847ce532b29a777f8d9bb2736bd73aa4223871002d995dac3d2e728750c47a0f775e40f130c2512b705324465ea8fe4afe48eea0f145ea6fd7809f1b03b06a2c45a3fadf6f1ca1ac31dc7e86caacacfca0681bc485aa5c1a6344c94aa8ddbb4402ee69f94fbbeada28cb79fc516224ce883bed82bd470a13b9d85250787ee3fcce4391c55346a900c3093aaa8f2da988c1a4536204d49d3d9c472bd8a53ee6822b617426fb2cf9ecf858fd80d8ada7147b5d47ee487f4af167be1e16df2cf6ebd43bd6a3b793df802144aba7891ce72814256646fd80fc94288d8849830a395c01491f158c84698b948da9a859536880383ec6273dfd8e2888ae541f7c3bcd0402d7794bbdeb6a66abf95fd134f5a2295737fedbcf23693a7afe27b93a4a2b305f210a547ef5059bcaf57c9fb136f588e121b9897d07a7bbf7b525c47388d0b29ed52837ae7edaf3f76d3985ce45d15db1aabc574989b51fd511b1d2dcc050c5b1dc25d8d61492dfda981d3f568caebc0b6e66861a9c626d5a2fa55dced3cd0ef9d7e5dafa30e0bc5635ef6c8873e77855b0760cd8280ed8667a89f5d885d29eabbf04e3ee2dd6b02ab4e2b1785b83c1f032e88ee0e7058429302256638468cb83109e86906b58d379a2279dc825ef7d0f956f9b69f76b605d21cca6a67712aa8e5174d3d7040e8a96e036e775b895e326d2c4a8c7919608d0d653ff807fe85874c1c324aca495952d26cf548f3d60a1718611769ad7c4e93e0d4f4566953a0c833e89abf71d23f48dac68ce1d830854e2139b7300c67b47197ae0a61fd7e891ea018f7b455cc1f59652abd96845d16b708f402639a2ed06019f5b9ed0c59856da97dc6ef2c10842ba88851ca9176473fd23dd537233c1d00d4c206d03d19b261a4c6096496cc7d2c07e750306cc1ecc56e878d61fe5a0b73df651f31df3a02c1b4f90e62979d440b5e40154a284827306c783898d4a473af4f3fe8b8e349f86af5a2c384acac12d50a32d74b88853f00671935bcd9a7e12accbf2a01cab22bdc0a15ac2e212f72e6998cb5cd3"})
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)

14:58:33 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306209, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:58:33 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x700000000000000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  728.683043] binder: 17306:17307 ioctl c0306209 20000780 returned -22
[  728.725025] binder: BINDER_SET_CONTEXT_MGR already set
[  728.752116] binder: 17306:17311 ioctl c0306209 20000780 returned -22
[  728.758201] binder: 17306:17307 ioctl 40046207 0 returned -16
[  728.764702] binder: BINDER_SET_CONTEXT_MGR already set
[  728.770370] binder: 17312:17314 ioctl 40046207 0 returned -16
[  728.777801] binder: 17312:17314 ioctl c0306209 20000780 returned -22
14:58:33 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306225, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  728.796203] binder: 17312:17314 ioctl c0306209 20000780 returned -22
14:58:33 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)
fcntl$F_GET_RW_HINT(r0, 0x40b, &(0x7f0000000000))
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)

[  728.852115] binder: 17324:17325 ioctl c0306225 20000780 returned -22
[  728.889252] binder: BINDER_SET_CONTEXT_MGR already set
[  728.910467] binder: 17324:17329 ioctl c0306225 20000780 returned -22
[  728.945485] binder: 17324:17325 ioctl 40046207 0 returned -16
14:58:33 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0xc805, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:58:33 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc030620a, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:58:33 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x800000000000000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:58:33 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306254, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  729.109709] binder: 17337:17338 ioctl c0306254 20000780 returned -22
[  729.131122] binder: BINDER_SET_CONTEXT_MGR already set
[  729.139178] binder: 17337:17346 ioctl c0306254 20000780 returned -22
[  729.143028] binder: BINDER_SET_CONTEXT_MGR already set
[  729.152038] binder: 17336:17341 ioctl 40046207 0 returned -16
[  729.163379] binder: 17336:17341 ioctl c030620a 20000780 returned -22
[  729.171266] binder: 17337:17345 ioctl 40046207 0 returned -16
[  729.189715] binder: 17336:17348 ioctl c030620a 20000780 returned -22
[  730.568177] net_ratelimit: 24 callbacks suppressed
[  730.568185] protocol 88fb is buggy, dev hsr_slave_0
[  730.578306] protocol 88fb is buggy, dev hsr_slave_1
[  730.583404] protocol 88fb is buggy, dev hsr_slave_0
[  730.588492] protocol 88fb is buggy, dev hsr_slave_1
[  730.648209] Bluetooth: hci1: command 0x1003 tx timeout
[  730.653606] Bluetooth: hci1: sending frame failed (-49)
[  730.808222] protocol 88fb is buggy, dev hsr_slave_0
[  730.813375] protocol 88fb is buggy, dev hsr_slave_1
[  731.048177] protocol 88fb is buggy, dev hsr_slave_0
[  731.053317] protocol 88fb is buggy, dev hsr_slave_1
[  731.768242] protocol 88fb is buggy, dev hsr_slave_0
[  731.773410] protocol 88fb is buggy, dev hsr_slave_1
[  732.728278] Bluetooth: hci1: command 0x1001 tx timeout
[  732.733681] Bluetooth: hci1: sending frame failed (-49)
[  734.808271] Bluetooth: hci1: command 0x1009 tx timeout
[  735.928294] net_ratelimit: 22 callbacks suppressed
[  735.928300] protocol 88fb is buggy, dev hsr_slave_0
[  735.938379] protocol 88fb is buggy, dev hsr_slave_1
[  736.338187] protocol 88fb is buggy, dev hsr_slave_0
[  736.343267] protocol 88fb is buggy, dev hsr_slave_1
[  736.808190] protocol 88fb is buggy, dev hsr_slave_0
[  736.813308] protocol 88fb is buggy, dev hsr_slave_1
[  736.818408] protocol 88fb is buggy, dev hsr_slave_0
[  736.823450] protocol 88fb is buggy, dev hsr_slave_1
[  737.048207] protocol 88fb is buggy, dev hsr_slave_0
[  737.053368] protocol 88fb is buggy, dev hsr_slave_1
[  739.128438] FAULT_INJECTION: forcing a failure.
[  739.128438] name failslab, interval 1, probability 0, space 0, times 0
[  739.140039] CPU: 1 PID: 17298 Comm: syz-executor.2 Not tainted 5.0.0-rc8+ #89
[  739.147300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  739.156642] Call Trace:
[  739.159225]  dump_stack+0x172/0x1f0
[  739.162840]  should_fail.cold+0xa/0x1b
[  739.166714]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[  739.171801]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  739.177326]  ? __cancel_work_timer+0x313/0x520
[  739.181908]  ? try_to_grab_pending+0x710/0x710
[  739.186484]  __should_failslab+0x121/0x190
[  739.190719]  should_failslab+0x9/0x14
[  739.194505]  kmem_cache_alloc_node+0x56/0x710
[  739.198995]  __alloc_skb+0xd5/0x5e0
[  739.202608]  ? skb_scrub_packet+0x440/0x440
[  739.206915]  ? lock_downgrade+0x810/0x810
[  739.211050]  ? hci_dev_open+0x220/0x220
[  739.215011]  hci_sock_dev_event+0xf3/0x590
[  739.219231]  hci_unregister_dev+0x253/0x820
[  739.223540]  hci_uart_tty_close+0x206/0x260
[  739.227845]  ? hci_uart_close+0x50/0x50
[  739.231808]  tty_ldisc_close.isra.0+0x100/0x180
[  739.236466]  tty_set_ldisc+0x1f8/0x690
[  739.240343]  tty_ioctl+0xe69/0x14d0
[  739.243955]  ? tty_vhangup+0x30/0x30
[  739.247660]  ? mark_held_locks+0x100/0x100
[  739.251885]  ? proc_fail_nth_write+0x9d/0x1e0
[  739.256364]  ? proc_cwd_link+0x1d0/0x1d0
[  739.260408]  ? __f_unlock_pos+0x19/0x20
[  739.264366]  ? find_held_lock+0x35/0x130
[  739.268411]  ? __fget+0x340/0x540
[  739.271848]  ? find_held_lock+0x35/0x130
[  739.275892]  ? __fget+0x340/0x540
[  739.279333]  ? tty_vhangup+0x30/0x30
[  739.283046]  do_vfs_ioctl+0xd6e/0x1390
[  739.286930]  ? ioctl_preallocate+0x210/0x210
[  739.291324]  ? __fget+0x367/0x540
[  739.294766]  ? iterate_fd+0x360/0x360
[  739.298552]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  739.304078]  ? fput+0x128/0x1a0
[  739.307351]  ? security_file_ioctl+0x93/0xc0
[  739.311745]  ksys_ioctl+0xab/0xd0
[  739.315182]  __x64_sys_ioctl+0x73/0xb0
[  739.319055]  do_syscall_64+0x103/0x610
[  739.322930]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  739.328106] RIP: 0033:0x457e29
[  739.331286] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  739.350171] RSP: 002b:00007ff875b78c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  739.357865] RAX: ffffffffffffffda RBX: 00007ff875b78c90 RCX: 0000000000457e29
[  739.365379] RDX: 0000000020000180 RSI: 0000000000005423 RDI: 0000000000000004
[  739.372633] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
14:58:44 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")

14:58:44 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x1777, 0x109480)
ioctl$DRM_IOCTL_SET_UNIQUE(r1, 0x40106410, &(0x7f0000000200)={0xc6, &(0x7f0000000100)="2c8a9d9138f9f129572bd7f213025597bcbd6fcb9a0d75cd8eefcb7c16d8596f1bfde884c148b8348bd83b9db78d881a8352e07e35783e47f0ed88c7298e44202d0be6d2dd595f67152ccb45ab8d4945f05ef1676faebbc5ad832de86cac02996d3b9d88e9e41e3570d610ae315a6625fc0c21949e9b8ceaefb85f087308d7979d5d895a7dd48bbbee97a026fdd9654e7e7eaac9d90aa2617979909219d7a1d520368652afa6b4c7870ea83e096924c598efa36a7ce53916369a196004b9e83158f77d0ea09c"})
sendmsg$nl_netfilter(r1, &(0x7f00000000c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="18030000130600012abd7000fddbdf25020000005c010d00d343eadbfe11a309990060708f9472eff08ed873ac925bfb8340e241c066d547c49407775b4977cf8bc689ecd2a3f95a7c48d3d5dd9ef127bf88e542e88cd67ebda27e1f2755fad8982514001900ff010000000000000000000000000001b6dd14f34a33502ca0599d202a21d2113255173df0aaf416e146d4ad381c5cf601fb4785964dc8eb4b8e8cae57d5479c387b140324776e37ae32ebf1eb5ea9f28ea4e1a6eeac9353c5a2a67e256c5fb5733137a91d2bf32d29d9a8d945a6bf8324bab115f3173f77fcca109f7cea05d46f0238ca4be393bf75dab507fa8f5c5174f84ba0a7bd5d8b3b7e492bb8fd6ba36e3b05dd63aaf0b98e7322e728c3a3b9e2e0cce293d5d571016575d7bb5a546175d6d68c47a750a6d624ce7f722e18846acab54f892fa9b15e436f2a2ad8307b7822c5bfe806a7300ca98b8b457dd74f1b3960e6be113308007400ac1414bb0800700007000000000000a8010d00080068007de80000ad2ab39c80f89ad2fa07c76651ed3540c26b732d6694cc998f566eb42f40c7fe1ed8acc031a043aa4631286419f57316dc53edeeb819605e400166d72fcc861f6574a46907964aecf8dc430406fa8807af0fd9f6921c06b1f72dc3d9250ec5a6b7a4434ed35663ac5148472e542064d2cee6500be59423c7de2f80a0d6237fb2371dd4f03d5570cb4c459688919f79cc080bbefeae22bf868daab403851c6bef2dbdba315d2a0824e21db15cb39fb05e7c00d29f25958ab6237ac82d015973e274d594ac28e12a9401ac5bf6a6a5c9efbdaa8aa9835bd3e1783184da28e1b6fcd2dc023aa810aa9ed4c2d5045c5ed9f496fd61347399e9353d3dfb4fcd89c88a5ceab7c15bc5222f802fabdecc324b1bda5b08deddbb86dd4623f36b556717654bc58b0b48b9c946bf0605186fd88f8406fa885b247397692114707a7417108b2b93b3573e568224e367663a21dc85638c4be73f62da51cee6d3953cbe30cb5613140d3009d56f9bfb8858f9b691154d36dc7738099bfddb9bf3f7c7e2f83b45057e17cccde40a22aec9afcb59f7dedc5814f80685bf63baea000000"], 0x318}, 0x1, 0x0, 0x0, 0x20008014}, 0x44040)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f00000007c0)={<r2=>0x0, @in6={{0xa, 0x4e23, 0xfffffffffffff801, @local, 0x2}}, 0xe337, 0x9}, &(0x7f0000000880)=0x90)
getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f00000008c0)=ANY=[@ANYRES32=r2, @ANYBLOB="c40000001c10da44cdf959394d3f45acdcadf433aab3fef10d2ff5caa833dd76bfa4542eb0d1e0a86cb03beb3f2ea573a91649246d38527fd83213348cb18563f2bbfbc5263d2f569dbed3252294f7a84e6030bbc41a73b09054175c599fc057d698dbd9db22084a89f83c5df84927f3076250a8d3420e0f432d01cba1ff50094061db3517325028eb8e3d214b2193de1bb09c28fc829cf31964564a0df720f0a6bae0378e53567e177b9514686c1e29d18956c910f70b9af966c0465349beb5b826026cbba15de4"], &(0x7f00000009c0)=0xcc)
ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000780))
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
r4 = dup3(r3, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000280)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DAEMON(r4, &(0x7f0000000740)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2004010}, 0xc, &(0x7f00000002c0)={&(0x7f0000000680)={0xbc, r5, 0x408, 0x70bd2b, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DEST={0x14, 0x2, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x80000000}, @IPVS_CMD_ATTR_DAEMON={0x84, 0x3, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'team_slave_1\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @rand_addr="58172872c92e4f57a44a1f2987fa13df"}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x1f}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @local}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x78}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x6}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'batadv0\x00'}, @IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xffffffff80000001}]}, 0xbc}, 0x1, 0x0, 0x0, 0x4000}, 0x40)

14:58:44 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306263, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:58:44 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306225, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:58:44 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x900000000000000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:58:44 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0xe803, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  739.379888] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff875b796d4
[  739.387145] R13: 00000000004c2117 R14: 00000000004d4a78 R15: 0000000000000005
[  739.432025] binder: 17361:17362 ioctl c0306225 20000780 returned -22
[  739.437139] binder: BINDER_SET_CONTEXT_MGR already set
[  739.451364] binder_alloc_mmap_handler: 7 callbacks suppressed
[  739.451380] binder_alloc: binder_alloc_mmap_handler: 17361 20001000-20004000 already mapped failed -16
[  739.469425] binder: 17359:17360 ioctl 40046207 0 returned -16
[  739.475400] binder: BINDER_SET_CONTEXT_MGR already set
14:58:44 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
r2 = dup3(r1, r0, 0x0)
mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2000002, 0x10, r2, 0x20)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)

14:58:44 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306254, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  739.475420] binder: 17361:17362 ioctl 40046207 0 returned -16
[  739.488207] binder: 17361:17366 ioctl c0306225 20000780 returned -22
[  739.511488] binder: 17359:17371 ioctl c0306263 20000780 returned -22
[  739.544417] binder_alloc: binder_alloc_mmap_handler: 17359 20001000-20004000 already mapped failed -16
14:58:44 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0xa00000000000000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  739.604990] binder: 17359:17380 ioctl c0306263 20000780 returned -22
[  739.616677] binder: BINDER_SET_CONTEXT_MGR already set
[  739.632628] binder: 17376:17378 ioctl 40046207 0 returned -16
14:58:44 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x54, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  739.654982] binder: 17376:17378 ioctl c0306254 20000780 returned -22
[  739.678054] binder_alloc: binder_alloc_mmap_handler: 17376 20001000-20004000 already mapped failed -16
14:58:44 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x62a, 0x100)
openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x40000, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x25d, 0x80, 0x4, 0x1, 0x0, 0x9, 0x80000, 0x2, 0x7, 0x101, 0xa3de, 0x74d, 0x20, 0x1000, 0x1, 0x7, 0x1, 0x200, 0x81, 0xfffffffffffff725, 0x4f, 0x1, 0x1000000010000000, 0x1, 0x9, 0x8, 0x3, 0x4, 0x612b29b4, 0xd35, 0x9, 0x1, 0x5, 0x100000001, 0x0, 0x1, 0x0, 0x7fffffff, 0x2, @perf_bp={&(0x7f0000000100), 0x8}, 0x20, 0x4, 0x1, 0xb, 0x1, 0x8, 0x10000}, 0x0, 0x7, 0xffffffffffffff9c, 0x2)
r1 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='\x00', 0x102, 0x4)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x2)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
r3 = dup3(r2, r0, 0x0)
ioctl$VIDIOC_SUBDEV_S_CROP(r3, 0xc038563c, &(0x7f0000000000)={0x1, 0x0, {0x3bf8bc45, 0x3, 0x2}})
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x72)

[  739.718371] binder: 17376:17385 ioctl c0306254 20000780 returned -22
14:58:44 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0xe00000000000000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  739.796886] binder: 17393:17394 got transaction with unaligned buffers size, 116
[  739.827335] binder: 17393:17394 transaction failed 29201/-22, size 0-0 line 3079
[  739.860392] binder_alloc: binder_alloc_mmap_handler: 17393 20001000-20004000 already mapped failed -16
[  739.870381] binder_alloc: 17393: binder_alloc_buf, no vma
[  739.877386] binder: BINDER_SET_CONTEXT_MGR already set
[  739.885425] binder: 17393:17394 ioctl 40046207 0 returned -16
[  739.896980] binder: 17393:17399 transaction failed 29189/-3, size 0-0 line 3035
[  739.906907] binder: undelivered TRANSACTION_ERROR: 29201
[  739.917886] binder: undelivered TRANSACTION_ERROR: 29189
[  740.968295] net_ratelimit: 18 callbacks suppressed
[  740.968301] protocol 88fb is buggy, dev hsr_slave_0
[  740.978332] protocol 88fb is buggy, dev hsr_slave_1
[  740.983381] protocol 88fb is buggy, dev hsr_slave_0
[  740.988424] protocol 88fb is buggy, dev hsr_slave_1
[  741.208199] protocol 88fb is buggy, dev hsr_slave_0
[  741.213474] protocol 88fb is buggy, dev hsr_slave_1
[  741.448263] protocol 88fb is buggy, dev hsr_slave_0
[  741.453450] protocol 88fb is buggy, dev hsr_slave_1
[  741.528323] Bluetooth: hci1: command 0x1003 tx timeout
[  741.533723] Bluetooth: hci1: sending frame failed (-49)
[  742.168279] protocol 88fb is buggy, dev hsr_slave_0
[  742.173408] protocol 88fb is buggy, dev hsr_slave_1
[  743.608246] Bluetooth: hci1: command 0x1001 tx timeout
[  743.613680] Bluetooth: hci1: sending frame failed (-49)
[  745.688273] Bluetooth: hci1: command 0x1009 tx timeout
[  746.328200] net_ratelimit: 22 callbacks suppressed
[  746.328206] protocol 88fb is buggy, dev hsr_slave_0
[  746.338258] protocol 88fb is buggy, dev hsr_slave_1
[  746.728192] protocol 88fb is buggy, dev hsr_slave_0
[  746.733317] protocol 88fb is buggy, dev hsr_slave_1
[  747.208137] protocol 88fb is buggy, dev hsr_slave_0
[  747.213228] protocol 88fb is buggy, dev hsr_slave_1
[  747.218296] protocol 88fb is buggy, dev hsr_slave_0
[  747.223330] protocol 88fb is buggy, dev hsr_slave_1
[  747.448217] protocol 88fb is buggy, dev hsr_slave_0
[  747.453310] protocol 88fb is buggy, dev hsr_slave_1
14:58:54 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x2, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")

14:58:54 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, r0, 0xffffffffffffffff)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713200)

14:58:54 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306263, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:58:54 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x2, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:58:54 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x1000000000000000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:58:54 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0xf401, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  750.054831] binder: 17414:17416 ioctl c0306263 20000780 returned -22
[  750.061025] binder: BINDER_SET_CONTEXT_MGR already set
[  750.077242] binder: 17410:17413 ioctl 40046207 0 returned -16
[  750.077546] binder_alloc: binder_alloc_mmap_handler: 17414 20001000-20004000 already mapped failed -16
[  750.094547] binder: BINDER_SET_CONTEXT_MGR already set
[  750.098757] binder: 17410:17413 unknown command 16456
[  750.107574] binder: 17410:17413 ioctl c0306201 20000780 returned -22
[  750.114406] binder: 17414:17416 ioctl 40046207 0 returned -16
[  750.121690] binder: 17414:17421 ioctl c0306263 20000780 returned -22
[  750.132800] Bluetooth: hci1: Frame reassembly failed (-84)
[  750.143362] binder_alloc: binder_alloc_mmap_handler: 17410 20001000-20004000 already mapped failed -16
14:58:54 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x54, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:58:54 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x1802000000000000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:58:54 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
r2 = dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)
ioctl$TIOCCONS(r2, 0x541d)

[  750.174747] binder: 17410:17424 unknown command 16456
[  750.192294] binder: 17410:17424 ioctl c0306201 20000780 returned -22
14:58:54 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x3, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  750.242222] binder: 17431:17432 got transaction with unaligned buffers size, 116
[  750.269176] binder: 17431:17432 transaction failed 29201/-22, size 0-0 line 3079
[  750.309099] binder_alloc: binder_alloc_mmap_handler: 17431 20001000-20004000 already mapped failed -16
[  750.333430] binder: BINDER_SET_CONTEXT_MGR already set
[  750.344673] binder: 17442:17443 ioctl 40046207 0 returned -16
[  750.344994] binder: BINDER_SET_CONTEXT_MGR already set
[  750.352676] binder: 17442:17443 unknown command 64
[  750.367283] binder: 17442:17443 ioctl c0306201 20000780 returned -22
[  750.367649] binder: 17431:17440 ioctl 40046207 0 returned -16
[  750.374015] binder_alloc: 17431: binder_alloc_buf, no vma
[  750.393829] binder: 17431:17444 transaction failed 29189/-3, size 0-0 line 3035
14:58:55 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ubi_ctrl\x00', 0x80000, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x40400005)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
r3 = dup3(r2, r0, 0x0)
ioctl$SCSI_IOCTL_GET_PCI(r3, 0x5387, &(0x7f0000000000))
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)

14:58:55 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x2000000000000000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  750.403989] binder_alloc: binder_alloc_mmap_handler: 17442 20001000-20004000 already mapped failed -16
[  750.423264] binder: BINDER_SET_CONTEXT_MGR already set
[  750.453680] binder: 17442:17443 ioctl 40046207 0 returned -16
[  750.458098] binder: undelivered TRANSACTION_ERROR: 29201
[  750.469433] binder: undelivered TRANSACTION_ERROR: 29189
[  751.368133] net_ratelimit: 18 callbacks suppressed
[  751.368139] protocol 88fb is buggy, dev hsr_slave_0
[  751.378147] protocol 88fb is buggy, dev hsr_slave_1
[  751.383196] protocol 88fb is buggy, dev hsr_slave_0
[  751.388232] protocol 88fb is buggy, dev hsr_slave_1
[  751.608418] protocol 88fb is buggy, dev hsr_slave_0
[  751.613546] protocol 88fb is buggy, dev hsr_slave_1
[  751.848160] protocol 88fb is buggy, dev hsr_slave_0
[  751.853286] protocol 88fb is buggy, dev hsr_slave_1
[  752.168198] Bluetooth: hci1: command 0x1003 tx timeout
[  752.173603] Bluetooth: hci1: sending frame failed (-49)
[  752.578384] protocol 88fb is buggy, dev hsr_slave_0
[  752.583731] protocol 88fb is buggy, dev hsr_slave_1
[  754.248225] Bluetooth: hci1: command 0x1001 tx timeout
[  754.253622] Bluetooth: hci1: sending frame failed (-49)
[  756.328300] Bluetooth: hci1: command 0x1009 tx timeout
[  756.728255] net_ratelimit: 22 callbacks suppressed
[  756.733613] protocol 88fb is buggy, dev hsr_slave_0
[  756.738874] protocol 88fb is buggy, dev hsr_slave_1
[  757.128223] protocol 88fb is buggy, dev hsr_slave_0
[  757.133383] protocol 88fb is buggy, dev hsr_slave_1
[  757.608201] protocol 88fb is buggy, dev hsr_slave_0
[  757.613454] protocol 88fb is buggy, dev hsr_slave_1
[  757.618624] protocol 88fb is buggy, dev hsr_slave_0
[  757.623783] protocol 88fb is buggy, dev hsr_slave_1
[  757.848267] protocol 88fb is buggy, dev hsr_slave_0
[  757.853510] protocol 88fb is buggy, dev hsr_slave_1
14:59:04 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x5409, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")

14:59:04 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x4, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:59:04 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x2, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:59:04 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0)
r2 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20\x00', 0x10000, 0x0)
ioctl$KVM_SET_BOOT_CPU_ID(r2, 0xae78, &(0x7f0000000080)=0x2)
getsockopt$inet_sctp6_SCTP_ASSOCINFO(r2, 0x84, 0x1, &(0x7f0000000200)={<r3=>0x0, 0x9, 0x6, 0x1f, 0xc74, 0x9f}, &(0x7f0000000240)=0x14)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000280)={r3, 0x3}, &(0x7f00000002c0)=0x8)
r4 = dup3(r1, r0, 0x0)
ftruncate(r2, 0xff)
getsockopt$bt_hci(r4, 0x0, 0x3, &(0x7f00000000c0)=""/229, &(0x7f00000001c0)=0xe5)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)

14:59:04 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x3f00000000000000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:59:04 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0xfc00, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  760.305733] binder: 17462:17463 unknown command 16456
[  760.309414] binder: BINDER_SET_CONTEXT_MGR already set
[  760.317551] binder: 17466:17471 ioctl 40046207 0 returned -16
[  760.326976] binder: 17466:17471 unknown command 0
[  760.329749] binder: 17462:17463 ioctl c0306201 20000780 returned -22
[  760.338801] binder: 17466:17471 ioctl c0306201 20000780 returned -22
[  760.352549] binder_alloc: binder_alloc_mmap_handler: 17462 20001000-20004000 already mapped failed -16
[  760.358604] binder_alloc: binder_alloc_mmap_handler: 17466 20001000-20004000 already mapped failed -16
[  760.364413] Bluetooth: hci1: Frame reassembly failed (-84)
[  760.373505] binder: BINDER_SET_CONTEXT_MGR already set
[  760.391339] binder: 17462:17477 unknown command 16456
[  760.393707] binder: 17466:17479 unknown command 0
14:59:05 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x4000000000000000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  760.408248] binder: 17466:17471 ioctl 40046207 0 returned -16
[  760.408357] binder: BINDER_SET_CONTEXT_MGR already set
[  760.416183] binder: 17466:17479 ioctl c0306201 20000780 returned -22
14:59:05 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
r2 = dup3(r1, r0, 0x0)
ioctl$LOOP_CHANGE_FD(r2, 0x4c06, r0)
fcntl$setstatus(r1, 0x4, 0x400)
ioctl$VHOST_SET_VRING_ENDIAN(r2, 0x4008af13, &(0x7f0000000080)={0x1, 0xff})
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)
setsockopt$inet6_buf(r2, 0x29, 0x30, &(0x7f0000000000)="f8c18f64f04478bc0eaf65266925ae94d0629d8b5dfa9c61b8ccda609c3b3a68c36a44596a0e85735d22fc683fee94e4435807b196eec6e7c20e4aa49fc7e2f7701a78b7c4a78c7b1a5970a536f9bcad54958e5c3f46d06a91e1bb66a9af1ed5f0260ee8f5b6b950e19625323057c42ffacc65", 0x73)

14:59:05 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x5, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  760.456168] binder: 17462:17477 ioctl c0306201 20000780 returned -22
[  760.477182] binder: 17462:17463 ioctl 40046207 0 returned -16
14:59:05 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x3, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  760.570419] binder: 17491:17492 unknown command 0
[  760.575441] binder: 17491:17492 ioctl c0306201 20000780 returned -22
[  760.605868] binder: BINDER_SET_CONTEXT_MGR already set
14:59:05 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x4002000000000000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  760.616892] binder_alloc: binder_alloc_mmap_handler: 17491 20001000-20004000 already mapped failed -16
[  760.648429] binder: 17493:17495 ioctl 40046207 0 returned -16
[  760.655435] binder: 17493:17495 unknown command 64
[  760.657130] binder: BINDER_SET_CONTEXT_MGR already set
14:59:05 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)
write$FUSE_LSEEK(r0, &(0x7f0000000000)={0x18, 0x0, 0x5, {0xf238}}, 0x18)

[  760.675474] binder: 17491:17497 unknown command 0
[  760.695888] binder: 17491:17492 ioctl 40046207 0 returned -16
[  760.696824] binder: 17493:17495 ioctl c0306201 20000780 returned -22
[  760.720362] binder: 17491:17497 ioctl c0306201 20000780 returned -22
[  760.737641] binder_alloc: binder_alloc_mmap_handler: 17493 20001000-20004000 already mapped failed -16
[  760.780164] binder: 17493:17505 unknown command 64
[  760.785171] binder: 17493:17505 ioctl c0306201 20000780 returned -22
[  761.768170] net_ratelimit: 18 callbacks suppressed
[  761.768176] protocol 88fb is buggy, dev hsr_slave_0
[  761.778528] protocol 88fb is buggy, dev hsr_slave_1
[  761.783590] protocol 88fb is buggy, dev hsr_slave_0
[  761.788811] protocol 88fb is buggy, dev hsr_slave_1
[  762.008228] protocol 88fb is buggy, dev hsr_slave_0
[  762.013365] protocol 88fb is buggy, dev hsr_slave_1
[  762.248225] protocol 88fb is buggy, dev hsr_slave_0
[  762.253374] protocol 88fb is buggy, dev hsr_slave_1
[  762.408173] Bluetooth: hci1: command 0x1003 tx timeout
[  762.413612] Bluetooth: hci1: sending frame failed (-49)
[  762.968216] protocol 88fb is buggy, dev hsr_slave_0
[  762.973362] protocol 88fb is buggy, dev hsr_slave_1
[  764.488245] Bluetooth: hci1: command 0x1001 tx timeout
[  764.493658] Bluetooth: hci1: sending frame failed (-49)
[  766.568238] Bluetooth: hci1: command 0x1009 tx timeout
[  767.129781] net_ratelimit: 22 callbacks suppressed
[  767.134849] protocol 88fb is buggy, dev hsr_slave_0
[  767.139940] protocol 88fb is buggy, dev hsr_slave_1
[  767.528220] protocol 88fb is buggy, dev hsr_slave_0
[  767.533354] protocol 88fb is buggy, dev hsr_slave_1
[  768.008192] protocol 88fb is buggy, dev hsr_slave_0
[  768.013291] protocol 88fb is buggy, dev hsr_slave_1
[  768.018371] protocol 88fb is buggy, dev hsr_slave_0
[  768.023415] protocol 88fb is buggy, dev hsr_slave_1
[  768.248214] protocol 88fb is buggy, dev hsr_slave_0
[  768.253295] protocol 88fb is buggy, dev hsr_slave_1
14:59:15 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x540b, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")

14:59:15 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x6, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:59:15 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x4, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:59:15 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
r2 = dup3(r1, r0, 0x0)
ioctl$IMDELTIMER(r2, 0x80044941, &(0x7f0000000080)=0xffffffffffffffff)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)

14:59:15 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x5301000000000000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:59:15 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0xfe80, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  770.529036] binder: 17517:17520 unknown command 0
[  770.545958] binder: BINDER_SET_CONTEXT_MGR already set
[  770.550508] binder: 17517:17520 ioctl c0306201 20000780 returned -22
[  770.558496] binder: 17523:17524 ioctl 40046207 0 returned -16
[  770.569078] binder: 17523:17524 unknown command 0
[  770.573963] binder: 17523:17524 ioctl c0306201 20000780 returned -22
[  770.589530] binder_alloc: binder_alloc_mmap_handler: 17517 20001000-20004000 already mapped failed -16
[  770.598425] binder_alloc: binder_alloc_mmap_handler: 17523 20001000-20004000 already mapped failed -16
[  770.609033] Bluetooth: hci1: Frame reassembly failed (-84)
[  770.620236] binder: BINDER_SET_CONTEXT_MGR already set
14:59:15 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)

[  770.630301] binder: 17523:17524 ioctl 40046207 0 returned -16
[  770.636365] binder: BINDER_SET_CONTEXT_MGR already set
[  770.641393] binder: 17517:17534 unknown command 0
[  770.648252] binder: 17517:17520 ioctl 40046207 0 returned -16
[  770.656696] binder: 17523:17531 unknown command 0
[  770.668294] binder: 17523:17531 ioctl c0306201 20000780 returned -22
14:59:15 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x91ffffff00000000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:59:15 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x5, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  770.696247] binder: 17517:17534 ioctl c0306201 20000780 returned -22
14:59:15 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x7, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:59:15 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
r2 = dup3(r1, r0, 0x0)
ioctl$VIDIOC_QUERYCTRL(r2, 0xc0445624, &(0x7f0000000240)={0x5, 0xb, "4ea5b0c7a0b61c2f27214248327e983840a28d3523f6e61db04ea7dc9bd5434a", 0x7, 0x8001, 0x7, 0x5, 0x40})
ioctl$sock_bt_bnep_BNEPGETCONNLIST(r2, 0x800442d2, &(0x7f0000000100)={0x7, &(0x7f0000000000)=[{0x0, 0x0, 0x0, @link_local}, {0x0, 0x0, 0x0, @random}, {0x0, 0x0, 0x0, @random}, {0x0, 0x0, 0x0, @local}, {0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @local}, {0x0, 0x0, 0x0, @random}]})
setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, &(0x7f0000000140)={{0xaf, @remote, 0x4e21, 0x0, 'ovf\x00', 0xc, 0xf32d, 0x28}, {@loopback, 0x4e21, 0x3, 0x5, 0xffffffffffffffff, 0x10001}}, 0x44)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)

[  770.822170] binder: 17543:17547 unknown command 0
[  770.856493] binder: BINDER_SET_CONTEXT_MGR already set
[  770.873432] binder: 17543:17547 ioctl c0306201 20000780 returned -22
[  770.885838] binder: 17549:17550 ioctl 40046207 0 returned -16
14:59:15 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0xf5ffffff00000000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  770.908017] binder: 17549:17550 unknown command 0
[  770.913622] binder: 17549:17550 ioctl c0306201 20000780 returned -22
[  770.920645] binder_alloc: binder_alloc_mmap_handler: 17543 20001000-20004000 already mapped failed -16
[  770.929967] binder_alloc: binder_alloc_mmap_handler: 17549 20001000-20004000 already mapped failed -16
[  770.948562] binder: BINDER_SET_CONTEXT_MGR already set
[  770.956213] binder: 17549:17550 ioctl 40046207 0 returned -16
[  770.964363] binder: BINDER_SET_CONTEXT_MGR already set
[  770.976688] binder: 17543:17547 ioctl 40046207 0 returned -16
[  770.986100] binder: 17549:17560 unknown command 0
[  771.002186] binder: 17543:17562 unknown command 0
[  771.012315] binder: 17549:17560 ioctl c0306201 20000780 returned -22
[  771.040022] binder: 17543:17562 ioctl c0306201 20000780 returned -22
[  772.168146] net_ratelimit: 18 callbacks suppressed
[  772.168152] protocol 88fb is buggy, dev hsr_slave_0
[  772.178251] protocol 88fb is buggy, dev hsr_slave_1
[  772.183321] protocol 88fb is buggy, dev hsr_slave_0
[  772.188398] protocol 88fb is buggy, dev hsr_slave_1
[  772.408376] protocol 88fb is buggy, dev hsr_slave_0
[  772.413483] protocol 88fb is buggy, dev hsr_slave_1
[  772.648193] protocol 88fb is buggy, dev hsr_slave_0
[  772.648369] Bluetooth: hci1: command 0x1003 tx timeout
[  772.653299] protocol 88fb is buggy, dev hsr_slave_1
[  772.658693] Bluetooth: hci1: sending frame failed (-49)
[  773.368183] protocol 88fb is buggy, dev hsr_slave_0
[  773.373303] protocol 88fb is buggy, dev hsr_slave_1
[  774.728268] Bluetooth: hci1: command 0x1001 tx timeout
[  774.733658] Bluetooth: hci1: sending frame failed (-49)
[  776.808491] Bluetooth: hci1: command 0x1009 tx timeout
[  777.528886] net_ratelimit: 22 callbacks suppressed
[  777.533875] protocol 88fb is buggy, dev hsr_slave_0
[  777.538948] protocol 88fb is buggy, dev hsr_slave_1
[  777.928201] protocol 88fb is buggy, dev hsr_slave_0
[  777.933314] protocol 88fb is buggy, dev hsr_slave_1
[  778.408172] protocol 88fb is buggy, dev hsr_slave_0
[  778.413297] protocol 88fb is buggy, dev hsr_slave_1
[  778.418378] protocol 88fb is buggy, dev hsr_slave_0
[  778.423428] protocol 88fb is buggy, dev hsr_slave_1
[  778.648188] protocol 88fb is buggy, dev hsr_slave_0
[  778.653299] protocol 88fb is buggy, dev hsr_slave_1
14:59:25 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x540c, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")

14:59:25 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
fsetxattr$trusted_overlay_redirect(r0, &(0x7f00000001c0)='trusted.overlay.redirect\x00', &(0x7f0000000200)='./file0\x00', 0x8, 0x3)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
r2 = dup(r1)
sendto$ax25(r2, &(0x7f0000000340)="7e52fb9177691d0548f23551f0fd722d258234c3a9d5ca8e74191e486eb1ebef1614422e0b3449031ab5599254cfb3f564434285c06f8c6e02b33f547bb68aa0b021afdfc44133949f9873bf36032b9dac6df735acd6908b300718982479c5ce9e0324533323d1b2b1013f5eb9c31e874b7bdbb1cc5dec70d3638c9914e5ada78173a34f8b846629d0cadbe2b220397624e4dd6be8a6a7ad625e8e7d03f2356ce6e7fa6190a95b1a45f9ca83623809bf4c139591f09fa234528aa6e8191bdbfbb288c02ce05696be9e5fbad7047f20cf11f761897e2297a817324d5fd461495be11262760f77a985bce50cc2cd2e22bb6b1acc06c2c4f6bc0d0cfe4dc8fed676b24f3f59ae6d0b7ee40150145a5d20e0681d160402fc6d984b61949f75048682fc7a86dbfa65e331f0f74c8f6b791bf013a48ae2304b91c1d9af93cf482547f7a8a24444d82d84d2c1d0c706070bd43e699bef507de777c53e094576a058c6e7312b9691d0e5fe228aca452f58aec91ed66be522342756994eb533688f31261985c2a8143da4f04778b2aa425aa09e8c987089923777f106f15c98f73d6b42d1d46e6b4d497ce1271da86b0a5efbe85aedc9a82671b4f66d162af67ef2835d1c754f4c211bc3e7a7c64e3dd4c9e53cb363c7ab8128c5cdf68afa9e7dee7e3bc5bee8fcc4d724d25f48ce4e7d86f5a3928d60ab9ab7b105dea8b2cb2a721bd6fe56415d171368b9421b24bc8847094bb587c05aa4ca5d23768303b5ef9e043ce7ea2d6c3ecf45e47b4cc4b2125b5f14146748e45c2b9fa6fc40b2e4480abea07a243b8b783420182a8940318d326c5575ce5f0d202c254c7a27c8f7371373f85391642d66b99becbfb8735a36731386ec6a66ef40669b73723ca812b3e0439de0331999f0577d2a704ea747883843268a5dc7476883ca13f3fab70726f9e5414eae484f4dd36b0c919e641bcefa6908ee3fcca31723da08122e36408f8424c9875e111cdb4a4366a76f5688b042110ba8975100197f0834ba0a53e852b9778cbd26061637068eee9ec066dd519d27f460aa9b53e46b7fd135bdd74b516fbc628a7a88c13b4313cc4ad773352d627cdb2212ebd24eb6b69c0ccdc20dd5a32304fe3e48ed3afa611bc1d63ddaba6fbed34edf4bb6eb6166edfbad9a238673a5baf626c9bff3d4d52562e24c74b1772c790c94f0424d3c2adc2537888df98c08e307c50db9bb8d37a3307c78dc529534546070a7682f63263338204c13d03bfa958267f041e9a54acc646a88387e2cfc34b084befbc93be93f041fe27790ae803acf2da20c2096079cd4c3c2be0e31cd24aaea9d99cd354a304a9ae4dbbc27c1513a19d55d74fc21fd92dc7366993e4e43a0f243345003a0ddb55da3bf17e1682b906b3f653ebe6f4fac6db59542f35703252eb0994eaff795dffa585d1bbce0f9c9cf16e89d614ca6efdd28e1a94d58174f5422ae33ef3a80e274cef228b1bf9851715e0dee129d5e625b0b96d6bae0d768c5eac915ffc857a6bc74bbc838ab849136db108e0f34c635c9fb17aa7c17384856d16477a4dab4cd15ae76e7cd4d2bd04df20756b5f66df84af310d502d7be6bc81fb28319b0ad273332677b56d11c3e8edde6387547a280fcd35e6e2f500ffdcb4b4d6d894c460d164fd1423ccd7658ec103630ea5413c944516fa9fd03f5082f3ac23846e282c39cbbfad2822a21b50f17045268220ae9bef51b4fcfadaebca00916c30f7094393bef2747dddb2e76ba8c348bce2e112c5ca52bf75b08f28857b3a8e908d1624a6474db8e2734a6b16e7efd6cb9bb88344416275884c5ce3895732d0c776a5ed5261eb866ce16e0766170fdf97656e1ef38fd7e343abc682fa272778cf7465868b5435d504e479efd6fdc22cfa4ee67170d99c659ef2d0b2f2c8ac07b0de169830d154d8766dea2b2d1170da88a71248b414bdcd963a9703dbc2040be0c52023abb57c8b4f807d5fcb3b65aade4357283650eecd739291ffb8a44c8489f62424f1a1f59d214ea4636c68b3e2243aeaf285a8a01496fb5d90a492e5e735ac7794b51d24afbb2e10bbb16e8f65070ea13ff3b790d8f06d68a915d784767799b5a2b35d1c55649653015ade2f3bc0ddcd4ffc2736d5443118cb334b65670740e32310ed435da7895d8202b63d33ef1a5a6260d22820d5c4cdf914f074b33b7ea06231820d24e1ad600e80ef2e72a2e75fd3b488cb7f6b411b7d2ba95c10199540b3f92f715609c654dd36f08b135fc47f3c51e4b8550a8516dccae082ad2c739ce62706bb48339e9f6da45152822c8b3d147acefbe9adf7e2ef6d4804bfce20b54995a33748d99fcfae19cca0e535b6ab45e45512e8394d0709ae77dcc5a763bdc2ef820d62583bebb56d79ad2d87d65980c4b32c9d5e94c339d082a03e3fcf77cc5d6d071ce969b8626fc50841369c7c0c33f61a74dd2704dd4dac96b0f011e114731a3f563612215186e43b0bdaf1b1b56ff9440f5a65962fb60fb507d0953e9ea4e93b6a921b96a78c36be640c488d777827e7d33dd6d9e075aed9c1a20736843e107f505377d01eea95359b355c2d3c518336fa2fbc892a0f125b5f79bc3af382a70d394d2e387715fee21902fab8068e4beef70698feea48617f1ba075e915739fadaad844e03db4bab75e48e4f6d127997c4394808228b4d7221a08c2788f76564558cb1bff48f67d279c253c4fa8d97d967af4a012c9c541456059ab3d36aa1a3a17ccb32cddf76094c7048dd53e9c8bf7ac6528eede8e19815dfb9e6e9a62199b930b48bfe04b515d38e542182bd11b3aad57706d842463d0f90666c027b1b0815a054a86d008a34764f4573a176551d7b2e8d811e9f5d378c5020f26b3676586655e0ec8f28879e1d932bb87c43754fdc255ffac4b3a721de41083dd4284acd7a3014e928b5ef503d0c043372a4bcef97fcdbc20f5e66f0bbd34fb0ee0996de89b9072bdd3f83e5e1c3d46fc271ac97c416a65f96bb28b55e959e62dc8e3c1a98670542af19085a55e25fad859e7abc0736f963e053e296df2dcf947386324ce6de0f48f0317e359d4f158962d1841d5b0a9e6892ae2528d312165e038d85ac39041597d59ca40549534c8d79f1b526f349ce38ff7be8a1db13aa1640c4557c42b4b0486932fd0abbdd938b2e9595e03499afe382d3840012b599a8baddf1854043d271e8750c55916afb1aca47cc498baa70c442547e578fed8b21a29a962b43feed48d7f6392f0f09b5b8feb7683f2d50a1138a97538a811a8aa87e5314e61e73c1e521c1042b354809c801138af11a4da161bd037e5b603f2a157ba348b152f81ff0db7ea217ad6aef6b06ed9dd7d4301269273d3ad362ea17be5a11046241e5d010d75a270ef6221e75da5e0db94d76d5a4490907a4747655c8f066a670c13fb4fb5289a63c4a34efa2598cbaa2eee1a6a2e9e256342c3813c4c28c4157b22eed25daf19d46b802bd96c6e84b741ca393033c5cb396bf51b2dee5b2eb8fd47898d2134a275d8569631829b95b19b68bbcd2d4b7a51faa48051c8293faeb6de559a372e9a5fdc26579943551b658358b45fe0e3d89635b2b1ece856cea6ec657dd3ea4b95ecac8d7cadf0b6a5911f1958dda30b98f4f0fc9f09e5f20502270e2dca0173fad2618d63b0d668f06bfbc967a992767ff13bc9bb50b431d1ba0916ff50e624838f5aba5b2cc8bd0c1c3e0e0793d9038b52e67cd5c5aa17d45042cb41da292aedc58668da39402cf61e188a0df95c47f7b054ffe60f29e242c87ea625ffe59395a45b178aac86dad563e6c9c02c45ab97a610f99e4deacf06a445cf60c83e16cc738f700a8d5366e24056e588d84e102a7fbdc57649a250203e4dc22e5421d44b609781ffe377d606ff3c6cddc7925f5e1068b54fed69f5b0541f7c6d3ac0352ed426fc0d267ed06b156f50b4eec5298117910d8c37d21bafef05c4a231a9ab342d3b6a8b897c03a92deb7958fdcba8c5a39de73ed0aa360e79cc5a1def70c2ec34b2da2541e34f40085bc1fc55e749c3fbfdcb27ef6ea571547038e08630f34bd907eb7b680531067a74b02333763e0a0c7e236c6546622fc05c1cd285134ca68c5381d865a120abc7354cec7a73ae5385e72f13621e716b6805449850057c9aab14d58c66206291546d48bc31d02d895bb84db8e256cb55fa9378b8ddd42fdd028ccfe04ebcb49c83f746f5f33c11c4029230ebe02e73ad165eb3e6965de08119d1efacd3ef932bc505ab1c62f4c25e92b80cee7ef9e24d030327bc92e02cc322b3b7bf7586359fef3239e68bd8e5a861a7b828494f42f5e6384e33029def0deca7cce6f8a666d2f1a93f04e5f764e49022468869e4aabca67565067a327e1eae0a3428b16c4ff7a9d278174b2aeb24e6d9332bfd7b22edf6e6b15c338471a9a01255646b448a0b04ad3488d16a0989818bb9d863bec3d7e2dff2840d8f1c1ab689ead16d2bfc033ed9a4ea8590ac41a788e28bce57b632d2d56316fdfe6e70c5135adfe9cb1eed67216cfe3ad6856dc674c03630a8022c9a7b5c99925663acd406037a819f62e784089b0c91e16f82b38f62859a668114df5f39111f2e29e74a7b7c6a2c0d2491c5a06cbd42ee45a0d609b7fed6c6225baa6b2bab01f68a66b9aa42a96549df4623ccd343f23e77d2e41c42059a448ce9d5aea3022492956937e1a2358ba031935ccbc1267122c85ecba22e068958c69520b3c79326ba42d58c22223a004feb99f913532c98d9908e87635a1182a72c9417264fb2e78059cf5bd2d659aacde6384d479ba0216d05993aadae9d3686f46900d94f66328cae36b4fc0743446767f1c36c38e04fa654cfb89db8cb8b932a75cf98f7945b588ce0f471be346f0da7be8e94c1b90e47b26a7e804b4a3e9f3c736d9011e32f2e226e75a1e0283b71be7ca14a9e901fc060602b077278c0f3cf2333a0eb202fee87fbe63557d836bb12585a2c4bb394bd81bfde698ede88ad788c971a38bcc2bf78f0b5bb962e2f495786c8e3176d8b2f7fd61f0763250020afc9d99c85b128220b8a5fa3fc90c25ed110d11ca4a64e4666a7fb68cd9263ff5d57f200b2678461a3d220bb5ef1f62c749baadbd03a87e918d58d89009123e28cfead10dfe61cc59cb3324f12df97c8471bd6410ccb8bcd28cb67040b2fa8edc3cc709b8aae3e006ae240f7949733ad69f6024fde255d97614e68fb847137ff241e673872a322bdc502d9ecb67a37cb8ac45837a042cf467d63ba37adabaf81ebae953ff0f54d8fe1528cc3e4a68eb8aa41109228e35d28a7a3ea2f7a53e6ff49a14c93de9c2f3beb16ea15d8df94ccf70e0ce88b60c0dc202f74d8b1163fecede53dcd3349a1f32e46d3294978a9a78aefbdf4087393482d3f6585e1d6d62165f1f2158cb9c3eedc53ec2271e4c4631823c264a9179297b4cf09c22986f74373b0600a3db3c4682da11377d2f9af989122f85ebe0545da0289ebe8aa25c828782ef6c676e231025fc28fc03265eaf328a0cb8064c224849870cf7444ad1424a21cca7943216e213650ad194986dfea71109831c1fbc0f65f26947f0e1de00a328ab9d9d2f4efa07ced608b3584b123991d21ba650b8cb34c5c66240e4911545f91fa97fa87c31915c9369081487995ba38e630e0125243192c002b512b3d8321bb1a6ff85b7ffb5f6caff172cebb4ef11d1d85841e4273fb93b4a2d15462cf32c697047ce6b94dbd24a1330d2023d79b6c89ff763181646d9cd71e637817d61af87fdfe737a1b5a69", 0x1000, 0x4800, &(0x7f0000000080)={{0x3, @default, 0x8}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @bcast, @default, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast]}, 0x48)
r3 = dup3(r0, r1, 0xca49cae360c41392)
getsockopt$netrom_NETROM_N2(r3, 0x103, 0x3, &(0x7f0000000000)=0x7fff, &(0x7f0000000040)=0x4)
ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r3, 0x40a85321, &(0x7f0000000240)={{0x3, 0x81}, 'port0\x00', 0x3, 0x10000, 0xb63, 0x7, 0x8, 0x1f, 0x9, 0x0, 0x7, 0x5})
fdatasync(r3)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)
socket$packet(0x11, 0x2, 0x300)
socket$bt_cmtp(0x1f, 0x3, 0x5)
write$ppp(r3, &(0x7f0000000100)="dc27146180c0a92566b972825284d310b70b4becac8457216d97f1fbf31021e240201a0e87ed9e2e542968accf24d41319cf4201ef814cc15070bf53573396f1f8167c4c921c97abbbd863d3273215aa9466d74d88fd1e371044a6495ed569a145aee0875fa76611c69674e12463df1a071c119767e9b7903a601587025e2f7537654fbe47cdd31c03a363d523ad470df1e12cd356a2394c294c8977933fae89555f2d139b8682472aacddf5d58458038a6dc1776c5806b1d091ffd9", 0xbc)

14:59:25 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0xa, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:59:25 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0xfec0, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

14:59:25 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x6, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:59:25 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0xfdffffff00000000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  780.758902] binder: 17572:17573 unknown command 0
[  780.780019] binder: BINDER_SET_CONTEXT_MGR already set
[  780.791669] binder: 17572:17573 ioctl c0306201 20000780 returned -22
[  780.802618] binder: 17577:17579 ioctl 40046207 0 returned -16
[  780.810835] binder: 17577:17579 unknown command 0
[  780.816810] binder: 17577:17579 ioctl c0306201 20000780 returned -22
[  780.825386] Bluetooth: hci1: Frame reassembly failed (-84)
[  780.826928] binder_alloc: binder_alloc_mmap_handler: 17572 20001000-20004000 already mapped failed -16
[  780.846156] binder_alloc: binder_alloc_mmap_handler: 17577 20001000-20004000 already mapped failed -16
[  780.856242] binder: BINDER_SET_CONTEXT_MGR already set
[  780.861882] binder: 17577:17590 unknown command 0
[  780.866889] binder: 17572:17573 ioctl 40046207 0 returned -16
[  780.872934] binder: BINDER_SET_CONTEXT_MGR already set
[  780.878437] binder: 17572:17587 unknown command 0
[  780.883430] binder: 17577:17579 ioctl 40046207 0 returned -16
[  780.889795] binder: 17572:17587 ioctl c0306201 20000780 returned -22
[  780.896918] binder: 17577:17590 ioctl c0306201 20000780 returned -22
14:59:25 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0xfe80000000000000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:59:25 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x48, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:59:25 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x7, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:59:25 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x100)
openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x400000, 0x0)
openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x40001, 0x0)
syz_open_dev$adsp(&(0x7f00000000c0)='/dev/adsp#\x00', 0x8e, 0x109000)
pipe(&(0x7f0000000100))
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/pfkey\x00', 0x80, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x4)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup3(r2, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)

[  781.016149] binder: 17598:17601 unknown command 0
[  781.023189] binder: 17598:17601 ioctl c0306201 20000780 returned -22
[  781.039099] binder: BINDER_SET_CONTEXT_MGR already set
[  781.044960] binder_alloc: binder_alloc_mmap_handler: 17598 20001000-20004000 already mapped failed -16
[  781.055066] binder: 17602:17604 ioctl 40046207 0 returned -16
[  781.066805] binder: BINDER_SET_CONTEXT_MGR already set
[  781.076155] binder: 17602:17604 unknown command 0
[  781.081756] binder: 17598:17601 ioctl 40046207 0 returned -16
[  781.089391] binder: 17602:17604 ioctl c0306201 20000780 returned -22
[  781.100520] binder: 17598:17605 unknown command 0
[  781.108866] binder: 17598:17605 ioctl c0306201 20000780 returned -22
14:59:25 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x4c, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  781.120873] binder_alloc: binder_alloc_mmap_handler: 17602 20001000-20004000 already mapped failed -16
14:59:25 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0xfeffffff00000000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  781.165062] binder: 17602:17613 unknown command 0
[  781.196369] binder_alloc: binder_alloc_mmap_handler: 17615 20001000-20004000 already mapped failed -16
[  781.208343] binder: 17602:17613 ioctl c0306201 20000780 returned -22
[  781.235185] binder: BINDER_SET_CONTEXT_MGR already set
[  781.252849] binder: 17615:17616 ioctl 40046207 0 returned -16
[  782.568132] net_ratelimit: 18 callbacks suppressed
[  782.568137] protocol 88fb is buggy, dev hsr_slave_0
[  782.578218] protocol 88fb is buggy, dev hsr_slave_1
[  782.583280] protocol 88fb is buggy, dev hsr_slave_0
[  782.588354] protocol 88fb is buggy, dev hsr_slave_1
[  782.808212] protocol 88fb is buggy, dev hsr_slave_0
[  782.813360] protocol 88fb is buggy, dev hsr_slave_1
[  782.888389] Bluetooth: hci1: command 0x1003 tx timeout
[  782.893785] Bluetooth: hci1: sending frame failed (-49)
[  783.048206] protocol 88fb is buggy, dev hsr_slave_0
[  783.053352] protocol 88fb is buggy, dev hsr_slave_1
[  783.768221] protocol 88fb is buggy, dev hsr_slave_0
[  783.773357] protocol 88fb is buggy, dev hsr_slave_1
[  784.968210] Bluetooth: hci1: command 0x1001 tx timeout
[  784.974538] Bluetooth: hci1: sending frame failed (-49)
[  787.048202] Bluetooth: hci1: command 0x1009 tx timeout
[  787.928262] net_ratelimit: 22 callbacks suppressed
[  787.933257] protocol 88fb is buggy, dev hsr_slave_0
[  787.938347] protocol 88fb is buggy, dev hsr_slave_1
[  788.328219] protocol 88fb is buggy, dev hsr_slave_0
[  788.333346] protocol 88fb is buggy, dev hsr_slave_1
[  788.808163] protocol 88fb is buggy, dev hsr_slave_0
[  788.813320] protocol 88fb is buggy, dev hsr_slave_1
[  788.818413] protocol 88fb is buggy, dev hsr_slave_0
[  788.823455] protocol 88fb is buggy, dev hsr_slave_1
[  789.048506] protocol 88fb is buggy, dev hsr_slave_0
[  789.053614] protocol 88fb is buggy, dev hsr_slave_1
14:59:35 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x540d, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")

14:59:35 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0xa, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:59:35 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x60, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:59:35 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
r2 = dup3(r1, r0, 0x80000)
r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00')
sendmsg$IPVS_CMD_SET_DEST(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x38}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x60, r3, 0x604, 0x70bd26, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DEST={0x4c, 0x2, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x6}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@remote}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x5}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x7}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@mcast2}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x8000}, 0x40)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)

14:59:35 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0xff0f000000000000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:59:35 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0xff00, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  791.011218] binder: 17629:17630 unknown command 0
[  791.028421] binder: 17629:17630 ioctl c0306201 20000780 returned -22
[  791.029522] binder: BINDER_SET_CONTEXT_MGR already set
[  791.046213] Bluetooth: hci1: Frame reassembly failed (-84)
[  791.051344] binder_alloc: binder_alloc_mmap_handler: 17629 20001000-20004000 already mapped failed -16
14:59:35 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000280)='/dev/qat_adf_ctl\x00', 0x440, 0x0)
ioctl$CAPI_CLR_FLAGS(r1, 0x80044325, &(0x7f00000002c0)=0x1)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
r3 = add_key(&(0x7f0000000080)='trusted\x00', &(0x7f00000000c0)={'syz', 0x3}, &(0x7f0000000100)="422709a77f9e7bedcf67136c60c441cb4ddb30e5c498c3837970b9d4ae3575ef1331803e6db0d07949397b67a139825b6dec7f209dd07198bb4eb86db327cdfd99066e", 0x43, 0xfffffffffffffff8)
add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x1}, &(0x7f0000000340)="0133c8eb04d4bfa833cfbcf4efec843f37a44ae9526064d82414b39942a1191707efff80b836b4fad7bcd6004adeb3844267f658848ebf395bad7df8df645aca4e8bfeb7d9229923c2ef83fc7f51551af0207f7220d1026be99beb7907650bd25fc31e45edd572a7f4515ecda14ecf1c5ad4a45fd2734f888bd2238cb8d7c6a350b6ff71071e0ad1a80b32c5cced0970f55fd24c586dda57285666f241649cfed29d817cd8594972cdd40aac0143c44b26bd846bf99fe96681a30e8f71479781e2e04e008344165f4c398c61586cf99896ae8f7b89e82bda47feefd740e34d9974a1a2d87bb28193903cdc512e99b1dad2fce8b0cd4fd59a5207647ddafbe10274b3f917133a78387796ed113c75758e2a4416c8e9fdedf3ed34b41646548d0b7c8f21eebb514efd8a236ab0f33b6fcc6c489effb3d8b4e6bf3206c28e69c2b867b8f5c606d6a9d4a3472cfc06bfb0a4df0b069912c40b8f92277dc6470e43e0bfd55145191b2b5a425bc82a135dc3d56b2609d2a663d91ec6e95050d4a13916a41c67372bfbad19c6639679609687224dde26753b060ce63bd548832b6591689ef7c050f790c0844a8ae1806bf72cb4603e2783c84d38f03c349e0bf31f7f62df41e8ae5cacc21a445f7b5ef56d313bbabd748be6f20c088bf5f5e203dfaac83081f1755282e10c0ad4ef952c71e2ce174d1526ff3f3848ac5b124dbfd7852136f06b1006f422ee53824b9878d55b7a26c85a4758ee2eaf3a6a2ee29e7c04724c13ce26bc1360766e02a22e4c6a0440c38ae9db0c441adb8ea03ad7f32702af65f90acb6195812f17f6076b0a85b8bb172d020de0949b8df567fd4ebf0416b2d7a8f60a6dd26c3f5f4e1c6cb2cb4e7b8509bea4a57ef4506ff6f40bcb2d75cac46ba6c1095a5eb0db9ce99a2f87267c7d9a75ecc6ea3508c7445b75debb60d5ad4c95ff98d429ced6bfd1c7d5818081891e6ae121f9fbaa1f3504e9e577c98c787e8315583af52d419a01405ac33bda3683a1ba22ab344dec67eb3436bb1182f1ba2f7ba9f0c4b514bebac1d00c4fa02703ce49e32cd9096371c631fac86fb46c98caee8048b2061db60713908323abdfbb5c65afef5ba3926111bcdf10563e5b74c8dd8b6f4e7be9c6cc874f97149a20dc8f580ee7eea7745ed9e312990478e26563648d8dd8ab186bf26870a401d4ab4da9d81a3630d4377b74e166eb882c6f1045154759cc1224e37839c3359240f7ee71e0085bc55a74146463c13fd7ca0aa6f779f5f37c7f73d9a6e7463bf9e112636a599abd411de2e15e7804f13f8d3473607bc270bfd850f44061358f5f40e1b3e5a7c4a464bcf5538518d618613f57db6383fd4c543d05e8601747a84c35b282512a793258bb1692ead6e193d9e0f69ebacdb6cfc5fab182e14bcabddd5f6018306a82b5d7008b5c41e6276175ee98e853c5daa4b0239445f13228267dd0f3941c923cb939ee3bbbc2fb3310e602edc769b8117109a0020ec0072a114b11fbcf00aed09878d970dea9cf66f960451c1152e1daeff4f87b64f40654f4681bc5f88c62a4c6d684062ab9b140f6c637c5175db0cd3c2583578213edb7c266aef5c9589e047608077d53c516b5c8a7df54c6142df368d1345c1642b1cdc5809a54f48203be10cf0b20aeb19a0e48eb5eda1d2eccef1ced5814ea4d68fdbcac57bb378041105efdb43f4d42ff654b4137e8d8be537931e3c30a12c038e42493e649157f0802f29cc333f9f32c45bc7311a059445a85d7e23357002c195e0710567b6c8b81b8ebd88d3f0cf7bf062b938babf518c83eac83adbf5c231667a8e3ff0c02ca75bfd54ed059982ed7a9f2b3f54f77aa75cc31e67b883dfb1cbe6fea1d868f828b6446bff607ee42f6c23b933dcc2b4ba99f954e8c972ba079dcb59a8849eb5b350eb4f957694295eecec4a9d4b48fe60cab56cdf33a0d3d493563a2a5f2217c0d9f29e0b8e5683ff3fd0e00c123bda7e30e52f1f2cd49da14aeca63c8bbe31e2314e110469236f9544ad23e6200b859109196bbe8771216223e101d97ac84f549031ff124d488ccb35485e91b68004cc89add712297b8870635f88b392559b8c6ae3f8c57d76f758177bcee9e8d408f75fc7e71109ddae13a683e9d85740bb3df18c6f5c515b678310b9d9545cadce74ef177c428817f6e2c4e666b753e919ddc6ca26879004575f92fc9e83ada7086c7c1141353b8bab07580f6276678a0a123a725edfc0d7313ddb0974fe1bb415c395b29417078e93a0db4a09af455fc95cd5f7695d9e9d911c8db52a432719db136d9bfd88d9d5a74bd154b949c69d12222c6e44508affd0870591c66906d5cda8e7ea9c9e3c6a56f69044920fc90246c777c862c61d17719400e0e1080da0dc5f91308d98caa863d4d48b3ee035b8c1bfed6671ac11230c456190548e2ae0a34c38629a248a7e8758376ba34dee4c09e513fa3e4ef755dce3ccfdcd7e0ff3a86ac2f8073e86d1a214347f85743930f434e85cc8992be4f74ef82549d77a3a3d7a2fb051f09b0621f75edb7f5507c4b1df7adef2c0476c47fd478909d534dfde5160e5066738bc17d5a1ec3b031505a7888ba5ed7474dabe7f531f307c7bfbcfb27fb8a5945fc398d71e5c1eeca4d47c2142433b6807d70a84138482b45ea6dc5d479e32455350def7971bf51b0353b12710b28903226cb311eafc841e4131346ee54ac5fcd45ab1ac7df4439ec1ff0e83ed43d9fd1d1089c32a49886ec28dbcd0b0dca13c48d71f1f6f5a896596b3643d4ae0c6043cf40750b12f287a3934199c655a45b55cf507afababbaa3b032b17d4ec67e188b1e6dc7391777b589b8ca4ada43095b2384f727c0732a593c31e5d9b8d3fc6061f676e6b15855b57fced1fd5e440b400a4d571b300a0eb49fc98eddbc1ec2af4917c1673fbd6d35d51c913b7d51e12c4bcfdcbb4cc04c9c3ad06c393559aa73ee30042f4160c613d71e0cf75062c6e75212ee54f34cf787cd2739b13eef0506efb756a980f7a06b8a73596b48ce95b3800eb9df7a7a4bd6ad7874a3277e15c259aab071f4359f92c20bb03d3851f7b48ecd741b114d72eba84b537ed1341a96c415988ca5e2f26f52d7c29446715ae18ba0c1551d33f8ddce9bea82d82a3a4fc9d9f3acd489adb07f71d6c1c938699fd9e43fe8a57a68ef074b5635fab9aad0a53d8c1d316214b1897ddba957db54aa72e2050e1bcb1730c7c08032033d09266295290808b17b380a0881771a467cc718d5cb5b71e0389b6e317ebf63cff02c730692b8bb848829a53305c73046435d2dd07ff8d2e30b5b81df01a525ab90d87218b3a9a91a4e4c9fd33b2f314c982155804438aed6d50f54cb52e554190be2cc4961e68a3d1471b1faa1597190dfa00d11bea585004cb8303c42d43a3b8edd2fd80c0158745f80b68bc9e5883de55e8e6170525e2f38a4a869943bd325d66c9f4d3cc73a51b9eee7680dd32786d86a6a6ceca6e8c4cfa733cf0904e771e962b88634d4e99ff85774aaf922210a6f8da098d18ab8c994a1043098e784424b8c0c9cf62ae52998ba204baa4b80b0b67f2b66d9fa1184f0d6b08801b8ed31d861cb0ca53f57a439e9be84a1311eb47951fd81b48862922711eb6e35cc57d04aa9bb10268c7a9a6a61cf77cde409a9855d118aa64e646638386c66b0448dae6ece6b9b97b9104aa895144c29dbf83f06c46d7930741cd3737a7e75bcf3f33dacfa27cc770590f48c44ce26b8a1396f6916201364a1e088f1b43b40c85d68444028c7de88fe62f23621d4c177c0262b57caacfc8348d195009a5112c50f3f22a1c38e9290c1b324430fc2a560f4ae9a0d288f7da2301421e9871611294cb23c8db821b1166d9e89205a1a8d2a41c37d3569617265af5f3576a5cff94e20a036dcb938510ac5b0485c66bcb47dd1398c06ca5970b817685815310583ba8b8f9b478a94b3f38fdd13e443be732c483a481364128c61c26340720885a917795b48f4332be13e89020052a683c2300f04c170249dfb08cc06e38971bd25bdb89da47a2a8a9d97e7a07927b1a63800082fe258e1a07099a384377b6065948e2d190165795996814935880b7d830fecc73a7ff4c5cff317e8f5c99ffa864cd62c71299bdc2cc2dc102668b296f7310808a3ab917df947c75bd17e4dc7f0e676ad7bc6f3d9e350963c631fd1906d9c31f64bc753f743d2cb3f98982397db259ab50dba8cd971f1643c6d28a39b81b77a9aed91ec9ad9d066ab7ddb4150965d61548d525a55316d83be13aeb62d2189ded65e85955b1aa8a368f4f8fd04c050f040f70fe8a6079647e26922470ca90356e2025805a1f7716adc44acbb2812c78803ba13badbfa47515b526b97f6b37ecb3883cad694dc0d7be742a6b156d71ca9b451405d7cc19415edf59f9da9cd57613e795423a5815497b97ca15fd849b7f0fd4a085413ee45afe147ce2139f506d59ce1825352fb1e1ee3db5c99f6dbc8cc44978529afe5e67f8283603b6f725420efc5f676ad56d30140865ea11efda78595b71279fd0980f0e7967a0352142ab26eec728b615313d4a30fd69a40162a803533f8c17bc3bad85c3424ecf1ce93d6c42466c0bcfce69344c56edceeec4a14e2ef3dbaa46952cec99da40d26221e2d877fe51cf751c4b655432439173fe6991df9004913edab7a668d37f8cfaa3145aeeb04387823b9c65c1452a95d2dd250092e801037630deef96564f6d5b54d194b80ff8d1c5e5fe6a080c90167eff1af7b7f50740ef5e6c33c3faf0d6e1b44fdd330681ab6ed79ab7e361ad0932d77d2e0d9c0deb86974d464cd50f51e4b65f03b456d6c669040181331c9c6a6e30c8030e5e5c57f44299720e42df31db90bd7d11617a9b7aaeeb276660cd1e885301cce944020f14afebab1c9ae105756fdbfa5780ff41a7da334752f11ea68f69247db6041ebe4f7d45d0a3b0b441d5002e1cab528be816edba3ce25c41f734ea4b047edb042ed7fc8f6b9bd77f5c41ff452c89e70abb3ec30aea047eb7bfe0ca8bb994e73cef057e7f1296514b4a6b371ecd4e55cf79ce6b8eb130eb0dfc3e534f6536967ddba6987e63374b7ee2b14986d3dab0b2aea17c9b95cd4a6c59d3316a1969deb54be89d20dfa5f46e622f1ced7fe0104bb9eb7a94fc8253ca3ddbf1b95e4e3290e224d255c14a07d1789a68459d548ef62c639c4511911888917d5c369aa5ef03966adf19b6a7ed9b07a25be4513fbbc8a918cc010e9c79584ca3a52c0292163847b4bb0cca81603b6af4ff67e8612b7e5b255d2a8376319865a0f57eaf9adcc13d2601d947c33405bef7fcc3f396db3a4e6f306c83856d5022fe61c47894fded8a477ee6e372e612391c76f84864e646d99b071198d185e86e37ba59a09db087db544dd18352a4b4d8028cf07a80bc9e512142c9af0f00f64dac143a710cda6d8bb57cf151f37ebb29e67bc091aca2a14ca90fcccab925196da75397b5c6b65af844cd6934700d1dcf7ab509e217bbae2a6834027511e985e26198adcd0fe5a28a94a320fdcf02dfc5e1f04ca80f92ba121dc1371706749da355bf69d78655916c5d418cdb68e185e3e54ef1efaa9dc1c87c694a22c338031907bc529b4747fcb70885ffc5088d503a01f283600913c1a71e4f73f02b2e696e41722e74846f1705f372a4775985837d1bfff8320571a32b4227830d63609e73efbfffd251f2332f9008a37bc6659e2bb3bbdfd5d90f98673832a54d4440059b8c1d43e18c67f65b8987b32d32b38a5ede", 0x1000, r3)
r4 = dup3(r2, r0, 0x0)
ioctl$UI_SET_FFBIT(r4, 0x8008af00, 0x713000)
r5 = shmget(0x1, 0x2000, 0x54000001, &(0x7f0000ffb000/0x2000)=nil)
shmctl$SHM_INFO(r5, 0xe, &(0x7f0000000200)=""/127)
ioctl$PPPIOCSACTIVE(r4, 0x40107446, &(0x7f00000001c0)={0x5, &(0x7f0000000180)=[{0x200, 0x0, 0x2, 0x3}, {0x9, 0x0, 0xfff, 0x1000}, {0x7, 0x1, 0x0, 0x588}, {0x400, 0x40, 0x80, 0x6}, {0x8, 0x7f, 0x7, 0x1}]})

[  791.066445] binder: 17628:17638 ioctl 40046207 0 returned -16
[  791.071591] binder: BINDER_SET_CONTEXT_MGR already set
[  791.078906] binder: 17629:17630 ioctl 40046207 0 returned -16
[  791.085552] binder: 17629:17643 unknown command 0
[  791.091540] binder_alloc: binder_alloc_mmap_handler: 17628 20001000-20004000 already mapped failed -16
[  791.101302] binder: 17629:17643 ioctl c0306201 20000780 returned -22
14:59:35 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x48, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  791.161265] QAT: Invalid ioctl
14:59:35 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0xffffffff00000000, @remote, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  791.184072] QAT: Invalid ioctl
14:59:35 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x68, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  791.247389] binder: 17658:17659 unknown command 0
[  791.265982] binder: 17658:17659 ioctl c0306201 20000780 returned -22
[  791.286513] binder: BINDER_SET_CONTEXT_MGR already set
14:59:35 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhost-vsock\x00', 0x2, 0x0)
dup(r0)
r2 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x2, 0x18000)
ioctl$PPPIOCSCOMPRESS(r2, 0x4010744d)
dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x8008af00, 0x713000)

[  791.302438] binder: 17661:17662 ioctl 40046207 0 returned -16
[  791.313312] binder_alloc: binder_alloc_mmap_handler: 17658 20001000-20004000 already mapped failed -16
[  791.331448] binder_alloc: binder_alloc_mmap_handler: 17661 20001000-20004000 already mapped failed -16
14:59:36 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [0x2]}, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

[  791.368496] binder: BINDER_SET_CONTEXT_MGR already set
[  791.376969] binder: 17658:17659 ioctl 40046207 0 returned -16
[  791.407311] binder: BINDER_SET_CONTEXT_MGR already set
[  791.417853] binder: 17658:17673 unknown command 0
[  791.433143] binder: 17661:17662 ioctl 40046207 0 returned -16
[  791.438258] binder: 17658:17673 ioctl c0306201 20000780 returned -22
[  792.968162] net_ratelimit: 18 callbacks suppressed
[  792.968167] protocol 88fb is buggy, dev hsr_slave_0
[  792.978213] protocol 88fb is buggy, dev hsr_slave_1
[  792.983263] protocol 88fb is buggy, dev hsr_slave_0
[  792.988309] protocol 88fb is buggy, dev hsr_slave_1
[  793.048222] Bluetooth: hci1: command 0x1003 tx timeout
[  793.053746] Bluetooth: hci1: sending frame failed (-49)
[  793.208163] protocol 88fb is buggy, dev hsr_slave_0
[  793.213307] protocol 88fb is buggy, dev hsr_slave_1
[  793.448194] protocol 88fb is buggy, dev hsr_slave_0
[  793.453291] protocol 88fb is buggy, dev hsr_slave_1
[  794.168736] protocol 88fb is buggy, dev hsr_slave_0
[  794.173859] protocol 88fb is buggy, dev hsr_slave_1
[  795.128283] Bluetooth: hci1: command 0x1001 tx timeout
[  795.133707] Bluetooth: hci1: sending frame failed (-49)
[  797.208258] Bluetooth: hci1: command 0x1009 tx timeout
[  798.328193] net_ratelimit: 22 callbacks suppressed
[  798.333180] protocol 88fb is buggy, dev hsr_slave_0
[  798.338255] protocol 88fb is buggy, dev hsr_slave_1
[  798.728201] protocol 88fb is buggy, dev hsr_slave_0
[  798.733382] protocol 88fb is buggy, dev hsr_slave_1
[  799.208205] protocol 88fb is buggy, dev hsr_slave_0
[  799.213423] protocol 88fb is buggy, dev hsr_slave_1
[  799.218651] protocol 88fb is buggy, dev hsr_slave_0
[  799.223737] protocol 88fb is buggy, dev hsr_slave_1
[  799.448327] protocol 88fb is buggy, dev hsr_slave_0
[  799.453425] protocol 88fb is buggy, dev hsr_slave_1
14:59:45 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x100000000000f)
ioctl$KDADDIO(r1, 0x400455c8, 0x0)
ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000180))
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")

14:59:45 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-vsock\x00', 0x2, 0x0)
r2 = dup3(r1, r0, 0x0)
ioctl$UI_SET_FFBIT(r2, 0x8008af00, 0x712ffd)

14:59:45 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x4c, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:59:45 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x6c, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

14:59:45 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [0x3]}, 0x5}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000015)

14:59:45 executing program 5:
r0 = socket$kcm(0xa, 0x2, 0x73)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69)
connect(r0, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80)
sendmmsg$inet_sctp(r0, &(0x7f0000008440)=[{0x0, 0xff03, 0x0}], 0xffffff89, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  801.250976] binder_alloc: binder_alloc_mmap_handler: 17686 20001000-20004000 already mapped failed -16
[  801.271692] binder: BINDER_SET_CONTEXT_MGR already set
[  801.286550] binder: 17687:17688 ioctl 40046207 0 returned -16
[  801.287451] Bluetooth: hci1: Frame reassembly failed (-84)
14:59:46 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x60, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  801.298669] binder: BINDER_SET_CONTEXT_MGR already set
[  801.307202] BUG: unable to handle kernel paging request at ffffffffffffffd6
[  801.308014] binder_alloc: binder_alloc_mmap_handler: 17687 20001000-20004000 already mapped failed -16
[  801.314336] #PF error: [normal kernel read fault]
[  801.314345] PGD 8874067 P4D 8874067 PUD 8876067 PMD 0 
[  801.314383] Oops: 0000 [#1] PREEMPT SMP KASAN
[  801.314398] CPU: 1 PID: 17698 Comm: syz-executor.2 Not tainted 5.0.0-rc8+ #89
[  801.314406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  801.314426] RIP: 0010:h4_recv_buf+0x1ea/0xda0
[  801.314440] Code: b6 14 10 48 89 c8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 d7 0a 00 00 48 ba 00 00 00 00 00 fc ff df 48 8b 45 d0 4c 8d 60 70 <0f> b7 58 2a 4c 89 e0 48 c1 e8 03 0f b6 04 10 84 c0 74 08 3c 03 0f
[  801.314448] RSP: 0018:ffff8880a4577a30 EFLAGS: 00010246
[  801.314459] RAX: ffffffffffffffac RBX: 0000000000000000 RCX: ffffffffffffffd6
[  801.314468] RDX: dffffc0000000000 RSI: ffffffff84ed33a2 RDI: 0000000000000005
14:59:46 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x74, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  801.314476] RBP: ffff8880a4577ab8 R08: ffff88804e5a8080 R09: 0000000000000003
[  801.314484] R10: ffffed1015d25bcf R11: ffff8880ae92de7b R12: 000000000000001c
[  801.314492] R13: ffff8880a0c0b500 R14: ffff8880a4577b98 R15: 0000000000000001
[  801.314501] FS:  00007ff875b79700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
[  801.314512] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  801.324487] binder: 17686:17691 ioctl 40046207 0 returned -16
[  801.328797] CR2: ffffffffffffffd6 CR3: 000000008c287000 CR4: 00000000001426e0
14:59:46 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x68, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  801.328809] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  801.328816] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  801.328821] Call Trace:
[  801.328843]  ? __lock_is_held+0xb6/0x140
[  801.328858]  ? check_preemption_disabled+0x48/0x290
[  801.328876]  h4_recv+0xe4/0x200
[  801.364877] binder_alloc: binder_alloc_mmap_handler: 17703 20001000-20004000 already mapped failed -16
[  801.378634]  hci_uart_tty_receive+0x22b/0x530
[  801.378648]  ? hci_uart_write_work+0x710/0x710
[  801.378663]  tty_ioctl+0x936/0x14d0
14:59:46 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x78, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  801.378675]  ? tty_vhangup+0x30/0x30
[  801.378692]  ? mark_held_locks+0x100/0x100
[  801.389704] binder: BINDER_SET_CONTEXT_MGR already set
[  801.391308]  ? __might_fault+0x12b/0x1e0
[  801.391320]  ? __fget+0x340/0x540
[  801.391336]  ? find_held_lock+0x35/0x130
[  801.410252] binder: 17703:17704 ioctl 40046207 0 returned -16
[  801.413493]  ? __fget+0x340/0x540
[  801.413509]  ? tty_vhangup+0x30/0x30
[  801.413526]  do_vfs_ioctl+0xd6e/0x1390
[  801.423608] binder_alloc: binder_alloc_mmap_handler: 17706 20001000-20004000 already mapped failed -16
14:59:46 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x6c, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}}], 0x0, 0x0, 0x0})

[  801.429008]  ? ioctl_preallocate+0x210/0x210
[  801.429021]  ? __fget+0x367/0x540
[  801.429033]  ? iterate_fd+0x360/0x360
[  801.429049]  ? nsecs_to_jiffies+0x30/0x30
[  801.435078] binder: BINDER_SET_CONTEXT_MGR already set
[  801.440799]  ? security_file_ioctl+0x93/0xc0
[  801.440813]  ksys_ioctl+0xab/0xd0
[  801.440827]  __x64_sys_ioctl+0x73/0xb0
[  801.440843]  do_syscall_64+0x103/0x610
[  801.468426] binder: 17706:17707 ioctl 40046207 0 returned -16
[  801.469267]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  801.469280] RIP: 0033:0x457e29
[  801.479687] binder_alloc: binder_alloc_mmap_handler: 17709 20001000-20004000 already mapped failed -16
[  801.486987] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  801.486995] RSP: 002b:00007ff875b78c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  801.487006] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457e29
[  801.487017] RDX: 0000000020000180 RSI: 0000000000005412 RDI: 0000000000000004
[  801.499514] binder: BINDER_SET_CONTEXT_MGR already set
[  801.499683] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[  801.508957] binder: 17709:17710 ioctl 40046207 0 returned -16
[  801.512864] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff875b796d4
[  801.512873] R13: 00000000004c2117 R14: 00000000004d4a78 R15: 00000000ffffffff
[  801.512885] Modules linked in:
[  801.512895] CR2: ffffffffffffffd6
[  801.512905] ---[ end trace f944165e6064fea2 ]---
[  801.532316] binder_alloc: binder_alloc_mmap_handler: 17712 20001000-20004000 already mapped failed -16
[  801.533767] RIP: 0010:h4_recv_buf+0x1ea/0xda0
[  801.533783] Code: b6 14 10 48 89 c8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 d7 0a 00 00 48 ba 00 00 00 00 00 fc ff df 48 8b 45 d0 4c 8d 60 70 <0f> b7 58 2a 4c 89 e0 48 c1 e8 03 0f b6 04 10 84 c0 74 08 3c 03 0f
[  801.539787] binder: BINDER_SET_CONTEXT_MGR already set
[  801.541364] RSP: 0018:ffff8880a4577a30 EFLAGS: 00010246
[  801.541380] RAX: ffffffffffffffac RBX: 0000000000000000 RCX: ffffffffffffffd6
[  801.560621] binder: 17712:17713 ioctl 40046207 0 returned -16
[  801.562547] RDX: dffffc0000000000 RSI: ffffffff84ed33a2 RDI: 0000000000000005
[  801.562557] RBP: ffff8880a4577ab8 R08: ffff88804e5a8080 R09: 0000000000000003
[  801.562566] R10: ffffed1015d25bcf R11: ffff8880ae92de7b R12: 000000000000001c
[  801.562579] R13: ffff8880a0c0b500 R14: ffff8880a4577b98 R15: 0000000000000001
[  801.574347] binder_alloc: binder_alloc_mmap_handler: 17715 20001000-20004000 already mapped failed -16
[  801.576565] FS:  00007ff875b79700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
[  801.576574] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  801.576582] CR2: ffffffffffffffd6 CR3: 000000008c287000 CR4: 00000000001426e0
[  801.576594] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  801.585630] binder: BINDER_SET_CONTEXT_MGR already set
[  801.588267] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  801.588275] Kernel panic - not syncing: Fatal exception
[  801.589562] Kernel Offset: disabled
[  801.846272] Rebooting in 86400 seconds..